x/crypto: CVE-2023-39325 #65407
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Security
Milestone
Go version
golang:1.20 container
Output of
go env
in your module/workspace:What did you do?
Installed a module that uses x/crypto 0.18.0, which uses x/net 0.10.0.
What did you see happen?
This was flagged for this CVE because of the older version of x/net used by x/crypto.
What did you expect to see?
I would expect x/crypto to being using a fixed version of x/net 0.17 or newer.
The text was updated successfully, but these errors were encountered: