Security Vulnerabilities - v14.1.0-release-prod

[syzzo]

✗ Medium severity vulnerability found in golang.org/x/sys/unix Description: Incorrect Privilege Assignment Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXSYSUNIX-3310442 Introduced through: golang.org/x/sys/unix@v0.0.0-20200625212154-ddb9806d33ae From: golang.org/x/sys/unix@v0.0.0-20200625212154-ddb9806d33ae Fixed in: 0.1.0

✗ Medium severity vulnerability found in golang.org/x/net/http2 Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322 Introduced through: golang.org/x/net/http2@v0.0.0-20200707034311-ab3426394381 From: golang.org/x/net/http2@v0.0.0-20200707034311-ab3426394381 Fixed in: 0.4.0

✗ Medium severity vulnerability found in golang.org/x/net/http/httpguts Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPGUTS-3314986 Introduced through: golang.org/x/net/http/httpguts@v0.0.0-20200707034311-ab3426394381 From: golang.org/x/net/http/httpguts@v0.0.0-20200707034311-ab3426394381 Fixed in: 0.0.0-20210428140749-89ef3d95e781

✗ High severity vulnerability found in gopkg.in/yaml.v3 Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2841557 Introduced through: gopkg.in/yaml.v3@v3.0.0-20200605160147-a5ece683394c From: gopkg.in/yaml.v3@v3.0.0-20200605160147-a5ece683394c Fixed in: 3.0.0

✗ High severity vulnerability found in gopkg.in/yaml.v3 Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2952714 Introduced through: gopkg.in/yaml.v3@v3.0.0-20200605160147-a5ece683394c From: gopkg.in/yaml.v3@v3.0.0-20200605160147-a5ece683394c Fixed in: 3.0.1

✗ High severity vulnerability found in golang.org/x/net/http2/hpack Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2HPACK-3358253 Introduced through: golang.org/x/net/http2/hpack@v0.0.0-20200707034311-ab3426394381 From: golang.org/x/net/http2/hpack@v0.0.0-20200707034311-ab3426394381 Fixed in: 0.7.0

✗ High severity vulnerability found in golang.org/x/net/http2 Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-2313688 Introduced through: golang.org/x/net/http2@v0.0.0-20200707034311-ab3426394381 From: golang.org/x/net/http2@v0.0.0-20200707034311-ab3426394381 Fixed in: 0.0.0-20211209124913-491a49abca63

✗ High severity vulnerability found in golang.org/x/net/http2 Description: Denial of Service Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3028257 Introduced through: golang.org/x/net/http2@v0.0.0-20200707034311-ab3426394381 From: golang.org/x/net/http2@v0.0.0-20200707034311-ab3426394381 Fixed in: 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1

✗ High severity vulnerability found in golang.org/x/net/http2 Description: Denial of Service (DoS) Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837 Introduced through: golang.org/x/net/http2@v0.0.0-20200707034311-ab3426394381 From: golang.org/x/net/http2@v0.0.0-20200707034311-ab3426394381 Fixed in: 0.7.0