[GH-ISSUE #3886] There are security issues in the current Golang dependencies 【go-jose】 and 【crypto】

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3082

gitea-mirror commented

2026-05-05 13:59:45 -06:00

Owner

Originally created by @YouZiFeiLe on GitHub (Dec 22, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3886

Bug Description

After conducting a security scan on the current version of frp, I found that there are security issues in the Golang dependencies go-jose and crypto, corresponding to GHSA-2c7c-3mj9-8fqh and CVE-2023-48795⁠, respectively.

Below is the description corresponding to the vulnerabilities.
https://scout.docker.com/v/GHSA-2c7c-3mj9-8fqh?utm_source=hub&utm_medium=ExternalLink
https://scout.docker.com/v/CVE-2023-48795?utm_source=hub&utm_medium=ExternalLink

The security vulnerability in go-jose has been fixed in version 3.0.1.
The security vulnerability in crypto has been fixed in version 0.17.0.

Please update the dependency package versions to the recommended versions.
Thank you.

frpc Version

0.53.2

frps Version

System Architecture

linux/amd64

Configurations

The Docker base image is "alpine:19," and the version of frp is "0.53.2."

Logs

No response

Steps to reproduce

...

Affected area

Docs
Installation
Performance and Scalability
Security
User Experience
Test and Release
Developer Infrastructure
Client Plugin
Server Plugin
Extensions
Others

Originally created by @YouZiFeiLe on GitHub (Dec 22, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3886 ### Bug Description After conducting a security scan on the current version of frp, I found that there are security issues in the Golang dependencies go-jose and crypto, corresponding to **GHSA-2c7c-3mj9-8fqh** and **CVE-2023-48795**⁠, respectively. Below is the description corresponding to the vulnerabilities. https://scout.docker.com/v/GHSA-2c7c-3mj9-8fqh?utm_source=hub&utm_medium=ExternalLink https://scout.docker.com/v/CVE-2023-48795?utm_source=hub&utm_medium=ExternalLink The security vulnerability in go-jose has been fixed in version 3.0.1. The security vulnerability in crypto has been fixed in version 0.17.0. _**Please update the dependency package versions to the recommended versions.**_ Thank you. ![Docker Scout](https://github.com/fatedier/frp/assets/70139052/ac7e081f-090b-4977-996d-9ee9887c8b69) ### frpc Version 0.53.2 ### frps Version 0.53.2 ### System Architecture linux/amd64 ### Configurations The Docker base image is "alpine:19," and the version of frp is "0.53.2." ### Logs _No response_ ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [X] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror closed this issue

2026-05-05 13:59:47 -06:00

Rows
Columns

[GH-ISSUE #3886] There are security issues in the current Golang dependencies 【go-jose】 and 【crypto】 #3082