x/vulndb: potential Go vuln in github.com/edgelesssys/constellation/v2: GHSA-g8fc-vrcg-8vjg

[GoVulnBot]

In GitHub Security Advisory GHSA-g8fc-vrcg-8vjg, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/edgelesssys/constellation/v2	2.16.3	< 2.16.3

Cross references:

• Module github.com/edgelesssys/constellation/v2 appears in issue x/vulndb: potential Go vuln in github.com/edgelesssys/constellation/v2: GHSA-r2h5-3hgw-8j34 #1583 NOT_IMPORTABLE
• Module github.com/edgelesssys/constellation/v2 appears in issue x/vulndb: potential Go vuln in github.com/edgelesssys/constellation/v2: GHSA-6w5f-5wgr-qjg5 #1622 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/edgelesssys/constellation/v2
      versions:
        - fixed: 2.16.3
      vulnerable_at: 2.16.2
      packages:
        - package: github.com/edgelesssys/constellation/v2
summary: Constallation has pods exposed to peers in VPC
ghsas:
    - GHSA-g8fc-vrcg-8vjg
references:
    - advisory: https://github.com/edgelesssys/constellation/security/advisories/GHSA-g8fc-vrcg-8vjg
    - report: https://github.com/cilium/cilium/issues/25626
    - advisory: https://github.com/advisories/GHSA-g8fc-vrcg-8vjg

[gopherbot]

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

[gopherbot]

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

[gopherbot]

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports

[gopherbot]

Change https://go.dev/cl/590255 mentions this issue: data/reports: update GO-2024-2727

[gopherbot]

Change https://go.dev/cl/590275 mentions this issue: data/reports: update GO-2024-2727