CVE-2024-24790

### Preflight Checklist

- [X] I agree to follow the [Code of Conduct](https://github.com/dexidp/dex/blob/master/.github/CODE_OF_CONDUCT.md) that this project adheres to.
- [X] I have searched the [issue tracker](https://www.github.com/dexidp/dex/issues) for an issue that matches the one I want to file, without success.
- [X] I am not looking for support or already pursued the available [support channels](https://github.com/dexidp/dex/issues/new/choose) without success.

### Version

v2.40.0

### Storage Type

Kubernetes

### Installation Type

Official container image

### Expected Behavior

Vulnerability-free docker image

### Actual Behavior

[CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) has been published against the go stdlib net/netip and is found by trivy in docker image v2.40:

<img width="1511" alt="cve" src="https://github.com/user-attachments/assets/03c2c862-0d20-4c67-9203-b3d16b8af83f">


### Steps To Reproduce

trivy image --ignore-unfixed --exit-code 1 --severity CRITICAL ghcr.io/dexidp/dex:v2.40.0

### Additional Information

_No response_

### Configuration

_No response_

### Logs

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2024-24790 #3632

Preflight Checklist

Version

Storage Type

Installation Type

Expected Behavior

Actual Behavior

Steps To Reproduce

Additional Information

Configuration

Logs

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2024-24790 #3632

Description

Preflight Checklist

Version

Storage Type

Installation Type

Expected Behavior

Actual Behavior

Steps To Reproduce

Additional Information

Configuration

Logs

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions