Skip to content

Patch CVE Vulnerability CVE-2025-22868 with Golang OAuth2 Dependency for All Connector Plugins #307

New issue
New issue
Open
Open
Patch CVE Vulnerability CVE-2025-22868 with Golang OAuth2 Dependency for All Connector Plugins#307
@michaelvwu

Description

@michaelvwu
michaelvwu
opened on Jan 1, 2026

For all connector plugins, roll the version of golang.org/x/oauth2 from 0.4.0 to version 0.27.0-1 or higher (latest available is 0.34.0).

CVE-2025-22868: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

This CVE is rated high and should be patched immediately.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions