For all connector plugins, roll the version of golang.org/x/oauth2 from 0.4.0 to version 0.27.0-1 or higher (latest available is 0.34.0). CVE-2025-22868: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. This CVE is rated high and should be patched immediately.
For all connector plugins, roll the version of golang.org/x/oauth2 from 0.4.0 to version 0.27.0-1 or higher (latest available is 0.34.0).
CVE-2025-22868: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
This CVE is rated high and should be patched immediately.