vulndb/data/osv/GO-2022-1159.json

{
  "schema_version": "1.3.1",
  "id": "GO-2022-1159",
  "modified": "0001-01-01T00:00:00Z",
  "published": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2022-4123",
    "GHSA-rprg-4v7q-87v7"
  ],
  "summary": "Path traversal in github.com/containers/podman/v4",
  "details": "The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.",
  "affected": [
    {
      "package": {
        "name": "github.com/containers/podman/v4",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "4.1.0-rc1"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/containers/podman/v4/pkg/bindings/images",
            "symbols": [
              "Build",
              "nTar"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144989"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/pull/13531"
    }
  ],
  "credits": [
    {
      "name": "Sage McTaggart"
    }
  ],
  "database_specific": {
    "url": "https://pkg.go.dev/vuln/GO-2022-1159",
    "review_status": "REVIEWED"
  }
}
data/reports: add GO-2022-1159.yaml Aliases: CVE-2022-4123, GHSA-rprg-4v7q-87v7 Fixes golang/vulndb#1159 Change-Id: Ifabbcac5eb635f100c461b3aa5fbe6418ae76fd5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/459218 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> 2022-12-22 21:30:40 +03:00			`{`
internal/osv, all: move DatabaseSpecific osv field Moves DatabaseSpecific to be a field of the top-level osv.Entry, instead of a subfield of the Affected field. Change-Id: I8c80f8af268b51d57833268b89947838c53e407a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/481136 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2023-03-31 23:44:23 +03:00			`"schema_version": "1.3.1",`
data/reports: add GO-2022-1159.yaml Aliases: CVE-2022-4123, GHSA-rprg-4v7q-87v7 Fixes golang/vulndb#1159 Change-Id: Ifabbcac5eb635f100c461b3aa5fbe6418ae76fd5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/459218 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> 2022-12-22 21:30:40 +03:00			`"id": "GO-2022-1159",`
			`"modified": "0001-01-01T00:00:00Z",`
internal/osv, all: move DatabaseSpecific osv field Moves DatabaseSpecific to be a field of the top-level osv.Entry, instead of a subfield of the Affected field. Change-Id: I8c80f8af268b51d57833268b89947838c53e407a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/481136 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2023-03-31 23:44:23 +03:00			`"published": "0001-01-01T00:00:00Z",`
data/reports: add GO-2022-1159.yaml Aliases: CVE-2022-4123, GHSA-rprg-4v7q-87v7 Fixes golang/vulndb#1159 Change-Id: Ifabbcac5eb635f100c461b3aa5fbe6418ae76fd5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/459218 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> 2022-12-22 21:30:40 +03:00			`"aliases": [`
			`"CVE-2022-4123",`
			`"GHSA-rprg-4v7q-87v7"`
			`],`
internal/{osv,report}, data: publish summaries to OSV Modify ToOSV to publish the summary from the YAML report to OSV, and apply this change to each existing OSV report. For golang/go#56443 Change-Id: Iee78fe75f42fe9a52c6e4023ee9ad8dfa5feba8d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/501203 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> 2023-06-06 21:13:32 +03:00			`"summary": "Path traversal in github.com/containers/podman/v4",`
data/reports: add GO-2022-1159.yaml Aliases: CVE-2022-4123, GHSA-rprg-4v7q-87v7 Fixes golang/vulndb#1159 Change-Id: Ifabbcac5eb635f100c461b3aa5fbe6418ae76fd5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/459218 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> 2022-12-22 21:30:40 +03:00			`"details": "The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.",`
			`"affected": [`
			`{`
			`"package": {`
			`"name": "github.com/containers/podman/v4",`
			`"ecosystem": "Go"`
			`},`
			`"ranges": [`
			`{`
			`"type": "SEMVER",`
			`"events": [`
			`{`
			`"introduced": "4.1.0-rc1"`
			`}`
			`]`
			`}`
			`],`
			`"ecosystem_specific": {`
			`"imports": [`
			`{`
			`"path": "github.com/containers/podman/v4/pkg/bindings/images",`
			`"symbols": [`
			`"Build",`
			`"nTar"`
			`]`
			`}`
			`]`
			`}`
			`}`
			`],`
			`"references": [`
			`{`
			`"type": "REPORT",`
			`"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144989"`
			`},`
			`{`
			`"type": "WEB",`
			`"url": "https://github.com/containers/podman/pull/13531"`
			`}`
			`],`
			`"credits": [`
			`{`
			`"name": "Sage McTaggart"`
			`}`
data/reports: fix formatting for GO-2022-1159.yaml Aliases: CVE-2022-4123, GHSA-rprg-4v7q-87v7 Updates golang/vulndb#1159 Change-Id: I712242bc64fec3b69c163278133326883a1e9295 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466076 Reviewed-by: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> 2023-02-07 19:09:57 +03:00			`],`
internal/osv, all: move DatabaseSpecific osv field Moves DatabaseSpecific to be a field of the top-level osv.Entry, instead of a subfield of the Affected field. Change-Id: I8c80f8af268b51d57833268b89947838c53e407a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/481136 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2023-03-31 23:44:23 +03:00			`"database_specific": {`
data: apply REVIEWED status to all existing reports and osv Change-Id: I862c5bb24b9c08c29f0d437fd1be61da0319ef0d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/585517 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> 2024-05-14 22:19:00 +03:00			`"url": "https://pkg.go.dev/vuln/GO-2022-1159",`
			`"review_status": "REVIEWED"`
internal/osv, all: move DatabaseSpecific osv field Moves DatabaseSpecific to be a field of the top-level osv.Entry, instead of a subfield of the Affected field. Change-Id: I8c80f8af268b51d57833268b89947838c53e407a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/481136 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2023-03-31 23:44:23 +03:00			`}`
data/reports: add GO-2022-1159.yaml Aliases: CVE-2022-4123, GHSA-rprg-4v7q-87v7 Fixes golang/vulndb#1159 Change-Id: Ifabbcac5eb635f100c461b3aa5fbe6418ae76fd5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/459218 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> 2022-12-22 21:30:40 +03:00			`}`