go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

data/reports: add 16 unreviewed reports 

- data/reports/GO-2024-3207.yaml
  - data/reports/GO-2024-3208.yaml
  - data/reports/GO-2024-3210.yaml
  - data/reports/GO-2024-3211.yaml
  - data/reports/GO-2024-3212.yaml
  - data/reports/GO-2024-3213.yaml
  - data/reports/GO-2024-3214.yaml
  - data/reports/GO-2024-3215.yaml
  - data/reports/GO-2024-3216.yaml
  - data/reports/GO-2024-3217.yaml
  - data/reports/GO-2024-3219.yaml
  - data/reports/GO-2024-3220.yaml
  - data/reports/GO-2024-3221.yaml
  - data/reports/GO-2024-3222.yaml
  - data/reports/GO-2024-3223.yaml
  - data/reports/GO-2024-3224.yaml

Fixes golang/vulndb#3207
Fixes golang/vulndb#3208
Fixes golang/vulndb#3210
Fixes golang/vulndb#3211
Fixes golang/vulndb#3212
Fixes golang/vulndb#3213
Fixes golang/vulndb#3214
Fixes golang/vulndb#3215
Fixes golang/vulndb#3216
Fixes golang/vulndb#3217
Fixes golang/vulndb#3219
Fixes golang/vulndb#3220
Fixes golang/vulndb#3221
Fixes golang/vulndb#3222
Fixes golang/vulndb#3223
Fixes golang/vulndb#3224

Change-Id: I194a8c99c011c5855a50ecd5069b628a1d36746a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/622835
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
This commit is contained in:
Tatiana Bradley 2024-10-28 11:09:24 -04:00 коммит произвёл Gopher Robot
Родитель f0a1e1451f
Коммит 2b20095efd
32 изменённых файлов: 1460 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

47
data/osv/GO-2024-3207.json Normal file
Просмотреть файл

@ -0,0 +1,47 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3207",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-p5wf-cmr4-xrwr"
],
"summary": "Permissive Regular Expression in tacquito in github.com/facebookincubator/tacquito",
"details": "Permissive Regular Expression in tacquito in github.com/facebookincubator/tacquito",
"affected": [
{
"package": {
"name": "github.com/facebookincubator/tacquito",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20241011192817-07b49d1358e6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/facebookincubator/tacquito/security/advisories/GHSA-p5wf-cmr4-xrwr"
},
{
"type": "FIX",
"url": "https://github.com/facebookincubator/tacquito/commit/07b49d1358e6ec0b5aa482fcd284f509191119e2"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3207",
"review_status": "UNREVIEWED"
}
}

62
data/osv/GO-2024-3208.json Normal file
Просмотреть файл

@ -0,0 +1,62 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3208",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-47825",
"GHSA-3wwx-63fv-pfq6"
],
"summary": "Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium",
"details": "Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium",
"affected": [
{
"package": {
"name": "github.com/cilium/cilium",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.16"
},
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.10"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-3wwx-63fv-pfq6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47825"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/commit/02d28d9ac9afcaddd301fae6fb4d6cda8c2d0c45"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/commit/9c01afb5646af3f0c696421a410dc66c513b6524"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3208",
"review_status": "UNREVIEWED"
}
}

48
data/osv/GO-2024-3210.json Normal file
Просмотреть файл

@ -0,0 +1,48 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3210",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-8901"
],
"summary": "Lack of JWT issuer and signer validation in github.com/awslabs/aws-alb-route-directive-adapter-for-istio",
"details": "Lack of JWT issuer and signer validation in github.com/awslabs/aws-alb-route-directive-adapter-for-istio",
"affected": [
{
"package": {
"name": "github.com/awslabs/aws-alb-route-directive-adapter-for-istio",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2024-011/"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8901"
},
{
"type": "WEB",
"url": "https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/security/advisories/GHSA-789x-wph8-m68r"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3210",
"review_status": "UNREVIEWED"
}
}

57
data/osv/GO-2024-3211.json Normal file
Просмотреть файл

@ -0,0 +1,57 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3211",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-50312"
],
"summary": "Graphql: information disclosure via graphql introspection in openshift in github.com/openshift/console",
"details": "Graphql: information disclosure via graphql introspection in openshift in github.com/openshift/console",
"affected": [
{
"package": {
"name": "github.com/openshift/console",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50312"
},
{
"type": "FIX",
"url": "https://github.com/openshift/console/pull/14409/files"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319378"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-50312"
}
],
"credits": [
{
"name": "Red Hat would like to thank Maksymilian Kubiak (AFINE), Paweł Zdunek (AFINE), and Sławomir Zakrzewski (AFINE) for reporting this issue."
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3211",
"review_status": "UNREVIEWED"
}
}

66
data/osv/GO-2024-3212.json Normal file
Просмотреть файл

@ -0,0 +1,66 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3212",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-rjfv-pjvx-mjgv"
],
"summary": "AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller",
"details": "AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: sigs.k8s.io/aws-load-balancer-controller from v2.0.0 before v2.8.2.",
"affected": [
{
"package": {
"name": "sigs.k8s.io/aws-load-balancer-controller",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.8.2"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/kubernetes-sigs/aws-load-balancer-controller/security/advisories/GHSA-rjfv-pjvx-mjgv"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/vulnerability-reporting"
},
{
"type": "WEB",
"url": "https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/configurations/#waf-addons"
},
{
"type": "WEB",
"url": "https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#addons"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3212",
"review_status": "UNREVIEWED"
}
}

55
data/osv/GO-2024-3213.json Normal file
Просмотреть файл

@ -0,0 +1,55 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3213",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-49380"
],
"summary": "Plenti arbitrary file write vulnerability in github.com/plentico/plenti",
"details": "Plenti arbitrary file write vulnerability in github.com/plentico/plenti",
"affected": [
{
"package": {
"name": "github.com/plentico/plenti",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49380"
},
{
"type": "WEB",
"url": "https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205"
},
{
"type": "WEB",
"url": "https://github.com/plentico/plenti/releases/tag/v0.7.2"
},
{
"type": "WEB",
"url": "https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3213",
"review_status": "UNREVIEWED"
}
}

55
data/osv/GO-2024-3214.json Normal file
Просмотреть файл

@ -0,0 +1,55 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3214",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-49381"
],
"summary": "Plenti arbitrary file deletion vulnerability in github.com/plentico/plenti",
"details": "Plenti arbitrary file deletion vulnerability in github.com/plentico/plenti",
"affected": [
{
"package": {
"name": "github.com/plentico/plenti",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49381"
},
{
"type": "WEB",
"url": "https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205"
},
{
"type": "WEB",
"url": "https://github.com/plentico/plenti/releases/tag/v0.7.2"
},
{
"type": "WEB",
"url": "https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3214",
"review_status": "UNREVIEWED"
}
}

83
data/osv/GO-2024-3215.json Normal file
Просмотреть файл

@ -0,0 +1,83 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3215",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-9264",
"GHSA-q99m-qcv4-fpm7"
],
"summary": "Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana",
"details": "Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/grafana/grafana from v11.0.0 before v11.0.6+security-01, from v11.1.0 before v11.1.7+security-01, from v11.2.0 before v11.2.2+security-01.",
"affected": [
{
"package": {
"name": "github.com/grafana/grafana",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.6+security-01"
},
{
"introduced": "11.1.0"
},
{
"fixed": "11.1.7+security-01"
},
{
"introduced": "11.2.0"
},
{
"fixed": "11.2.2+security-01"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-q99m-qcv4-fpm7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9264"
},
{
"type": "FIX",
"url": "https://github.com/grafana/grafana/pull/81666"
},
{
"type": "WEB",
"url": "https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264"
},
{
"type": "WEB",
"url": "https://grafana.com/security/security-advisories/cve-2024-9264"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3215",
"review_status": "UNREVIEWED"
}
}

123
data/osv/GO-2024-3216.json Normal file
Просмотреть файл

@ -0,0 +1,123 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3216",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-49753",
"GHSA-6cf5-w9h3-4rqv"
],
"summary": "Denied Host Validation Bypass in Zitadel Actions in github.com/zitadel/zitadel",
"details": "Denied Host Validation Bypass in Zitadel Actions in github.com/zitadel/zitadel.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/zitadel/zitadel before v2.58.7, from v2.59.0 before v2.59.5, from v2.60.0 before v2.60.4, from v2.61.0 before v2.61.4, from v2.62.0 before v2.62.8, from v2.63.0 before v2.63.6, from v2.64.0 before v2.64.1.",
"affected": [
{
"package": {
"name": "github.com/zitadel/zitadel",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.58.7"
},
{
"introduced": "2.59.0"
},
{
"fixed": "2.59.5"
},
{
"introduced": "2.60.0"
},
{
"fixed": "2.60.4"
},
{
"introduced": "2.61.0"
},
{
"fixed": "2.61.4"
},
{
"introduced": "2.62.0"
},
{
"fixed": "2.62.8"
},
{
"introduced": "2.63.0"
},
{
"fixed": "2.63.6"
},
{
"introduced": "2.64.0"
},
{
"fixed": "2.64.1"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-6cf5-w9h3-4rqv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49753"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.58.7"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.59.5"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.60.4"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.61.4"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.62.8"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.63.6"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.64.1"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3216",
"review_status": "UNREVIEWED"
}
}

117
data/osv/GO-2024-3217.json Normal file
Просмотреть файл

@ -0,0 +1,117 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3217",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-49757",
"GHSA-3rmw-76m6-4gjc"
],
"summary": "User Registration Bypass in Zitadel in github.com/zitadel/zitadel",
"details": "User Registration Bypass in Zitadel in github.com/zitadel/zitadel.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/zitadel/zitadel before v2.58.7, from v2.59.0 before v2.59.5, from v2.60.0 before v2.60.4, from v2.61.0 before v2.61.4, from v2.62.0 before v2.62.7, from v2.63.0 before v2.63.5.",
"affected": [
{
"package": {
"name": "github.com/zitadel/zitadel",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.58.7"
},
{
"introduced": "2.59.0"
},
{
"fixed": "2.59.5"
},
{
"introduced": "2.60.0"
},
{
"fixed": "2.60.4"
},
{
"introduced": "2.61.0"
},
{
"fixed": "2.61.4"
},
{
"introduced": "2.62.0"
},
{
"fixed": "2.62.7"
},
{
"introduced": "2.63.0"
},
{
"fixed": "2.63.5"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-3rmw-76m6-4gjc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49757"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.58.7"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.59.5"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.60.4"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.61.4"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.62.7"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.63.5"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.64.0"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3217",
"review_status": "UNREVIEWED"
}
}

55
data/osv/GO-2024-3219.json Normal file
Просмотреть файл

@ -0,0 +1,55 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3219",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-7h65-4p22-39j6"
],
"summary": "github.com/crossplane/crossplane: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses",
"details": "github.com/crossplane/crossplane: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses",
"affected": [
{
"package": {
"name": "github.com/crossplane/crossplane",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.15.5"
},
{
"fixed": "1.15.6"
},
{
"introduced": "1.16.2"
},
{
"fixed": "1.16.3"
},
{
"introduced": "1.17.1"
},
{
"fixed": "1.17.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/crossplane/crossplane/security/advisories/GHSA-7h65-4p22-39j6"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3219",
"review_status": "UNREVIEWED"
}
}

61
data/osv/GO-2024-3220.json Normal file
Просмотреть файл

@ -0,0 +1,61 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3220",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-32197",
"GHSA-7h8m-pvw3-5gh4"
],
"summary": "Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher",
"details": "Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.8.9, from v2.9.0 before v2.9.3.",
"affected": [
{
"package": {
"name": "github.com/rancher/rancher",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.8.9"
},
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.3"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-7h8m-pvw3-5gh4"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3220",
"review_status": "UNREVIEWED"
}
}

67
data/osv/GO-2024-3221.json Normal file
Просмотреть файл

@ -0,0 +1,67 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3221",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-22036",
"GHSA-h99m-6755-rgwc"
],
"summary": "Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher",
"details": "Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.7.16, from v2.8.0 before v2.8.9, from v2.9.0 before v2.9.3.",
"affected": [
{
"package": {
"name": "github.com/rancher/rancher",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.16"
},
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.9"
},
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.3"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-h99m-6755-rgwc"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3221",
"review_status": "UNREVIEWED"
}
}

80
data/osv/GO-2024-3222.json Normal file
Просмотреть файл

@ -0,0 +1,80 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3222",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-x7xj-jvwp-97rv"
],
"summary": "RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rke2",
"details": "RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rke2.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/rancher/rke2 from v1.27.0 before v1.27.15, from v1.28.0 before v1.28.11, from v1.29.0 before v1.29.6, from v1.30.0 before v1.30.2.",
"affected": [
{
"package": {
"name": "github.com/rancher/rke2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.27.0"
},
{
"fixed": "1.27.15"
},
{
"introduced": "1.28.0"
},
{
"fixed": "1.28.11"
},
{
"introduced": "1.29.0"
},
{
"fixed": "1.29.6"
},
{
"introduced": "1.30.0"
},
{
"fixed": "1.30.2"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/rancher/rke2/security/advisories/GHSA-x7xj-jvwp-97rv"
},
{
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32197"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-7h8m-pvw3-5gh4"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3222",
"review_status": "UNREVIEWED"
}
}

61
data/osv/GO-2024-3223.json Normal file
Просмотреть файл

@ -0,0 +1,61 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3223",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2022-45157",
"GHSA-xj7w-r753-vj8v"
],
"summary": "Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher",
"details": "Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.8.9, from v2.9.0 before v2.9.3.",
"affected": [
{
"package": {
"name": "github.com/rancher/rancher",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.8.9"
},
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.3"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-xj7w-r753-vj8v"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3223",
"review_status": "UNREVIEWED"
}
}

57
data/osv/GO-2024-3224.json Normal file
Просмотреть файл

@ -0,0 +1,57 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3224",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-39223",
"GHSA-8wxx-35qc-vp6r"
],
"summary": "Missing key verification in gost in github.com/ginuerzh/gost",
"details": "Missing key verification in gost in github.com/ginuerzh/gost",
"affected": [
{
"package": {
"name": "github.com/ginuerzh/gost",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-8wxx-35qc-vp6r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39223"
},
{
"type": "REPORT",
"url": "https://github.com/ginuerzh/gost/issues/1034"
},
{
"type": "WEB",
"url": "https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a"
},
{
"type": "WEB",
"url": "https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3224",
"review_status": "UNREVIEWED"
}
}

17
data/reports/GO-2024-3207.yaml Normal file
Просмотреть файл

@ -0,0 +1,17 @@
id: GO-2024-3207
modules:
- module: github.com/facebookincubator/tacquito
versions:
- fixed: 0.0.0-20241011192817-07b49d1358e6
summary: Permissive Regular Expression in tacquito in github.com/facebookincubator/tacquito
ghsas:
- GHSA-p5wf-cmr4-xrwr
references:
- advisory: https://github.com/facebookincubator/tacquito/security/advisories/GHSA-p5wf-cmr4-xrwr
- fix: https://github.com/facebookincubator/tacquito/commit/07b49d1358e6ec0b5aa482fcd284f509191119e2
notes:
- fix: 'github.com/facebookincubator/tacquito: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version'
source:
id: GHSA-p5wf-cmr4-xrwr
created: 2024-10-28T11:08:18.772627-04:00
review_status: UNREVIEWED

25
data/reports/GO-2024-3208.yaml Normal file
Просмотреть файл

@ -0,0 +1,25 @@
id: GO-2024-3208
modules:
- module: github.com/cilium/cilium
versions:
- introduced: 1.14.0
- fixed: 1.14.16
- introduced: 1.15.0
- fixed: 1.15.10
vulnerable_at: 1.15.9
summary: |-
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is
present in github.com/cilium/cilium
cves:
- CVE-2024-47825
ghsas:
- GHSA-3wwx-63fv-pfq6
references:
- advisory: https://github.com/cilium/cilium/security/advisories/GHSA-3wwx-63fv-pfq6
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-47825
- fix: https://github.com/cilium/cilium/commit/02d28d9ac9afcaddd301fae6fb4d6cda8c2d0c45
- fix: https://github.com/cilium/cilium/commit/9c01afb5646af3f0c696421a410dc66c513b6524
source:
id: GHSA-3wwx-63fv-pfq6
created: 2024-10-28T11:08:14.089866-04:00
review_status: UNREVIEWED

18
data/reports/GO-2024-3210.yaml Normal file
Просмотреть файл

@ -0,0 +1,18 @@
id: GO-2024-3210
modules:
- module: github.com/awslabs/aws-alb-route-directive-adapter-for-istio
unsupported_versions:
- cve_version_range: 'affected at 1.0 (default: affected)'
- cve_version_range: 'affected at 1.1 (default: affected)'
vulnerable_at: 0.0.0-20200804172706-d9e79a98b755
summary: Lack of JWT issuer and signer validation in github.com/awslabs/aws-alb-route-directive-adapter-for-istio
cves:
- CVE-2024-8901
references:
- advisory: https://aws.amazon.com/security/security-bulletins/AWS-2024-011/
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-8901
- web: https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/security/advisories/GHSA-789x-wph8-m68r
source:
id: CVE-2024-8901
created: 2024-10-28T11:08:11.015024-04:00
review_status: UNREVIEWED

18
data/reports/GO-2024-3211.yaml Normal file
Просмотреть файл

@ -0,0 +1,18 @@
id: GO-2024-3211
modules:
- module: github.com/openshift/console
vulnerable_at: 6.0.6+incompatible
summary: 'Graphql: information disclosure via graphql introspection in openshift in github.com/openshift/console'
cves:
- CVE-2024-50312
credits:
- Red Hat would like to thank Maksymilian Kubiak (AFINE), Paweł Zdunek (AFINE), and Sławomir Zakrzewski (AFINE) for reporting this issue.
references:
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-50312
- fix: https://github.com/openshift/console/pull/14409/files
- report: https://bugzilla.redhat.com/show_bug.cgi?id=2319378
- web: https://access.redhat.com/security/cve/CVE-2024-50312
source:
id: CVE-2024-50312
created: 2024-10-28T11:08:05.713064-04:00
review_status: UNREVIEWED

21
data/reports/GO-2024-3212.yaml Normal file
Просмотреть файл

@ -0,0 +1,21 @@
id: GO-2024-3212
modules:
- module: sigs.k8s.io/aws-load-balancer-controller
non_go_versions:
- introduced: 2.0.0
- fixed: 2.8.2
vulnerable_at: 1.1.9
summary: |-
AWS Load Balancer Controller automatically detaches externally associated web
ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller
ghsas:
- GHSA-rjfv-pjvx-mjgv
references:
- advisory: https://github.com/kubernetes-sigs/aws-load-balancer-controller/security/advisories/GHSA-rjfv-pjvx-mjgv
- web: https://aws.amazon.com/security/vulnerability-reporting
- web: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/configurations/#waf-addons
- web: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#addons
source:
id: GHSA-rjfv-pjvx-mjgv
created: 2024-10-28T11:07:57.960386-04:00
review_status: UNREVIEWED

18
data/reports/GO-2024-3213.yaml Normal file
Просмотреть файл

@ -0,0 +1,18 @@
id: GO-2024-3213
modules:
- module: github.com/plentico/plenti
versions:
- fixed: 0.7.2
vulnerable_at: 0.7.1
summary: Plenti arbitrary file write vulnerability in github.com/plentico/plenti
cves:
- CVE-2024-49380
references:
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-49380
- web: https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205
- web: https://github.com/plentico/plenti/releases/tag/v0.7.2
- web: https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/
source:
id: CVE-2024-49380
created: 2024-10-28T11:07:55.583973-04:00
review_status: UNREVIEWED

18
data/reports/GO-2024-3214.yaml Normal file
Просмотреть файл

@ -0,0 +1,18 @@
id: GO-2024-3214
modules:
- module: github.com/plentico/plenti
versions:
- fixed: 0.7.2
vulnerable_at: 0.7.1
summary: Plenti arbitrary file deletion vulnerability in github.com/plentico/plenti
cves:
- CVE-2024-49381
references:
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-49381
- web: https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205
- web: https://github.com/plentico/plenti/releases/tag/v0.7.2
- web: https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/
source:
id: CVE-2024-49381
created: 2024-10-28T11:07:51.927954-04:00
review_status: UNREVIEWED

26
data/reports/GO-2024-3215.yaml Normal file
Просмотреть файл

@ -0,0 +1,26 @@
id: GO-2024-3215
modules:
- module: github.com/grafana/grafana
non_go_versions:
- introduced: 11.0.0
- fixed: 11.0.6+security-01
- introduced: 11.1.0
- fixed: 11.1.7+security-01
- introduced: 11.2.0
- fixed: 11.2.2+security-01
vulnerable_at: 5.4.5+incompatible
summary: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
cves:
- CVE-2024-9264
ghsas:
- GHSA-q99m-qcv4-fpm7
references:
- advisory: https://github.com/advisories/GHSA-q99m-qcv4-fpm7
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-9264
- fix: https://github.com/grafana/grafana/pull/81666
- web: https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264
- web: https://grafana.com/security/security-advisories/cve-2024-9264
source:
id: GHSA-q99m-qcv4-fpm7
created: 2024-10-28T11:07:35.550036-04:00
review_status: UNREVIEWED

37
data/reports/GO-2024-3216.yaml Normal file
Просмотреть файл

@ -0,0 +1,37 @@
id: GO-2024-3216
modules:
- module: github.com/zitadel/zitadel
non_go_versions:
- fixed: 2.58.7
- introduced: 2.59.0
- fixed: 2.59.5
- introduced: 2.60.0
- fixed: 2.60.4
- introduced: 2.61.0
- fixed: 2.61.4
- introduced: 2.62.0
- fixed: 2.62.8
- introduced: 2.63.0
- fixed: 2.63.6
- introduced: 2.64.0
- fixed: 2.64.1
vulnerable_at: 1.87.5
summary: Denied Host Validation Bypass in Zitadel Actions in github.com/zitadel/zitadel
cves:
- CVE-2024-49753
ghsas:
- GHSA-6cf5-w9h3-4rqv
references:
- advisory: https://github.com/zitadel/zitadel/security/advisories/GHSA-6cf5-w9h3-4rqv
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-49753
- web: https://github.com/zitadel/zitadel/releases/tag/v2.58.7
- web: https://github.com/zitadel/zitadel/releases/tag/v2.59.5
- web: https://github.com/zitadel/zitadel/releases/tag/v2.60.4
- web: https://github.com/zitadel/zitadel/releases/tag/v2.61.4
- web: https://github.com/zitadel/zitadel/releases/tag/v2.62.8
- web: https://github.com/zitadel/zitadel/releases/tag/v2.63.6
- web: https://github.com/zitadel/zitadel/releases/tag/v2.64.1
source:
id: GHSA-6cf5-w9h3-4rqv
created: 2024-10-28T11:07:29.835068-04:00
review_status: UNREVIEWED

35
data/reports/GO-2024-3217.yaml Normal file
Просмотреть файл

@ -0,0 +1,35 @@
id: GO-2024-3217
modules:
- module: github.com/zitadel/zitadel
non_go_versions:
- fixed: 2.58.7
- introduced: 2.59.0
- fixed: 2.59.5
- introduced: 2.60.0
- fixed: 2.60.4
- introduced: 2.61.0
- fixed: 2.61.4
- introduced: 2.62.0
- fixed: 2.62.7
- introduced: 2.63.0
- fixed: 2.63.5
vulnerable_at: 1.87.5
summary: User Registration Bypass in Zitadel in github.com/zitadel/zitadel
cves:
- CVE-2024-49757
ghsas:
- GHSA-3rmw-76m6-4gjc
references:
- advisory: https://github.com/zitadel/zitadel/security/advisories/GHSA-3rmw-76m6-4gjc
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-49757
- web: https://github.com/zitadel/zitadel/releases/tag/v2.58.7
- web: https://github.com/zitadel/zitadel/releases/tag/v2.59.5
- web: https://github.com/zitadel/zitadel/releases/tag/v2.60.4
- web: https://github.com/zitadel/zitadel/releases/tag/v2.61.4
- web: https://github.com/zitadel/zitadel/releases/tag/v2.62.7
- web: https://github.com/zitadel/zitadel/releases/tag/v2.63.5
- web: https://github.com/zitadel/zitadel/releases/tag/v2.64.0
source:
id: GHSA-3rmw-76m6-4gjc
created: 2024-10-28T11:07:14.783502-04:00
review_status: UNREVIEWED

22
data/reports/GO-2024-3219.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2024-3219
modules:
- module: github.com/crossplane/crossplane
versions:
- introduced: 1.15.5
- fixed: 1.15.6
- introduced: 1.16.2
- fixed: 1.16.3
- introduced: 1.17.1
- fixed: 1.17.2
vulnerable_at: 1.17.1
summary: |-
github.com/crossplane/crossplane: Unexpected behavior from Is methods for
IPv4-mapped IPv6 addresses
ghsas:
- GHSA-7h65-4p22-39j6
references:
- advisory: https://github.com/crossplane/crossplane/security/advisories/GHSA-7h65-4p22-39j6
source:
id: GHSA-7h65-4p22-39j6
created: 2024-10-28T11:07:10.024978-04:00
review_status: UNREVIEWED

22
data/reports/GO-2024-3220.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2024-3220
modules:
- module: github.com/rancher/rancher
non_go_versions:
- introduced: 2.7.0
- fixed: 2.8.9
- introduced: 2.9.0
- fixed: 2.9.3
vulnerable_at: 1.6.30
summary: |-
Rancher allows privilege escalation in Windows nodes due to Insecure Access
Control Lists in github.com/rancher/rancher
cves:
- CVE-2023-32197
ghsas:
- GHSA-7h8m-pvw3-5gh4
references:
- advisory: https://github.com/rancher/rancher/security/advisories/GHSA-7h8m-pvw3-5gh4
source:
id: GHSA-7h8m-pvw3-5gh4
created: 2024-10-28T11:07:07.639134-04:00
review_status: UNREVIEWED

22
data/reports/GO-2024-3221.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2024-3221
modules:
- module: github.com/rancher/rancher
non_go_versions:
- introduced: 2.7.0
- fixed: 2.7.16
- introduced: 2.8.0
- fixed: 2.8.9
- introduced: 2.9.0
- fixed: 2.9.3
vulnerable_at: 1.6.30
summary: Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher
cves:
- CVE-2024-22036
ghsas:
- GHSA-h99m-6755-rgwc
references:
- advisory: https://github.com/rancher/rancher/security/advisories/GHSA-h99m-6755-rgwc
source:
id: GHSA-h99m-6755-rgwc
created: 2024-10-28T11:07:04.646515-04:00
review_status: UNREVIEWED

26
data/reports/GO-2024-3222.yaml Normal file
Просмотреть файл

@ -0,0 +1,26 @@
id: GO-2024-3222
modules:
- module: github.com/rancher/rke2
non_go_versions:
- introduced: 1.27.0
- fixed: 1.27.15
- introduced: 1.28.0
- fixed: 1.28.11
- introduced: 1.29.0
- fixed: 1.29.6
- introduced: 1.30.0
- fixed: 1.30.2
vulnerable_at: 0.0.1-alpha.7
summary: |-
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control
Lists in github.com/rancher/rke2
ghsas:
- GHSA-x7xj-jvwp-97rv
references:
- advisory: https://github.com/rancher/rke2/security/advisories/GHSA-x7xj-jvwp-97rv
- web: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32197
- web: https://github.com/rancher/rancher/security/advisories/GHSA-7h8m-pvw3-5gh4
source:
id: GHSA-x7xj-jvwp-97rv
created: 2024-10-28T11:06:48.655365-04:00
review_status: UNREVIEWED

20
data/reports/GO-2024-3223.yaml Normal file
Просмотреть файл

@ -0,0 +1,20 @@
id: GO-2024-3223
modules:
- module: github.com/rancher/rancher
non_go_versions:
- introduced: 2.7.0
- fixed: 2.8.9
- introduced: 2.9.0
- fixed: 2.9.3
vulnerable_at: 1.6.30
summary: Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher
cves:
- CVE-2022-45157
ghsas:
- GHSA-xj7w-r753-vj8v
references:
- advisory: https://github.com/rancher/rancher/security/advisories/GHSA-xj7w-r753-vj8v
source:
id: GHSA-xj7w-r753-vj8v
created: 2024-10-28T11:06:37.324915-04:00
review_status: UNREVIEWED

21
data/reports/GO-2024-3224.yaml Normal file
Просмотреть файл

@ -0,0 +1,21 @@
id: GO-2024-3224
modules:
- module: github.com/ginuerzh/gost
unsupported_versions:
- last_affected: 2.11.5
vulnerable_at: 0.0.0-20241011080244-87d6a2fdc2cc
summary: Missing key verification in gost in github.com/ginuerzh/gost
cves:
- CVE-2024-39223
ghsas:
- GHSA-8wxx-35qc-vp6r
references:
- advisory: https://github.com/advisories/GHSA-8wxx-35qc-vp6r
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39223
- report: https://github.com/ginuerzh/gost/issues/1034
- web: https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a
- web: https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229
source:
id: GHSA-8wxx-35qc-vp6r
created: 2024-10-28T11:06:29.984273-04:00
review_status: UNREVIEWED