Undefined https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594
✗ High severity vulnerability found in golang.org/x/oauth2/jws
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594
Introduced through: golang.org/x/oauth2/google@0.23.0, github.com/openshift/machine-api-provider-gcp/pkg/apis/gcpprovider/v1beta1@#6096cc86f3ba, google.golang.org/api/option@0.189.0, github.com/openshift/installer/pkg/asset/machines/gcp@#dfd4c085a721, google.golang.org/api/compute/v1@0.189.0, google.golang.org/api/dns/v1@0.189.0, google.golang.org/api/serviceusage/v1@0.189.0, google.golang.org/api/cloudresourcemanager/v1@0.189.0, github.com/openshift/installer/pkg/destroy/gcp@#dfd4c085a721, github.com/openshift/installer/pkg/asset/machines/aws@#dfd4c085a721, github.com/openshift/installer/pkg/asset/machines/azure@#dfd4c085a721, github.com/openshift/installer/pkg/asset/machines/openstack@#dfd4c085a721, github.com/openshift/installer/pkg/asset/machines/vsphere@#dfd4c085a721
From: golang.org/x/oauth2/google@0.23.0 > golang.org/x/oauth2/jws@0.23.0
From: golang.org/x/oauth2/google@0.23.0 > golang.org/x/oauth2/jwt@0.23.0 > golang.org/x/oauth2/jws@0.23.0
From: github.com/openshift/machine-api-provider-gcp/pkg/apis/gcpprovider/v1beta1@#6096cc86f3ba > github.com/openshift/machine-api-provider-gcp/pkg/cloud/gcp/actuators/util@#6096cc86f3ba > golang.org/x/oauth2/google@0.23.0 > golang.org/x/oauth2/jws@0.23.0
and 23 more...
Fixed in: 0.27.0
- links to
- mentioned on
