CVE-2024-45338 - golang.org/x/net

[sbstn-dev]

Helm version: 1.11.0
App version: v2.11.0

AWS Inspector report vulnerabilities:

CVE-2024-45338 - golang.org/x/net

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Installed version / Fixed version
0.26.0 / 0.33.0

[shraddhabang]

@sbstn-dev Thanks for bringing this to our attention. I have updated it. We will soon release a patch for it.

[omegion]

@shraddhabang Why will you release the patch for this CVE?

[zac-nixon]

This is fixed by this release.
https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/tag/v2.12.0