go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

data/reports: add 2 reviewed reports 

- data/reports/GO-2024-2977.yaml
  - data/reports/GO-2024-2978.yaml

Fixes golang/vulndb#2977
Fixes golang/vulndb#2978

Change-Id: I6a664826f87b1dc9c586871e5ade8683b31e4ccd
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/597159
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Tim King <taking@google.com>
This commit is contained in:
Tatiana Bradley 2024-07-08 13:55:34 -04:00
Родитель 1b6716acb3
Коммит 7313605cfa
4 изменённых файлов: 183 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

69
data/osv/GO-2024-2977.json Normal file
Просмотреть файл

@ -0,0 +1,69 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2977",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-6284",
"GHSA-qjvf-8748-9w7h"
],
"summary": "IP addresses were encoded in the wrong byte order in github.com/google/nftables",
"details": "IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which did not work as intended (might block or not block the desired addresses).",
"affected": [
{
"package": {
"name": "github.com/google/nftables",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.1.0"
},
{
"fixed": "0.2.0"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/google/nftables",
"symbols": [
"Conn.AddSet"
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-qjvf-8748-9w7h"
},
{
"type": "FIX",
"url": "https://github.com/google/nftables/commit/b1f901b05510bed05c232c5049f68d1511b56a19"
},
{
"type": "REPORT",
"url": "https://github.com/google/nftables/issues/225"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596"
},
{
"type": "WEB",
"url": "https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2977",
"review_status": "REVIEWED"
}
}

56
data/osv/GO-2024-2978.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2978",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-xr7q-jx4m-x55m"
],
"summary": "Private tokens could appear in logs if context containing gRPC metadata is logged in google.golang.org/grpc",
"details": "If applications print or log a context containing gRPC metadata, the output will contain all the metadata, which may include private information. This represents a potential PII concern.",
"affected": [
{
"package": {
"name": "google.golang.org/grpc",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.64.0"
},
{
"fixed": "1.64.1"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "google.golang.org/grpc/metadata",
"symbols": [
"MD.String"
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m"
},
{
"type": "FIX",
"url": "https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2978",
"review_status": "REVIEWED"
}
}

31
data/reports/GO-2024-2977.yaml Normal file
Просмотреть файл

@ -0,0 +1,31 @@
id: GO-2024-2977
modules:
- module: github.com/google/nftables
versions:
- introduced: 0.1.0
- fixed: 0.2.0
vulnerable_at: 0.1.0
packages:
- package: github.com/google/nftables
symbols:
- Conn.AddSet
skip_fix: 'errors of the form ''undefined: unix.*'''
summary: IP addresses were encoded in the wrong byte order in github.com/google/nftables
description: |-
IP addresses were encoded in the wrong byte order, resulting in an nftables
configuration which did not work as intended (might block or not block the
desired addresses).
cves:
- CVE-2024-6284
ghsas:
- GHSA-qjvf-8748-9w7h
references:
- advisory: https://github.com/advisories/GHSA-qjvf-8748-9w7h
- fix: https://github.com/google/nftables/commit/b1f901b05510bed05c232c5049f68d1511b56a19
- report: https://github.com/google/nftables/issues/225
- web: https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596
- web: https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368
source:
id: GHSA-qjvf-8748-9w7h
created: 2024-07-08T13:23:25.436858-04:00
review_status: REVIEWED

27
data/reports/GO-2024-2978.yaml Normal file
Просмотреть файл

@ -0,0 +1,27 @@
id: GO-2024-2978
modules:
- module: google.golang.org/grpc
versions:
- introduced: 1.64.0
- fixed: 1.64.1
vulnerable_at: 1.64.0
packages:
- package: google.golang.org/grpc/metadata
symbols:
- MD.String
summary: |-
Private tokens could appear in logs if context containing gRPC metadata is
logged in google.golang.org/grpc
description: |
If applications print or log a context containing gRPC metadata, the
output will contain all the metadata, which may include private
information. This represents a potential PII concern.
ghsas:
- GHSA-xr7q-jx4m-x55m
references:
- advisory: https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
- fix: https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb
source:
id: GHSA-xr7q-jx4m-x55m
created: 2024-07-08T13:23:23.725948-04:00
review_status: REVIEWED