Loading...

XML

Word

Printable

Type: Vulnerability
Resolution: Done
Priority: Critical
Fix Version/s: ACM 2.11.Z
Affects Version/s: ACM 2.11.0
Component/s: Business Continuity
Labels:

Activity Type:
Security & Compliance
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Git Pull Request:
https://github.com/stolostron/cluster-backup-operator/pull/925, https://github.com/stolostron/volsync-addon-controller/pull/634
Intelligence Requested:
Market:

Severity:
Critical

Regression:
None

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Description of problem:

Unexpected memory consumption during token parsing in golang.org/x/oauth2

https://docs.google.com/spreadsheets/d/1UqwOA6KAhfS2NtMGRk6og8EuUh3up9iPxLxDKPuflGw/edit?gid=1743374624#gid=1743374624

Affected business continuity repos:

volsync-addon-controller
cluster-backup-operator

clones

ACM-19397 CVE-2025-22868 Unexpected memory consumption during token parsing in golang.org/x/oauth2 for business continuity no tracker components

Resolved

Assignee:: Sahar Ebrahimi

Reporter:: Sahar Ebrahimi

QA Contact:: Thuy Nguyen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/03/25 5:51 PM

Updated:: 2025/07/12 10:32 PM

Resolved:: 2025/03/25 8:50 PM