зеркало из https://github.com/golang/vulndb.git
data/reports: add published date to all reports
The move of reports from reports/ to data/reports broke lookups of the publication date from the git history. Set the publication date for all existing reports based on the history from the old location. Change-Id: I7a4dd9121894d037c689db7398311b234bdf270b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/424377 Reviewed-by: Julie Qiu <julieqiu@google.com>
This commit is contained in:
Родитель
e3d6083508
Коммит
95a417dbb7
|
@ -19,6 +19,7 @@ description: |
|
|||
input than expected when the caller is reading directly from a
|
||||
network and depends on ReadUvarint or ReadVarint only consuming a
|
||||
small, bounded number of bytes, even from invalid inputs.
|
||||
published: 2022-07-01T20:11:09Z
|
||||
cves:
|
||||
- CVE-2020-16845
|
||||
ghsas:
|
||||
|
|
|
@ -8,13 +8,14 @@ packages:
|
|||
- introduced: 1.1.0
|
||||
fixed: 1.3.2
|
||||
description: |
|
||||
When SessionTicketsDisabled is enabled, crypto/tls allowed man-in-the-middle
|
||||
attackers to spoof clients via unspecified vectors.
|
||||
When SessionTicketsDisabled is enabled, crypto/tls allowed man-in-the-middle
|
||||
attackers to spoof clients via unspecified vectors.
|
||||
|
||||
If the server enables TLS client authentication using certificates (this is
|
||||
rare) and explicitly sets SessionTicketsDisabled to true in the tls.Config,
|
||||
then a malicious client can falsely assert ownership of any client
|
||||
certificate it wishes.
|
||||
If the server enables TLS client authentication using certificates (this is
|
||||
rare) and explicitly sets SessionTicketsDisabled to true in the tls.Config,
|
||||
then a malicious client can falsely assert ownership of any client
|
||||
certificate it wishes.
|
||||
published: 2022-05-25T21:11:41Z
|
||||
cves:
|
||||
- CVE-2014-7189
|
||||
credit: Go Team
|
||||
|
|
|
@ -8,13 +8,14 @@ packages:
|
|||
- introduced: 1.17.0
|
||||
fixed: 1.17.7
|
||||
description: |
|
||||
Rat.SetString had an overflow issue that can lead to uncontrolled memory consumption.
|
||||
Rat.SetString had an overflow issue that can lead to uncontrolled memory consumption.
|
||||
published: 2022-05-23T22:15:42Z
|
||||
cves:
|
||||
- CVE-2022-23772
|
||||
credit: Emmanuel Odeke
|
||||
links:
|
||||
pr: https://go.dev/cl/379537
|
||||
commit: https://go.googlesource.com/go/+/ad345c265916bbf6c646865e4642eafce6d39e78
|
||||
context:
|
||||
- https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
|
||||
- https://go.dev/issue/50699
|
||||
pr: https://go.dev/cl/379537
|
||||
commit: https://go.googlesource.com/go/+/ad345c265916bbf6c646865e4642eafce6d39e78
|
||||
context:
|
||||
- https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
|
||||
- https://go.dev/issue/50699
|
||||
|
|
|
@ -10,16 +10,17 @@ packages:
|
|||
- introduced: 1.17.0
|
||||
fixed: 1.17.7
|
||||
description: |
|
||||
Some big.Int values that are not valid field elements (negative or overflowing)
|
||||
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
|
||||
may cause a panic or an invalid curve operation. Note that Unmarshal will never
|
||||
return such values.
|
||||
Some big.Int values that are not valid field elements (negative or overflowing)
|
||||
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
|
||||
may cause a panic or an invalid curve operation. Note that Unmarshal will never
|
||||
return such values.
|
||||
published: 2022-05-23T22:15:21Z
|
||||
cves:
|
||||
- CVE-2022-23806
|
||||
credit: Guido Vranken
|
||||
links:
|
||||
pr: https://go.dev/cl/382455
|
||||
commit: https://go.googlesource.com/go/+/7f9494c277a471f6f47f4af3036285c0b1419816
|
||||
context:
|
||||
- https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
|
||||
- https://go.dev/issue/50974
|
||||
pr: https://go.dev/cl/382455
|
||||
commit: https://go.googlesource.com/go/+/7f9494c277a471f6f47f4af3036285c0b1419816
|
||||
context:
|
||||
- https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
|
||||
- https://go.dev/issue/50974
|
||||
|
|
|
@ -11,6 +11,7 @@ description: |
|
|||
WebSocket connection request to a server under their control without
|
||||
causing TLS certificate verification to fail. This occurs because
|
||||
the wrong host name is selected during this verification.
|
||||
published: 2022-03-15T19:38:30Z
|
||||
cves:
|
||||
- CVE-2022-24968
|
||||
ghsas:
|
||||
|
|
|
@ -1,23 +1,24 @@
|
|||
packages:
|
||||
- module: std
|
||||
package: regexp
|
||||
symbols:
|
||||
- regexp.Compile
|
||||
versions:
|
||||
- fixed: 1.16.15
|
||||
- introduced: 1.17.0
|
||||
fixed: 1.17.8
|
||||
symbols:
|
||||
- regexp.Compile
|
||||
description: |
|
||||
On 64-bit platforms, an extremely deeply nested expression can
|
||||
cause regexp.Compile to cause goroutine stack exhaustion, forcing
|
||||
the program to exit. Note this applies to very large expressions,
|
||||
on the order of 2MB.
|
||||
On 64-bit platforms, an extremely deeply nested expression can
|
||||
cause regexp.Compile to cause goroutine stack exhaustion, forcing
|
||||
the program to exit. Note this applies to very large expressions,
|
||||
on the order of 2MB.
|
||||
published: 2022-05-23T22:15:47Z
|
||||
cves:
|
||||
- CVE-2022-24921
|
||||
credit: Juho Nurminen
|
||||
links:
|
||||
pr: https://go.dev/cl/384616
|
||||
commit: https://go.googlesource.com/go/+/452f24ae94f38afa3704d4361d91d51218405c0a
|
||||
context:
|
||||
- https://go.dev/issue/51112
|
||||
- https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk
|
||||
pr: https://go.dev/cl/384616
|
||||
commit: https://go.googlesource.com/go/+/452f24ae94f38afa3704d4361d91d51218405c0a
|
||||
context:
|
||||
- https://go.dev/issue/51112
|
||||
- https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk
|
||||
|
|
|
@ -16,6 +16,7 @@ description: |
|
|||
|
||||
Servers that only use Signer implementations provided by the ssh package are
|
||||
unaffected.
|
||||
published: 2022-04-25T20:38:40Z
|
||||
cves:
|
||||
- CVE-2022-27191
|
||||
ghsas:
|
||||
|
|
|
@ -26,6 +26,7 @@ description: |
|
|||
that image had previously been decrypted. A patch has been
|
||||
applied to imgcrypt 1.1.4. Workarounds may include usage of
|
||||
different namespaces for each remote user.
|
||||
published: 2022-04-28T23:35:11Z
|
||||
cves:
|
||||
- CVE-2022-24778
|
||||
ghsas:
|
||||
|
|
|
@ -13,6 +13,7 @@ description: |
|
|||
long-running computations, which in turn makes Go programs vulnerable to
|
||||
remote denial of service attacks. Programs using HTTPS client certificates
|
||||
or the Go SSH server libraries are both exposed to this vulnerability.
|
||||
published: 2022-05-24T22:06:33Z
|
||||
cves:
|
||||
- CVE-2016-3959
|
||||
credit: David Wong
|
||||
|
|
|
@ -13,6 +13,7 @@ description: |
|
|||
If the user had a root certificate loaded in their Keychain that was
|
||||
explicitly not trusted, a Go program would still verify a connection using
|
||||
that root certificate.
|
||||
published: 2022-05-24T20:17:59Z
|
||||
cves:
|
||||
- CVE-2017-1000097
|
||||
credit: Xy Ziemba
|
||||
|
|
|
@ -17,6 +17,7 @@ description: |
|
|||
get" can be tricked into reusing this Git checkout for the fetch of code
|
||||
from pkg2. If the Subversion repository's Git checkout has malicious
|
||||
commands in .git/hooks/, they will execute on the system running "go get".
|
||||
published: 2022-08-09T17:31:35Z
|
||||
cves:
|
||||
- CVE-2017-15041
|
||||
credit: Simon Rawet
|
||||
|
|
|
@ -9,8 +9,6 @@ packages:
|
|||
- introduced: 1.8.0
|
||||
fixed: 1.8.2
|
||||
vulnerable_at: 1.8.1
|
||||
arch:
|
||||
- amd64
|
||||
description: |
|
||||
The ScalarMult implementation of curve P-256 for amd64 architectures
|
||||
generates incorrect results for certain specific input points.
|
||||
|
@ -18,9 +16,12 @@ description: |
|
|||
ScalarMult by submitting crafted points and observing failures to
|
||||
derive correct output. This leads to a full key recovery attack
|
||||
against static ECDH, as used in popular JWT libraries.
|
||||
published: 2022-07-01T20:11:15Z
|
||||
cves:
|
||||
- CVE-2017-8932
|
||||
credit: Vlad Krasnov and Filippo Valsorda at Cloudflare
|
||||
arch:
|
||||
- amd64
|
||||
links:
|
||||
pr: https://go.dev/cl/41070
|
||||
commit: https://go.googlesource.com/go/+/9294fa2749ffee7edbbb817a0ef9fe633136fa9c
|
||||
|
|
|
@ -29,6 +29,7 @@ description: |
|
|||
Note that forbidding import paths with a .git element might not be
|
||||
sufficient to mitigate this issue, as on certain systems there can be other
|
||||
aliases for VCS state folders.
|
||||
published: 2022-08-04T21:30:35Z
|
||||
cves:
|
||||
- CVE-2018-16873
|
||||
credit: Etienne Stalmans of Heroku
|
||||
|
|
|
@ -17,6 +17,7 @@ description: |
|
|||
(the distinction is documented at
|
||||
https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause
|
||||
an arbitrary filesystem write, which can lead to code execution.
|
||||
published: 2022-08-02T15:44:23Z
|
||||
cves:
|
||||
- CVE-2018-16874
|
||||
credit: ztz of Tencent Security Platform
|
||||
|
|
|
@ -15,6 +15,7 @@ description: |
|
|||
to craft pathological inputs leading to a CPU denial of service.
|
||||
Go TLS servers accepting client certificates and TLS clients
|
||||
verifying certificates are affected.
|
||||
published: 2022-07-15T23:03:26Z
|
||||
cves:
|
||||
- CVE-2018-16875
|
||||
credit: Netflix
|
||||
|
|
|
@ -14,6 +14,7 @@ description: |
|
|||
|
||||
For example, the Parse function panics on the input
|
||||
"<math><template><mo><template>".
|
||||
published: 2022-07-01T20:11:34Z
|
||||
cves:
|
||||
- CVE-2018-17142
|
||||
credit: '@tr3ee'
|
||||
|
|
|
@ -14,6 +14,7 @@ description: |
|
|||
|
||||
For example, the Parse function panics on the input
|
||||
"<template><tBody><isindex/action=0>".
|
||||
published: 2022-07-06T18:14:54Z
|
||||
cves:
|
||||
- CVE-2018-17143
|
||||
credit: '@tr3ee'
|
||||
|
|
|
@ -14,6 +14,7 @@ description: |
|
|||
|
||||
For example, the Parse function panics on the input
|
||||
"<svg><template><desc><t><svg></template>".
|
||||
published: 2022-07-01T20:15:19Z
|
||||
cves:
|
||||
- CVE-2018-17847
|
||||
- CVE-2018-17848
|
||||
|
|
|
@ -19,6 +19,7 @@ description: |
|
|||
"// #cgo CFLAGS: -fplugin=attack.so" causing the attack plugin to be
|
||||
loaded into the host C compiler during the build. Gcc and clang plugins are
|
||||
completely unrestricted in their access to the host system.
|
||||
published: 2022-08-09T18:15:41Z
|
||||
cves:
|
||||
- CVE-2018-6574
|
||||
credit: Christopher Brown of Mattermost
|
||||
|
|
|
@ -13,6 +13,7 @@ description: |
|
|||
the import path (get/vcs.go only checks for "://" anywhere in the string),
|
||||
which allows remote attackers to execute arbitrary OS commands via a
|
||||
crafted web site.
|
||||
published: 2022-08-09T23:19:00Z
|
||||
cves:
|
||||
- CVE-2018-7187
|
||||
credit: Arthur Khashaev
|
||||
|
|
|
@ -22,11 +22,12 @@ description: |
|
|||
|
||||
Architectures other than amd64 and uses that generate less than 256 GiB
|
||||
of keystream for a single salsa20.XORKeyStream invocation are unaffected.
|
||||
arch:
|
||||
- amd64
|
||||
published: 2022-07-01T20:15:25Z
|
||||
cves:
|
||||
- CVE-2019-11840
|
||||
credit: Michael McLoughlin
|
||||
arch:
|
||||
- amd64
|
||||
links:
|
||||
pr: https://go.dev/cl/168406
|
||||
commit: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
|
||||
|
|
|
@ -14,6 +14,7 @@ description: |
|
|||
The url.Parse function accepts URLs with malformed hosts, such that the Host
|
||||
field can have arbitrary suffixes that appear in neither Hostname() nor Port(),
|
||||
allowing authorization bypasses in certain applications.
|
||||
published: 2022-07-01T20:15:30Z
|
||||
cves:
|
||||
- CVE-2019-14809
|
||||
credit: Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me)
|
||||
|
|
|
@ -18,6 +18,7 @@ description: |
|
|||
are multiplexed onto the same upstream connection by the proxy. Such
|
||||
invalid headers are now rejected by Go servers, and passed without
|
||||
normalization to Go client applications.
|
||||
published: 2022-05-23T22:46:20Z
|
||||
cves:
|
||||
- CVE-2019-16276
|
||||
credit: Andrew Stucki, Adam Scarr (99designs.com), and Jan Masarik (masarik.sh)
|
||||
|
|
|
@ -23,6 +23,7 @@ description: |
|
|||
client can panic due to a malformed host key, while a server could panic if
|
||||
either PublicKeyCallback accepts a malformed public key, or if
|
||||
IsUserAuthority accepts a certificate with a malformed public key.
|
||||
published: 2022-05-24T20:14:11Z
|
||||
cves:
|
||||
- CVE-2019-17596
|
||||
credit: Daniel Mandragona
|
||||
|
|
|
@ -15,6 +15,7 @@ description: |
|
|||
These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
|
||||
tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
|
||||
key is reused more than once, the attack can also lead to key recovery.
|
||||
published: 2022-05-24T15:21:01Z
|
||||
cves:
|
||||
- CVE-2019-6486
|
||||
credit: Wycheproof Project
|
||||
|
|
|
@ -20,6 +20,7 @@ packages:
|
|||
description: |
|
||||
Go on Windows misused certain LoadLibrary functionality, leading to DLL
|
||||
injection.
|
||||
published: 2022-05-25T18:01:46Z
|
||||
cves:
|
||||
- CVE-2019-9634
|
||||
credit: Samuel Cochran, Jason Donenfeld
|
||||
|
|
|
@ -21,6 +21,7 @@ description: |
|
|||
certificates. net/http clients can be made to crash by an HTTPS
|
||||
server, while net/http servers that accept client certificates
|
||||
will recover the panic and are unaffected.
|
||||
published: 2022-07-06T18:23:48Z
|
||||
cves:
|
||||
- CVE-2020-7919
|
||||
ghsas:
|
||||
|
|
|
@ -18,6 +18,7 @@ description: |
|
|||
This function does not sanitize its plugin parameter, so parameter
|
||||
names containing "../" or other such elements may reference
|
||||
arbitrary locations on the filesystem.
|
||||
published: 2022-07-01T20:17:57Z
|
||||
cves:
|
||||
- CVE-2021-20206
|
||||
ghsas:
|
||||
|
|
|
@ -14,6 +14,7 @@ description: |
|
|||
v0.6.0 of the proxyproto package adds support for a user-defined
|
||||
header timeout. v0.6.1 adds a default timeout of 200ms and v0.6.2
|
||||
increases the default timeout to 10s.
|
||||
published: 2022-07-01T20:18:04Z
|
||||
cves:
|
||||
- CVE-2021-23409
|
||||
ghsas:
|
||||
|
|
|
@ -35,6 +35,7 @@ description: |
|
|||
|
||||
This also affects golang.org/x/net/http2/h2c and
|
||||
HeaderValuesContainsToken in golang.org/x/net/http/httpguts.
|
||||
published: 2022-07-15T23:04:18Z
|
||||
cves:
|
||||
- CVE-2021-31525
|
||||
credit: Guido Vranken
|
||||
|
|
|
@ -17,6 +17,7 @@ packages:
|
|||
description: |
|
||||
Random data used to create UUIDs can contain zeros, resulting in
|
||||
predictable UUIDs and possible collisions.
|
||||
published: 2022-07-15T23:06:26Z
|
||||
cves:
|
||||
- CVE-2021-3538
|
||||
links:
|
||||
|
|
|
@ -11,6 +11,7 @@ packages:
|
|||
description: |
|
||||
The ROAEntry.Validate function fails to perform bounds checks on
|
||||
the MaxLength field, allowing invalid values to pass validation.
|
||||
published: 2022-07-15T23:06:38Z
|
||||
cves:
|
||||
- CVE-2021-3761
|
||||
ghsas:
|
||||
|
|
|
@ -24,13 +24,14 @@ description: |
|
|||
their copy (as described in
|
||||
https://golang.org/wiki/WebAssembly#getting-started) after rebuilding any
|
||||
modules.
|
||||
published: 2022-05-24T20:14:28Z
|
||||
cves:
|
||||
- CVE-2021-38297
|
||||
os:
|
||||
- js
|
||||
arch:
|
||||
- wasm
|
||||
credit: Ben Lubar
|
||||
os:
|
||||
- js
|
||||
arch:
|
||||
- wasm
|
||||
links:
|
||||
pr: https://go.dev/cl/354571
|
||||
commit: https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4
|
||||
|
|
|
@ -17,6 +17,7 @@ description: |
|
|||
The ExtractPathManifest function permits file paths containing relative
|
||||
directory components (".."), permitting files to reference arbitrary
|
||||
locations on the filesystem.
|
||||
published: 2022-07-15T23:07:18Z
|
||||
cves:
|
||||
- CVE-2021-3907
|
||||
ghsas:
|
||||
|
|
|
@ -12,6 +12,7 @@ packages:
|
|||
vulnerable_at: 1.3.0
|
||||
description: |
|
||||
Invalid input data can cause a panic.
|
||||
published: 2022-07-15T23:07:28Z
|
||||
cves:
|
||||
- CVE-2021-3910
|
||||
ghsas:
|
||||
|
|
|
@ -16,6 +16,7 @@ packages:
|
|||
vulnerable_at: 1.3.0
|
||||
description: |
|
||||
Invalid input data can cause a panic.
|
||||
published: 2022-07-15T23:07:41Z
|
||||
cves:
|
||||
- CVE-2021-3911
|
||||
ghsas:
|
||||
|
|
|
@ -9,6 +9,7 @@ packages:
|
|||
description: |
|
||||
The HTTPFetcher.GetXML function reads a response of unlimited size into
|
||||
memory, permitting resource exhausion.
|
||||
published: 2022-07-15T23:07:48Z
|
||||
cves:
|
||||
- CVE-2021-3912
|
||||
ghsas:
|
||||
|
|
|
@ -25,6 +25,7 @@ description: |
|
|||
error, where vulnerable nodes obtain a different stateRoot when
|
||||
processing a maliciously crafted transaction. This, in turn,
|
||||
would lead to the chain being split in two forks.
|
||||
published: 2022-07-15T23:07:56Z
|
||||
cves:
|
||||
- CVE-2021-39137
|
||||
ghsas:
|
||||
|
|
|
@ -18,6 +18,7 @@ packages:
|
|||
vulnerable_at: 1.10.8
|
||||
description: |
|
||||
A maliciously crafted snap/1 protocol message can cause a panic.
|
||||
published: 2022-07-15T23:08:03Z
|
||||
cves:
|
||||
- CVE-2021-41173
|
||||
ghsas:
|
||||
|
|
|
@ -19,6 +19,7 @@ description: |
|
|||
This vulnerability only occurs when built with Go versions prior to 1.17.
|
||||
Go 1.17 and later strip directory paths from filenames returned by
|
||||
"mime/multipart".Part.FileName, which avoids this issue.
|
||||
published: 2022-07-15T23:08:12Z
|
||||
cves:
|
||||
- CVE-2021-23772
|
||||
ghsas:
|
||||
|
|
|
@ -6,13 +6,14 @@ packages:
|
|||
- OpenReader
|
||||
versions:
|
||||
- fixed: 1.16.8
|
||||
- introduced: 1.17
|
||||
- introduced: "1.17"
|
||||
fixed: 1.17.1
|
||||
description: |
|
||||
The NewReader and OpenReader functions in archive/zip can cause a panic or
|
||||
an unrecoverable fatal error when reading an archive that claims to contain
|
||||
a large number of files, regardless of its actual size. This is
|
||||
caused by an incomplete fix for CVE-2021-33196.
|
||||
The NewReader and OpenReader functions in archive/zip can cause a panic or
|
||||
an unrecoverable fatal error when reading an archive that claims to contain
|
||||
a large number of files, regardless of its actual size. This is
|
||||
caused by an incomplete fix for CVE-2021-33196.
|
||||
published: 2022-05-18T18:23:31Z
|
||||
cves:
|
||||
- CVE-2021-39293
|
||||
credit: OSS-Fuzz Project and Emmanuel Odeke
|
||||
|
|
|
@ -10,6 +10,7 @@ packages:
|
|||
description: |
|
||||
An attacker with partial control over the bind mount sources of a new
|
||||
container can bypass namespace restrictions.
|
||||
published: 2022-07-15T23:08:20Z
|
||||
cves:
|
||||
- CVE-2021-43784
|
||||
ghsas:
|
||||
|
|
|
@ -20,6 +20,7 @@ packages:
|
|||
description: |
|
||||
An attacker can cause unbounded memory growth in servers accepting
|
||||
HTTP/2 requests.
|
||||
published: 2022-07-15T23:08:33Z
|
||||
cves:
|
||||
- CVE-2021-44716
|
||||
credit: murakmii
|
||||
|
|
|
@ -5,7 +5,7 @@ packages:
|
|||
- ForkExec
|
||||
versions:
|
||||
- fixed: 1.16.12
|
||||
- introduced: 1.17
|
||||
- introduced: "1.17"
|
||||
fixed: 1.17.5
|
||||
description: |
|
||||
When a Go program running on a Unix system is out of file descriptors and
|
||||
|
@ -17,6 +17,7 @@ description: |
|
|||
|
||||
For users who cannot immediately update to the new release, the bug can be
|
||||
mitigated by raising the per-process file descriptor limit.
|
||||
published: 2022-05-18T18:23:23Z
|
||||
cves:
|
||||
- CVE-2021-44717
|
||||
credit: Tomasz Maczukin and Kamil Trzciński of GitLab
|
||||
|
|
|
@ -19,6 +19,7 @@ description: |
|
|||
performed by quote verification, meaning a local attacker can couple this
|
||||
vulnerability with a maliciously-formed TCG log in Eventlog.Verify to spoof
|
||||
events in the TCG log, defeating remotely-attested measured-boot.
|
||||
published: 2022-07-15T23:27:21Z
|
||||
cves:
|
||||
- CVE-2022-0317
|
||||
ghsas:
|
||||
|
|
|
@ -20,6 +20,7 @@ description: |
|
|||
|
||||
This issue only occurs when using the graphql.MaxDepth schema option
|
||||
(which is highly recommended in most cases).
|
||||
published: 2022-07-15T23:10:20Z
|
||||
cves:
|
||||
- CVE-2022-21708
|
||||
ghsas:
|
||||
|
|
|
@ -14,12 +14,13 @@ packages:
|
|||
description: |
|
||||
Pretty-printing an AST that contains synthetic nodes can change the logic
|
||||
of some statements by reordering array literals.
|
||||
published: 2022-07-27T20:27:33Z
|
||||
cves:
|
||||
- CVE-2022-23628
|
||||
ghsas:
|
||||
- GHSA-hcw3-j74m-qc58
|
||||
links:
|
||||
advisory: https://github.com/open-policy-agent/opa/security/advisories/GHSA-hcw3-j74m-qc58
|
||||
commit: https://github.com/open-policy-agent/opa/commit/932e4ffc37a590ace79e9b75ca4340288c220239
|
||||
advisory: https://github.com/open-policy-agent/opa/security/advisories/GHSA-hcw3-j74m-qc58
|
||||
context:
|
||||
- https://github.com/open-policy-agent/opa/commit/2bd8edab9e10e2dc9cf76ae8335ced0c224f3055
|
||||
|
|
|
@ -15,6 +15,7 @@ description: |
|
|||
The go command can misinterpret branch names that falsely appear to be
|
||||
version tags. This can lead to incorrect access control if an actor is
|
||||
authorized to create branches but not tags.
|
||||
published: 2022-08-01T22:20:42Z
|
||||
cves:
|
||||
- CVE-2022-23773
|
||||
links:
|
||||
|
|
|
@ -31,6 +31,7 @@ description: |
|
|||
pass a metric with a "method" label name to a middleware; and not
|
||||
have any firewall/LB/proxy that filters away requests with unknown
|
||||
"method".
|
||||
published: 2022-07-15T23:29:02Z
|
||||
cves:
|
||||
- CVE-2022-21698
|
||||
ghsas:
|
||||
|
|
|
@ -9,6 +9,7 @@ packages:
|
|||
description: |
|
||||
The RunUsingChroot function unintentionally propagates environment
|
||||
variables from the current process to the child process.
|
||||
published: 2022-07-15T23:30:21Z
|
||||
cves:
|
||||
- CVE-2021-3602
|
||||
ghsas:
|
||||
|
|
|
@ -10,6 +10,7 @@ description: |
|
|||
A maliciously crafted RPM file can cause the Scanner.Scan function to
|
||||
write files with arbitrary contents to arbitrary locations on the local
|
||||
filestem.
|
||||
published: 2022-07-15T23:30:27Z
|
||||
cves:
|
||||
- CVE-2021-3762
|
||||
ghsas:
|
||||
|
|
|
@ -13,6 +13,7 @@ description: |
|
|||
URL path normalization does not handle Windows path separators
|
||||
(backslashes), permitting an attacker to construct requests
|
||||
with relative paths.
|
||||
published: 2022-07-27T20:26:59Z
|
||||
cves:
|
||||
- CVE-2022-21221
|
||||
ghsas:
|
||||
|
|
|
@ -26,6 +26,7 @@ description: |
|
|||
|
||||
Providing a *tls.Config with a ServerName field set to the
|
||||
correct destination hostname will avoid this issue.
|
||||
published: 2022-07-29T20:00:14Z
|
||||
cves:
|
||||
- CVE-2022-24968
|
||||
ghsas:
|
||||
|
|
|
@ -16,6 +16,7 @@ description: |
|
|||
|
||||
This problem has been addressed in newer versions by improving validation
|
||||
in manifest unmarshaling.
|
||||
published: 2022-07-29T20:00:03Z
|
||||
ghsas:
|
||||
- GHSA-qq97-vm5h-rrhg
|
||||
links:
|
||||
|
|
|
@ -16,6 +16,7 @@ description: |
|
|||
In these versions, the IsRevoked method always return true.
|
||||
|
||||
(This advisory is canonically https://advisories.nats.io/CVE/CVE-2020-26892.txt)
|
||||
published: 2022-07-15T23:29:36Z
|
||||
cves:
|
||||
- CVE-2020-26892
|
||||
ghsas:
|
||||
|
|
|
@ -21,6 +21,7 @@ description: |
|
|||
|
||||
For further details, see
|
||||
https://github.com/advisories/GHSA-56hp-xqp3-w2jf.
|
||||
published: 2022-07-15T23:29:45Z
|
||||
cves:
|
||||
- CVE-2021-32690
|
||||
ghsas:
|
||||
|
|
|
@ -15,10 +15,11 @@ description: |
|
|||
This issue only affects WebSockets with an AuthenticateMethod hook.
|
||||
Request handlers that do not explicitly use WebSockets are not
|
||||
vulnerable.
|
||||
cve_metadata:
|
||||
id: CVE-2021-4237
|
||||
cwe: "CWE 287: Improper Authentication"
|
||||
published: 2022-07-01T20:11:02Z
|
||||
ghsas:
|
||||
- GHSA-5gjg-jgh4-gppm
|
||||
links:
|
||||
commit: https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f
|
||||
cve_metadata:
|
||||
id: CVE-2021-4237
|
||||
cwe: 'CWE 287: Improper Authentication'
|
||||
|
|
|
@ -29,6 +29,7 @@ description: |
|
|||
|
||||
For further details and mitigation procedures, see
|
||||
https://advisories.nats.io/CVE/CVE-2021-3127.txt
|
||||
published: 2022-07-01T20:11:22Z
|
||||
cves:
|
||||
- CVE-2021-3127
|
||||
ghsas:
|
||||
|
|
|
@ -24,10 +24,11 @@ description: |
|
|||
the plaintext, if the hash is readable to the attacker.
|
||||
|
||||
AWS now blocks this metadata field, but older SDK versions still send it.
|
||||
cve_metadata:
|
||||
id: CVE-2022-2582
|
||||
cwe: "CWE 311: Missing Encryption of Sensitive Data"
|
||||
published: 2022-07-01T20:10:56Z
|
||||
ghsas:
|
||||
- GHSA-76wf-9vgp-pj7w
|
||||
links:
|
||||
commit: https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1
|
||||
cve_metadata:
|
||||
id: CVE-2022-2582
|
||||
cwe: 'CWE 311: Missing Encryption of Sensitive Data'
|
||||
|
|
|
@ -8,10 +8,12 @@ packages:
|
|||
- fixed: 0.7.2
|
||||
vulnerable_at: 0.7.1
|
||||
description: A race condition can cause incorrect HTTP request routing.
|
||||
published: 2022-07-01T20:10:50Z
|
||||
ghsas:
|
||||
- GHSA-h2x7-2ff6-v32p
|
||||
cve_metadata:
|
||||
id: CVE-2022-2583
|
||||
cwe: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
|
||||
links:
|
||||
commit: https://github.com/ntbosscher/gobase/commit/a8d40bce9c429d324122d18c446924dab809e812
|
||||
cve_metadata:
|
||||
id: CVE-2022-2583
|
||||
cwe: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization
|
||||
('Race Condition')
|
||||
|
|
|
@ -14,6 +14,7 @@ packages:
|
|||
description: |
|
||||
A malicious account can create and sign a User JWT which causes a panic
|
||||
when decoded by the NATS JWT library.
|
||||
published: 2022-07-01T20:10:43Z
|
||||
cves:
|
||||
- CVE-2020-26521
|
||||
ghsas:
|
||||
|
|
|
@ -13,10 +13,11 @@ description: |
|
|||
The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return
|
||||
strings containing at least one digit from 0 to 9. This significantly
|
||||
reduces the amount of entropy in short strings generated by these functions.
|
||||
published: 2022-07-01T20:08:24Z
|
||||
ghsas:
|
||||
- GHSA-xg2h-wx96-xgxr
|
||||
cve_metadata:
|
||||
id: CVE-2021-4238
|
||||
cwe: "CWE 330: Use of Insufficiently Random Values"
|
||||
links:
|
||||
commit: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
|
||||
cve_metadata:
|
||||
id: CVE-2021-4238
|
||||
cwe: 'CWE 330: Use of Insufficiently Random Values'
|
||||
|
|
|
@ -29,6 +29,7 @@ description: |
|
|||
user-provided arguments. These arguments can be interpreted
|
||||
as command-line flags, which can be used to perform command
|
||||
injection.
|
||||
published: 2022-07-01T20:08:17Z
|
||||
cves:
|
||||
- CVE-2022-21235
|
||||
ghsas:
|
||||
|
|
|
@ -21,6 +21,7 @@ description: |
|
|||
This bug does not affect the container security sandbox, as the
|
||||
inheritable set never contains more capabilities than are included
|
||||
in the container's bounding set.
|
||||
published: 2022-07-01T20:08:10Z
|
||||
cves:
|
||||
- CVE-2022-27651
|
||||
ghsas:
|
||||
|
|
|
@ -10,10 +10,12 @@ packages:
|
|||
- fixed: 1.3.1
|
||||
vulnerable_at: 1.3.0
|
||||
description: The dag-pb codec can panic when decoding invalid blocks.
|
||||
published: 2022-07-01T20:08:04Z
|
||||
ghsas:
|
||||
- GHSA-g3vv-g2j5-45f2
|
||||
cve_metadata:
|
||||
id: CVE-2022-2584
|
||||
cwe: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
|
||||
links:
|
||||
commit: https://github.com/ipld/go-codec-dagpb/commit/a17ace35cc760a2698645c09868f9050fa219f57
|
||||
cve_metadata:
|
||||
id: CVE-2022-2584
|
||||
cwe: 'CWE-119: Improper Restriction of Operations within the Bounds of a Memory
|
||||
Buffer'
|
||||
|
|
|
@ -10,6 +10,7 @@ packages:
|
|||
description: |
|
||||
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has
|
||||
a Decode stack overflow via a large amount of PEM data.
|
||||
published: 2022-05-20T21:17:25Z
|
||||
cves:
|
||||
- CVE-2022-24675
|
||||
credit: Juho Nurminen of Mattermost
|
||||
|
|
|
@ -12,6 +12,7 @@ description: |
|
|||
|
||||
These chains can be delivered through TLS and can cause a crypto/tls or
|
||||
net/http client to crash.
|
||||
published: 2022-05-23T21:59:00Z
|
||||
cves:
|
||||
- CVE-2022-27536
|
||||
credit: Tailscale
|
||||
|
|
|
@ -6,18 +6,19 @@ packages:
|
|||
- P256.ScalarBaseMult
|
||||
versions:
|
||||
- fixed: 1.17.9
|
||||
- introduced: 1.18
|
||||
- introduced: "1.18"
|
||||
fixed: 1.18.1
|
||||
description: |
|
||||
A crafted scalar input longer than 32 bytes can cause P256().ScalarMult
|
||||
or P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and
|
||||
crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected.
|
||||
A crafted scalar input longer than 32 bytes can cause P256().ScalarMult
|
||||
or P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and
|
||||
crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected.
|
||||
published: 2022-05-20T21:17:46Z
|
||||
cves:
|
||||
- CVE-2022-28327
|
||||
credit: Project Wycheproof
|
||||
links:
|
||||
pr: https://go.dev/cl/397135
|
||||
commit: https://go.googlesource.com/go/+/37065847d87df92b5eb246c88ba2085efcf0b331
|
||||
context:
|
||||
- https://go.dev/issue/52075
|
||||
- https://groups.google.com/g/golang-announce/c/oecdBNLOml8
|
||||
pr: https://go.dev/cl/397135
|
||||
commit: https://go.googlesource.com/go/+/37065847d87df92b5eb246c88ba2085efcf0b331
|
||||
context:
|
||||
- https://go.dev/issue/52075
|
||||
- https://groups.google.com/g/golang-announce/c/oecdBNLOml8
|
||||
|
|
|
@ -15,6 +15,7 @@ packages:
|
|||
description: |
|
||||
The getter package can write SSH credentials to its logfile,
|
||||
exposing credentials to local users able to read the logfile.
|
||||
published: 2022-07-01T20:07:52Z
|
||||
cves:
|
||||
- CVE-2022-29810
|
||||
ghsas:
|
||||
|
|
|
@ -27,6 +27,7 @@ description: |
|
|||
The TUF client is vulnerable to rollback attacks, in which an
|
||||
attacker causes a client to install software older than the software
|
||||
the client previously knew to be available.
|
||||
published: 2022-07-01T20:07:44Z
|
||||
cves:
|
||||
- CVE-2022-29173
|
||||
ghsas:
|
||||
|
|
|
@ -18,6 +18,7 @@ packages:
|
|||
description: |
|
||||
An attacker can send packets that send the DTLS server or client
|
||||
into an infinite loop.
|
||||
published: 2022-07-01T20:07:34Z
|
||||
cves:
|
||||
- CVE-2022-29190
|
||||
ghsas:
|
||||
|
|
|
@ -21,6 +21,7 @@ description: |
|
|||
The Pion DTLS client and server buffer handshake data with no
|
||||
upper limit, permitting an attacker to cause unbounded memory
|
||||
consumption by sending an unterminated handshake.
|
||||
published: 2022-07-01T20:07:25Z
|
||||
cves:
|
||||
- CVE-2022-29189
|
||||
ghsas:
|
||||
|
|
|
@ -23,6 +23,7 @@ description: |
|
|||
possesses the private key for the certificate. The Pion DTLS server
|
||||
accepted client certificates unaccompanied by this proof, permitting
|
||||
an attacker to present any certificate and have it accepted as valid.
|
||||
published: 2022-07-01T20:07:12Z
|
||||
cves:
|
||||
- CVE-2022-29222
|
||||
ghsas:
|
||||
|
|
|
@ -208,6 +208,7 @@ description: |
|
|||
|
||||
For example, the pattern "/a/b/:name" can match the URL "/a.xml/b/".
|
||||
This may bypass access control applied to the prefix "/a/".
|
||||
published: 2022-07-01T20:06:59Z
|
||||
cves:
|
||||
- CVE-2022-31259
|
||||
ghsas:
|
||||
|
|
|
@ -36,6 +36,7 @@ description: |
|
|||
contains no authentication, authorization, or validation of user
|
||||
inputs. Exposing handlers from this package can permit attackers to
|
||||
create files and delete directories.
|
||||
published: 2022-07-15T23:29:55Z
|
||||
cves:
|
||||
- CVE-2022-31022
|
||||
ghsas:
|
||||
|
|
|
@ -24,6 +24,7 @@ description: |
|
|||
|
||||
This can be caused by malicious unquoted symbol name in a linked object
|
||||
file.
|
||||
published: 2022-07-28T17:24:30Z
|
||||
credit: Chris Brown and Tempus Ex
|
||||
links:
|
||||
pr: https://go.dev/cl/269658
|
||||
|
|
|
@ -14,6 +14,7 @@ description: |
|
|||
command that builds untrusted code.
|
||||
|
||||
This can be caused by malicious gcc flags specified via a cgo directive.
|
||||
published: 2022-07-28T17:24:43Z
|
||||
credit: Imre Rad
|
||||
links:
|
||||
pr: https://go.dev/cl/267277
|
||||
|
|
|
@ -10,13 +10,7 @@ packages:
|
|||
description: |
|
||||
On Windows, rand.Read will hang indefinitely if passed a buffer larger than
|
||||
1 << 32 - 1 bytes.
|
||||
cve_metadata:
|
||||
id: CVE-2022-30634
|
||||
cwe: "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"
|
||||
description: |
|
||||
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on
|
||||
Windows allows attacker to cause an indefinite hang by passing a buffer
|
||||
larger than 1 << 32 - 1 bytes.
|
||||
published: 2022-06-09T01:43:37Z
|
||||
credit: Davis Goodin and Quim Muntal of Microsoft
|
||||
os:
|
||||
- windows
|
||||
|
@ -26,3 +20,10 @@ links:
|
|||
context:
|
||||
- https://go.dev/issue/52561
|
||||
- https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ
|
||||
cve_metadata:
|
||||
id: CVE-2022-30634
|
||||
cwe: 'CWE-835: Loop with Unreachable Exit Condition (''Infinite Loop'')'
|
||||
description: |
|
||||
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on
|
||||
Windows allows attacker to cause an indefinite hang by passing a buffer
|
||||
larger than 1 << 32 - 1 bytes.
|
||||
|
|
|
@ -15,6 +15,7 @@ description: |
|
|||
contents of a Git repository file. A maliciously crafted repository
|
||||
can exploit this to cause Read to read from arbitrary files on
|
||||
the filesystem.
|
||||
published: 2022-07-15T23:30:03Z
|
||||
cves:
|
||||
- CVE-2022-25856
|
||||
ghsas:
|
||||
|
|
|
@ -18,6 +18,7 @@ packages:
|
|||
description: |
|
||||
When called with a non-zero flags parameter, the Faccessat function
|
||||
can incorrectly report that a file is accessible.
|
||||
published: 2022-07-15T23:30:12Z
|
||||
cves:
|
||||
- CVE-2022-29526
|
||||
credit: Joël Gähwiler (@256dpi)
|
||||
|
|
|
@ -27,6 +27,7 @@ packages:
|
|||
vulnerable_at: 2.3.0
|
||||
description: |
|
||||
Decoding malformed CAR data can cause panics or excessive memory usage.
|
||||
published: 2022-07-30T03:50:50Z
|
||||
ghsas:
|
||||
- GHSA-9x4h-8wgm-8xfg
|
||||
links:
|
||||
|
|
|
@ -20,6 +20,7 @@ packages:
|
|||
description: |
|
||||
Calling any of the Parse functions on Go source code which contains deeply
|
||||
nested types or declarations can cause a panic due to stack exhaustion.
|
||||
published: 2022-07-20T17:01:45Z
|
||||
credit: Juho Nurminen of Mattermost
|
||||
links:
|
||||
pr: https://go.dev/cl/417063
|
||||
|
|
|
@ -8,6 +8,7 @@ packages:
|
|||
vulnerable_at: 1.1.30
|
||||
description: |
|
||||
Improper validation of access tokens can permit use of expired tokens.
|
||||
published: 2022-07-30T03:51:07Z
|
||||
cves:
|
||||
- CVE-2022-31145
|
||||
ghsas:
|
||||
|
|
|
@ -20,6 +20,7 @@ description: |
|
|||
In the more usual case where a Director function sets the
|
||||
X-Forwarded-For header value to nil, ReverseProxy leaves the header
|
||||
unmodified as expected.
|
||||
published: 2022-07-28T17:23:05Z
|
||||
credit: Christian Mehlmauer
|
||||
links:
|
||||
pr: https://go.dev/cl/412857
|
||||
|
|
|
@ -11,6 +11,7 @@ packages:
|
|||
description: |
|
||||
Calling Decoder.Skip when parsing a deeply nested XML document can cause a
|
||||
panic due to stack exhaustion.
|
||||
published: 2022-07-20T17:02:04Z
|
||||
credit: Go Security Team and Juho Nurminen of Mattermost
|
||||
links:
|
||||
pr: https://go.dev/cl/417062
|
||||
|
|
|
@ -11,6 +11,7 @@ packages:
|
|||
description: |
|
||||
Calling Glob on a path which contains a large number of path separators can
|
||||
cause a panic due to stack exhaustion.
|
||||
published: 2022-07-20T17:02:29Z
|
||||
credit: Juho Nurminen of Mattermost
|
||||
links:
|
||||
pr: https://go.dev/cl/417066
|
||||
|
|
|
@ -14,6 +14,7 @@ description: |
|
|||
Unmarshaling an XML document into a Go struct which has a nested
|
||||
field that uses the 'any' field tag can panic due to stack
|
||||
exhaustion.
|
||||
published: 2022-07-20T20:52:06Z
|
||||
links:
|
||||
pr: https://go.dev/cl/417061
|
||||
commit: https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08
|
||||
|
|
|
@ -11,6 +11,7 @@ packages:
|
|||
description: |
|
||||
Calling Reader.Read on an archive containing a large number of concatenated
|
||||
0-length compressed files can cause a panic due to stack exhaustion.
|
||||
published: 2022-07-20T20:52:11Z
|
||||
links:
|
||||
pr: https://go.dev/cl/417067
|
||||
commit: https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e
|
||||
|
|
|
@ -13,6 +13,7 @@ description: |
|
|||
indicating a "chunked" encoding. This could potentially allow for request
|
||||
smuggling, but only if combined with an intermediate server that also
|
||||
improperly failed to reject the header as invalid.
|
||||
published: 2022-07-25T17:34:18Z
|
||||
credit: Zeyu Zhang (https://www.zeyu2001.com/)
|
||||
links:
|
||||
pr: https://go.dev/cl/409874
|
||||
|
@ -23,9 +24,9 @@ links:
|
|||
- https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
|
||||
cve_metadata:
|
||||
id: CVE-2022-1705
|
||||
cwe: "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"
|
||||
cwe: 'CWE-444: Inconsistent Interpretation of HTTP Requests (''HTTP Request Smuggling'')'
|
||||
description: |
|
||||
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client
|
||||
in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling
|
||||
if combined with an intermediate server that also improperly fails to
|
||||
reject the header as invalid.
|
||||
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client
|
||||
in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling
|
||||
if combined with an intermediate server that also improperly fails to
|
||||
reject the header as invalid.
|
||||
|
|
|
@ -13,6 +13,7 @@ packages:
|
|||
description: |
|
||||
Calling Decoder.Decode on a message which contains deeply nested structures
|
||||
can cause a panic due to stack exhaustion.
|
||||
published: 2022-07-20T20:52:17Z
|
||||
links:
|
||||
pr: https://go.dev/cl/417064
|
||||
commit: https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7
|
||||
|
|
|
@ -11,6 +11,7 @@ packages:
|
|||
description: |
|
||||
Calling Glob on a path which contains a large number of path separators can
|
||||
cause a panic due to stack exhaustion.
|
||||
published: 2022-07-20T20:52:22Z
|
||||
links:
|
||||
pr: https://go.dev/cl/417065
|
||||
commit: https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59
|
||||
|
|
|
@ -9,6 +9,7 @@ packages:
|
|||
description: |
|
||||
Sending a message exactly 2000, 4000, or 6000 characters in length
|
||||
to Discord causes a panic.
|
||||
published: 2022-07-30T03:51:17Z
|
||||
cves:
|
||||
- CVE-2022-25891
|
||||
ghsas:
|
||||
|
|
|
@ -15,6 +15,7 @@ description: |
|
|||
generated ticket_age_add, which allows an attacker that can observe TLS
|
||||
handshakes to correlate successive connections by comparing ticket ages
|
||||
during session resumption.
|
||||
published: 2022-07-28T17:24:57Z
|
||||
credit: Github user @nervuri
|
||||
links:
|
||||
pr: https://go.dev/cl/405994
|
||||
|
|
|
@ -12,11 +12,12 @@ description: |
|
|||
On Windows, executing Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput
|
||||
when Cmd.Path is unset will unintentionally trigger execution of any
|
||||
binaries in the working directory named either "..com" or "..exe".
|
||||
published: 2022-07-26T21:41:20Z
|
||||
credit: |
|
||||
Chris Darroch (chrisd8088@github.com), brian m. carlson (bk2204@github.com),
|
||||
and Mikhail Shcherbakov (https://twitter.com/yu5k3)
|
||||
Chris Darroch (chrisd8088@github.com), brian m. carlson (bk2204@github.com),
|
||||
and Mikhail Shcherbakov (https://twitter.com/yu5k3)
|
||||
os:
|
||||
- windows
|
||||
- windows
|
||||
links:
|
||||
pr: https://go.dev/cl/403759
|
||||
commit: https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e
|
||||
|
@ -31,4 +32,3 @@ cve_metadata:
|
|||
allows execution of any binaries in the working directory named either
|
||||
"..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or
|
||||
Cmd.CombinedOutput when Cmd.Path is unset.
|
||||
|
||||
|
|
|
@ -14,6 +14,7 @@ description: |
|
|||
attack.
|
||||
|
||||
For example, Clean(`.\c:`) returns `c:`.
|
||||
published: 2022-07-28T17:25:07Z
|
||||
credit: Unrud
|
||||
os:
|
||||
- windows
|
||||
|
@ -25,7 +26,8 @@ links:
|
|||
- https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ
|
||||
cve_metadata:
|
||||
id: CVE-2022-29804
|
||||
cwe: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
|
||||
cwe: 'CWE-22: Improper Limitation of a Pathname to a Restricted Directory (''Path
|
||||
Traversal'')'
|
||||
description: |
|
||||
Incorrect conversion of certain invalid paths to valid, absolute paths
|
||||
in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows
|
||||
|
|
|
@ -13,6 +13,7 @@ description: |
|
|||
non-constant time comparison for secrets while validating a Gitlab request.
|
||||
This allows for a timing attack where an attacker can recover a secret and
|
||||
then forge the request.
|
||||
published: 2022-08-11T20:54:51Z
|
||||
cves:
|
||||
- CVE-2022-24912
|
||||
ghsas:
|
||||
|
|
|
@ -19,10 +19,11 @@ description: |
|
|||
See
|
||||
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0601
|
||||
for details on the Windows vulnerability.
|
||||
os:
|
||||
- windows
|
||||
published: 2022-08-01T22:21:17Z
|
||||
cves:
|
||||
- CVE-2020-0601
|
||||
os:
|
||||
- windows
|
||||
links:
|
||||
pr: https://go.dev/cl/215905
|
||||
commit: https://go.googlesource.com/go/+/953bc8f391a63adf00bac2515dba62abe8a1e2c2
|
||||
|
|
|
@ -28,6 +28,7 @@ description: |
|
|||
over each stream that should solicit a stream of RST_STREAM frames from the
|
||||
peer. Depending on how the peer queues the RST_STREAM frames, this can
|
||||
consume excess memory, CPU, or both.
|
||||
published: 2022-08-01T22:20:53Z
|
||||
cves:
|
||||
- CVE-2019-9512
|
||||
- CVE-2019-9514
|
||||
|
|
|
@ -12,6 +12,7 @@ packages:
|
|||
description: |
|
||||
Decoding big.Float and big.Rat types can panic if the encoded message is
|
||||
too short, potentially allowing a denial of service.
|
||||
published: 2022-08-01T22:21:06Z
|
||||
credit: '@catenacyber'
|
||||
links:
|
||||
pr: https://go.dev/cl/417774
|
||||
|
|
|
@ -8,6 +8,7 @@ description: |
|
|||
|
||||
There is no known workaround for Biscuit v1. The Biscuit v2 specification
|
||||
avoids this vulnerability.
|
||||
published: 2022-08-15T18:02:15Z
|
||||
cves:
|
||||
- CVE-2022-31053
|
||||
ghsas:
|
||||
|
|
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче