fosite
fosite copied to clipboard
ory
Vulnerability: Please upgrade dependences
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [X] I have joined the Ory Community Slack.
- [X] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
Below vulnerabilities are found by snyk scanner:
✗ Medium severity vulnerability found in [github.com/hashicorp/go-retryablehttp](http://github.com/hashicorp/go-retryablehttp)
Description: Insertion of Sensitive Information into Log File
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHASHICORPGORETRYABLEHTTP-7362036
Introduced through: [github.com/ory/[email protected]](http://github.com/ory/[email protected]), [github.com/ory/fosite/[email protected]](http://github.com/ory/fosite/[email protected])
From: [github.com/ory/[email protected]](http://github.com/ory/[email protected]) > [github.com/hashicorp/[email protected]](http://github.com/hashicorp/[email protected])
From: [github.com/ory/fosite/[email protected]](http://github.com/ory/fosite/[email protected]) > [github.com/ory/fosite/token/[email protected]](http://github.com/ory/fosite/token/[email protected]) > [github.com/ory/[email protected]](http://github.com/ory/[email protected]) > [github.com/hashicorp/[email protected]](http://github.com/hashicorp/[email protected])
Fixed in: 0.7.7
✗ High severity vulnerability found in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOCONTRIBINSTRUMENTATIONNETHTTPOTELHTTP-5963583
Introduced through: github.com/ory/[email protected], [github.com/ory/fosite/[email protected]](http://github.com/ory/fosite/[email protected])
From: [github.com/ory/[email protected]](http://github.com/ory/[email protected]) > github.com/ory/x/[email protected] > go.opentelemetry.io/contrib/instrumentation/net/http/[email protected]
From: [github.com/ory/fosite/[email protected]](http://github.com/ory/fosite/[email protected]) > [github.com/ory/fosite/token/[email protected]](http://github.com/ory/fosite/token/[email protected]) > [github.com/ory/[email protected]](http://github.com/ory/[email protected]) > github.com/ory/x/[email protected] > go.opentelemetry.io/contrib/instrumentation/net/http/[email protected]
Fixed in: 0.44.0
✗ High severity vulnerability found in [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](http://go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp)
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOCONTRIBINSTRUMENTATIONNETHTTPOTELHTTP-5971109
Introduced through: [github.com/ory/[email protected]](http://github.com/ory/[email protected]), [github.com/ory/fosite/[email protected]](http://github.com/ory/fosite/[email protected])
From: [github.com/ory/[email protected]](http://github.com/ory/[email protected]) > [github.com/ory/x/[email protected]](http://github.com/ory/x/[email protected]) > [go.opentelemetry.io/contrib/instrumentation/net/http/[email protected]](http://go.opentelemetry.io/contrib/instrumentation/net/http/[email protected])
From: [github.com/ory/fosite/[email protected]](http://github.com/ory/fosite/[email protected]) > [github.com/ory/fosite/token/[email protected]](http://github.com/ory/fosite/token/[email protected]) > [github.com/ory/[email protected]](http://github.com/ory/[email protected]) > [github.com/ory/x/[email protected]](http://github.com/ory/x/[email protected]) > [go.opentelemetry.io/contrib/instrumentation/net/http/[email protected]](http://go.opentelemetry.io/contrib/instrumentation/net/http/[email protected])
Fixed in: 0.44.0
✗ High severity vulnerability found in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOCONTRIBINSTRUMENTATIONNETHTTPHTTPTRACEOTELHTTPTRACE-5971114
Introduced through: [github.com/ory/[email protected]](http://github.com/ory/[email protected]), [github.com/ory/fosite/[email protected]](http://github.com/ory/fosite/[email protected])
From: [github.com/ory/[email protected]](http://github.com/ory/[email protected]) > [github.com/ory/x/[email protected]](http://github.com/ory/x/[email protected]) > github.com/ory/x/[email protected] > go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/[email protected]
From: [github.com/ory/fosite/[email protected]](http://github.com/ory/fosite/[email protected]) > [github.com/ory/fosite/token/[email protected]](http://github.com/ory/fosite/token/[email protected]) > [github.com/ory/[email protected]](http://github.com/ory/[email protected]) > [github.com/ory/x/[email protected]](http://github.com/ory/x/[email protected]) > github.com/ory/x/[email protected] > go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/[email protected]
Fixed in: 0.44.0
Reproducing the bug
Refer to https://docs.snyk.io/scan-using-snyk/snyk-open-source
Relevant log output
No response
Relevant configuration
No response
Version
0.46.1
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
None
Additional Context
No response
