go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
vulndb/data/reports/GO-2021-0084.yaml

23 строки
710 B
YAML
Исходник Обычный вид История

all: refactor report packages into a list Combine the Report.{Module,Package,...} fields with the Report.AdditionalPackages field into a single Report.Packages field with a list of affected packages. Fixes #52836. Change-Id: I84432f242fdbdac5d8609f0406d1f12f925108be Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/405574 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com>
2022-05-11 01:03:50 +03:00
packages:
- module: github.com/astaxie/beego
package: github.com/astaxie/beego/session
symbols:
- FileProvider.SessionRead
- FileProvider.SessionRegenerate
versions:
all: use unprefixed SemVer 2.0.0 versions in reports Standardize on the same version syntax as OSV: X.Y.Z, no "v" prefix. Avoids confusion about what a "go"-prefixed version is: A tag (in which case we need to support "go1.19rc1") or a weird semver version? Fixes golang/go#52877. Change-Id: I4053e765f93d8c20a890d5481d264f009831b5b8 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/406155 Reviewed-by: Julie Qiu <julieqiu@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com>
2022-05-13 02:02:17 +03:00
- fixed: 1.12.2-0.20200613154013-bac2b31afecc
all: switch from toml to yaml Change-Id: I9fb36a246d0d532e44a28903998b9750cf794a85 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055925 Reviewed-by: Roland Shoemaker <bracewell@google.com>
2021-04-14 22:59:24 +03:00
description: |
reports: reformat Run `vulnreport format` on all reports. Change-Id: I442d0a3b12bf9a6e2e6b5c3ff5e201313d3929a1 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/382515 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Julie Qiu <julie@golang.org>
2022-02-02 20:53:36 +03:00
Session data is stored using permissive permissions, allowing local users
with filesystem access to read arbitrary data.
reports: add published date Change-Id: Ifb5126cfe601f7d2df9df92dbfc3b1a21e4f01bd Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/384835 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Julie Qiu <julie@golang.org>
2022-02-10 16:53:15 +03:00
published: 2021-04-14T20:04:52Z
reports: replace cve field with cves The CVE field will be deprecated for the CVEs field in a future CL, since having both fields is redundant. Change-Id: I4db220107a0899ae94d813ab8e0cde8af9b8a497 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/375394 Trust: Julie Qiu <julie@golang.org> Run-TryBot: Julie Qiu <julie@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
2022-01-04 23:37:42 +03:00
cves:
- CVE-2019-16354
reports: add GitHub Security Advisories Using vulnreport fix, populate the GHSA IDs for all existing reports. Change-Id: I09cabc16895994ccff1e2cab628a6c7b9d6a4bf4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/388677 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: kokoro <noreply+kokoro@google.com>
2022-03-01 18:04:31 +03:00
ghsas:
- GHSA-f6px-w8rh-7r89
reports: reformat Run `vulnreport format` on all reports. Change-Id: I442d0a3b12bf9a6e2e6b5c3ff5e201313d3929a1 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/382515 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Julie Qiu <julie@golang.org>
2022-02-02 20:53:36 +03:00
credit: '@nicowaisman'
all: switch from toml to yaml Change-Id: I9fb36a246d0d532e44a28903998b9750cf794a85 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055925 Reviewed-by: Roland Shoemaker <bracewell@google.com>
2021-04-14 22:59:24 +03:00
links:
reports: reformat Run `vulnreport format` on all reports. Change-Id: I442d0a3b12bf9a6e2e6b5c3ff5e201313d3929a1 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/382515 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Julie Qiu <julie@golang.org>
2022-02-02 20:53:36 +03:00
pr: https://github.com/beego/beego/pull/3975
commit: https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1
context:
- https://github.com/beego/beego/issues/3763