зеркало из https://github.com/golang/vulndb.git
data/reports: add vulnerable_at and skip_fix to reports
Change-Id: I08411b334417ac17f27c3233df27742dd69906ab Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465803 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
This commit is contained in:
Tatiana Bradley
Родитель
aceb618704
Коммит
49d3317219
|
|
@ -20,15 +20,18 @@ modules:
|
|||
- package: goa.design/goa
|
||||
symbols:
|
||||
- Controller.FileHandler
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (cannot find module providing package
|
||||
github.com/goadesign/goa/uuid)'
|
||||
- module: goa.design/goa/v3
|
||||
versions:
|
||||
- fixed: 3.0.9
|
||||
vulnerable_at: 3.0.8
|
||||
packages:
|
||||
- package: goa.design/goa/v3
|
||||
symbols:
|
||||
- Controller.FileHandler
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (goa.design/goa/v3 appears to not be
|
||||
a package, but I could not locate the fix for this issue in v3)'
|
||||
description: |
|
||||
Due to improper santization of user input, Controller.FileHandler allows
|
||||
for directory traversal, allowing an attacker to read files outside of
|
||||
|
|
|
|||
|
|
@ -2,13 +2,15 @@ modules:
|
|||
- module: github.com/mholt/caddy
|
||||
versions:
|
||||
- fixed: 0.10.13
|
||||
vulnerable_at: 0.10.13-0.20180330123946-2966db7b7800
|
||||
packages:
|
||||
- package: github.com/mholt/caddy/caddyhttp/httpserver
|
||||
symbols:
|
||||
- httpContext.MakeServers
|
||||
- Server.serveHTTP
|
||||
- assertConfigsCompatible
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason. (cannot find module providing package
|
||||
github.com/lucas-clemente/quic-go/h2quic)'
|
||||
description: |
|
||||
Due to improper TLS verification when serving traffic for multiple
|
||||
SNIs, an attacker may bypass TLS client authentication by indicating
|
||||
|
|
|
|||
|
|
@ -16,11 +16,12 @@ modules:
|
|||
- module: k8s.io/kubernetes
|
||||
versions:
|
||||
- fixed: 1.20.0-alpha.2
|
||||
vulnerable_at: 1.20.0-alpha.1
|
||||
packages:
|
||||
- package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
|
||||
symbols:
|
||||
- requestInfo.toCurl
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (module does not contain package k8s.io/kubernetes/staging/src/k8s.io/client-go/transport)'
|
||||
description: |
|
||||
Authorization tokens may be inappropriately logged if the verbosity
|
||||
level is set to a debug level.
|
||||
|
|
|
|||
|
|
@ -15,11 +15,12 @@ modules:
|
|||
- module: k8s.io/kubernetes
|
||||
versions:
|
||||
- fixed: 1.16.0-beta.1
|
||||
vulnerable_at: 1.16.0-beta.0
|
||||
packages:
|
||||
- package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
|
||||
symbols:
|
||||
- debuggingRoundTripper.RoundTrip
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (module does not contain package k8s.io/kubernetes/staging/src/k8s.io/client-go/transport)'
|
||||
description: |
|
||||
Authorization tokens may be inappropriately logged if the verbosity
|
||||
level is set to a debug level.
|
||||
|
|
|
|||
|
|
@ -2,12 +2,14 @@ modules:
|
|||
- module: k8s.io/kubernetes
|
||||
versions:
|
||||
- fixed: 1.20.0-alpha.1
|
||||
vulnerable_at: 1.20.0-alpha.0
|
||||
packages:
|
||||
- package: k8s.io/kubernetes/pkg/credentialprovider
|
||||
symbols:
|
||||
- readDockerConfigFileFromBytes
|
||||
- readDockerConfigJSONFileFromBytes
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (reading k8s.io/api/go.mod at revision
|
||||
v0.0.0: unknown revision v0.0.0)'
|
||||
description: |
|
||||
Attempting to read a malformed .dockercfg may cause secrets to be
|
||||
inappropriately logged.
|
||||
|
|
|
|||
|
|
@ -3,11 +3,12 @@ modules:
|
|||
versions:
|
||||
- introduced: 1.16.0
|
||||
fixed: 1.16.1
|
||||
vulnerable_at: 1.16.0
|
||||
packages:
|
||||
- package: archive/zip
|
||||
symbols:
|
||||
- toValidName
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
Using Reader.Open on an archive containing a file with a path
|
||||
prefixed by "../" will cause a panic due to a stack overflow.
|
||||
|
|
|
|||
|
|
@ -5,11 +5,12 @@ modules:
|
|||
- fixed: 1.14.14
|
||||
- introduced: 1.15.0
|
||||
fixed: 1.15.7
|
||||
vulnerable_at: 1.15.6
|
||||
packages:
|
||||
- package: cmd/go
|
||||
goos:
|
||||
- windows
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
The go command may execute arbitrary code at build time when using cgo on Windows.
|
||||
This can be triggered by running go get on a malicious module, or any other time
|
||||
|
|
|
|||
|
|
@ -5,11 +5,12 @@ modules:
|
|||
fixed: 1.14.12
|
||||
- introduced: 1.15.0
|
||||
fixed: 1.15.5
|
||||
vulnerable_at: 1.15.4
|
||||
packages:
|
||||
- package: math/big
|
||||
symbols:
|
||||
- nat.divRecursiveStep
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
A number of math/big.Int methods can panic when provided large inputs due
|
||||
to a flawed division method.
|
||||
|
|
|
|||
|
|
@ -2,11 +2,13 @@ modules:
|
|||
- module: github.com/ethereum/go-ethereum
|
||||
versions:
|
||||
- fixed: 1.8.11
|
||||
vulnerable_at: 1.8.11-0.20180605071142-7a22e89080b2
|
||||
packages:
|
||||
- package: github.com/ethereum/go-ethereum/les
|
||||
symbols:
|
||||
- ProtocolManager.handleMsg
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (cannot find module providing package
|
||||
github.com/hashicorp/golang-lru)'
|
||||
description: |
|
||||
Due to improper argument validation in RPC messages, a maliciously crafted
|
||||
message can cause a panic, leading to denial of service.
|
||||
|
|
|
|||
|
|
@ -7,7 +7,8 @@ modules:
|
|||
- package: github.com/bytom/bytom/p2p/discover
|
||||
symbols:
|
||||
- Network.checkTopicRegister
|
||||
skip_fix: "TODO: Revisit this reason. (Fix causes error containing cannot find module providing package github.com/bytom/common)"
|
||||
skip_fix: 'TODO: Revisit this reason. (Fix causes error containing cannot
|
||||
find module providing package github.com/bytom/common)'
|
||||
description: |
|
||||
A malformed query can cause an out-of-bounds panic due to improper
|
||||
validation of arguments. If processing queries from untrusted
|
||||
|
|
|
|||
|
|
@ -13,11 +13,13 @@ modules:
|
|||
- module: github.com/opencontainers/selinux
|
||||
versions:
|
||||
- fixed: 1.3.1-0.20190929122143-5215b1806f52
|
||||
vulnerable_at: 1.3.0
|
||||
packages:
|
||||
- package: github.com/opencontainers/selinux/go-selinux
|
||||
symbols:
|
||||
- readCon
|
||||
- writeCon
|
||||
skip_fix: 'TODO: revisit this reason (readCon and writeCon: func not found)'
|
||||
description: |
|
||||
AppArmor restrictions may be bypassed due to improper validation of mount
|
||||
targets, allowing a malicious image to mount volumes over e.g. /proc.
|
||||
|
|
|
|||
|
|
@ -7,7 +7,8 @@ modules:
|
|||
- package: github.com/opencontainers/runc/libcontainer
|
||||
symbols:
|
||||
- mountToRootfs
|
||||
skip_fix: "TODO: Revisit this reason. (Fix causes multiple errors (dependent fields/methods undefined)"
|
||||
skip_fix: 'TODO: Revisit this reason. (Fix causes multiple errors (dependent
|
||||
fields/methods undefined)'
|
||||
description: |
|
||||
A race while mounting volumes allows a possible symlink-exchange
|
||||
attack, allowing a user whom can start multiple containers with
|
||||
|
|
|
|||
|
|
@ -3,12 +3,13 @@ modules:
|
|||
versions:
|
||||
- introduced: 1.1.0
|
||||
fixed: 1.3.2
|
||||
vulnerable_at: 1.3.1
|
||||
packages:
|
||||
- package: crypto/tls
|
||||
symbols:
|
||||
- checkForResumption
|
||||
- decryptTicket
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
When SessionTicketsDisabled is enabled, crypto/tls allowed man-in-the-middle
|
||||
attackers to spoof clients via unspecified vectors.
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ modules:
|
|||
- module: std
|
||||
versions:
|
||||
- fixed: 1.4.3
|
||||
vulnerable_at: 1.4.2
|
||||
packages:
|
||||
- package: net/http
|
||||
symbols:
|
||||
|
|
@ -14,7 +15,7 @@ modules:
|
|||
- readTransfer
|
||||
- transferWriter.shouldSendContentLength
|
||||
- validHeaderFieldByte
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
HTTP headers were not properly parsed, which allows remote attackers to
|
||||
conduct HTTP request smuggling attacks via a request that contains
|
||||
|
|
|
|||
|
|
@ -3,12 +3,13 @@ modules:
|
|||
versions:
|
||||
- introduced: 1.5.0
|
||||
fixed: 1.5.3
|
||||
vulnerable_at: 1.5.2
|
||||
packages:
|
||||
- package: math/big
|
||||
symbols:
|
||||
- nat.expNNMontgomery
|
||||
- nat.montgomery
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
Int.Exp Montgomery mishandled carry propagation and produced an incorrect
|
||||
output, which makes it easier for attackers to obtain private RSA keys via
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.5.4
|
||||
- introduced: 1.6.0
|
||||
fixed: 1.6.1
|
||||
vulnerable_at: 1.6.0
|
||||
packages:
|
||||
- package: syscall
|
||||
symbols:
|
||||
- LoadLibrary
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
Untrusted search path vulnerability on Windows related to LoadLibrary allows
|
||||
local users to gain privileges via a malicious DLL in the current working
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.6.4
|
||||
- introduced: 1.7.0
|
||||
fixed: 1.7.4
|
||||
vulnerable_at: 1.7.3
|
||||
packages:
|
||||
- package: mime/multipart
|
||||
symbols:
|
||||
- Reader.readForm
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
When parsing large multipart/form-data, an attacker can
|
||||
cause a HTTP server to open a large number of file
|
||||
|
|
|
|||
|
|
@ -5,11 +5,12 @@ modules:
|
|||
fixed: 1.8.4
|
||||
- introduced: 1.9.0
|
||||
fixed: 1.9.1
|
||||
vulnerable_at: 1.9.0
|
||||
packages:
|
||||
- package: net/smtp
|
||||
symbols:
|
||||
- plainAuth.Start
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
SMTP clients using net/smtp can use the PLAIN authentication scheme on
|
||||
network connections not secured with TLS, exposing passwords to
|
||||
|
|
|
|||
|
|
@ -4,13 +4,14 @@ modules:
|
|||
- fixed: 1.13.13
|
||||
- introduced: 1.14.0
|
||||
fixed: 1.14.5
|
||||
vulnerable_at: 1.14.4
|
||||
packages:
|
||||
- package: crypto/x509
|
||||
goos:
|
||||
- windows
|
||||
symbols:
|
||||
- Certificate.systemVerify
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
On Windows, if VerifyOptions.Roots is nil, Certificate.Verify
|
||||
does not check the EKU requirements specified in VerifyOptions.KeyUsages.
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.13.13
|
||||
- introduced: 1.14.0
|
||||
fixed: 1.14.5
|
||||
vulnerable_at: 1.14.4
|
||||
packages:
|
||||
- package: net/http
|
||||
symbols:
|
||||
- expectContinueReader.Read
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
HTTP servers where the Handler concurrently reads the request
|
||||
body and writes a response can encounter a data race and crash.
|
||||
|
|
|
|||
|
|
@ -4,19 +4,20 @@ modules:
|
|||
- fixed: 1.14.8
|
||||
- introduced: 1.15.0
|
||||
fixed: 1.15.1
|
||||
vulnerable_at: 1.15.0
|
||||
packages:
|
||||
- package: net/http/cgi
|
||||
symbols:
|
||||
- response.Write
|
||||
- response.WriteHeader
|
||||
- response.writeCGIHeader
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
- package: net/http/fcgi
|
||||
symbols:
|
||||
- response.Write
|
||||
- response.WriteHeader
|
||||
- response.writeCGIHeader
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
When a Handler does not explicitly set the Content-Type header, the the
|
||||
package would default to “text/html”, which could cause a Cross-Site Scripting
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.15.9
|
||||
- introduced: 1.16.0
|
||||
fixed: 1.16.1
|
||||
vulnerable_at: 1.16.0
|
||||
packages:
|
||||
- package: encoding/xml
|
||||
symbols:
|
||||
- Decoder.Token
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
The Decode, DecodeElement, and Skip methods of an xml.Decoder
|
||||
provided by xml.NewTokenDecoder may enter an infinite loop when
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.14.14
|
||||
- introduced: 1.15.0
|
||||
fixed: 1.15.7
|
||||
vulnerable_at: 1.15.6
|
||||
packages:
|
||||
- package: crypto/elliptic
|
||||
symbols:
|
||||
- p224Contract
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
The P224() Curve implementation can in rare circumstances generate
|
||||
incorrect outputs, including returning invalid points from
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ modules:
|
|||
- fixed: 1.15.13
|
||||
- introduced: 1.16.0
|
||||
fixed: 1.16.5
|
||||
vulnerable_at: 1.16.4
|
||||
packages:
|
||||
- package: net
|
||||
symbols:
|
||||
|
|
@ -12,7 +13,7 @@ modules:
|
|||
- Resolver.LookupMX
|
||||
- Resolver.LookupNS
|
||||
- Resolver.LookupSRV
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr
|
||||
functions and their respective methods on the Resolver type may
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.15.13
|
||||
- introduced: 1.16.0
|
||||
fixed: 1.16.5
|
||||
vulnerable_at: 1.16.4
|
||||
packages:
|
||||
- package: archive/zip
|
||||
symbols:
|
||||
- Reader.init
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
NewReader and OpenReader can cause a panic or an unrecoverable
|
||||
fatal error when reading an archive that claims to contain a large
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.15.13
|
||||
- introduced: 1.16.0
|
||||
fixed: 1.16.5
|
||||
vulnerable_at: 1.16.4
|
||||
packages:
|
||||
- package: net/http/httputil
|
||||
symbols:
|
||||
- ReverseProxy.ServeHTTP
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
ReverseProxy can be made to forward certain hop-by-hop headers,
|
||||
including Connection. If the target of the ReverseProxy is
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.15.13
|
||||
- introduced: 1.16.0
|
||||
fixed: 1.16.5
|
||||
vulnerable_at: 1.16.4
|
||||
packages:
|
||||
- package: math/big
|
||||
symbols:
|
||||
- Rat.SetString
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
Rat.SetString and Rat.UnmarshalText may cause a panic or an
|
||||
unrecoverable fatal error if passed inputs with very large
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.15.14
|
||||
- introduced: 1.16.0
|
||||
fixed: 1.16.6
|
||||
vulnerable_at: 1.16.5
|
||||
packages:
|
||||
- package: crypto/tls
|
||||
symbols:
|
||||
- rsaKeyAgreement.generateClientKeyExchange
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
crypto/tls clients can panic when provided a certificate of the
|
||||
wrong type for the negotiated parameters. net/http clients
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.15.15
|
||||
- introduced: 1.16.0
|
||||
fixed: 1.16.7
|
||||
vulnerable_at: 1.16.6
|
||||
packages:
|
||||
- package: net/http/httputil
|
||||
symbols:
|
||||
- ReverseProxy.ServeHTTP
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
ReverseProxy can panic after encountering a problem copying
|
||||
a proxied response body.
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.16.10
|
||||
- introduced: 1.17.0
|
||||
fixed: 1.17.3
|
||||
vulnerable_at: 1.17.2
|
||||
packages:
|
||||
- package: debug/macho
|
||||
symbols:
|
||||
- NewFile
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
Calling File.ImportedSymbols on a loaded file which contains an invalid
|
||||
dynamic symbol table command can cause a panic, in particular if the encoded
|
||||
|
|
|
|||
|
|
@ -4,12 +4,13 @@ modules:
|
|||
- fixed: 1.16.10
|
||||
- introduced: 1.17.0
|
||||
fixed: 1.17.3
|
||||
vulnerable_at: 1.17.2
|
||||
packages:
|
||||
- package: archive/zip
|
||||
symbols:
|
||||
- split
|
||||
- Reader.Open
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
Previously, opening a zip with (*Reader).Open could result in a panic if the
|
||||
zip contained a file whose name was exclusively made up of slash characters or
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.16.14
|
||||
- introduced: 1.17.0
|
||||
fixed: 1.17.7
|
||||
vulnerable_at: 1.17.6
|
||||
packages:
|
||||
- package: math/big
|
||||
symbols:
|
||||
- Rat.SetString
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
Rat.SetString had an overflow issue that can lead to uncontrolled memory consumption.
|
||||
published: 2022-05-23T22:15:42Z
|
||||
|
|
|
|||
|
|
@ -4,13 +4,14 @@ modules:
|
|||
- fixed: 1.16.14
|
||||
- introduced: 1.17.0
|
||||
fixed: 1.17.7
|
||||
vulnerable_at: 1.17.6
|
||||
packages:
|
||||
- package: crypto/elliptic
|
||||
symbols:
|
||||
- CurveParams.IsOnCurve
|
||||
- p384PointFromAffine
|
||||
- p521PointFromAffine
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
Some big.Int values that are not valid field elements (negative or overflowing)
|
||||
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.16.15
|
||||
- introduced: 1.17.0
|
||||
fixed: 1.17.8
|
||||
vulnerable_at: 1.17.7
|
||||
packages:
|
||||
- package: regexp
|
||||
symbols:
|
||||
- regexp.Compile
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
On 64-bit platforms, an extremely deeply nested expression can
|
||||
cause regexp.Compile to cause goroutine stack exhaustion, forcing
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.5.4
|
||||
- introduced: 1.6.0
|
||||
fixed: 1.6.1
|
||||
vulnerable_at: 1.6.0
|
||||
packages:
|
||||
- package: crypto/dsa
|
||||
symbols:
|
||||
- Verify
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
The Verify function in crypto/dsa passed certain parameters unchecked to
|
||||
the underlying big integer library, possibly leading to extremely
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ modules:
|
|||
- fixed: 1.6.4
|
||||
- introduced: 1.7.0
|
||||
fixed: 1.7.4
|
||||
vulnerable_at: 1.7.3
|
||||
packages:
|
||||
- package: crypto/x509
|
||||
goos:
|
||||
|
|
@ -11,7 +12,7 @@ modules:
|
|||
symbols:
|
||||
- FetchPEMRoots
|
||||
- execSecurityRoots
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
On Darwin, user's trust preferences for root certificates were not honored.
|
||||
If the user had a root certificate loaded in their Keychain that was
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.12.10
|
||||
- introduced: 1.13.0
|
||||
fixed: 1.13.1
|
||||
vulnerable_at: 1.13.0
|
||||
packages:
|
||||
- package: net/textproto
|
||||
symbols:
|
||||
- Reader.ReadMimeHeader
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
net/http (through net/textproto) used to accept and normalize invalid
|
||||
HTTP/1.1 headers with a space before the colon, in violation of RFC 7230.
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.12.11
|
||||
- introduced: 1.13.0
|
||||
fixed: 1.13.2
|
||||
vulnerable_at: 1.13.1
|
||||
packages:
|
||||
- package: crypto/dsa
|
||||
symbols:
|
||||
- Verify
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
Invalid DSA public keys can cause a panic in dsa.Verify. In particular,
|
||||
using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ modules:
|
|||
- fixed: 1.10.8
|
||||
- introduced: 1.11.0
|
||||
fixed: 1.11.5
|
||||
vulnerable_at: 1.11.4
|
||||
packages:
|
||||
- package: crypto/elliptic
|
||||
symbols:
|
||||
- curve.doubleJacobian
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
A DoS vulnerability in the crypto/elliptic implementations of the P-521 and
|
||||
P-384 elliptic curves may let an attacker craft inputs that consume
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ modules:
|
|||
- fixed: 1.11.10
|
||||
- introduced: 1.12.0
|
||||
fixed: 1.12.2
|
||||
vulnerable_at: 1.12.1
|
||||
packages:
|
||||
- package: runtime
|
||||
goos:
|
||||
|
|
@ -12,13 +13,13 @@ modules:
|
|||
- loadOptionalSyscalls
|
||||
- osinit
|
||||
- syscall_loadsystemlibrary
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
- package: syscall
|
||||
goos:
|
||||
- windows
|
||||
symbols:
|
||||
- LoadDLL
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
Go on Windows misused certain LoadLibrary functionality, leading to DLL
|
||||
injection.
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ modules:
|
|||
- fixed: 1.16.9
|
||||
- introduced: 1.17.0
|
||||
fixed: 1.17.2
|
||||
vulnerable_at: 1.17.1
|
||||
packages:
|
||||
- package: cmd/link
|
||||
goos:
|
||||
|
|
@ -12,7 +13,7 @@ modules:
|
|||
- wasm
|
||||
symbols:
|
||||
- Link.address
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
- package: misc/wasm
|
||||
goos:
|
||||
- js
|
||||
|
|
@ -20,7 +21,7 @@ modules:
|
|||
- wasm
|
||||
symbols:
|
||||
- run
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js,
|
||||
passing very large arguments can cause portions of the module to be
|
||||
|
|
|
|||
|
|
@ -2,14 +2,15 @@ modules:
|
|||
- module: std
|
||||
versions:
|
||||
- fixed: 1.16.8
|
||||
- introduced: "1.17"
|
||||
- introduced: 1.17.0
|
||||
fixed: 1.17.1
|
||||
vulnerable_at: 1.17.0
|
||||
packages:
|
||||
- package: archive/zip
|
||||
symbols:
|
||||
- NewReader
|
||||
- OpenReader
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
The NewReader and OpenReader functions in archive/zip can cause a panic or
|
||||
an unrecoverable fatal error when reading an archive that claims to contain
|
||||
|
|
|
|||
|
|
@ -2,13 +2,14 @@ modules:
|
|||
- module: std
|
||||
versions:
|
||||
- fixed: 1.16.12
|
||||
- introduced: "1.17"
|
||||
- introduced: 1.17.0
|
||||
fixed: 1.17.5
|
||||
vulnerable_at: 1.17.4
|
||||
packages:
|
||||
- package: syscall
|
||||
symbols:
|
||||
- ForkExec
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
description: |
|
||||
When a Go program running on a Unix system is out of file descriptors and
|
||||
calls syscall.ForkExec (including indirectly by using the os/exec package),
|
||||
|
|
|
|||
|
|
@ -11,16 +11,17 @@ modules:
|
|||
- http2serverConn.serve
|
||||
- http2serverConn.writeFrame
|
||||
- http2serverConn.scheduleFrameWrite
|
||||
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
||||
- module: golang.org/x/net
|
||||
versions:
|
||||
- fixed: 0.0.0-20190813141303-74dc4d7220e7
|
||||
vulnerable_at: 0.0.0-20190813141303-74dc4d7220e7
|
||||
packages:
|
||||
- package: golang.org/x/net/http
|
||||
symbols:
|
||||
- serverConn.serve
|
||||
- serverConn.writeFrame
|
||||
- serverConn.scheduleFrameWrite
|
||||
skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
|
||||
description: |
|
||||
Some HTTP/2 implementations are vulnerable to a reset flood, potentially
|
||||
leading to a denial of service.
|
||||
|
|
|
|||
|
|
@ -9,7 +9,8 @@ modules:
|
|||
- package: github.com/oam-dev/kubevela/pkg/utils/common
|
||||
symbols:
|
||||
- HTTPGetResponse
|
||||
skip_fix: "TODO: Revisit this reason. (Running fix causes error containing unknown revision konnectivity-client/v0.0.0)"
|
||||
skip_fix: 'TODO: Revisit this reason. (Running fix causes error containing
|
||||
unknown revision konnectivity-client/v0.0.0)'
|
||||
description: |-
|
||||
When using Helm Chart as the component delivery method, the request address
|
||||
of the warehouse is not restricted, and there is a blind SSRF vulnerability.
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче