ACK Detected Controllers CVEs

[ack-bot]

CVE ID	Type	Severity	Installed Version	Fixed Version	Affected Controllers	Title
CVE-2025-47907	gobinary	UNKNOWN	1.24.5	1.23.12, 1.24.6	ALL	Cancelling a query (e.g. by cancelling the context passed to one of th ...
CVE-2025-22872	gobinary	MEDIUM	v0.37.0	0.38.0	[glue]	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
CVE-2025-22868	gobinary	HIGH	v0.23.0	0.27.0	[glue]	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

[github-actions]

Hello @ack-bot 👋 Thank you for opening an issue in ACK! A maintainer will triage this issue soon.

We encourage community contributions, so if you're interested in tackling this yourself or suggesting a solution, please check out our Contribution and Code of Conduct guidelines.

You can find more information about ACK on our website.

[knottnt]

• Go upgraded to 1.24.6 in 0.51.0 runtime/code-gen releases
• Glue controller golang.org/x/net and golang.org/x/oauth2 updated in v0.2.0

/close

[ack-prow]

@knottnt: Closing this issue.

In response to this:

• Go upgraded to 1.24.6 in 0.51.0 runtime/code-gen releases
• Glue controller golang.org/x/net and golang.org/x/oauth2 updated in v0.2.0

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.