upgrade golang.org/x/crypto to fix CVE-2025-47914, CVE-2025-58181 #3300
Description
Which version of the AzCopy was used?
10.31.0
Note: The version is visible when running AzCopy without any argument
Which platform are you using? (ex: Windows, Mac, Linux)
What command did you run?
Note: Please remove the SAS to avoid exposing your credentials. If you cannot remember the exact command, please retrieve it from the beginning of the log file.
What problem was encountered?
usr/local/bin/azcopy (gobinary)
===============================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)
┌─────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2025-47914 │ MEDIUM │ fixed │ v0.40.0 │ 0.45.0 │ SSH Agent servers do not validate the size of messages when │
│ │ │ │ │ │ │ processing... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-47914 │
│ ├────────────────┤ │ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2025-58181 │ │ │ │ │ SSH servers parsing GSSAPI authentication requests do not │
│ │ │ │ │ │ │ validate the ... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-58181 │
└─────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘