Skip to content

CVE-2025-22869 impacting kOps 1.31.0 #17300

New issue
New issue
Closed
#17303
Closed
CVE-2025-22869 impacting kOps 1.31.0#17300
#17303
Labels
kind/bugCategorizes issue or PR as related to a bug.
@hasselg

Description

@hasselg
hasselg
opened on Mar 3, 2025

/kind bug

kOps 1.31.0 is making use of golang.org/x/crypto@v0.27.0, which is vulnerable to CVE-2025-22869 (https://pkg.go.dev/vuln/GO-2025-3487 and https://nvd.nist.gov/vuln/detail/CVE-2025-22869). I have confirmed using govulncheck that the vulnerable parts of the library are indeed being called.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions