go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

data/reports: unexclude 20 reports (23) 

- data/reports/GO-2022-0798.yaml
  - data/reports/GO-2022-0799.yaml
  - data/reports/GO-2022-0802.yaml
  - data/reports/GO-2022-0803.yaml
  - data/reports/GO-2022-0804.yaml
  - data/reports/GO-2022-0805.yaml
  - data/reports/GO-2022-0806.yaml
  - data/reports/GO-2022-0807.yaml
  - data/reports/GO-2022-0808.yaml
  - data/reports/GO-2022-0812.yaml
  - data/reports/GO-2022-0813.yaml
  - data/reports/GO-2022-0814.yaml
  - data/reports/GO-2022-0815.yaml
  - data/reports/GO-2022-0816.yaml
  - data/reports/GO-2022-0818.yaml
  - data/reports/GO-2022-0821.yaml
  - data/reports/GO-2022-0822.yaml
  - data/reports/GO-2022-0823.yaml
  - data/reports/GO-2022-0824.yaml
  - data/reports/GO-2022-0825.yaml

Updates golang/vulndb#798
Updates golang/vulndb#799
Updates golang/vulndb#802
Updates golang/vulndb#803
Updates golang/vulndb#804
Updates golang/vulndb#805
Updates golang/vulndb#806
Updates golang/vulndb#807
Updates golang/vulndb#808
Updates golang/vulndb#812
Updates golang/vulndb#813
Updates golang/vulndb#814
Updates golang/vulndb#815
Updates golang/vulndb#816
Updates golang/vulndb#818
Updates golang/vulndb#821
Updates golang/vulndb#822
Updates golang/vulndb#823
Updates golang/vulndb#824
Updates golang/vulndb#825

Change-Id: If3469fec8f77b4c0cb66f59e67946a1fd7c293ae
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607225
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
This commit is contained in:
Tatiana Bradley 2024-08-20 15:31:55 -04:00 коммит произвёл Gopher Robot
Родитель 9ef3199f42
Коммит 13dd5c6ce4
60 изменённых файлов: 1799 добавлений и 160 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
data/excluded/GO-2022-0798.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0798
excluded: NOT_IMPORTABLE
modules:
- module: github.com/google/exposure-notifications-verification-server
cves:
- CVE-2021-22538
ghsas:
- GHSA-5v95-v8c8-3rh6

8
data/excluded/GO-2022-0799.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0799
excluded: NOT_IMPORTABLE
modules:
- module: github.com/mholt/archiver
cves:
- CVE-2018-1002207
ghsas:
- GHSA-5wmg-j84w-4jj4

8
data/excluded/GO-2022-0802.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0802
excluded: NOT_IMPORTABLE
modules:
- module: github.com/kubernetes/kubernetes
cves:
- CVE-2019-11251
ghsas:
- GHSA-6qfg-8799-r575

8
data/excluded/GO-2022-0803.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0803
excluded: NOT_IMPORTABLE
modules:
- module: github.com/containerd/containerd
cves:
- CVE-2020-15157
ghsas:
- GHSA-742w-89gc-8m9c

8
data/excluded/GO-2022-0804.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0804
excluded: NOT_IMPORTABLE
modules:
- module: github.com/hashicorp/vault-plugin-secrets-gcp
cves:
- CVE-2020-12757
ghsas:
- GHSA-75pc-qvwc-jf3g

8
data/excluded/GO-2022-0805.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0805
excluded: NOT_IMPORTABLE
modules:
- module: github.com/u-root/u-root
cves:
- CVE-2020-7669
ghsas:
- GHSA-75qf-wgfj-v652

8
data/excluded/GO-2022-0806.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0806
excluded: NOT_IMPORTABLE
modules:
- module: github.com/hashicorp/nomad
cves:
- CVE-2020-27195
ghsas:
- GHSA-77cr-6gr8-7rr9

8
data/excluded/GO-2022-0807.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0807
excluded: NOT_IMPORTABLE
modules:
- module: github.com/lightningnetwork/lnd
cves:
- CVE-2019-12999
ghsas:
- GHSA-78hj-86cr-6j2v

8
data/excluded/GO-2022-0808.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0808
excluded: NOT_IMPORTABLE
modules:
- module: github.com/traefik/traefik
cves:
- CVE-2020-9321
ghsas:
- GHSA-7h6j-2268-fhcm

8
data/excluded/GO-2022-0812.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0812
excluded: NOT_IMPORTABLE
modules:
- module: github.com/go-vela/server
cves:
- CVE-2021-21432
ghsas:
- GHSA-8j3f-mhq8-gmh4

8
data/excluded/GO-2022-0813.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0813
excluded: NOT_IMPORTABLE
modules:
- module: github.com/cosmos/ethermint
cves:
- CVE-2021-25834
ghsas:
- GHSA-93p5-8fqw-wjx3

8
data/excluded/GO-2022-0814.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0814
excluded: NOT_IMPORTABLE
modules:
- module: github.com/ethereum/go-ethereum
cves:
- CVE-2018-19184
ghsas:
- GHSA-9h4h-8w5p-f28w

8
data/excluded/GO-2022-0815.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0815
excluded: NOT_IMPORTABLE
modules:
- module: github.com/opencontainers/umoci
cves:
- CVE-2021-29136
ghsas:
- GHSA-9m95-8hx6-7p9v

8
data/excluded/GO-2022-0816.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0816
excluded: NOT_IMPORTABLE
modules:
- module: github.com/hashicorp/vault
cves:
- CVE-2020-7220
ghsas:
- GHSA-9vh5-r4qw-v3vv

8
data/excluded/GO-2022-0818.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0818
excluded: NOT_IMPORTABLE
modules:
- module: github.com/goharbor/harbor/src
cves:
- CVE-2019-16097
ghsas:
- GHSA-9wvh-ff5f-xjpj

8
data/excluded/GO-2022-0821.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0821
excluded: NOT_IMPORTABLE
modules:
- module: github.com/hashicorp/nomad
cves:
- CVE-2020-7956
ghsas:
- GHSA-cj2h-ww36-v932

8
data/excluded/GO-2022-0822.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0822
excluded: NOT_IMPORTABLE
modules:
- module: gogs.io/gogs
cves:
- CVE-2018-15178
ghsas:
- GHSA-cpgw-2wxr-pww3

8
data/excluded/GO-2022-0823.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0823
excluded: NOT_IMPORTABLE
modules:
- module: github.com/go-gitea/gitea
cves:
- CVE-2018-1000803
ghsas:
- GHSA-f5fj-7265-jxhj

8
data/excluded/GO-2022-0824.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0824
excluded: NOT_IMPORTABLE
modules:
- module: github.com/hashicorp/vault-ssh-helper
cves:
- CVE-2020-24359
ghsas:
- GHSA-f9fq-vjvh-779p

8
data/excluded/GO-2022-0825.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0825
excluded: NOT_IMPORTABLE
modules:
- module: github.com/hashicorp/vault
cves:
- CVE-2020-16250
ghsas:
- GHSA-fp52-qw33-mfmw

60
data/osv/GO-2022-0798.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0798",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2021-22538",
"GHSA-5v95-v8c8-3rh6"
],
"summary": "Privilege escalation in rbac in github.com/google/exposure-notifications-verification-server",
"details": "Privilege escalation in rbac in github.com/google/exposure-notifications-verification-server",
"affected": [
{
"package": {
"name": "github.com/google/exposure-notifications-verification-server",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-5v95-v8c8-3rh6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22538"
},
{
"type": "FIX",
"url": "https://github.com/google/exposure-notifications-verification-server/commit/eb8cf40b12dbe79304f1133c06fb73419383cd95"
},
{
"type": "WEB",
"url": "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.23.1"
},
{
"type": "WEB",
"url": "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.24.0"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0798",
"review_status": "UNREVIEWED"
}
}

68
data/osv/GO-2022-0799.json Normal file
Просмотреть файл

@ -0,0 +1,68 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0799",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-1002207",
"GHSA-5wmg-j84w-4jj4"
],
"summary": "Arbitrary File Write via Archive Extraction in mholt/archiver in github.com/mholt/archiver",
"details": "Arbitrary File Write via Archive Extraction in mholt/archiver in github.com/mholt/archiver",
"affected": [
{
"package": {
"name": "github.com/mholt/archiver",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.0+incompatible"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5wmg-j84w-4jj4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002207"
},
{
"type": "FIX",
"url": "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
},
{
"type": "FIX",
"url": "https://github.com/mholt/archiver/pull/65"
},
{
"type": "WEB",
"url": "https://github.com/snyk/zip-slip-vulnerability"
},
{
"type": "WEB",
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0799",
"review_status": "UNREVIEWED"
}
}

72
data/osv/GO-2022-0802.json Normal file
Просмотреть файл

@ -0,0 +1,72 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0802",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2019-11251",
"GHSA-6qfg-8799-r575"
],
"summary": "Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes",
"details": "Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.13.10"
},
{
"fixed": "1.13.11"
},
{
"introduced": "1.14.6"
},
{
"fixed": "1.14.7"
},
{
"introduced": "1.15.3"
},
{
"fixed": "1.16.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-6qfg-8799-r575"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11251"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/87773"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/82143"
},
{
"type": "WEB",
"url": "https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0802",
"review_status": "UNREVIEWED"
}
}

68
data/osv/GO-2022-0803.json Normal file
Просмотреть файл

@ -0,0 +1,68 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0803",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-15157",
"GHSA-742w-89gc-8m9c"
],
"summary": "containerd v1.2.x can be coerced into leaking credentials during image pull in github.com/containerd/containerd",
"details": "containerd v1.2.x can be coerced into leaking credentials during image pull in github.com/containerd/containerd",
"affected": [
{
"package": {
"name": "github.com/containerd/containerd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.14"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15157"
},
{
"type": "FIX",
"url": "https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726"
},
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/releases/tag/v1.2.14"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4589-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4589-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4865"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0803",
"review_status": "UNREVIEWED"
}
}

68
data/osv/GO-2022-0804.json Normal file
Просмотреть файл

@ -0,0 +1,68 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0804",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-12757",
"GHSA-75pc-qvwc-jf3g"
],
"summary": "Improper Input Validation in HashiCorp Vault in github.com/hashicorp/vault-plugin-secrets-gcp",
"details": "Improper Input Validation in HashiCorp Vault in github.com/hashicorp/vault-plugin-secrets-gcp",
"affected": [
{
"package": {
"name": "github.com/hashicorp/vault-plugin-secrets-gcp",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-75pc-qvwc-jf3g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12757"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/vault-plugin-secrets-gcp/commit/e43d20870c50f7428dead1411debcec075b35fb4"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/85"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
},
{
"type": "WEB",
"url": "https://www.hashicorp.com/blog/category/vault"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0804",
"review_status": "UNREVIEWED"
}
}

64
data/osv/GO-2022-0805.json Normal file
Просмотреть файл

@ -0,0 +1,64 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0805",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-7669",
"GHSA-75qf-wgfj-v652"
],
"summary": "github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip) in github.com/u-root/u-root",
"details": "github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip) in github.com/u-root/u-root",
"affected": [
{
"package": {
"name": "github.com/u-root/u-root",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-75qf-wgfj-v652"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7669"
},
{
"type": "FIX",
"url": "https://github.com/u-root/u-root/pull/1817"
},
{
"type": "FIX",
"url": "https://github.com/u-root/u-root/pull/2344"
},
{
"type": "REPORT",
"url": "https://github.com/u-root/u-root/issues/2449"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGTARUTIL-570428"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0805",
"review_status": "UNREVIEWED"
}
}

76
data/osv/GO-2022-0806.json Normal file
Просмотреть файл

@ -0,0 +1,76 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0806",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-27195",
"GHSA-77cr-6gr8-7rr9"
],
"summary": "Use After Free in HashiCorp Nomad in github.com/hashicorp/nomad",
"details": "Use After Free in HashiCorp Nomad in github.com/hashicorp/nomad",
"affected": [
{
"package": {
"name": "github.com/hashicorp/nomad",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.9.0"
},
{
"fixed": "0.10.6"
},
{
"introduced": "0.11.0"
},
{
"fixed": "0.11.5"
},
{
"introduced": "0.12.0"
},
{
"fixed": "0.12.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-77cr-6gr8-7rr9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27195"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/nomad/pull/9139"
},
{
"type": "REPORT",
"url": "https://github.com/hashicorp/nomad/issues/9129"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020"
},
{
"type": "WEB",
"url": "https://www.nomadproject.io/downloads"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0806",
"review_status": "UNREVIEWED"
}
}

64
data/osv/GO-2022-0807.json Normal file
Просмотреть файл

@ -0,0 +1,64 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0807",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2019-12999",
"GHSA-78hj-86cr-6j2v"
],
"summary": "Improper Access Control in Lightning Network Daemon in github.com/lightningnetwork/lnd",
"details": "Improper Access Control in Lightning Network Daemon in github.com/lightningnetwork/lnd",
"affected": [
{
"package": {
"name": "github.com/lightningnetwork/lnd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.1-beta"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-78hj-86cr-6j2v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12999"
},
{
"type": "FIX",
"url": "https://github.com/lightningnetwork/lnd/commits/master"
},
{
"type": "WEB",
"url": "https://github.com/lightninglabs/chanleakcheck"
},
{
"type": "WEB",
"url": "https://github.com/lightningnetwork/lnd/releases/tag/v0.7.0-beta"
},
{
"type": "WEB",
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0807",
"review_status": "UNREVIEWED"
}
}

90
data/osv/GO-2022-0808.json Normal file
Просмотреть файл

@ -0,0 +1,90 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0808",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-9321",
"GHSA-7h6j-2268-fhcm"
],
"summary": "Improper Certificate Handling in github.com/containous/traefik",
"details": "Improper Certificate Handling in github.com/containous/traefik",
"affected": [
{
"package": {
"name": "github.com/containous/traefik",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/containous/traefik/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/traefik/traefik",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-7h6j-2268-fhcm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9321"
},
{
"type": "FIX",
"url": "https://github.com/traefik/traefik/pull/6281"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/releases/tag/v2.1.4"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0808",
"review_status": "UNREVIEWED"
}
}

64
data/osv/GO-2022-0812.json Normal file
Просмотреть файл

@ -0,0 +1,64 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0812",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2021-21432",
"GHSA-8j3f-mhq8-gmh4"
],
"summary": "Reject unauthorized access with GitHub PATs in github.com/go-vela/server",
"details": "Reject unauthorized access with GitHub PATs in github.com/go-vela/server",
"affected": [
{
"package": {
"name": "github.com/go-vela/server",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.7.0"
},
{
"fixed": "0.7.5"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/go-vela/server/security/advisories/GHSA-8j3f-mhq8-gmh4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21432"
},
{
"type": "FIX",
"url": "https://github.com/go-vela/server/commit/cb4352918b8ecace9fe969b90404d337b0744d46"
},
{
"type": "FIX",
"url": "https://github.com/go-vela/server/pull/337"
},
{
"type": "WEB",
"url": "https://github.com/go-vela/server/releases/tag/v0.7.5"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/github.com/go-vela/server"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0812",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2022-0813.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0813",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2021-25834",
"GHSA-93p5-8fqw-wjx3"
],
"summary": "Authentication bypass by capture-replay in github.com/cosmos/ethermint",
"details": "Authentication bypass by capture-replay in github.com/cosmos/ethermint",
"affected": [
{
"package": {
"name": "github.com/cosmos/ethermint",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-93p5-8fqw-wjx3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25834"
},
{
"type": "FIX",
"url": "https://github.com/cosmos/ethermint/commit/d7bdbd7488644f0aaeee5cdcdc119c863f199f72"
},
{
"type": "REPORT",
"url": "https://github.com/cosmos/ethermint/issues/686"
},
{
"type": "WEB",
"url": "https://github.com/cosmos/ethermint/releases/tag/v0.4.1"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0813",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2022-0814.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0814",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-19184",
"GHSA-9h4h-8w5p-f28w"
],
"summary": "Go Ethereum Denial of Service in github.com/ethereum/go-ethereum",
"details": "Go Ethereum Denial of Service in github.com/ethereum/go-ethereum",
"affected": [
{
"package": {
"name": "github.com/ethereum/go-ethereum",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.14"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9h4h-8w5p-f28w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19184"
},
{
"type": "FIX",
"url": "https://github.com/ethereum/go-ethereum/commit/83e2761c3a13524bd5d6597ac08994488cf872ef"
},
{
"type": "FIX",
"url": "https://github.com/ethereum/go-ethereum/commit/fb9f7261ec51e38eedb454594fc19f00de1a6834"
},
{
"type": "REPORT",
"url": "https://github.com/ethereum/go-ethereum/issues/18069"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0814",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2022-0815.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0815",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2021-29136",
"GHSA-9m95-8hx6-7p9v"
],
"summary": "Improper input validation in umoci in github.com/opencontainers/umoci",
"details": "Improper input validation in umoci in github.com/opencontainers/umoci",
"affected": [
{
"package": {
"name": "github.com/opencontainers/umoci",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.7"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29136"
},
{
"type": "FIX",
"url": "https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/04/06/2"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0815",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2022-0816.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0816",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-7220",
"GHSA-9vh5-r4qw-v3vv"
],
"summary": "Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault",
"details": "Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault",
"affected": [
{
"package": {
"name": "github.com/hashicorp/vault",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.11.0"
},
{
"fixed": "1.3.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9vh5-r4qw-v3vv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7220"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020"
},
{
"type": "WEB",
"url": "https://www.hashicorp.com/blog/category/vault"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0816",
"review_status": "UNREVIEWED"
}
}

76
data/osv/GO-2022-0818.json Normal file
Просмотреть файл

@ -0,0 +1,76 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0818",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2019-16097",
"GHSA-9wvh-ff5f-xjpj"
],
"summary": "Missing Authorization in Harbor in github.com/goharbor/harbor",
"details": "Missing Authorization in Harbor in github.com/goharbor/harbor",
"affected": [
{
"package": {
"name": "github.com/goharbor/harbor",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.9.0-rc1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9wvh-ff5f-xjpj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16097"
},
{
"type": "FIX",
"url": "https://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0015.html"
},
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1"
},
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/releases/tag/v1.7.6"
},
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/releases/tag/v1.8.3"
},
{
"type": "WEB",
"url": "https://github.com/ianxtianxt/CVE-2019-16097"
},
{
"type": "WEB",
"url": "https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0818",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2022-0821.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0821",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-7956",
"GHSA-cj2h-ww36-v932"
],
"summary": "Improper Certificate Validation in HashiCorp Nomad in github.com/hashicorp/nomad",
"details": "Improper Certificate Validation in HashiCorp Nomad in github.com/hashicorp/nomad",
"affected": [
{
"package": {
"name": "github.com/hashicorp/nomad",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cj2h-ww36-v932"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7956"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/nomad/pull/7023"
},
{
"type": "REPORT",
"url": "https://github.com/hashicorp/nomad/issues/7003"
},
{
"type": "WEB",
"url": "https://www.hashicorp.com/blog/category/nomad"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0821",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2022-0822.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0822",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-15178",
"GHSA-cpgw-2wxr-pww3"
],
"summary": "Open Redirect in gogs.io/gogs",
"details": "Open Redirect in gogs.io/gogs",
"affected": [
{
"package": {
"name": "gogs.io/gogs",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cpgw-2wxr-pww3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15178"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/commit/1f247cf8139cb483276cd8dd06385a800ce9d4b2"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/issues/5364"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/pull/5365"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0822",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2022-0823.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0823",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-1000803",
"GHSA-f5fj-7265-jxhj"
],
"summary": "Gitea Exposes Private Email Addresses in github.com/go-gitea/gitea",
"details": "Gitea Exposes Private Email Addresses in github.com/go-gitea/gitea",
"affected": [
{
"package": {
"name": "github.com/go-gitea/gitea",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-f5fj-7265-jxhj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000803"
},
{
"type": "FIX",
"url": "https://github.com/go-gitea/gitea/commit/194a11eb110cd98fc2ba52861abf7770db6885a3"
},
{
"type": "FIX",
"url": "https://github.com/go-gitea/gitea/pull/4664"
},
{
"type": "FIX",
"url": "https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0823",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2022-0824.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0824",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-24359",
"GHSA-f9fq-vjvh-779p"
],
"summary": "Improper Input Validation in vault-ssh-helper in github.com/hashicorp/vault-ssh-helper",
"details": "Improper Input Validation in vault-ssh-helper in github.com/hashicorp/vault-ssh-helper",
"affected": [
{
"package": {
"name": "github.com/hashicorp/vault-ssh-helper",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-f9fq-vjvh-779p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24359"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/vault-ssh-helper/commit/83effd08cbcbe4b993d776bd9b39465cd9e4603f"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/vault-ssh-helper/blob/master/CHANGELOG.md#020-august-19-2020"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/vault-ssh-helper/releases"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0824",
"review_status": "UNREVIEWED"
}
}

78
data/osv/GO-2022-0825.json Normal file
Просмотреть файл

@ -0,0 +1,78 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0825",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-16250",
"GHSA-fp52-qw33-mfmw"
],
"summary": "Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault",
"details": "Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault",
"affected": [
{
"package": {
"name": "github.com/hashicorp/vault",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.8.1"
},
{
"fixed": "1.2.5"
},
{
"introduced": "1.3.0"
},
{
"fixed": "1.3.8"
},
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.4"
},
{
"introduced": "1.5.0"
},
{
"fixed": "1.5.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fp52-qw33-mfmw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16250"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"type": "WEB",
"url": "https://www.hashicorp.com/blog/category/vault"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0825",
"review_status": "UNREVIEWED"
}
}

22
data/reports/GO-2022-0798.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0798
modules:
- module: github.com/google/exposure-notifications-verification-server
versions:
- fixed: 0.23.1
vulnerable_at: 0.23.0
summary: Privilege escalation in rbac in github.com/google/exposure-notifications-verification-server
cves:
- CVE-2021-22538
ghsas:
- GHSA-5v95-v8c8-3rh6
references:
- advisory: https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-5v95-v8c8-3rh6
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-22538
- fix: https://github.com/google/exposure-notifications-verification-server/commit/eb8cf40b12dbe79304f1133c06fb73419383cd95
- web: https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.23.1
- web: https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.24.0
source:
id: GHSA-5v95-v8c8-3rh6
created: 2024-08-20T14:16:25.380773-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

24
data/reports/GO-2022-0799.yaml Normal file
Просмотреть файл

@ -0,0 +1,24 @@
id: GO-2022-0799
modules:
- module: github.com/mholt/archiver
versions:
- fixed: 2.1.0+incompatible
vulnerable_at: 2.0.0+incompatible
summary: Arbitrary File Write via Archive Extraction in mholt/archiver in github.com/mholt/archiver
cves:
- CVE-2018-1002207
ghsas:
- GHSA-5wmg-j84w-4jj4
references:
- advisory: https://github.com/advisories/GHSA-5wmg-j84w-4jj4
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-1002207
- fix: https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3
- fix: https://github.com/mholt/archiver/pull/65
- web: https://github.com/snyk/zip-slip-vulnerability
- web: https://snyk.io/research/zip-slip-vulnerability
- web: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071
source:
id: GHSA-5wmg-j84w-4jj4
created: 2024-08-20T14:16:29.011996-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

27
data/reports/GO-2022-0802.yaml Normal file
Просмотреть файл

@ -0,0 +1,27 @@
id: GO-2022-0802
modules:
- module: k8s.io/kubernetes
versions:
- introduced: 1.13.10
- fixed: 1.13.11
- introduced: 1.14.6
- fixed: 1.14.7
- introduced: 1.15.3
- fixed: 1.16.0
vulnerable_at: 1.16.0-rc.2
summary: Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
cves:
- CVE-2019-11251
ghsas:
- GHSA-6qfg-8799-r575
references:
- advisory: https://github.com/advisories/GHSA-6qfg-8799-r575
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-11251
- web: https://github.com/kubernetes/kubernetes/issues/87773
- web: https://github.com/kubernetes/kubernetes/pull/82143
- web: https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ
source:
id: GHSA-6qfg-8799-r575
created: 2024-08-20T14:17:23.474092-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

24
data/reports/GO-2022-0803.yaml Normal file
Просмотреть файл

@ -0,0 +1,24 @@
id: GO-2022-0803
modules:
- module: github.com/containerd/containerd
versions:
- fixed: 1.2.14
vulnerable_at: 1.2.13
summary: containerd v1.2.x can be coerced into leaking credentials during image pull in github.com/containerd/containerd
cves:
- CVE-2020-15157
ghsas:
- GHSA-742w-89gc-8m9c
references:
- advisory: https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-15157
- fix: https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726
- web: https://github.com/containerd/containerd/releases/tag/v1.2.14
- web: https://usn.ubuntu.com/4589-1
- web: https://usn.ubuntu.com/4589-2
- web: https://www.debian.org/security/2021/dsa-4865
source:
id: GHSA-742w-89gc-8m9c
created: 2024-08-20T14:17:29.924976-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

24
data/reports/GO-2022-0804.yaml Normal file
Просмотреть файл

@ -0,0 +1,24 @@
id: GO-2022-0804
modules:
- module: github.com/hashicorp/vault-plugin-secrets-gcp
versions:
- fixed: 0.6.2
vulnerable_at: 0.6.1
summary: Improper Input Validation in HashiCorp Vault in github.com/hashicorp/vault-plugin-secrets-gcp
cves:
- CVE-2020-12757
ghsas:
- GHSA-75pc-qvwc-jf3g
references:
- advisory: https://github.com/advisories/GHSA-75pc-qvwc-jf3g
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-12757
- fix: https://github.com/hashicorp/vault-plugin-secrets-gcp/commit/e43d20870c50f7428dead1411debcec075b35fb4
- fix: https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/85
- web: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md
- web: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020
- web: https://www.hashicorp.com/blog/category/vault
source:
id: GHSA-75pc-qvwc-jf3g
created: 2024-08-20T14:17:54.158905-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

25
data/reports/GO-2022-0805.yaml Normal file
Просмотреть файл

@ -0,0 +1,25 @@
id: GO-2022-0805
modules:
- module: github.com/u-root/u-root
versions:
- fixed: 0.9.0
vulnerable_at: 0.8.0
summary: |-
github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction
(Zip Slip) in github.com/u-root/u-root
cves:
- CVE-2020-7669
ghsas:
- GHSA-75qf-wgfj-v652
references:
- advisory: https://github.com/advisories/GHSA-75qf-wgfj-v652
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-7669
- fix: https://github.com/u-root/u-root/pull/1817
- fix: https://github.com/u-root/u-root/pull/2344
- report: https://github.com/u-root/u-root/issues/2449
- web: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGTARUTIL-570428
source:
id: GHSA-75qf-wgfj-v652
created: 2024-08-20T14:18:00.419942-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

28
data/reports/GO-2022-0806.yaml Normal file
Просмотреть файл

@ -0,0 +1,28 @@
id: GO-2022-0806
modules:
- module: github.com/hashicorp/nomad
versions:
- introduced: 0.9.0
- fixed: 0.10.6
- introduced: 0.11.0
- fixed: 0.11.5
- introduced: 0.12.0
- fixed: 0.12.6
vulnerable_at: 0.12.5
summary: Use After Free in HashiCorp Nomad in github.com/hashicorp/nomad
cves:
- CVE-2020-27195
ghsas:
- GHSA-77cr-6gr8-7rr9
references:
- advisory: https://github.com/advisories/GHSA-77cr-6gr8-7rr9
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-27195
- fix: https://github.com/hashicorp/nomad/pull/9139
- report: https://github.com/hashicorp/nomad/issues/9129
- web: https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020
- web: https://www.nomadproject.io/downloads
source:
id: GHSA-77cr-6gr8-7rr9
created: 2024-08-20T14:18:04.685237-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

23
data/reports/GO-2022-0807.yaml Normal file
Просмотреть файл

@ -0,0 +1,23 @@
id: GO-2022-0807
modules:
- module: github.com/lightningnetwork/lnd
versions:
- fixed: 0.7.1-beta
vulnerable_at: 0.7.0-beta-rc3
summary: Improper Access Control in Lightning Network Daemon in github.com/lightningnetwork/lnd
cves:
- CVE-2019-12999
ghsas:
- GHSA-78hj-86cr-6j2v
references:
- advisory: https://github.com/advisories/GHSA-78hj-86cr-6j2v
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-12999
- fix: https://github.com/lightningnetwork/lnd/commits/master
- web: https://github.com/lightninglabs/chanleakcheck
- web: https://github.com/lightningnetwork/lnd/releases/tag/v0.7.0-beta
- web: https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html
source:
id: GHSA-78hj-86cr-6j2v
created: 2024-08-20T14:18:10.969183-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

25
data/reports/GO-2022-0808.yaml Normal file
Просмотреть файл

@ -0,0 +1,25 @@
id: GO-2022-0808
modules:
- module: github.com/containous/traefik
vulnerable_at: 1.7.34
- module: github.com/containous/traefik/v2
versions:
- fixed: 2.1.4
vulnerable_at: 2.1.3
- module: github.com/traefik/traefik
vulnerable_at: 1.7.34
summary: Improper Certificate Handling in github.com/containous/traefik
cves:
- CVE-2020-9321
ghsas:
- GHSA-7h6j-2268-fhcm
references:
- advisory: https://github.com/advisories/GHSA-7h6j-2268-fhcm
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-9321
- fix: https://github.com/traefik/traefik/pull/6281
- web: https://github.com/traefik/traefik/releases/tag/v2.1.4
source:
id: GHSA-7h6j-2268-fhcm
created: 2024-08-20T14:18:15.586932-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

24
data/reports/GO-2022-0812.yaml Normal file
Просмотреть файл

@ -0,0 +1,24 @@
id: GO-2022-0812
modules:
- module: github.com/go-vela/server
versions:
- introduced: 0.7.0
- fixed: 0.7.5
vulnerable_at: 0.7.4
summary: Reject unauthorized access with GitHub PATs in github.com/go-vela/server
cves:
- CVE-2021-21432
ghsas:
- GHSA-8j3f-mhq8-gmh4
references:
- advisory: https://github.com/go-vela/server/security/advisories/GHSA-8j3f-mhq8-gmh4
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-21432
- fix: https://github.com/go-vela/server/commit/cb4352918b8ecace9fe969b90404d337b0744d46
- fix: https://github.com/go-vela/server/pull/337
- web: https://github.com/go-vela/server/releases/tag/v0.7.5
- web: https://pkg.go.dev/github.com/go-vela/server
source:
id: GHSA-8j3f-mhq8-gmh4
created: 2024-08-20T14:19:08.367568-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2022-0813.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0813
modules:
- module: github.com/cosmos/ethermint
versions:
- fixed: 0.4.1
vulnerable_at: 0.4.0
summary: Authentication bypass by capture-replay in github.com/cosmos/ethermint
cves:
- CVE-2021-25834
ghsas:
- GHSA-93p5-8fqw-wjx3
references:
- advisory: https://github.com/advisories/GHSA-93p5-8fqw-wjx3
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-25834
- fix: https://github.com/cosmos/ethermint/commit/d7bdbd7488644f0aaeee5cdcdc119c863f199f72
- report: https://github.com/cosmos/ethermint/issues/686
- web: https://github.com/cosmos/ethermint/releases/tag/v0.4.1
source:
id: GHSA-93p5-8fqw-wjx3
created: 2024-08-20T14:19:13.52527-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2022-0814.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0814
modules:
- module: github.com/ethereum/go-ethereum
versions:
- fixed: 1.8.14
vulnerable_at: 1.8.13
summary: Go Ethereum Denial of Service in github.com/ethereum/go-ethereum
cves:
- CVE-2018-19184
ghsas:
- GHSA-9h4h-8w5p-f28w
references:
- advisory: https://github.com/advisories/GHSA-9h4h-8w5p-f28w
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-19184
- fix: https://github.com/ethereum/go-ethereum/commit/83e2761c3a13524bd5d6597ac08994488cf872ef
- fix: https://github.com/ethereum/go-ethereum/commit/fb9f7261ec51e38eedb454594fc19f00de1a6834
- report: https://github.com/ethereum/go-ethereum/issues/18069
source:
id: GHSA-9h4h-8w5p-f28w
created: 2024-08-20T14:19:17.754602-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

21
data/reports/GO-2022-0815.yaml Normal file
Просмотреть файл

@ -0,0 +1,21 @@
id: GO-2022-0815
modules:
- module: github.com/opencontainers/umoci
versions:
- fixed: 0.4.7
vulnerable_at: 0.4.6
summary: Improper input validation in umoci in github.com/opencontainers/umoci
cves:
- CVE-2021-29136
ghsas:
- GHSA-9m95-8hx6-7p9v
references:
- advisory: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-29136
- fix: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57
- web: http://www.openwall.com/lists/oss-security/2021/04/06/2
source:
id: GHSA-9m95-8hx6-7p9v
created: 2024-08-20T14:19:21.91395-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2022-0816.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0816
modules:
- module: github.com/hashicorp/vault
versions:
- introduced: 0.11.0
- fixed: 1.3.2
vulnerable_at: 1.3.1
summary: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault
cves:
- CVE-2020-7220
ghsas:
- GHSA-9vh5-r4qw-v3vv
references:
- advisory: https://github.com/advisories/GHSA-9vh5-r4qw-v3vv
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-7220
- web: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020
- web: https://www.hashicorp.com/blog/category/vault
source:
id: GHSA-9vh5-r4qw-v3vv
created: 2024-08-20T14:19:26.224844-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

27
data/reports/GO-2022-0818.yaml Normal file
Просмотреть файл

@ -0,0 +1,27 @@
id: GO-2022-0818
modules:
- module: github.com/goharbor/harbor
versions:
- introduced: 1.7.0
- fixed: 1.9.0-rc1
vulnerable_at: 1.8.6
summary: Missing Authorization in Harbor in github.com/goharbor/harbor
cves:
- CVE-2019-16097
ghsas:
- GHSA-9wvh-ff5f-xjpj
references:
- advisory: https://github.com/advisories/GHSA-9wvh-ff5f-xjpj
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-16097
- fix: https://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517
- web: http://www.vmware.com/security/advisories/VMSA-2019-0015.html
- web: https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1
- web: https://github.com/goharbor/harbor/releases/tag/v1.7.6
- web: https://github.com/goharbor/harbor/releases/tag/v1.8.3
- web: https://github.com/ianxtianxt/CVE-2019-16097
- web: https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097
source:
id: GHSA-9wvh-ff5f-xjpj
created: 2024-08-20T14:19:35.024023-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2022-0821.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0821
modules:
- module: github.com/hashicorp/nomad
versions:
- fixed: 0.10.3
vulnerable_at: 0.10.2
summary: Improper Certificate Validation in HashiCorp Nomad in github.com/hashicorp/nomad
cves:
- CVE-2020-7956
ghsas:
- GHSA-cj2h-ww36-v932
references:
- advisory: https://github.com/advisories/GHSA-cj2h-ww36-v932
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-7956
- fix: https://github.com/hashicorp/nomad/pull/7023
- report: https://github.com/hashicorp/nomad/issues/7003
- web: https://www.hashicorp.com/blog/category/nomad
source:
id: GHSA-cj2h-ww36-v932
created: 2024-08-20T14:19:44.370549-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2022-0822.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0822
modules:
- module: gogs.io/gogs
versions:
- fixed: 0.12.0
vulnerable_at: 0.11.91
summary: Open Redirect in gogs.io/gogs
cves:
- CVE-2018-15178
ghsas:
- GHSA-cpgw-2wxr-pww3
references:
- advisory: https://github.com/advisories/GHSA-cpgw-2wxr-pww3
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-15178
- web: https://github.com/gogs/gogs/commit/1f247cf8139cb483276cd8dd06385a800ce9d4b2
- web: https://github.com/gogs/gogs/issues/5364
- web: https://github.com/gogs/gogs/pull/5365
source:
id: GHSA-cpgw-2wxr-pww3
created: 2024-08-20T14:19:48.710307-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2022-0823.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0823
modules:
- module: github.com/go-gitea/gitea
versions:
- fixed: 1.5.1
vulnerable_at: 1.5.0
summary: Gitea Exposes Private Email Addresses in github.com/go-gitea/gitea
cves:
- CVE-2018-1000803
ghsas:
- GHSA-f5fj-7265-jxhj
references:
- advisory: https://github.com/advisories/GHSA-f5fj-7265-jxhj
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-1000803
- fix: https://github.com/go-gitea/gitea/commit/194a11eb110cd98fc2ba52861abf7770db6885a3
- fix: https://github.com/go-gitea/gitea/pull/4664
- fix: https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57
source:
id: GHSA-f5fj-7265-jxhj
created: 2024-08-20T14:19:52.878863-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2022-0824.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0824
modules:
- module: github.com/hashicorp/vault-ssh-helper
versions:
- fixed: 0.2.0
vulnerable_at: 0.1.6
summary: Improper Input Validation in vault-ssh-helper in github.com/hashicorp/vault-ssh-helper
cves:
- CVE-2020-24359
ghsas:
- GHSA-f9fq-vjvh-779p
references:
- advisory: https://github.com/advisories/GHSA-f9fq-vjvh-779p
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-24359
- fix: https://github.com/hashicorp/vault-ssh-helper/commit/83effd08cbcbe4b993d776bd9b39465cd9e4603f
- web: https://github.com/hashicorp/vault-ssh-helper/blob/master/CHANGELOG.md#020-august-19-2020
- web: https://github.com/hashicorp/vault-ssh-helper/releases
source:
id: GHSA-f9fq-vjvh-779p
created: 2024-08-20T14:19:58.203408-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

31
data/reports/GO-2022-0825.yaml Normal file
Просмотреть файл

@ -0,0 +1,31 @@
id: GO-2022-0825
modules:
- module: github.com/hashicorp/vault
versions:
- introduced: 0.8.1
- fixed: 1.2.5
- introduced: 1.3.0
- fixed: 1.3.8
- introduced: 1.4.0
- fixed: 1.4.4
- introduced: 1.5.0
- fixed: 1.5.1
vulnerable_at: 1.5.0
summary: |-
Authentication Bypass by Spoofing and Insufficient Verification of Data
Authenticity in Hashicorp Vault in github.com/hashicorp/vault
cves:
- CVE-2020-16250
ghsas:
- GHSA-fp52-qw33-mfmw
references:
- advisory: https://github.com/advisories/GHSA-fp52-qw33-mfmw
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-16250
- web: http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html
- web: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151
- web: https://www.hashicorp.com/blog/category/vault
source:
id: GHSA-fp52-qw33-mfmw
created: 2024-08-20T14:20:02.362307-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE