golang.org/x/oauth2-v0.22.0: 1 vulnerabilities (highest severity is: 7.5) #14
Description
Vulnerable Library - golang.org/x/oauth2-v0.22.0
Library home page: https://proxy.golang.org/golang.org/x/oauth2/@v/v0.22.0.zip
Path to dependency file: /go.mod
Path to vulnerable library: /home/wss-scanner/go/pkg/mod/cache/download/golang.org/x/oauth2/@v/v0.22.0.mod
Found in HEAD commit: a38d6324242b44e86f4799b7caed176ba9620b92
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (golang.org/x/oauth2-v0.22.0 version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2025-22868 |  High |
7.5 | golang.org/x/oauth2-v0.22.0 | Direct | v0.27.0 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2025-22868
Vulnerable Library - golang.org/x/oauth2-v0.22.0
Library home page: https://proxy.golang.org/golang.org/x/oauth2/@v/v0.22.0.zip
Path to dependency file: /go.mod
Path to vulnerable library: /home/wss-scanner/go/pkg/mod/cache/download/golang.org/x/oauth2/@v/v0.22.0.mod
Dependency Hierarchy:
- ❌ golang.org/x/oauth2-v0.22.0 (Vulnerable Library)
Found in HEAD commit: a38d6324242b44e86f4799b7caed176ba9620b92
Found in base branch: master
Vulnerability Details
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Publish Date: 2025-02-26
URL: CVE-2025-22868
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://pkg.go.dev/vuln/GO-2025-3488
Release Date: 2025-02-26
Fix Resolution: v0.27.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.