go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

data/reports: add GO-2024-3226 

- data/reports/GO-2024-3226.yaml

Fixes golang/vulndb#3226

Change-Id: Ice670947956ebfca17b7d47dafb63489eec431f2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/622935
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
This commit is contained in:
Zvonimir Pavlinovic 2024-10-28 20:43:16 +00:00
Родитель 2b20095efd
Коммит 723532cdd0
2 изменённых файлов: 120 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

94
data/osv/GO-2024-3226.json Normal file
Просмотреть файл

@ -0,0 +1,94 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3226",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-47827",
"GHSA-ghjw-32xw-ffwr"
],
"summary": "Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows",
"details": "Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows",
"affected": [
{
"package": {
"name": "github.com/argoproj/argo-workflows",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/argoproj/argo-workflows/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/argoproj/argo-workflows/v3",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "3.6.0-rc1"
},
{
"fixed": "3.6.0-rc2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47827"
},
{
"type": "FIX",
"url": "https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a"
},
{
"type": "FIX",
"url": "https://github.com/argoproj/argo-workflows/pull/13641"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3226",
"review_status": "UNREVIEWED"
}
}

26
data/reports/GO-2024-3226.yaml Normal file
Просмотреть файл

@ -0,0 +1,26 @@
id: GO-2024-3226
modules:
- module: github.com/argoproj/argo-workflows
vulnerable_at: 0.4.7
- module: github.com/argoproj/argo-workflows/v2
vulnerable_at: 2.12.13
- module: github.com/argoproj/argo-workflows/v3
versions:
- introduced: 3.6.0-rc1
- fixed: 3.6.0-rc2
vulnerable_at: 3.6.0-rc1
summary: 'Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows'
cves:
- CVE-2024-47827
ghsas:
- GHSA-ghjw-32xw-ffwr
references:
- advisory: https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-47827
- fix: https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a
- fix: https://github.com/argoproj/argo-workflows/pull/13641
- web: https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75
source:
id: GHSA-ghjw-32xw-ffwr
created: 2024-10-28T20:42:52.577727909Z
review_status: UNREVIEWED