Skip to content

Tyk v5.11.0 CVEs #7787

Open
Open
Tyk v5.11.0 CVEs#7787
Labels
bugexternal
@Kle0s

Description

@Kle0s
Kle0s
opened on Feb 17, 2026

I scanned tyk 5.11.0 with Snyk and it produced the following results (I filter for high / critical severity vulnerabilities):

✗ High severity vulnerability found on golang.org/x/net/html@0.42.0
- desc: Inefficient Algorithmic Complexity
- info: https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516
- from: github.com/TykTechnologies/tyk@0.0.0 > golang.org/x/net/html/charset@0.42.0 > golang.org/x/net/html@0.42.0


✗ High severity vulnerability found on golang.org/x/net/html@0.42.0
- desc: Infinite loop
- info: https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740
- from: github.com/TykTechnologies/tyk@0.0.0 > golang.org/x/net/html/charset@0.42.0 > golang.org/x/net/html@0.42.0


✗ High severity vulnerability found on golang.org/x/net/html@0.42.0
- desc: Inefficient Algorithmic Complexity
- info: https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516
- from: github.com/TykTechnologies/tyk@0.0.0 > gopkg.in/xmlpath.v2@#860cbeca3ebc > golang.org/x/net/html@0.42.0


✗ High severity vulnerability found on golang.org/x/net/html@0.42.0
- desc: Infinite loop
- info: https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740
- from: github.com/TykTechnologies/tyk@0.0.0 > gopkg.in/xmlpath.v2@#860cbeca3ebc > golang.org/x/net/html@0.42.0


✗ High severity vulnerability found on golang.org/x/net/html@0.42.0
- desc: Inefficient Algorithmic Complexity
- info: https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237516
- from: github.com/TykTechnologies/tyk@0.0.0 > github.com/warpstreamlabs/bento/public/components/all@1.7.1 > github.com/warpstreamlabs/bento/public/components/pure/extended@1.7.1 > github.com/warpstreamlabs/bento/internal/impl/xml@1.7.1 > golang.org/x/net/html/charset@0.42.0 > golang.org/x/net/html@0.42.0


✗ High severity vulnerability found on golang.org/x/net/html@0.42.0
- desc: Infinite loop
- info: https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-15237740
- from: github.com/TykTechnologies/tyk@0.0.0 > github.com/warpstreamlabs/bento/public/components/all@1.7.1 > github.com/warpstreamlabs/bento/public/components/pure/extended@1.7.1 > github.com/warpstreamlabs/bento/internal/impl/xml@1.7.1 > golang.org/x/net/html/charset@0.42.0 > golang.org/x/net/html@0.42.0


✗ High severity vulnerability found on golang.org/x/net/html@0.42.0
- desc: Inefficient Algorithmic Complexity
- info: https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758
- from: github.com/TykTechnologies/tyk@0.0.0 > github.com/warpstreamlabs/bento/public/components/all@1.7.1 > github.com/warpstreamlabs/bento/public/components/otlp@1.7.1 > github.com/warpstreamlabs/bento/internal/impl/otlp@1.7.1 > go.opentelemetry.io/otel/sdk/trace@1.35.0 > go.opentelemetry.io/otel/sdk/resource@1.35.0


✗ High severity vulnerability found on go.opentelemetry.io/otel/sdk/resource@1.35.0
- desc: Untrusted Search Path
- info: https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758
- from: github.com/TykTechnologies/tyk@0.0.0 > github.com/warpstreamlabs/bento/public/components/all@1.7.1 > github.com/warpstreamlabs/bento/public/components/jaeger@1.7.1 > github.com/warpstreamlabs/bento/internal/impl/jaeger@1.7.1 > go.opentelemetry.io/otel/exporters/jaeger@1.17.0 > go.opentelemetry.io/otel/sdk/resource@1.35.0


✗ High severity vulnerability found on go.opentelemetry.io/otel/sdk/resource@1.35.0
- desc: Untrusted Search Path
- info: https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758
- from: github.com/TykTechnologies/tyk@0.0.0 > github.com/TykTechnologies/opentelemetry/trace@0.0.22 > go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@1.23.1 > go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/otlpconfig@1.23.1 > go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.23.1 > go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform@1.23.1 > go.opentelemetry.io/otel/sdk/resource@1.35.0


✗ High severity vulnerability found on go.opentelemetry.io/otel/sdk/resource@1.35.0
- desc: Untrusted Search Path
- info: https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758
- from: github.com/TykTechnologies/tyk@0.0.0 > github.com/warpstreamlabs/bento/public/components/all@1.7.1 > github.com/warpstreamlabs/bento/public/components/sql@1.7.1 > github.com/googleapis/go-sql-spanner@1.7.4 > cloud.google.com/go/spanner@1.71.0 > go.opentelemetry.io/contrib/detectors/gcp@1.32.0 > go.opentelemetry.io/otel/sdk/resource@1.35.0


✗ High severity vulnerability found on go.opentelemetry.io/otel/sdk/resource@1.35.0
- desc: Untrusted Search Path
- info: https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758
- from: github.com/TykTechnologies/tyk@0.0.0 > github.com/warpstreamlabs/bento/public/components/all@1.7.1 > github.com/warpstreamlabs/bento/public/components/sql@1.7.1 > github.com/googleapis/go-sql-spanner@1.7.4 > cloud.google.com/go/spanner@1.71.0 > go.opentelemetry.io/otel/sdk/metric@1.32.0 > go.opentelemetry.io/otel/sdk/resource@1.35.0


✗ High severity vulnerability found on go.opentelemetry.io/otel/sdk/resource@1.35.0
- desc: Untrusted Search Path
- info: https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758
- from: github.com/TykTechnologies/tyk@0.0.0 > github.com/warpstreamlabs/bento/public/components/all@1.7.1 > github.com/warpstreamlabs/bento/public/components/sql@1.7.1 > github.com/googleapis/go-sql-spanner@1.7.4 > cloud.google.com/go/spanner@1.71.0 > go.opentelemetry.io/otel/sdk/metric/metricdata@1.32.0 > go.opentelemetry.io/otel/sdk/resource@1.35.0


✗ High severity vulnerability found on go.opentelemetry.io/otel/sdk/resource@1.35.0
- desc: Untrusted Search Path
- info: https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758
- from: github.com/TykTechnologies/tyk@0.0.0 > github.com/TykTechnologies/opentelemetry/semconv/v1.0.0@0.0.22 > github.com/TykTechnologies/opentelemetry/trace@0.0.22 > go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@1.23.1 > go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/otlpconfig@1.23.1 > go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.23.1 > go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform@1.23.1 > go.opentelemetry.io/otel/sdk/resource@1.35.0


✗ High severity vulnerability found on go.opentelemetry.io/otel/sdk/resource@1.35.0
- desc: Untrusted Search Path
- info: https://snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758
- from: github.com/TykTechnologies/tyk@0.0.0 > github.com/warpstreamlabs/bento/public/components/all@1.7.1 > github.com/warpstreamlabs/bento/public/components/otlp@1.7.1 > github.com/warpstreamlabs/bento/internal/impl/otlp@1.7.1 > go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@1.23.1 > go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/otlpconfig@1.23.1 > go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.23.1 > go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform@1.23.1 > go.opentelemetry.io/otel/sdk/resource@1.35.0

If it's fine, I will solve them on a side branch

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugexternal

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions