зеркало из https://github.com/golang/vulndb.git
internal/report: sort references in Fix
Sort references by type, then alphabetically. Change-Id: Ia09085488f62829f5216c5cb90db680821afc1ea Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/585418 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
Tatiana Bradley
Родитель
2122bde855
Коммит
4191954a9d
|
|
@ -20,13 +20,13 @@ description: |-
|
|||
cves:
|
||||
- CVE-2020-9283
|
||||
references:
|
||||
- web: https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-9283
|
||||
- web: http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
|
||||
- web: https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
|
||||
- web: https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
|
||||
- web: https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
|
||||
- web: https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
|
||||
- web: https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-9283
|
||||
source:
|
||||
id: CVE-2020-9283
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -18,11 +18,11 @@ description: |-
|
|||
cves:
|
||||
- CVE-2021-27919
|
||||
references:
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
|
||||
- web: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/
|
||||
- web: https://security.gentoo.org/glsa/202208-02
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
|
||||
notes:
|
||||
- fix: 'std: could not add vulnerable_at: not implemented for std/cmd'
|
||||
source:
|
||||
|
|
|
|||
|
|
@ -19,12 +19,12 @@ description: |-
|
|||
cves:
|
||||
- CVE-2021-3115
|
||||
references:
|
||||
- web: https://groups.google.com/g/golang-announce/c/mperVMGa98w
|
||||
- web: https://blog.go.dev/path-security
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/
|
||||
- web: https://security.netapp.com/advisory/ntap-20210219-0001/
|
||||
- web: https://security.gentoo.org/glsa/202208-02
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-3115
|
||||
- web: https://blog.go.dev/path-security
|
||||
- web: https://groups.google.com/g/golang-announce/c/mperVMGa98w
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/
|
||||
- web: https://security.gentoo.org/glsa/202208-02
|
||||
- web: https://security.netapp.com/advisory/ntap-20210219-0001/
|
||||
notes:
|
||||
- fix: 'std: could not add vulnerable_at: not implemented for std/cmd'
|
||||
source:
|
||||
|
|
|
|||
|
|
@ -29,10 +29,10 @@ description: |-
|
|||
cves:
|
||||
- CVE-2022-39213
|
||||
references:
|
||||
- web: https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-39213
|
||||
- fix: https://github.com/pandatix/go-cvss/commit/d9d478ff0c13b8b09ace030db9262f3c2fe031f4
|
||||
- web: https://github.com/pandatix/go-cvss/blob/master/SECURITY.md
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-39213
|
||||
- web: https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx
|
||||
source:
|
||||
id: CVE-2022-39213
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -17,13 +17,13 @@ description: |-
|
|||
tiled image with a height of 0 and a very large width can cause excessive CPU
|
||||
consumption, despite the image size (width * height) appearing to be zero.
|
||||
references:
|
||||
- report: https://go.dev/issue/61581
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29407
|
||||
- fix: https://go.dev/cl/514897
|
||||
- web: https://security.netapp.com/advisory/ntap-20230831-0009/
|
||||
- report: https://go.dev/issue/61581
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29407
|
||||
- web: https://security.netapp.com/advisory/ntap-20230831-0009/
|
||||
cve_metadata:
|
||||
id: CVE-2023-29407
|
||||
cwe: 'CWE-834: Excessive Iteration'
|
||||
|
|
|
|||
|
|
@ -24,10 +24,10 @@ description: |-
|
|||
cves:
|
||||
- CVE-2023-44378
|
||||
references:
|
||||
- web: https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg
|
||||
- report: https://github.com/zkopru-network/zkopru/issues/116
|
||||
- fix: https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-44378
|
||||
- fix: https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f
|
||||
- report: https://github.com/zkopru-network/zkopru/issues/116
|
||||
- web: https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg
|
||||
source:
|
||||
id: CVE-2023-44378
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ description: |-
|
|||
cves:
|
||||
- CVE-2023-45141
|
||||
references:
|
||||
- web: https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45141
|
||||
- web: https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p
|
||||
source:
|
||||
id: CVE-2023-45141
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -27,14 +27,14 @@ description: |-
|
|||
in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other
|
||||
effects). The previous behavior has been restored.
|
||||
references:
|
||||
- report: https://go.dev/issue/63713
|
||||
- fix: https://go.dev/cl/540277
|
||||
- web: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
|
||||
- report: https://go.dev/issue/64028
|
||||
- fix: https://go.dev/cl/541175
|
||||
- web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
|
||||
- web: http://www.openwall.com/lists/oss-security/2023/12/05/2
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45283
|
||||
- fix: https://go.dev/cl/540277
|
||||
- fix: https://go.dev/cl/541175
|
||||
- report: https://go.dev/issue/63713
|
||||
- report: https://go.dev/issue/64028
|
||||
- web: http://www.openwall.com/lists/oss-security/2023/12/05/2
|
||||
- web: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
|
||||
- web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
|
||||
cve_metadata:
|
||||
id: CVE-2023-45283
|
||||
cwe: 'CWE-41: Improper Resolution of Path Equivalence'
|
||||
|
|
|
|||
|
|
@ -18,10 +18,10 @@ description: |-
|
|||
module. This only affects users who are not using the module proxy and are
|
||||
fetching modules directly (i.e. GOPROXY=off).
|
||||
references:
|
||||
- web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
|
||||
- report: https://go.dev/issue/63845
|
||||
- fix: https://go.dev/cl/540257
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45285
|
||||
- fix: https://go.dev/cl/540257
|
||||
- report: https://go.dev/issue/63845
|
||||
- web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
|
||||
cve_metadata:
|
||||
id: CVE-2023-45285
|
||||
cwe: 'CWE-636: Not Failing Securely (''Failing Open'')'
|
||||
|
|
|
|||
|
|
@ -23,10 +23,10 @@ description: |-
|
|||
question is defined at package level scope, so a completely unrelated server
|
||||
could receive the request body.
|
||||
references:
|
||||
- report: https://github.com/go-resty/resty/issues/743
|
||||
- report: https://github.com/go-resty/resty/issues/739
|
||||
- fix: https://github.com/go-resty/resty/pull/745
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45286
|
||||
- fix: https://github.com/go-resty/resty/pull/745
|
||||
- report: https://github.com/go-resty/resty/issues/739
|
||||
- report: https://github.com/go-resty/resty/issues/743
|
||||
cve_metadata:
|
||||
id: CVE-2023-45286
|
||||
cwe: 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor'
|
||||
|
|
|
|||
|
|
@ -18,13 +18,13 @@ description: |-
|
|||
cves:
|
||||
- CVE-2020-9283
|
||||
references:
|
||||
- web: https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-9283
|
||||
- web: http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
|
||||
- web: https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
|
||||
- web: https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
|
||||
- web: https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
|
||||
- web: https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
|
||||
- web: https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-9283
|
||||
source:
|
||||
id: CVE-2020-9283
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -18,11 +18,11 @@ description: |-
|
|||
cves:
|
||||
- CVE-2021-27919
|
||||
references:
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
|
||||
- web: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/
|
||||
- web: https://security.gentoo.org/glsa/202208-02
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
|
||||
notes:
|
||||
- fix: 'std: could not add vulnerable_at: not implemented for std/cmd'
|
||||
source:
|
||||
|
|
|
|||
|
|
@ -19,12 +19,12 @@ description: |-
|
|||
cves:
|
||||
- CVE-2021-3115
|
||||
references:
|
||||
- web: https://groups.google.com/g/golang-announce/c/mperVMGa98w
|
||||
- web: https://blog.go.dev/path-security
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/
|
||||
- web: https://security.netapp.com/advisory/ntap-20210219-0001/
|
||||
- web: https://security.gentoo.org/glsa/202208-02
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-3115
|
||||
- web: https://blog.go.dev/path-security
|
||||
- web: https://groups.google.com/g/golang-announce/c/mperVMGa98w
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/
|
||||
- web: https://security.gentoo.org/glsa/202208-02
|
||||
- web: https://security.netapp.com/advisory/ntap-20210219-0001/
|
||||
notes:
|
||||
- fix: 'cmd: could not add vulnerable_at: not implemented for std/cmd'
|
||||
source:
|
||||
|
|
|
|||
|
|
@ -30,10 +30,10 @@ description: |-
|
|||
cves:
|
||||
- CVE-2022-39213
|
||||
references:
|
||||
- web: https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-39213
|
||||
- fix: https://github.com/pandatix/go-cvss/commit/d9d478ff0c13b8b09ace030db9262f3c2fe031f4
|
||||
- web: https://github.com/pandatix/go-cvss/blob/master/SECURITY.md
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-39213
|
||||
- web: https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx
|
||||
source:
|
||||
id: CVE-2022-39213
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -27,13 +27,13 @@ description: |-
|
|||
credits:
|
||||
- Philippe Antoine (Catena cyber)
|
||||
references:
|
||||
- report: https://go.dev/issue/61581
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29407
|
||||
- fix: https://go.dev/cl/514897
|
||||
- web: https://security.netapp.com/advisory/ntap-20230831-0009/
|
||||
- report: https://go.dev/issue/61581
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
|
||||
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29407
|
||||
- web: https://security.netapp.com/advisory/ntap-20230831-0009/
|
||||
cve_metadata:
|
||||
id: CVE-2023-29407
|
||||
cwe: 'CWE-834: Excessive Iteration'
|
||||
|
|
|
|||
|
|
@ -26,10 +26,10 @@ description: |-
|
|||
cves:
|
||||
- CVE-2023-44378
|
||||
references:
|
||||
- web: https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg
|
||||
- report: https://github.com/zkopru-network/zkopru/issues/116
|
||||
- fix: https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-44378
|
||||
- fix: https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f
|
||||
- report: https://github.com/zkopru-network/zkopru/issues/116
|
||||
- web: https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg
|
||||
source:
|
||||
id: CVE-2023-44378
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ description: |-
|
|||
cves:
|
||||
- CVE-2023-45141
|
||||
references:
|
||||
- web: https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45141
|
||||
- web: https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p
|
||||
source:
|
||||
id: CVE-2023-45141
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -86,14 +86,14 @@ description: |-
|
|||
in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other
|
||||
effects). The previous behavior has been restored.
|
||||
references:
|
||||
- report: https://go.dev/issue/63713
|
||||
- fix: https://go.dev/cl/540277
|
||||
- web: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
|
||||
- report: https://go.dev/issue/64028
|
||||
- fix: https://go.dev/cl/541175
|
||||
- web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
|
||||
- web: http://www.openwall.com/lists/oss-security/2023/12/05/2
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45283
|
||||
- fix: https://go.dev/cl/540277
|
||||
- fix: https://go.dev/cl/541175
|
||||
- report: https://go.dev/issue/63713
|
||||
- report: https://go.dev/issue/64028
|
||||
- web: http://www.openwall.com/lists/oss-security/2023/12/05/2
|
||||
- web: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
|
||||
- web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
|
||||
cve_metadata:
|
||||
id: CVE-2023-45283
|
||||
cwe: 'CWE-41: Improper Resolution of Path Equivalence'
|
||||
|
|
|
|||
|
|
@ -24,10 +24,10 @@ description: |-
|
|||
credits:
|
||||
- David Leadbeater
|
||||
references:
|
||||
- web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
|
||||
- report: https://go.dev/issue/63845
|
||||
- fix: https://go.dev/cl/540257
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45285
|
||||
- fix: https://go.dev/cl/540257
|
||||
- report: https://go.dev/issue/63845
|
||||
- web: https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ
|
||||
cve_metadata:
|
||||
id: CVE-2023-45285
|
||||
cwe: 'CWE-636: Not Failing Securely (''Failing Open'')'
|
||||
|
|
|
|||
|
|
@ -40,10 +40,10 @@ description: |-
|
|||
credits:
|
||||
- Logan Attwood (@lattwood)
|
||||
references:
|
||||
- report: https://github.com/go-resty/resty/issues/743
|
||||
- report: https://github.com/go-resty/resty/issues/739
|
||||
- fix: https://github.com/go-resty/resty/pull/745
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-45286
|
||||
- fix: https://github.com/go-resty/resty/pull/745
|
||||
- report: https://github.com/go-resty/resty/issues/739
|
||||
- report: https://github.com/go-resty/resty/issues/743
|
||||
cve_metadata:
|
||||
id: CVE-2023-45286
|
||||
cwe: 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor'
|
||||
|
|
|
|||
|
|
@ -29,16 +29,16 @@ cves:
|
|||
ghsas:
|
||||
- GHSA-28r2-q6m8-9hpx
|
||||
references:
|
||||
- advisory: https://github.com/advisories/GHSA-28r2-q6m8-9hpx
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-30323
|
||||
- fix: https://github.com/hashicorp/go-getter/pull/359
|
||||
- fix: https://github.com/hashicorp/go-getter/pull/361
|
||||
- fix: https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48
|
||||
- fix: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45
|
||||
- fix: https://github.com/hashicorp/go-getter/pull/359
|
||||
- fix: https://github.com/hashicorp/go-getter/pull/361
|
||||
- web: https://discuss.hashicorp.com
|
||||
- web: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/
|
||||
- web: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
|
||||
- web: https://github.com/hashicorp/go-getter/releases
|
||||
- advisory: https://github.com/advisories/GHSA-28r2-q6m8-9hpx
|
||||
source:
|
||||
id: GHSA-28r2-q6m8-9hpx
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -49,9 +49,9 @@ ghsas:
|
|||
references:
|
||||
- advisory: https://github.com/hpcng/sif/security/advisories/GHSA-33m6-q9v5-62r7
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-3538
|
||||
- report: https://github.com/satori/go.uuid/issues/73
|
||||
- fix: https://github.com/satori/go.uuid/pull/75
|
||||
- fix: https://github.com/satori/go.uuid/commit/75cca531ea763666bc46e531da3b4c3b95f64557
|
||||
- fix: https://github.com/satori/go.uuid/pull/75
|
||||
- report: https://github.com/satori/go.uuid/issues/73
|
||||
- web: https://bugzilla.redhat.com/show_bug.cgi?id=1954376
|
||||
- web: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
|
||||
notes:
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ ghsas:
|
|||
- GHSA-3hwm-922r-47hw
|
||||
references:
|
||||
- advisory: https://github.com/42Atomys/stud42/security/advisories/GHSA-3hwm-922r-47hw
|
||||
- web: https://github.com/42Atomys/stud42/issues/412
|
||||
- web: https://github.com/42Atomys/stud42/commit/a70bfc72fba721917bf681d72a58093fb9deee17
|
||||
- web: https://github.com/42Atomys/stud42/issues/412
|
||||
source:
|
||||
id: GHSA-3hwm-922r-47hw
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -23,9 +23,9 @@ cves:
|
|||
ghsas:
|
||||
- GHSA-3wq5-3f56-v5xc
|
||||
references:
|
||||
- advisory: https://github.com/advisories/GHSA-3wq5-3f56-v5xc
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1777
|
||||
- web: https://mattermost.com/security-updates/
|
||||
- advisory: https://github.com/advisories/GHSA-3wq5-3f56-v5xc
|
||||
notes:
|
||||
- fix: 'github.com/mattermost/mattermost-server/v6: could not add vulnerable_at: version 7.1.6 does not exist'
|
||||
- lint: 'modules[1] "github.com/mattermost/mattermost-server/v6": version 7.1.6 does not exist'
|
||||
|
|
|
|||
|
|
@ -16,9 +16,9 @@ cves:
|
|||
ghsas:
|
||||
- GHSA-54q4-74p3-mgcw
|
||||
references:
|
||||
- advisory: https://github.com/advisories/GHSA-54q4-74p3-mgcw
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-38867
|
||||
- report: https://github.com/zhaojh329/rttys/issues/117
|
||||
- advisory: https://github.com/advisories/GHSA-54q4-74p3-mgcw
|
||||
source:
|
||||
id: GHSA-54q4-74p3-mgcw
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -39,9 +39,9 @@ ghsas:
|
|||
- GHSA-66p8-j459-rq63
|
||||
references:
|
||||
- advisory: https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63
|
||||
- web: https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-25168
|
||||
- fix: https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d
|
||||
- web: https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5
|
||||
notes:
|
||||
- lint: 'description: possible markdown formatting (found ### )'
|
||||
- lint: 'description: possible markdown formatting (found [`GHSA-p8r3-83r8-jwj5`](https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5))'
|
||||
|
|
|
|||
|
|
@ -29,11 +29,11 @@ cves:
|
|||
ghsas:
|
||||
- GHSA-6qfg-8799-r575
|
||||
references:
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-11251
|
||||
- report: https://github.com/kubernetes/kubernetes/issues/87773
|
||||
- fix: https://github.com/kubernetes/kubernetes/pull/82143
|
||||
- web: https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ
|
||||
- advisory: https://github.com/advisories/GHSA-6qfg-8799-r575
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-11251
|
||||
- fix: https://github.com/kubernetes/kubernetes/pull/82143
|
||||
- report: https://github.com/kubernetes/kubernetes/issues/87773
|
||||
- web: https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ
|
||||
source:
|
||||
id: GHSA-6qfg-8799-r575
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -20,11 +20,11 @@ cves:
|
|||
ghsas:
|
||||
- GHSA-7fxj-fr3v-r9gj
|
||||
references:
|
||||
- advisory: https://github.com/advisories/GHSA-7fxj-fr3v-r9gj
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-3023
|
||||
- fix: https://github.com/pingcap/tidb/commit/d0376379d615cc8f263a0b17c031ce403c8dcbfb
|
||||
- web: https://advisory.dw1.io/45
|
||||
- web: https://huntr.dev/bounties/120f1346-e958-49d0-b66c-0f889a469540
|
||||
- advisory: https://github.com/advisories/GHSA-7fxj-fr3v-r9gj
|
||||
source:
|
||||
id: GHSA-7fxj-fr3v-r9gj
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -21,11 +21,11 @@ cves:
|
|||
ghsas:
|
||||
- GHSA-9689-rx4v-cqgc
|
||||
references:
|
||||
- advisory: https://github.com/advisories/GHSA-9689-rx4v-cqgc
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-15798
|
||||
- fix: https://github.com/concourse/concourse/pull/5350/commits/38cb4cc025e5ed28764b4adc363a0bbf41f3c7cb
|
||||
- web: https://github.com/concourse/concourse/blob/release/5.2.x/release-notes/v5.2.8.md
|
||||
- web: https://pivotal.io/security/cve-2018-15798
|
||||
- advisory: https://github.com/advisories/GHSA-9689-rx4v-cqgc
|
||||
source:
|
||||
id: GHSA-9689-rx4v-cqgc
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -27,10 +27,10 @@ cves:
|
|||
ghsas:
|
||||
- GHSA-hjv9-hm2f-rpcj
|
||||
references:
|
||||
- advisory: https://github.com/advisories/GHSA-hjv9-hm2f-rpcj
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0507
|
||||
- web: https://grafana.com/security/security-advisories/cve-2023-0507/
|
||||
- web: https://security.netapp.com/advisory/ntap-20230413-0001/
|
||||
- advisory: https://github.com/advisories/GHSA-hjv9-hm2f-rpcj
|
||||
source:
|
||||
id: GHSA-hjv9-hm2f-rpcj
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@ ghsas:
|
|||
- GHSA-hmfx-3pcx-653p
|
||||
references:
|
||||
- advisory: https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
|
||||
- web: https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-25173
|
||||
- fix: https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
|
||||
- web: https://github.com/advisories/GHSA-4wjj-jwc9-2x96
|
||||
|
|
@ -69,6 +68,7 @@ references:
|
|||
- web: https://github.com/advisories/GHSA-phjr-8j92-w5v7
|
||||
- web: https://github.com/containerd/containerd/releases/tag/v1.5.18
|
||||
- web: https://github.com/containerd/containerd/releases/tag/v1.6.18
|
||||
- web: https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
|
||||
- web: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
|
||||
notes:
|
||||
- lint: 'description: possible markdown formatting (found ### )'
|
||||
|
|
|
|||
|
|
@ -27,11 +27,11 @@ cves:
|
|||
ghsas:
|
||||
- GHSA-jh36-q97c-9928
|
||||
references:
|
||||
- advisory: https://github.com/advisories/GHSA-jh36-q97c-9928
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-3294
|
||||
- web: https://github.com/kubernetes/kubernetes/issues/113757
|
||||
- web: https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA
|
||||
- web: https://security.netapp.com/advisory/ntap-20230505-0007/
|
||||
- advisory: https://github.com/advisories/GHSA-jh36-q97c-9928
|
||||
source:
|
||||
id: GHSA-jh36-q97c-9928
|
||||
created: 1999-01-01T00:00:00Z
|
||||
|
|
|
|||
|
|
@ -63,10 +63,10 @@ ghsas:
|
|||
references:
|
||||
- advisory: https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-13845
|
||||
- web: https://medium.com/sylabs
|
||||
- web: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html
|
||||
- web: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
|
||||
- web: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html
|
||||
- web: https://medium.com/sylabs
|
||||
notes:
|
||||
- fix: 'github.com/sylabs/singularity: could not add vulnerable_at: version 3.6.0 does not exist'
|
||||
- lint: 'description: possible markdown formatting (found ### )'
|
||||
|
|
|
|||
|
|
@ -20,16 +20,16 @@ cves:
|
|||
ghsas:
|
||||
- GHSA-w4xh-w33p-4v29
|
||||
references:
|
||||
- advisory: https://github.com/advisories/GHSA-w4xh-w33p-4v29
|
||||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2017-17831
|
||||
- fix: https://github.com/git-lfs/git-lfs/commit/f913f5f9c7c6d1301785fdf9884a2942d59cdf19
|
||||
- fix: https://github.com/git-lfs/git-lfs/pull/2241
|
||||
- fix: https://github.com/git-lfs/git-lfs/pull/2242
|
||||
- fix: https://github.com/git-lfs/git-lfs/commit/f913f5f9c7c6d1301785fdf9884a2942d59cdf19
|
||||
- web: http://blog.recurity-labs.com/2017-08-10/scm-vulns
|
||||
- web: http://www.securityfocus.com/bid/102926
|
||||
- web: https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
|
||||
- web: https://github.com/git-lfs/git-lfs/releases/tag/v2.1.1
|
||||
- web: https://web.archive.org/web/20200227131639/http://www.securityfocus.com/bid/102926
|
||||
- web: http://blog.recurity-labs.com/2017-08-10/scm-vulns
|
||||
- web: http://www.securityfocus.com/bid/102926
|
||||
- advisory: https://github.com/advisories/GHSA-w4xh-w33p-4v29
|
||||
notes:
|
||||
- lint: 'description: possible markdown formatting (found `url =` line in a `.lfsconfig`)'
|
||||
source:
|
||||
|
|
|
|||
|
|
@ -670,6 +670,13 @@ func (r *Report) FixReferences() {
|
|||
}
|
||||
}
|
||||
|
||||
slices.SortFunc(r.References, func(a *Reference, b *Reference) int {
|
||||
if a.Type == b.Type {
|
||||
return strings.Compare(a.URL, b.URL)
|
||||
}
|
||||
return strings.Compare(string(a.Type), string(b.Type))
|
||||
})
|
||||
|
||||
if len(r.References) == 0 {
|
||||
r.References = nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -414,11 +414,11 @@ func TestFixReferences(t *testing.T) {
|
|||
name: "to_advisory_ghsa",
|
||||
in: []*Reference{
|
||||
{
|
||||
URL: "https://github.com/example/module/security/advisories/GHSA-xxxx-yyyy-zzzz",
|
||||
URL: "https://github.com/advisories/GHSA-gggg-hhhh-ffff",
|
||||
Type: osv.ReferenceTypeWeb,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/advisories/GHSA-gggg-hhhh-ffff",
|
||||
URL: "https://github.com/example/module/security/advisories/GHSA-xxxx-yyyy-zzzz",
|
||||
Type: osv.ReferenceTypeWeb,
|
||||
},
|
||||
{
|
||||
|
|
@ -428,11 +428,11 @@ func TestFixReferences(t *testing.T) {
|
|||
},
|
||||
want: []*Reference{
|
||||
{
|
||||
URL: "https://github.com/example/module/security/advisories/GHSA-xxxx-yyyy-zzzz",
|
||||
URL: "https://github.com/advisories/GHSA-gggg-hhhh-ffff",
|
||||
Type: osv.ReferenceTypeAdvisory,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/advisories/GHSA-gggg-hhhh-ffff",
|
||||
URL: "https://github.com/example/module/security/advisories/GHSA-xxxx-yyyy-zzzz",
|
||||
Type: osv.ReferenceTypeAdvisory,
|
||||
},
|
||||
{
|
||||
|
|
@ -489,55 +489,55 @@ func TestFixReferences(t *testing.T) {
|
|||
name: "to_fix_or_report",
|
||||
in: []*Reference{
|
||||
{
|
||||
URL: "https://github.com/example/module/pull/123",
|
||||
Type: osv.ReferenceTypeWeb,
|
||||
URL: "https://github.com/advisories/GHSA-gggg-hhhh-ffff",
|
||||
Type: osv.ReferenceTypeAdvisory,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/example/module/commit/123",
|
||||
Type: osv.ReferenceTypeWeb,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/module/module/issues/123",
|
||||
URL: "https://github.com/example/module/pull/123",
|
||||
Type: osv.ReferenceTypeWeb,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/example/module/issue/123",
|
||||
Type: osv.ReferenceTypeWeb,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/module/module/issues/123",
|
||||
Type: osv.ReferenceTypeWeb,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/different/module/issue/123",
|
||||
Type: osv.ReferenceTypeWeb,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/advisories/GHSA-gggg-hhhh-ffff",
|
||||
Type: osv.ReferenceTypeAdvisory,
|
||||
},
|
||||
},
|
||||
want: []*Reference{
|
||||
{
|
||||
URL: "https://github.com/example/module/pull/123",
|
||||
Type: osv.ReferenceTypeFix,
|
||||
URL: "https://github.com/advisories/GHSA-gggg-hhhh-ffff",
|
||||
Type: osv.ReferenceTypeAdvisory,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/example/module/commit/123",
|
||||
Type: osv.ReferenceTypeFix,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/module/module/issues/123",
|
||||
Type: osv.ReferenceTypeReport,
|
||||
URL: "https://github.com/example/module/pull/123",
|
||||
Type: osv.ReferenceTypeFix,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/example/module/issue/123",
|
||||
Type: osv.ReferenceTypeReport,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/module/module/issues/123",
|
||||
Type: osv.ReferenceTypeReport,
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/different/module/issue/123",
|
||||
Type: osv.ReferenceTypeWeb, // different module, keep web type
|
||||
},
|
||||
{
|
||||
URL: "https://github.com/advisories/GHSA-gggg-hhhh-ffff",
|
||||
Type: osv.ReferenceTypeAdvisory,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче