Skip to content

Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY]#32

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/go-golang.org-x-oauth2-vulnerability
Open

Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY]#32
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/go-golang.org-x-oauth2-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Mar 5, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
golang.org/x/oauth2 v0.26.0v0.27.0 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

CVE-2025-22868 / GHSA-6v2p-p543-phr9

More information

Details

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

CVE-2025-22868 / GHSA-6v2p-p543-phr9 / GO-2025-3488

More information

Details

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


Unexpected memory consumption during token parsing in golang.org/x/oauth2

CVE-2025-22868 / GHSA-6v2p-p543-phr9 / GO-2025-3488

More information

Details

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed Mar 12, 2025
@renovate renovate Bot closed this Mar 12, 2025
@renovate renovate Bot deleted the renovate/go-golang.org-x-oauth2-vulnerability branch March 12, 2025 17:08
@renovate renovate Bot changed the title Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] Mar 12, 2025
@renovate renovate Bot reopened this Mar 12, 2025
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 858bd98 to 70a0b1e Compare March 12, 2025 20:43
@renovate renovate Bot changed the title Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed Apr 11, 2025
@renovate renovate Bot closed this Apr 11, 2025
@renovate renovate Bot changed the title Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] Apr 11, 2025
@renovate renovate Bot reopened this Apr 11, 2025
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from f8fd5a7 to 70a0b1e Compare April 11, 2025 20:33
@renovate renovate Bot changed the title Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed Jul 12, 2026
@renovate renovate Bot closed this Jul 12, 2026
@renovate renovate Bot changed the title Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed Renovate: Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] Jul 13, 2026
@renovate renovate Bot reopened this Jul 13, 2026
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 70a0b1e to 4d66785 Compare July 13, 2026 05:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant