go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

data/reports: unexclude 20 reports (25) 

- data/reports/GO-2022-0857.yaml
  - data/reports/GO-2022-0859.yaml
  - data/reports/GO-2022-0861.yaml
  - data/reports/GO-2022-0862.yaml
  - data/reports/GO-2022-0863.yaml
  - data/reports/GO-2022-0865.yaml
  - data/reports/GO-2022-0866.yaml
  - data/reports/GO-2022-0867.yaml
  - data/reports/GO-2022-0869.yaml
  - data/reports/GO-2022-0871.yaml
  - data/reports/GO-2022-0873.yaml
  - data/reports/GO-2022-0874.yaml
  - data/reports/GO-2022-0875.yaml
  - data/reports/GO-2022-0876.yaml
  - data/reports/GO-2022-0878.yaml
  - data/reports/GO-2022-0879.yaml
  - data/reports/GO-2022-0882.yaml
  - data/reports/GO-2022-0883.yaml
  - data/reports/GO-2022-0885.yaml
  - data/reports/GO-2022-0886.yaml

Updates golang/vulndb#857
Updates golang/vulndb#859
Updates golang/vulndb#861
Updates golang/vulndb#862
Updates golang/vulndb#863
Updates golang/vulndb#865
Updates golang/vulndb#866
Updates golang/vulndb#867
Updates golang/vulndb#869
Updates golang/vulndb#871
Updates golang/vulndb#873
Updates golang/vulndb#874
Updates golang/vulndb#875
Updates golang/vulndb#876
Updates golang/vulndb#878
Updates golang/vulndb#879
Updates golang/vulndb#882
Updates golang/vulndb#883
Updates golang/vulndb#885
Updates golang/vulndb#886

Change-Id: Ic839f581716a2f0c0b465ae6042aead152cf4a33
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607227
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
Tatiana Bradley 2024-08-20 15:32:15 -04:00 коммит произвёл Gopher Robot
Родитель d85b840c06
Коммит 91b6914bcb
60 изменённых файлов: 1879 добавлений и 162 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
data/excluded/GO-2022-0857.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0857
excluded: NOT_IMPORTABLE
modules:
- module: github.com/kubernetes/kubernetes
cves:
- CVE-2015-7528
ghsas:
- GHSA-mqf3-28j7-3mj6

8
data/excluded/GO-2022-0859.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0859
excluded: NOT_IMPORTABLE
modules:
- module: github.com/hashicorp/consul
cves:
- CVE-2020-13170
ghsas:
- GHSA-p2j5-3f4c-224r

8
data/excluded/GO-2022-0861.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0861
excluded: NOT_IMPORTABLE
modules:
- module: github.com/hashicorp/consul
cves:
- CVE-2020-12758
ghsas:
- GHSA-q2qr-3c2p-9235

8
data/excluded/GO-2022-0862.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0862
excluded: NOT_IMPORTABLE
modules:
- module: github.com/go-gitea/gitea
cves:
- CVE-2019-11228
ghsas:
- GHSA-q47x-6mqq-4w92

8
data/excluded/GO-2022-0863.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0863
excluded: NOT_IMPORTABLE
modules:
- module: github.com/goharbor/harbor
cves:
- CVE-2019-19023
ghsas:
- GHSA-q6cj-6jvq-jwmh

8
data/excluded/GO-2022-0865.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0865
excluded: NOT_IMPORTABLE
modules:
- module: github.com/goharbor/harbor/src
cves:
- CVE-2020-13794
ghsas:
- GHSA-q9p8-33wc-h432

8
data/excluded/GO-2022-0866.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0866
excluded: NOT_IMPORTABLE
modules:
- module: github.com/heketi/heketi
cves:
- CVE-2017-15104
ghsas:
- GHSA-q9vw-wr57-xjv3

8
data/excluded/GO-2022-0867.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0867
excluded: NOT_IMPORTABLE
modules:
- module: github.com/kubernetes/kubernetes
cves:
- CVE-2020-8551
ghsas:
- GHSA-qhm4-jxv7-j9pq

8
data/excluded/GO-2022-0869.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0869
excluded: NOT_IMPORTABLE
modules:
- module: github.com/argoproj/argo-cd/v2
cves:
- CVE-2021-23347
ghsas:
- GHSA-qq5v-f4c3-395c

8
data/excluded/GO-2022-0871.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0871
excluded: NOT_IMPORTABLE
modules:
- module: github.com/ethereum/go-ethereum
cves:
- CVE-2018-16733
ghsas:
- GHSA-qr2j-wrhx-4829

8
data/excluded/GO-2022-0873.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0873
excluded: NOT_IMPORTABLE
modules:
- module: github.com/ipfs/go-ipfs
cves:
- CVE-2020-26283
ghsas:
- GHSA-r4gv-vj59-cccm

8
data/excluded/GO-2022-0874.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0874
excluded: NOT_IMPORTABLE
modules:
- module: github.com/hashicorp/consul
cves:
- CVE-2020-7955
ghsas:
- GHSA-r9w6-rhh9-7v53

8
data/excluded/GO-2022-0875.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0875
excluded: NOT_IMPORTABLE
modules:
- module: github.com/openshift/origin
cves:
- CVE-2015-5250
ghsas:
- GHSA-rf3m-mhv7-x39f

9
data/excluded/GO-2022-0876.yaml
Просмотреть файл

@ -1,9 +0,0 @@
id: GO-2022-0876
excluded: NOT_IMPORTABLE
modules:
- module: github.com/goharbor/harbor
cves:
- CVE-2019-19025
ghsas:
- GHSA-gcqm-v682-ccw6
- GHSA-rffr-c932-cpxv

8
data/excluded/GO-2022-0878.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0878
excluded: NOT_IMPORTABLE
modules:
- module: github.com/rclone/rclone
cves:
- CVE-2020-28924
ghsas:
- GHSA-rmw5-xpg9-jr29

8
data/excluded/GO-2022-0879.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0879
excluded: NOT_IMPORTABLE
modules:
- module: github.com/hashicorp/consul
cves:
- CVE-2020-13250
ghsas:
- GHSA-rqjq-mrgx-85hp

8
data/excluded/GO-2022-0882.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0882
excluded: NOT_IMPORTABLE
modules:
- module: github.com/argoproj/argo-cd
cves:
- CVE-2020-11576
ghsas:
- GHSA-vj54-cjrx-x696

9
data/excluded/GO-2022-0883.yaml
Просмотреть файл

@ -1,9 +0,0 @@
id: GO-2022-0883
excluded: NOT_IMPORTABLE
modules:
- module: github.com/goharbor/harbor
cves:
- CVE-2019-19026
ghsas:
- GHSA-rh89-vvrg-fg64
- GHSA-w4x5-jqq4-qc8x

8
data/excluded/GO-2022-0885.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0885
excluded: NOT_IMPORTABLE
modules:
- module: k8s.io/kube-proxy
cves:
- CVE-2020-8558
ghsas:
- GHSA-wqv3-8cm6-h6wg

8
data/excluded/GO-2022-0886.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2022-0886
excluded: NOT_IMPORTABLE
modules:
- module: k8s.io/kubernetes
cves:
- CVE-2018-1002101
ghsas:
- GHSA-wqwf-x5cj-rg56

84
data/osv/GO-2022-0857.json Normal file
Просмотреть файл

@ -0,0 +1,84 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0857",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2015-7528",
"GHSA-mqf3-28j7-3mj6"
],
"summary": "Information Exposure in Kubernetes in github.com/kubernetes/kubernetes",
"details": "Information Exposure in Kubernetes in github.com/kubernetes/kubernetes",
"affected": [
{
"package": {
"name": "github.com/kubernetes/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-mqf3-28j7-3mj6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7528"
},
{
"type": "FIX",
"url": "https://github.com/kubernetes/kubernetes/commit/afd56495a1052a3387b81df1786a8d0f51bc8671"
},
{
"type": "FIX",
"url": "https://github.com/kubernetes/kubernetes/pull/17886"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:2544"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:2615"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2015-7528"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286745"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5"
},
{
"type": "WEB",
"url": "https://github.com/openshift/origin/pull/6113"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2615.html"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0857",
"review_status": "UNREVIEWED"
}
}

70
data/osv/GO-2022-0859.json Normal file
Просмотреть файл

@ -0,0 +1,70 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0859",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-13170",
"GHSA-p2j5-3f4c-224r"
],
"summary": "Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul",
"details": "Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul",
"affected": [
{
"package": {
"name": "github.com/hashicorp/consul",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.6.0-beta1"
},
{
"fixed": "1.6.6"
},
{
"introduced": "1.7.0"
},
{
"fixed": "1.7.4"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-p2j5-3f4c-224r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13170"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/consul/pull/8068"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0859",
"review_status": "UNREVIEWED"
}
}

70
data/osv/GO-2022-0861.json Normal file
Просмотреть файл

@ -0,0 +1,70 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0861",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-12758",
"GHSA-q2qr-3c2p-9235"
],
"summary": "Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul",
"details": "Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul",
"affected": [
{
"package": {
"name": "github.com/hashicorp/consul",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.6.0-beta1"
},
{
"fixed": "1.6.6"
},
{
"introduced": "1.7.0"
},
{
"fixed": "1.7.4"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-q2qr-3c2p-9235"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12758"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/consul/pull/7783"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0861",
"review_status": "UNREVIEWED"
}
}

64
data/osv/GO-2022-0862.json Normal file
Просмотреть файл

@ -0,0 +1,64 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0862",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2019-11228",
"GHSA-q47x-6mqq-4w92"
],
"summary": "Gitea Improper Input Validation in github.com/go-gitea/gitea",
"details": "Gitea Improper Input Validation in github.com/go-gitea/gitea",
"affected": [
{
"package": {
"name": "github.com/go-gitea/gitea",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-q47x-6mqq-4w92"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11228"
},
{
"type": "FIX",
"url": "https://github.com/go-gitea/gitea/pull/6593"
},
{
"type": "FIX",
"url": "https://github.com/go-gitea/gitea/pull/6595"
},
{
"type": "WEB",
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.7.6"
},
{
"type": "WEB",
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc3"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0862",
"review_status": "UNREVIEWED"
}
}

66
data/osv/GO-2022-0863.json Normal file
Просмотреть файл

@ -0,0 +1,66 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0863",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2019-19023",
"GHSA-q6cj-6jvq-jwmh"
],
"summary": "Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor",
"details": "Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor",
"affected": [
{
"package": {
"name": "github.com/goharbor/harbor",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.8.6"
},
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-q6cj-6jvq-jwmh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19023"
},
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/security/advisories"
},
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-3868-7c5x-4827"
},
{
"type": "WEB",
"url": "https://tanzu.vmware.com/security/cve-2019-19023"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0863",
"review_status": "UNREVIEWED"
}
}

64
data/osv/GO-2022-0865.json Normal file
Просмотреть файл

@ -0,0 +1,64 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0865",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-13794",
"GHSA-q9p8-33wc-h432"
],
"summary": "Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor",
"details": "Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor",
"affected": [
{
"package": {
"name": "github.com/goharbor/harbor",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.3+incompatible"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-q9p8-33wc-h432"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13794"
},
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/releases"
},
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/releases/tag/v2.0.3"
},
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/releases/tag/v2.1.0"
},
{
"type": "WEB",
"url": "https://www.cybereagle.io/blog/cve-2020-13794"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0865",
"review_status": "UNREVIEWED"
}
}

68
data/osv/GO-2022-0866.json Normal file
Просмотреть файл

@ -0,0 +1,68 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0866",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2017-15104",
"GHSA-q9vw-wr57-xjv3"
],
"summary": "Information Exposure in Heketi in github.com/heketi/heketi",
"details": "Information Exposure in Heketi in github.com/heketi/heketi",
"affected": [
{
"package": {
"name": "github.com/heketi/heketi",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.1+incompatible"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-q9vw-wr57-xjv3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15104"
},
{
"type": "FIX",
"url": "https://github.com/heketi/heketi/commit/787bae461b23003a4daa4d1d639016a754cf6b00"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3481"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2017-15104"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"
},
{
"type": "WEB",
"url": "https://github.com/heketi/heketi/releases/tag/v5.0.1"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0866",
"review_status": "UNREVIEWED"
}
}

84
data/osv/GO-2022-0867.json Normal file
Просмотреть файл

@ -0,0 +1,84 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0867",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-8551",
"GHSA-qhm4-jxv7-j9pq"
],
"summary": "Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes",
"details": "Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.10"
},
{
"introduced": "1.16.0"
},
{
"fixed": "1.16.6"
},
{
"introduced": "1.17.0"
},
{
"fixed": "1.17.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-qhm4-jxv7-j9pq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8551"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/9802bfcec0580169cffce2a3d468689a407fa7dc"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/89377"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/87913"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200413-0003"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0867",
"review_status": "UNREVIEWED"
}
}

79
data/osv/GO-2022-0869.json Normal file
Просмотреть файл

@ -0,0 +1,79 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0869",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2021-23347",
"GHSA-qq5v-f4c3-395c"
],
"summary": "Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2",
"details": "Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2",
"affected": [
{
"package": {
"name": "github.com/argoproj/argo-cd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.13"
},
{
"introduced": "1.8.0"
},
{
"fixed": "1.8.6"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/argoproj/argo-cd/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-qq5v-f4c3-395c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23347"
},
{
"type": "FIX",
"url": "https://github.com/argoproj/argo-cd/pull/5563"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDCMD-1078291"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0869",
"review_status": "UNREVIEWED"
}
}

52
data/osv/GO-2022-0871.json Normal file
Просмотреть файл

@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0871",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-16733",
"GHSA-qr2j-wrhx-4829"
],
"summary": "Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum",
"details": "Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum",
"affected": [
{
"package": {
"name": "github.com/ethereum/go-ethereum",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.14"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-qr2j-wrhx-4829"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16733"
},
{
"type": "FIX",
"url": "https://github.com/ethereum/go-ethereum/commit/106d196ec4a6451efedc60ab15957f231fa85639"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0871",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2022-0873.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0873",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-26283",
"GHSA-r4gv-vj59-cccm"
],
"summary": "Control character injection in console output in github.com/ipfs/go-ipfs",
"details": "Control character injection in console output in github.com/ipfs/go-ipfs",
"affected": [
{
"package": {
"name": "github.com/ipfs/go-ipfs",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26283"
},
{
"type": "FIX",
"url": "https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a"
},
{
"type": "FIX",
"url": "https://github.com/ipfs/go-ipfs/pull/7831"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0873",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2022-0874.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0874",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-7955",
"GHSA-r9w6-rhh9-7v53"
],
"summary": "Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul",
"details": "Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul",
"affected": [
{
"package": {
"name": "github.com/hashicorp/consul",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.4.1"
},
{
"fixed": "1.6.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-r9w6-rhh9-7v53"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7955"
},
{
"type": "REPORT",
"url": "https://github.com/hashicorp/consul/issues/7160"
},
{
"type": "WEB",
"url": "https://www.hashicorp.com/blog/category/consul"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0874",
"review_status": "UNREVIEWED"
}
}

72
data/osv/GO-2022-0875.json Normal file
Просмотреть файл

@ -0,0 +1,72 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0875",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2015-5250",
"GHSA-rf3m-mhv7-x39f"
],
"summary": "Denial of Service in OpenShift Origin in github.com/openshift/origin",
"details": "Denial of Service in OpenShift Origin in github.com/openshift/origin",
"affected": [
{
"package": {
"name": "github.com/openshift/origin",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rf3m-mhv7-x39f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5250"
},
{
"type": "FIX",
"url": "https://github.com/openshift/origin/commit/dace5075e31b74703e944b6b3ebe8836be8d1b9a"
},
{
"type": "REPORT",
"url": "https://github.com/openshift/origin/issues/4374"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1736"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2015-5250"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867"
},
{
"type": "WEB",
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5250"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0875",
"review_status": "UNREVIEWED"
}
}

67
data/osv/GO-2022-0876.json Normal file
Просмотреть файл

@ -0,0 +1,67 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0876",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2019-19025",
"GHSA-gcqm-v682-ccw6",
"GHSA-rffr-c932-cpxv"
],
"summary": "Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor",
"details": "Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor",
"affected": [
{
"package": {
"name": "github.com/goharbor/harbor",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.8.6"
},
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rffr-c932-cpxv"
},
{
"type": "ADVISORY",
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-gcqm-v682-ccw6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19025"
},
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/security/advisories"
},
{
"type": "WEB",
"url": "https://tanzu.vmware.com/security/cve-2019-19025"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0876",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2022-0878.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0878",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-28924",
"GHSA-rmw5-xpg9-jr29"
],
"summary": "Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone in github.com/rclone/rclone",
"details": "Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone in github.com/rclone/rclone",
"affected": [
{
"package": {
"name": "github.com/rclone/rclone",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.53.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rmw5-xpg9-jr29"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28924"
},
{
"type": "REPORT",
"url": "https://github.com/rclone/rclone/issues/4783"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-14"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0878",
"review_status": "UNREVIEWED"
}
}

70
data/osv/GO-2022-0879.json Normal file
Просмотреть файл

@ -0,0 +1,70 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0879",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-13250",
"GHSA-rqjq-mrgx-85hp"
],
"summary": "Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul",
"details": "Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul",
"affected": [
{
"package": {
"name": "github.com/hashicorp/consul",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "1.6.6"
},
{
"introduced": "1.7.0"
},
{
"fixed": "1.7.4"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rqjq-mrgx-85hp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13250"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432"
},
{
"type": "FIX",
"url": "https://github.com/hashicorp/consul/pull/8023"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0879",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2022-0882.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0882",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-11576",
"GHSA-vj54-cjrx-x696"
],
"summary": "Observable Discrepancy in Argo in github.com/argoproj/argo-cd",
"details": "Observable Discrepancy in Argo in github.com/argoproj/argo-cd",
"affected": [
{
"package": {
"name": "github.com/argoproj/argo-cd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.5.0"
},
{
"fixed": "1.5.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vj54-cjrx-x696"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11576"
},
{
"type": "FIX",
"url": "https://github.com/argoproj/argo-cd/commit/35a7350b7444bcaf53ee0bb11b9d8e3ae4b717a1"
},
{
"type": "FIX",
"url": "https://github.com/argoproj/argo-cd/pull/3215"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0882",
"review_status": "UNREVIEWED"
}
}

67
data/osv/GO-2022-0883.json Normal file
Просмотреть файл

@ -0,0 +1,67 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0883",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2019-19026",
"GHSA-rh89-vvrg-fg64",
"GHSA-w4x5-jqq4-qc8x"
],
"summary": "SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor",
"details": "SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor",
"affected": [
{
"package": {
"name": "github.com/goharbor/harbor",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.8.6"
},
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-w4x5-jqq4-qc8x"
},
{
"type": "ADVISORY",
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19026"
},
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/security/advisories"
},
{
"type": "WEB",
"url": "https://tanzu.vmware.com/security/cve-2019-19026"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0883",
"review_status": "UNREVIEWED"
}
}

96
data/osv/GO-2022-0885.json Normal file
Просмотреть файл

@ -0,0 +1,96 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0885",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-8558",
"GHSA-wqv3-8cm6-h6wg"
],
"summary": "Improper Authentication in Kubernetes in k8s.io/kubernetes",
"details": "Improper Authentication in Kubernetes in k8s.io/kubernetes",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.11"
},
{
"introduced": "1.17.0"
},
{
"fixed": "1.17.7"
},
{
"introduced": "1.18.0"
},
{
"fixed": "1.18.4"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558"
},
{
"type": "ADVISORY",
"url": "https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8558"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843358"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/92315"
},
{
"type": "WEB",
"url": "https://github.com/tabbysable/POC-2020-8558"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE"
},
{
"type": "WEB",
"url": "https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200821-0001"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2020/07/08/1"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0885",
"review_status": "UNREVIEWED"
}
}

76
data/osv/GO-2022-0886.json Normal file
Просмотреть файл

@ -0,0 +1,76 @@
{
"schema_version": "1.3.1",
"id": "GO-2022-0886",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-1002101",
"GHSA-wqwf-x5cj-rg56"
],
"summary": "Kubernetes Arbitrary Command Injection in k8s.io/kubernetes",
"details": "Kubernetes Arbitrary Command Injection in k8s.io/kubernetes",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.10"
},
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.6"
},
{
"introduced": "1.11.0"
},
{
"fixed": "1.11.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-wqwf-x5cj-rg56"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002101"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/d65039c56ce4de5f2efdc38aa1284eeb95f89169"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/65750"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/65751"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190416-0008"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0886",
"review_status": "UNREVIEWED"
}
}

28
data/reports/GO-2022-0857.yaml Normal file
Просмотреть файл

@ -0,0 +1,28 @@
id: GO-2022-0857
modules:
- module: github.com/kubernetes/kubernetes
versions:
- fixed: 1.2.0
vulnerable_at: 1.2.0-beta.1
summary: Information Exposure in Kubernetes in github.com/kubernetes/kubernetes
cves:
- CVE-2015-7528
ghsas:
- GHSA-mqf3-28j7-3mj6
references:
- advisory: https://github.com/advisories/GHSA-mqf3-28j7-3mj6
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2015-7528
- fix: https://github.com/kubernetes/kubernetes/commit/afd56495a1052a3387b81df1786a8d0f51bc8671
- fix: https://github.com/kubernetes/kubernetes/pull/17886
- web: https://access.redhat.com/errata/RHSA-2015:2544
- web: https://access.redhat.com/errata/RHSA-2015:2615
- web: https://access.redhat.com/security/cve/CVE-2015-7528
- web: https://bugzilla.redhat.com/show_bug.cgi?id=1286745
- web: https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5
- web: https://github.com/openshift/origin/pull/6113
- web: https://rhn.redhat.com/errata/RHSA-2015-2615.html
source:
id: GHSA-mqf3-28j7-3mj6
created: 2024-08-20T14:23:15.504133-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

26
data/reports/GO-2022-0859.yaml Normal file
Просмотреть файл

@ -0,0 +1,26 @@
id: GO-2022-0859
modules:
- module: github.com/hashicorp/consul
versions:
- introduced: 1.6.0-beta1
- fixed: 1.6.6
- introduced: 1.7.0
- fixed: 1.7.4
vulnerable_at: 1.7.3
summary: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul
cves:
- CVE-2020-13170
ghsas:
- GHSA-p2j5-3f4c-224r
references:
- advisory: https://github.com/advisories/GHSA-p2j5-3f4c-224r
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-13170
- fix: https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216
- fix: https://github.com/hashicorp/consul/pull/8068
- web: https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
- web: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
source:
id: GHSA-p2j5-3f4c-224r
created: 2024-08-20T14:23:29.505839-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

26
data/reports/GO-2022-0861.yaml Normal file
Просмотреть файл

@ -0,0 +1,26 @@
id: GO-2022-0861
modules:
- module: github.com/hashicorp/consul
versions:
- introduced: 1.6.0-beta1
- fixed: 1.6.6
- introduced: 1.7.0
- fixed: 1.7.4
vulnerable_at: 1.7.3
summary: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul
cves:
- CVE-2020-12758
ghsas:
- GHSA-q2qr-3c2p-9235
references:
- advisory: https://github.com/advisories/GHSA-q2qr-3c2p-9235
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-12758
- fix: https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc
- fix: https://github.com/hashicorp/consul/pull/7783
- web: https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
- web: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
source:
id: GHSA-q2qr-3c2p-9235
created: 2024-08-20T14:24:54.694794-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

23
data/reports/GO-2022-0862.yaml Normal file
Просмотреть файл

@ -0,0 +1,23 @@
id: GO-2022-0862
modules:
- module: github.com/go-gitea/gitea
versions:
- fixed: 1.7.6
vulnerable_at: 1.7.5
summary: Gitea Improper Input Validation in github.com/go-gitea/gitea
cves:
- CVE-2019-11228
ghsas:
- GHSA-q47x-6mqq-4w92
references:
- advisory: https://github.com/advisories/GHSA-q47x-6mqq-4w92
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-11228
- fix: https://github.com/go-gitea/gitea/pull/6593
- fix: https://github.com/go-gitea/gitea/pull/6595
- web: https://github.com/go-gitea/gitea/releases/tag/v1.7.6
- web: https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc3
source:
id: GHSA-q47x-6mqq-4w92
created: 2024-08-20T14:24:59.991994-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

25
data/reports/GO-2022-0863.yaml Normal file
Просмотреть файл

@ -0,0 +1,25 @@
id: GO-2022-0863
modules:
- module: github.com/goharbor/harbor
versions:
- introduced: 1.7.0
- fixed: 1.8.6
- introduced: 1.9.0
- fixed: 1.9.3
vulnerable_at: 1.9.3-rc1
summary: Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
cves:
- CVE-2019-19023
ghsas:
- GHSA-q6cj-6jvq-jwmh
references:
- advisory: https://github.com/advisories/GHSA-q6cj-6jvq-jwmh
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-19023
- web: https://github.com/goharbor/harbor/security/advisories
- web: https://github.com/goharbor/harbor/security/advisories/GHSA-3868-7c5x-4827
- web: https://tanzu.vmware.com/security/cve-2019-19023
source:
id: GHSA-q6cj-6jvq-jwmh
created: 2024-08-20T14:25:04.59252-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

23
data/reports/GO-2022-0865.yaml Normal file
Просмотреть файл

@ -0,0 +1,23 @@
id: GO-2022-0865
modules:
- module: github.com/goharbor/harbor
versions:
- fixed: 2.0.3+incompatible
vulnerable_at: 2.0.3-rc1+incompatible
summary: Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
cves:
- CVE-2020-13794
ghsas:
- GHSA-q9p8-33wc-h432
references:
- advisory: https://github.com/goharbor/harbor/security/advisories/GHSA-q9p8-33wc-h432
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-13794
- web: https://github.com/goharbor/harbor/releases
- web: https://github.com/goharbor/harbor/releases/tag/v2.0.3
- web: https://github.com/goharbor/harbor/releases/tag/v2.1.0
- web: https://www.cybereagle.io/blog/cve-2020-13794
source:
id: GHSA-q9p8-33wc-h432
created: 2024-08-20T14:25:11.211281-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

24
data/reports/GO-2022-0866.yaml Normal file
Просмотреть файл

@ -0,0 +1,24 @@
id: GO-2022-0866
modules:
- module: github.com/heketi/heketi
versions:
- fixed: 5.0.1+incompatible
vulnerable_at: 5.0.0+incompatible
summary: Information Exposure in Heketi in github.com/heketi/heketi
cves:
- CVE-2017-15104
ghsas:
- GHSA-q9vw-wr57-xjv3
references:
- advisory: https://github.com/advisories/GHSA-q9vw-wr57-xjv3
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2017-15104
- fix: https://github.com/heketi/heketi/commit/787bae461b23003a4daa4d1d639016a754cf6b00
- web: https://access.redhat.com/errata/RHSA-2017:3481
- web: https://access.redhat.com/security/cve/CVE-2017-15104
- web: https://bugzilla.redhat.com/show_bug.cgi?id=1510149
- web: https://github.com/heketi/heketi/releases/tag/v5.0.1
source:
id: GHSA-q9vw-wr57-xjv3
created: 2024-08-20T14:25:16.845974-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

32
data/reports/GO-2022-0867.yaml Normal file
Просмотреть файл

@ -0,0 +1,32 @@
id: GO-2022-0867
modules:
- module: k8s.io/kubernetes
versions:
- introduced: 1.15.0
- fixed: 1.15.10
- introduced: 1.16.0
- fixed: 1.16.6
- introduced: 1.17.0
- fixed: 1.17.2
vulnerable_at: 1.17.2-beta.0
summary: |-
Allocation of Resources Without Limits or Throttling and Uncontrolled Memory
Allocation in Kubernetes in k8s.io/kubernetes
cves:
- CVE-2020-8551
ghsas:
- GHSA-qhm4-jxv7-j9pq
references:
- advisory: https://github.com/advisories/GHSA-qhm4-jxv7-j9pq
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-8551
- web: https://github.com/kubernetes/kubernetes/commit/9802bfcec0580169cffce2a3d468689a407fa7dc
- web: https://github.com/kubernetes/kubernetes/issues/89377
- web: https://github.com/kubernetes/kubernetes/pull/87913
- web: https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX
- web: https://security.netapp.com/advisory/ntap-20200413-0003
source:
id: GHSA-qhm4-jxv7-j9pq
created: 2024-08-20T14:25:29.262133-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

25
data/reports/GO-2022-0869.yaml Normal file
Просмотреть файл

@ -0,0 +1,25 @@
id: GO-2022-0869
modules:
- module: github.com/argoproj/argo-cd
versions:
- fixed: 1.7.13
- introduced: 1.8.0
- fixed: 1.8.6
vulnerable_at: 1.8.5
- module: github.com/argoproj/argo-cd/v2
vulnerable_at: 2.12.1
summary: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2
cves:
- CVE-2021-23347
ghsas:
- GHSA-qq5v-f4c3-395c
references:
- advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-qq5v-f4c3-395c
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-23347
- fix: https://github.com/argoproj/argo-cd/pull/5563
- web: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDCMD-1078291
source:
id: GHSA-qq5v-f4c3-395c
created: 2024-08-20T14:25:38.44588-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

20
data/reports/GO-2022-0871.yaml Normal file
Просмотреть файл

@ -0,0 +1,20 @@
id: GO-2022-0871
modules:
- module: github.com/ethereum/go-ethereum
versions:
- fixed: 1.8.14
vulnerable_at: 1.8.13
summary: Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum
cves:
- CVE-2018-16733
ghsas:
- GHSA-qr2j-wrhx-4829
references:
- advisory: https://github.com/advisories/GHSA-qr2j-wrhx-4829
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-16733
- fix: https://github.com/ethereum/go-ethereum/commit/106d196ec4a6451efedc60ab15957f231fa85639
source:
id: GHSA-qr2j-wrhx-4829
created: 2024-08-20T14:25:49.190485-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

21
data/reports/GO-2022-0873.yaml Normal file
Просмотреть файл

@ -0,0 +1,21 @@
id: GO-2022-0873
modules:
- module: github.com/ipfs/go-ipfs
versions:
- fixed: 0.8.0
vulnerable_at: 0.8.0-rc2
summary: Control character injection in console output in github.com/ipfs/go-ipfs
cves:
- CVE-2020-26283
ghsas:
- GHSA-r4gv-vj59-cccm
references:
- advisory: https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-26283
- fix: https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a
- fix: https://github.com/ipfs/go-ipfs/pull/7831
source:
id: GHSA-r4gv-vj59-cccm
created: 2024-08-20T14:26:00.60014-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2022-0874.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0874
modules:
- module: github.com/hashicorp/consul
versions:
- introduced: 1.4.1
- fixed: 1.6.3
vulnerable_at: 1.6.2
summary: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul
cves:
- CVE-2020-7955
ghsas:
- GHSA-r9w6-rhh9-7v53
references:
- advisory: https://github.com/advisories/GHSA-r9w6-rhh9-7v53
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-7955
- report: https://github.com/hashicorp/consul/issues/7160
- web: https://www.hashicorp.com/blog/category/consul
source:
id: GHSA-r9w6-rhh9-7v53
created: 2024-08-20T14:26:05.095011-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

25
data/reports/GO-2022-0875.yaml Normal file
Просмотреть файл

@ -0,0 +1,25 @@
id: GO-2022-0875
modules:
- module: github.com/openshift/origin
versions:
- fixed: 1.0.6
vulnerable_at: 1.0.5
summary: Denial of Service in OpenShift Origin in github.com/openshift/origin
cves:
- CVE-2015-5250
ghsas:
- GHSA-rf3m-mhv7-x39f
references:
- advisory: https://github.com/advisories/GHSA-rf3m-mhv7-x39f
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2015-5250
- fix: https://github.com/openshift/origin/commit/dace5075e31b74703e944b6b3ebe8836be8d1b9a
- report: https://github.com/openshift/origin/issues/4374
- web: https://access.redhat.com/errata/RHSA-2015:1736
- web: https://access.redhat.com/security/cve/CVE-2015-5250
- web: https://bugzilla.redhat.com/show_bug.cgi?id=1259867
- web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5250
source:
id: GHSA-rf3m-mhv7-x39f
created: 2024-08-20T14:26:09.776371-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

26
data/reports/GO-2022-0876.yaml Normal file
Просмотреть файл

@ -0,0 +1,26 @@
id: GO-2022-0876
modules:
- module: github.com/goharbor/harbor
versions:
- introduced: 1.7.0
- fixed: 1.8.6
- introduced: 1.9.0
- fixed: 1.9.3
vulnerable_at: 1.9.3-rc1
summary: Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
cves:
- CVE-2019-19025
ghsas:
- GHSA-gcqm-v682-ccw6
- GHSA-rffr-c932-cpxv
references:
- advisory: https://github.com/advisories/GHSA-rffr-c932-cpxv
- advisory: https://github.com/goharbor/harbor/security/advisories/GHSA-gcqm-v682-ccw6
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-19025
- web: https://github.com/goharbor/harbor/security/advisories
- web: https://tanzu.vmware.com/security/cve-2019-19025
source:
id: GHSA-rffr-c932-cpxv
created: 2024-08-20T14:26:16.700379-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2022-0878.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0878
modules:
- module: github.com/rclone/rclone
versions:
- fixed: 1.53.3
vulnerable_at: 1.53.2
summary: Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone in github.com/rclone/rclone
cves:
- CVE-2020-28924
ghsas:
- GHSA-rmw5-xpg9-jr29
references:
- advisory: https://github.com/advisories/GHSA-rmw5-xpg9-jr29
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-28924
- report: https://github.com/rclone/rclone/issues/4783
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD
- web: https://security.gentoo.org/glsa/202107-14
source:
id: GHSA-rmw5-xpg9-jr29
created: 2024-08-20T14:26:23.049648-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

26
data/reports/GO-2022-0879.yaml Normal file
Просмотреть файл

@ -0,0 +1,26 @@
id: GO-2022-0879
modules:
- module: github.com/hashicorp/consul
versions:
- introduced: 1.2.0
- fixed: 1.6.6
- introduced: 1.7.0
- fixed: 1.7.4
vulnerable_at: 1.7.3
summary: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul
cves:
- CVE-2020-13250
ghsas:
- GHSA-rqjq-mrgx-85hp
references:
- advisory: https://github.com/advisories/GHSA-rqjq-mrgx-85hp
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-13250
- fix: https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432
- fix: https://github.com/hashicorp/consul/pull/8023
- web: https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
- web: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
source:
id: GHSA-rqjq-mrgx-85hp
created: 2024-08-20T14:26:27.927375-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2022-0882.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2022-0882
modules:
- module: github.com/argoproj/argo-cd
versions:
- introduced: 1.5.0
- fixed: 1.5.1
vulnerable_at: 1.5.0
summary: Observable Discrepancy in Argo in github.com/argoproj/argo-cd
cves:
- CVE-2020-11576
ghsas:
- GHSA-vj54-cjrx-x696
references:
- advisory: https://github.com/advisories/GHSA-vj54-cjrx-x696
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-11576
- fix: https://github.com/argoproj/argo-cd/commit/35a7350b7444bcaf53ee0bb11b9d8e3ae4b717a1
- fix: https://github.com/argoproj/argo-cd/pull/3215
source:
id: GHSA-vj54-cjrx-x696
created: 2024-08-20T14:26:40.646303-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

26
data/reports/GO-2022-0883.yaml Normal file
Просмотреть файл

@ -0,0 +1,26 @@
id: GO-2022-0883
modules:
- module: github.com/goharbor/harbor
versions:
- introduced: 1.7.0
- fixed: 1.8.6
- introduced: 1.9.0
- fixed: 1.9.3
vulnerable_at: 1.9.3-rc1
summary: SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
cves:
- CVE-2019-19026
ghsas:
- GHSA-rh89-vvrg-fg64
- GHSA-w4x5-jqq4-qc8x
references:
- advisory: https://github.com/advisories/GHSA-w4x5-jqq4-qc8x
- advisory: https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-19026
- web: https://github.com/goharbor/harbor/security/advisories
- web: https://tanzu.vmware.com/security/cve-2019-19026
source:
id: GHSA-w4x5-jqq4-qc8x
created: 2024-08-20T14:26:47.18078-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

32
data/reports/GO-2022-0885.yaml Normal file
Просмотреть файл

@ -0,0 +1,32 @@
id: GO-2022-0885
modules:
- module: k8s.io/kubernetes
versions:
- fixed: 1.16.11
- introduced: 1.17.0
- fixed: 1.17.7
- introduced: 1.18.0
- fixed: 1.18.4
vulnerable_at: 1.18.4-rc.0
summary: Improper Authentication in Kubernetes in k8s.io/kubernetes
cves:
- CVE-2020-8558
ghsas:
- GHSA-wqv3-8cm6-h6wg
references:
- advisory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558
- advisory: https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-8558
- web: https://bugzilla.redhat.com/show_bug.cgi?id=1843358
- web: https://github.com/kubernetes/kubernetes/issues/92315
- web: https://github.com/tabbysable/POC-2020-8558
- web: https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
- web: https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE
- web: https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation
- web: https://security.netapp.com/advisory/ntap-20200821-0001
- web: https://www.openwall.com/lists/oss-security/2020/07/08/1
source:
id: GHSA-wqv3-8cm6-h6wg
created: 2024-08-20T14:27:02.374776-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

28
data/reports/GO-2022-0886.yaml Normal file
Просмотреть файл

@ -0,0 +1,28 @@
id: GO-2022-0886
modules:
- module: k8s.io/kubernetes
versions:
- introduced: 1.9.0
- fixed: 1.9.10
- introduced: 1.10.0
- fixed: 1.10.6
- introduced: 1.11.0
- fixed: 1.11.2
vulnerable_at: 1.11.2-beta.0
summary: Kubernetes Arbitrary Command Injection in k8s.io/kubernetes
cves:
- CVE-2018-1002101
ghsas:
- GHSA-wqwf-x5cj-rg56
references:
- advisory: https://github.com/advisories/GHSA-wqwf-x5cj-rg56
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-1002101
- web: https://github.com/kubernetes/kubernetes/commit/d65039c56ce4de5f2efdc38aa1284eeb95f89169
- web: https://github.com/kubernetes/kubernetes/issues/65750
- web: https://github.com/kubernetes/kubernetes/pull/65751
- web: https://security.netapp.com/advisory/ntap-20190416-0008
source:
id: GHSA-wqwf-x5cj-rg56
created: 2024-08-20T14:27:11.817514-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE