go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

data: update reports for OSV schema changes 

Change-Id: I381c0225514627719d103395580f3b2d8d8efc2d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/424899
Reviewed-by: Julie Qiu <julieqiu@google.com>
This commit is contained in:
Damien Neil 2022-08-18 15:09:12 -07:00
Родитель 703236d8e9
Коммит b5cb765df4
245 изменённых файлов: 2563 добавлений и 2237 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

10
data/reports/GO-2020-0001.yaml
Просмотреть файл

@ -1,9 +1,11 @@
packages:
modules:
- module: github.com/gin-gonic/gin
symbols:
- defaultLogFormatter
versions:
- fixed: 1.6.0
packages:
- package: github.com/gin-gonic/gin
symbols:
- defaultLogFormatter
description: |
The default Formatter for the Logger middleware (LoggerConfig.Formatter),
which is included in the Default engine, allows attackers to inject arbitrary
@ -15,7 +17,7 @@ links:
commit: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
cve_metadata:
id: CVE-2020-36567
cwe: "CWE-117 Improper Output Neutralization for Logs"
cwe: CWE-117 Improper Output Neutralization for Logs
description: |
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
allows remote attackers to inject arbitrary log lines.

4
data/reports/GO-2020-0002.yaml
Просмотреть файл

@ -1,7 +1,9 @@
packages:
modules:
- module: github.com/proglottis/gpgme
versions:
- fixed: 0.1.1
packages:
- package: github.com/proglottis/gpgme
description: |
The Data, Context, or Key finalizers might run during or before GPGME
operations. This will release the C structures that are still in use, leading

4
data/reports/GO-2020-0003.yaml
Просмотреть файл

@ -1,7 +1,9 @@
packages:
modules:
- module: github.com/revel/revel
versions:
- fixed: 1.0.0
packages:
- package: github.com/revel/revel
description: |
An attacker can cause an application that accepts slice parameters
(https://revel.github.io/manual/parameters.html#slices) to allocate large

18
data/reports/GO-2020-0004.yaml
Просмотреть файл

@ -1,15 +1,17 @@
packages:
modules:
- module: github.com/nanobox-io/golang-nanoauth
symbols:
- Auth.ServerHTTP
- Auth.ListenAndServeTLS
- Auth.ListenAndServe
derived_symbols:
- ListenAndServe
- ListenAndServeTLS
versions:
- introduced: 0.0.0-20160722212129-ac0cc4484ad4
fixed: 0.0.0-20200131131040-063a3fb69896
packages:
- package: github.com/nanobox-io/golang-nanoauth
symbols:
- Auth.ServerHTTP
- Auth.ListenAndServeTLS
- Auth.ListenAndServe
derived_symbols:
- ListenAndServe
- ListenAndServeTLS
description: |
If any of the ListenAndServe functions are called with an empty token,
token authentication is disabled globally for all listeners.

11
data/reports/GO-2020-0005.yaml
Просмотреть файл

@ -1,11 +1,12 @@
packages:
modules:
- module: go.etcd.io/etcd
package: go.etcd.io/etcd/wal
symbols:
- WAL.ReadAll
- decoder.decodeRecord
versions:
- fixed: 0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
packages:
- package: go.etcd.io/etcd/wal
symbols:
- WAL.ReadAll
- decoder.decodeRecord
description: |
Malformed WALs can be constructed such that WAL.ReadAll can cause attempted
out of bounds reads, or creation of arbitrarily sized slices, which may be used as

20
data/reports/GO-2020-0006.yaml
Просмотреть файл

@ -1,15 +1,17 @@
packages:
modules:
- module: github.com/miekg/dns
symbols:
- Server.serveTCP
derived_symbols:
- ActivateAndServe
- ListenAndServe
- ListenAndServeTLS
- Server.ActivateAndServe
- Server.ListenAndServe
versions:
- fixed: 1.0.4-0.20180125103619-43913f2f4fbd
packages:
- package: github.com/miekg/dns
symbols:
- Server.serveTCP
derived_symbols:
- ActivateAndServe
- ListenAndServe
- ListenAndServeTLS
- Server.ActivateAndServe
- Server.ListenAndServe
description: |
An attacker may prevent TCP connections to a Server by opening
a connection and leaving it idle, until the connection is closed by

18
data/reports/GO-2020-0007.yaml
Просмотреть файл

@ -1,14 +1,16 @@
packages:
modules:
- module: github.com/seccomp/libseccomp-golang
symbols:
- ScmpFilter.addRuleGeneric
derived_symbols:
- ScmpFilter.AddRule
- ScmpFilter.AddRuleConditional
- ScmpFilter.AddRuleConditionalExact
- ScmpFilter.AddRuleExact
versions:
- fixed: 0.9.1-0.20170424173420-06e7a29f36a3
packages:
- package: github.com/seccomp/libseccomp-golang
symbols:
- ScmpFilter.addRuleGeneric
derived_symbols:
- ScmpFilter.AddRule
- ScmpFilter.AddRuleConditional
- ScmpFilter.AddRuleConditionalExact
- ScmpFilter.AddRuleExact
description: |
Filters containing rules with multiple syscall arguments are improperly
constructed, such that all arguments are required to match rather than

20
data/reports/GO-2020-0008.yaml
Просмотреть файл

@ -1,15 +1,17 @@
packages:
modules:
- module: github.com/miekg/dns
symbols:
- id
derived_symbols:
- Msg.SetAxfr
- Msg.SetIxfr
- Msg.SetNotify
- Msg.SetQuestion
- Msg.SetUpdate
versions:
- fixed: 1.1.25-0.20191211073109-8ebf2e419df7
packages:
- package: github.com/miekg/dns
symbols:
- id
derived_symbols:
- Msg.SetAxfr
- Msg.SetIxfr
- Msg.SetNotify
- Msg.SetQuestion
- Msg.SetUpdate
description: |
DNS message transaction IDs are generated using math/rand which
makes them relatively predictable. This reduces the complexity

53
data/reports/GO-2020-0009.yaml
Просмотреть файл

@ -1,16 +1,41 @@
packages:
- module: github.com/square/go-jose
package: github.com/square/go-jose/cipher
symbols:
- cbcAEAD.computeAuthTag
versions:
- fixed: 0.0.0-20160903044734-789a4c4bd4c1
modules:
- module: github.com/square/go-jose
versions:
- fixed: 0.0.0-20160903044734-789a4c4bd4c1
symbols:
- JsonWebEncryption.Decrypt
- JsonWebEncryption.DecryptMulti
packages:
- package: github.com/square/go-jose/cipher
goarch:
- "386"
- arm
- armbe
- amd64p32
- mips
- mipsle
- mips64p32
- mips64p32le
- ppc
- riscv
- s390
- sparc
symbols:
- cbcAEAD.computeAuthTag
- package: github.com/square/go-jose
goarch:
- "386"
- arm
- armbe
- amd64p32
- mips
- mipsle
- mips64p32
- mips64p32le
- ppc
- riscv
- s390
- sparc
symbols:
- JsonWebEncryption.Decrypt
- JsonWebEncryption.DecryptMulti
description: |
On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC
with HMAC such that they can control how large the input buffer is when computing
@ -22,6 +47,10 @@ cves:
ghsas:
- GHSA-3fx4-7f69-5mmg
credit: Quan Nguyen from Google's Information Security Engineering Team
links:
commit: https://github.com/square/go-jose/commit/789a4c4bd4c118f7564954f441b29c153ccd6a96
context:
- https://www.openwall.com/lists/oss-security/2016/11/03/1
arch:
- "386"
- arm
@ -35,7 +64,3 @@ arch:
- riscv
- s390
- sparc
links:
commit: https://github.com/square/go-jose/commit/789a4c4bd4c118f7564954f441b29c153ccd6a96
context:
- https://www.openwall.com/lists/oss-security/2016/11/03/1

21
data/reports/GO-2020-0010.yaml
Просмотреть файл

@ -1,17 +1,16 @@
packages:
- module: github.com/square/go-jose
package: github.com/square/go-jose/cipher
symbols:
- DeriveECDHES
- ecDecrypterSigner.decryptKey
- rawJsonWebKey.ecPublicKey
versions:
- fixed: 0.0.0-20160831185616-c7581939a365
modules:
- module: github.com/square/go-jose
versions:
- fixed: 0.0.0-20160831185616-c7581939a365
symbols:
- JsonWebEncryption.Decrypt
packages:
- package: github.com/square/go-jose/cipher
symbols:
- DeriveECDHES
- ecDecrypterSigner.decryptKey
- rawJsonWebKey.ecPublicKey
- package: github.com/square/go-jose
symbols:
- JsonWebEncryption.Decrypt
description: |
When using ECDH-ES an attacker can mount an invalid curve attack during
decryption as the supplied public key is not checked to be on the same

10
data/reports/GO-2020-0011.yaml
Просмотреть файл

@ -1,10 +1,12 @@
packages:
modules:
- module: github.com/square/go-jose
symbols:
- JsonWebEncryption.Decrypt
- JsonWebSignature.Verify
versions:
- fixed: 0.0.0-20160922232413-2c5656adca99
packages:
- package: github.com/square/go-jose
symbols:
- JsonWebEncryption.Decrypt
- JsonWebSignature.Verify
description: |
When decrypting JsonWebEncryption objects with multiple recipients
or JsonWebSignature objects with multiple signatures the Decrypt

17
data/reports/GO-2020-0012.yaml
Просмотреть файл

@ -1,14 +1,15 @@
packages:
modules:
- module: golang.org/x/crypto
package: golang.org/x/crypto/ssh
symbols:
- parseED25519
- ed25519PublicKey.Verify
- parseSKEd25519
- skEd25519PublicKey.Verify
- NewPublicKey
versions:
- fixed: 0.0.0-20200220183623-bac4c82f6975
packages:
- package: golang.org/x/crypto/ssh
symbols:
- parseED25519
- ed25519PublicKey.Verify
- parseSKEd25519
- skEd25519PublicKey.Verify
- NewPublicKey
description: |
An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
key, such that the library will panic when trying to verify a signature

9
data/reports/GO-2020-0013.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: golang.org/x/crypto
package: golang.org/x/crypto/ssh
symbols:
- NewClientConn
versions:
- fixed: 0.0.0-20170330155735-e4e2799dd7aa
packages:
- package: golang.org/x/crypto/ssh
symbols:
- NewClientConn
description: |
By default host key verification is disabled which allows for
man-in-the-middle attacks against SSH clients if

11
data/reports/GO-2020-0014.yaml
Просмотреть файл

@ -1,11 +1,12 @@
packages:
modules:
- module: golang.org/x/net
package: golang.org/x/net/html
symbols:
- inSelectIM
- inSelectInTableIM
versions:
- fixed: 0.0.0-20190125091013-d26f9f9a57f3
packages:
- package: golang.org/x/net/html
symbols:
- inSelectIM
- inSelectInTableIM
description: |
html.Parse does not properly handle "select" tags, which can lead
to an infinite loop. If parsing user supplied input, this may be used

22
data/reports/GO-2020-0015.yaml
Просмотреть файл

@ -1,18 +1,16 @@
packages:
modules:
- module: golang.org/x/text
package: golang.org/x/text/encoding/unicode
symbols:
- utf16Decoder.Transform
derived_symbols:
- bomOverride.Transform
versions:
- fixed: 0.3.3
- module: golang.org/x/text
package: golang.org/x/text/transform
symbols:
- Transform
versions:
- fixed: 0.3.3
packages:
- package: golang.org/x/text/encoding/unicode
symbols:
- utf16Decoder.Transform
derived_symbols:
- bomOverride.Transform
- package: golang.org/x/text/transform
symbols:
- Transform
description: |
An attacker could provide a single byte to a UTF16 decoder instantiated with
UseBOM or ExpectBOM to trigger an infinite loop if the String function on

16
data/reports/GO-2020-0016.yaml
Просмотреть файл

@ -1,13 +1,15 @@
packages:
modules:
- module: github.com/ulikunitz/xz
symbols:
- readUvarint
derived_symbols:
- Reader.Read
- blockHeader.UnmarshalBinary
- streamReader.Read
versions:
- fixed: 0.5.8
packages:
- package: github.com/ulikunitz/xz
symbols:
- readUvarint
derived_symbols:
- Reader.Read
- blockHeader.UnmarshalBinary
- streamReader.Read
description: |
An attacker can construct a series of bytes such that calling
Reader.Read on the bytes could cause an infinite loop. If

14
data/reports/GO-2020-0017.yaml
Просмотреть файл

@ -1,14 +1,18 @@
packages:
modules:
- module: github.com/dgrijalva/jwt-go
symbols:
- MapClaims.VerifyAudience
versions:
- introduced: 0.0.0-20150717181359-44718f8a89b0
packages:
- package: github.com/dgrijalva/jwt-go
symbols:
- MapClaims.VerifyAudience
- module: github.com/dgrijalva/jwt-go/v4
symbols:
- MapClaims.VerifyAudience
versions:
- fixed: 4.0.0-preview1
packages:
- package: github.com/dgrijalva/jwt-go/v4
symbols:
- MapClaims.VerifyAudience
description: |
If a JWT contains an audience claim with an array of strings, rather
than a single string, and MapClaims.VerifyAudience is called with

22
data/reports/GO-2020-0018.yaml
Просмотреть файл

@ -1,17 +1,19 @@
packages:
modules:
- module: github.com/satori/go.uuid
symbols:
- NewV1
- NewV4
- rfc4122Generator.getClockSequence
- rfc4122Generator.getHardwareAddr
derived_symbols:
- NewV2
- rfc4122Generator.NewV1
- rfc4122Generator.NewV2
versions:
- fixed: 1.2.1-0.20181016170032-d91630c85102
vulnerable_at: 1.2.1-0.20180103161547-0ef6afb2f6cd
packages:
- package: github.com/satori/go.uuid
symbols:
- NewV1
- NewV4
- rfc4122Generator.getClockSequence
- rfc4122Generator.getHardwareAddr
derived_symbols:
- NewV2
- rfc4122Generator.NewV1
- rfc4122Generator.NewV2
description: |
UUIDs generated using NewV1 and NewV4 may not read the expected
number of random bytes. These UUIDs may contain a significantly smaller

52
data/reports/GO-2020-0019.yaml
Просмотреть файл

@ -1,31 +1,33 @@
packages:
modules:
- module: github.com/gorilla/websocket
symbols:
- Conn.advanceFrame
- messageReader.Read
derived_symbols:
- Conn.Close
- Conn.NextReader
- Conn.ReadJSON
- Conn.ReadMessage
- Conn.WriteJSON
- Conn.WritePreparedMessage
- Dialer.Dial
- Dialer.DialContext
- NewClient
- NewPreparedMessage
- ReadJSON
- Subprotocols
- Upgrade
- Upgrader.Upgrade
- WriteJSON
- httpProxyDialer.Dial
- netDialerFunc.Dial
- proxy_direct.Dial
- proxy_envOnce.Get
- proxy_socks5.Dial
versions:
- fixed: 1.4.1
packages:
- package: github.com/gorilla/websocket
symbols:
- Conn.advanceFrame
- messageReader.Read
derived_symbols:
- Conn.Close
- Conn.NextReader
- Conn.ReadJSON
- Conn.ReadMessage
- Conn.WriteJSON
- Conn.WritePreparedMessage
- Dialer.Dial
- Dialer.DialContext
- NewClient
- NewPreparedMessage
- ReadJSON
- Subprotocols
- Upgrade
- Upgrader.Upgrade
- WriteJSON
- httpProxyDialer.Dial
- netDialerFunc.Dial
- proxy_direct.Dial
- proxy_envOnce.Get
- proxy_socks5.Dial
description: |
An attacker can craft malicious WebSocket frames that cause an integer
overflow in a variable which tracks the number of bytes remaining. This

14
data/reports/GO-2020-0020.yaml
Просмотреть файл

@ -1,18 +1,20 @@
packages:
modules:
- module: github.com/gorilla/handlers
symbols:
- cors.ServeHTTP
versions:
- fixed: 1.3.0
packages:
- package: github.com/gorilla/handlers
symbols:
- cors.ServeHTTP
description: |
Usage of the CORS handler may apply improper CORS headers, allowing
the requester to explicitly control the value of the Access-Control-Allow-Origin
header, which bypasses the expected behavior of the Same Origin Policy.
published: 2021-04-14T20:04:52Z
credit: Evan J Johnson
cve_metadata:
id: CVE-2017-20146
cwe: "CWE 284: Improper Access Control"
links:
pr: https://github.com/gorilla/handlers/pull/116
commit: https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145
cve_metadata:
id: CVE-2017-20146
cwe: 'CWE 284: Improper Access Control'

12
data/reports/GO-2020-0021.yaml
Просмотреть файл

@ -1,11 +1,13 @@
packages:
modules:
- module: github.com/gogits/gogs
symbols:
- GetIssues
- SearchRepositoryByName
- SearchUserByName
versions:
- fixed: 0.5.8
packages:
- package: github.com/gogits/gogs
symbols:
- GetIssues
- SearchRepositoryByName
- SearchUserByName
description: |
Due to improper santization of user input, a number of methods are
vulnerable to SQL injection if used with user input that has not

14
data/reports/GO-2020-0022.yaml
Просмотреть файл

@ -1,19 +1,21 @@
packages:
modules:
- module: github.com/cloudflare/golz4
symbols:
- Uncompress
versions:
- fixed: 0.0.0-20140711154735-199f5f787806
packages:
- package: github.com/cloudflare/golz4
symbols:
- Uncompress
description: |
LZ4 bindings use a deprecated C API that is vulnerable to
memory corruption, which could lead to arbitrary code execution
if called with untrusted user input.
published: 2021-04-14T20:04:52Z
credit: Yann Collet
cve_metadata:
id: CVE-2014-125026
cwe: "CWE 94: Improper Control of Generation of Code ('Code Injection')"
links:
commit: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
context:
- https://github.com/cloudflare/golz4/issues/5
cve_metadata:
id: CVE-2014-125026
cwe: 'CWE 94: Improper Control of Generation of Code (''Code Injection'')'

14
data/reports/GO-2020-0023.yaml
Просмотреть файл

@ -1,19 +1,21 @@
packages:
modules:
- module: github.com/robbert229/jwt
symbols:
- Algorithm.validateSignature
versions:
- fixed: 0.0.0-20170426191122-ca1404ee6e83
packages:
- package: github.com/robbert229/jwt
symbols:
- Algorithm.validateSignature
description: |
Token validation methods are susceptible to a timing side-channel
during HMAC comparison. With a large enough number of requests
over a low latency connection, an attacker may use this to determine
the expected HMAC.
published: 2021-04-14T20:04:52Z
cve_metadata:
id: CVE-2015-10004
cwe: "CWE 208: Information Exposure Through Timing Discrepancy"
links:
commit: https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654
context:
- https://github.com/robbert229/jwt/issues/12
cve_metadata:
id: CVE-2015-10004
cwe: 'CWE 208: Information Exposure Through Timing Discrepancy'

26
data/reports/GO-2020-0024.yaml
Просмотреть файл

@ -1,25 +1,27 @@
packages:
modules:
- module: github.com/btcsuite/go-socks
package: github.com/btcsuite/go-socks/socks
symbols:
- proxiedConn.LocalAddr
- proxiedConn.RemoteAddr
versions:
- fixed: 0.0.0-20130808000456-233bccbb1abe
packages:
- package: github.com/btcsuite/go-socks/socks
symbols:
- proxiedConn.LocalAddr
- proxiedConn.RemoteAddr
- module: github.com/btcsuitereleases/go-socks
package: github.com/btcsuitereleases/go-socks/socks
symbols:
- proxiedConn.LocalAddr
- proxiedConn.RemoteAddr
versions:
- fixed: 0.0.0-20130808000456-233bccbb1abe
packages:
- package: github.com/btcsuitereleases/go-socks/socks
symbols:
- proxiedConn.LocalAddr
- proxiedConn.RemoteAddr
description: |
The RemoteAddr and LocalAddr methods on the returned net.Conn may
call themselves, leading to an infinite loop which will crash the
program due to a stack overflow.
published: 2021-04-14T20:04:52Z
cve_metadata:
id: CVE-2013-10005
cwe: "CWE 400: Uncontrolled Resource Consumption"
links:
commit: https://github.com/btcsuite/go-socks/commit/233bccbb1abe02f05750f7ace66f5bffdb13defc
cve_metadata:
id: CVE-2013-10005
cwe: 'CWE 400: Uncontrolled Resource Consumption'

24
data/reports/GO-2020-0025.yaml
Просмотреть файл

@ -1,25 +1,29 @@
packages:
modules:
- module: github.com/cloudfoundry/archiver
symbols:
- tgzExtractor.Extract
- zipExtractor.Extract
versions:
- fixed: 0.0.0-20180523222229-09b5706aa936
packages:
- package: github.com/cloudfoundry/archiver
symbols:
- tgzExtractor.Extract
- zipExtractor.Extract
- module: code.cloudfoundry.org/archiver
symbols:
- tgzExtractor.Extract
- zipExtractor.Extract
versions:
- fixed: 0.0.0-20180523222229-09b5706aa936
packages:
- package: code.cloudfoundry.org/archiver
symbols:
- tgzExtractor.Extract
- zipExtractor.Extract
description: |
Due to improper path santization, archives containing relative file
paths can cause files to be written (or overwritten) outside of the
target directory.
published: 2021-04-14T20:04:52Z
cve_metadata:
id: CVE-2018-25046
cwe: 'CWE 29: Path Traversal: "\..\filename"'
links:
commit: https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840
context:
- https://snyk.io/research/zip-slip-vulnerability
cve_metadata:
id: CVE-2018-25046
cwe: 'CWE 29: Path Traversal: "\..\filename"'

19
data/reports/GO-2020-0026.yaml
Просмотреть файл

@ -1,15 +1,16 @@
packages:
modules:
- module: github.com/openshift/source-to-image
package: github.com/openshift/source-to-image/pkg/tar
symbols:
- stiTar.ExtractTarStreamFromTarReader
- stiTar.extractLink
- New
derived_symbols:
- stiTar.ExtractTarStream
- stiTar.ExtractTarStreamWithLogging
versions:
- fixed: 1.1.10-0.20180427153919-f5cbcbc5cc6f
packages:
- package: github.com/openshift/source-to-image/pkg/tar
symbols:
- stiTar.ExtractTarStreamFromTarReader
- stiTar.extractLink
- New
derived_symbols:
- stiTar.ExtractTarStream
- stiTar.ExtractTarStreamWithLogging
description: |
Due to improper path santization, archives containing relative file
paths can cause files to be written (or overwritten) outside of the

22
data/reports/GO-2020-0027.yaml
Просмотреть файл

@ -1,18 +1,16 @@
packages:
modules:
- module: github.com/google/fscrypt
package: github.com/google/fscrypt/pam
symbols:
- NewHandle
- SetProcessPrivileges
- Handle.StopAsPamUser
versions:
- fixed: 0.2.4
- module: github.com/google/fscrypt
package: github.com/google/fscrypt/security
symbols:
- UserKeyringID
versions:
- fixed: 0.2.4
packages:
- package: github.com/google/fscrypt/pam
symbols:
- NewHandle
- SetProcessPrivileges
- Handle.StopAsPamUser
- package: github.com/google/fscrypt/security
symbols:
- UserKeyringID
description: |
After dropping and then elevating process privileges euid, guid, and groups
are not properly restored to their original values, allowing an unprivileged

14
data/reports/GO-2020-0028.yaml
Просмотреть файл

@ -1,12 +1,14 @@
packages:
modules:
- module: github.com/miekg/dns
symbols:
- setTA
derived_symbols:
- ParseZone
- ReadRR
versions:
- fixed: 1.0.10
packages:
- package: github.com/miekg/dns
symbols:
- setTA
derived_symbols:
- ParseZone
- ReadRR
description: |
Due to a nil pointer dereference, parsing a malformed zone file
containing TA records may cause a panic. If parsing user supplied

10
data/reports/GO-2020-0029.yaml
Просмотреть файл

@ -1,17 +1,19 @@
packages:
modules:
- module: github.com/gin-gonic/gin
symbols:
- Context.ClientIP
versions:
- fixed: 0.0.0-20141229113116-0099840c98ae
packages:
- package: github.com/gin-gonic/gin
symbols:
- Context.ClientIP
description: |
Due to improper HTTP header santization, a malicious user can spoof their
source IP address by setting the X-Forwarded-For header. This may allow
a user to bypass IP based restrictions, or obfuscate their true source.
published: 2021-04-14T20:04:52Z
credit: '@nl5887'
cves:
- CVE-2020-28483
credit: '@nl5887'
links:
pr: https://github.com/gin-gonic/gin/pull/182
commit: https://github.com/gin-gonic/gin/commit/0099840c98ae1473c5ff0f18bc93a8e13ceed829

4
data/reports/GO-2020-0031.yaml
Просмотреть файл

@ -1,7 +1,9 @@
packages:
modules:
- module: github.com/proglottis/gpgme
versions:
- fixed: 0.1.1
packages:
- package: github.com/proglottis/gpgme
description: |
Due to improper setting of finalizers, memory passed to C may be freed before it is used,
leading to crashes due to memory corruption or possible code execution.

23
data/reports/GO-2020-0032.yaml
Просмотреть файл

@ -1,19 +1,25 @@
packages:
modules:
- module: github.com/goadesign/goa
symbols:
- Controller.FileHandler
versions:
- fixed: 1.4.3
packages:
- package: github.com/goadesign/goa
symbols:
- Controller.FileHandler
- module: goa.design/goa
symbols:
- Controller.FileHandler
versions:
- fixed: 1.4.3
packages:
- package: goa.design/goa
symbols:
- Controller.FileHandler
- module: goa.design/goa/v3
symbols:
- Controller.FileHandler
versions:
- fixed: 3.0.9
packages:
- package: goa.design/goa/v3
symbols:
- Controller.FileHandler
description: |
Due to improper santization of user input, Controller.FileHandler allows
for directory traversal, allowing an attacker to read files outside of
@ -25,7 +31,8 @@ links:
commit: https://github.com/goadesign/goa/commit/70b5a199d0f813d74423993832c424e1fc73fb39
cve_metadata:
id: CVE-2019-25073
cwe: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory('Path Traversal')"
cwe: 'CWE-22: Improper Limitation of a Pathname to a Restricted Directory(''Path
Traversal'')'
description: |
Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or
v1.4.3 allow remote attackers to read files outside of the intended directory.

22
data/reports/GO-2020-0033.yaml
Просмотреть файл

@ -1,24 +1,26 @@
packages:
modules:
- module: aahframe.work
symbols:
- HTTPEngine.Handle
derived_symbols:
- Application.Run
- Application.ServeHTTP
- Application.Start
versions:
- fixed: 0.12.4
packages:
- package: aahframe.work
symbols:
- HTTPEngine.Handle
derived_symbols:
- Application.Run
- Application.ServeHTTP
- Application.Start
description: |
Due to improper santization of user input, HTTPEngine.Handle allows
for directory traversal, allowing an attacker to read files outside of
the target directory that the server has permission to read.
published: 2021-04-14T20:04:52Z
credit: '@snyff'
cve_metadata:
id: CVE-2020-36559
cwe: "CWE 23: Relative Path Traversal"
links:
pr: https://github.com/go-aah/aah/pull/267
commit: https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec
context:
- https://github.com/go-aah/aah/issues/266
cve_metadata:
id: CVE-2020-36559
cwe: 'CWE 23: Relative Path Traversal'

14
data/reports/GO-2020-0034.yaml
Просмотреть файл

@ -1,19 +1,21 @@
packages:
modules:
- module: github.com/artdarek/go-unzip
symbols:
- Unzip.Extract
versions:
- fixed: 1.0.0
packages:
- package: github.com/artdarek/go-unzip
symbols:
- Unzip.Extract
description: |
Due to improper path santization, archives containing relative file
paths can cause files to be written (or overwritten) outside of the
target directory.
published: 2021-04-14T20:04:52Z
cve_metadata:
id: CVE-2020-36560
cwe: 'CWE 29: Path Traversal: "\..\filename"'
links:
pr: https://github.com/artdarek/go-unzip/pull/2
commit: https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0
context:
- https://snyk.io/research/zip-slip-vulnerability
cve_metadata:
id: CVE-2020-36560
cwe: 'CWE 29: Path Traversal: "\..\filename"'

14
data/reports/GO-2020-0035.yaml
Просмотреть файл

@ -1,19 +1,21 @@
packages:
modules:
- module: github.com/yi-ge/unzip
symbols:
- Unzip.Extract
versions:
- fixed: 1.0.3-0.20200308084313-2adbaa4891b9
packages:
- package: github.com/yi-ge/unzip
symbols:
- Unzip.Extract
description: |
Due to improper path santization, archives containing relative file
paths can cause files to be written (or overwritten) outside of the
target directory.
published: 2021-04-14T20:04:52Z
cve_metadata:
id: CVE-2020-36561
cwe: 'CWE 29: Path Traversal: "\..\filename"'
links:
pr: https://github.com/yi-ge/unzip/pull/1
commit: https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73
context:
- https://snyk.io/research/zip-slip-vulnerability
cve_metadata:
id: CVE-2020-36561
cwe: 'CWE 29: Path Traversal: "\..\filename"'

30
data/reports/GO-2020-0036.yaml
Просмотреть файл

@ -1,20 +1,24 @@
packages:
modules:
- module: gopkg.in/yaml.v2
symbols:
- yaml_parser_fetch_more_tokens
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
versions:
- fixed: 2.2.8
packages:
- package: gopkg.in/yaml.v2
symbols:
- yaml_parser_fetch_more_tokens
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
- module: github.com/go-yaml/yaml
symbols:
- yaml_parser_fetch_more_tokens
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
packages:
- package: github.com/go-yaml/yaml
symbols:
- yaml_parser_fetch_more_tokens
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
description: |
Due to unbounded aliasing, a crafted YAML file can cause consumption
of significant system resources. If parsing user supplied input, this

15
data/reports/GO-2020-0037.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/tendermint/tendermint
package: github.com/tendermint/tendermint/rpc/client
symbols:
- makeHTTPClient
versions:
- fixed: 0.31.1
packages:
- package: github.com/tendermint/tendermint/rpc/client
symbols:
- makeHTTPClient
description: |
Due to support of Gzip compression in request bodies, as well
as a lack of limiting response body sizes, a malicious server
@ -12,9 +13,9 @@ description: |
resources, which may be used as a denial of service vector.
published: 2021-04-14T20:04:52Z
credit: '@guagualvcha'
cve_metadata:
id: CVE-2019-25072
cwe: "CWE-400: Uncontrolled Resource Consumption"
links:
pr: https://github.com/tendermint/tendermint/pull/3430
commit: https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613
cve_metadata:
id: CVE-2019-25072
cwe: 'CWE-400: Uncontrolled Resource Consumption'

20
data/reports/GO-2020-0038.yaml
Просмотреть файл

@ -1,15 +1,17 @@
packages:
modules:
- module: github.com/pion/dtls
symbols:
- Conn.handleIncomingPacket
derived_symbols:
- Client
- Dial
- Listener.Accept
- Resume
- Server
versions:
- fixed: 1.5.2
packages:
- package: github.com/pion/dtls
symbols:
- Conn.handleIncomingPacket
derived_symbols:
- Client
- Dial
- Listener.Accept
- Resume
- Server
description: |
Due to improper verification of packets, unencrypted packets containing
application data are accepted after the initial handshake. This allows

20
data/reports/GO-2020-0039.yaml
Просмотреть файл

@ -1,15 +1,17 @@
packages:
modules:
- module: gopkg.in/macaron.v1
symbols:
- staticHandler
derived_symbols:
- Context.Next
- LoggerInvoker.Invoke
- Macaron.Run
- Macaron.ServeHTTP
- Router.ServeHTTP
versions:
- fixed: 1.3.7
packages:
- package: gopkg.in/macaron.v1
symbols:
- staticHandler
derived_symbols:
- Context.Next
- LoggerInvoker.Invoke
- Macaron.Run
- Macaron.ServeHTTP
- Router.ServeHTTP
description: |
Due to improper request santization, a specifically crafted URL
can cause the static file handler to redirect to an attacker chosen

10
data/reports/GO-2020-0040.yaml
Просмотреть файл

@ -1,13 +1,15 @@
packages:
modules:
- module: github.com/shiyanhui/dht
packages:
- package: github.com/shiyanhui/dht
description: |
Due to unchecked type assertions, maliciously crafted messages can
cause panics, which may be used as a denial of service vector.
published: 2021-04-14T20:04:52Z
credit: '@hMihaiDavid'
cve_metadata:
id: CVE-2020-36562
cwe: "CWE-400: Uncontrolled Resource Consumption"
links:
context:
- https://github.com/shiyanhui/dht/issues/57
cve_metadata:
id: CVE-2020-36562
cwe: 'CWE-400: Uncontrolled Resource Consumption'

58
data/reports/GO-2020-0041.yaml
Просмотреть файл

@ -1,36 +1,34 @@
packages:
modules:
- module: github.com/unknwon/cae
package: github.com/unknwon/cae/tz
symbols:
- TzArchive.syncFiles
- TzArchive.ExtractToFunc
derived_symbols:
- Create
- ExtractTo
- Open
- OpenFile
- TzArchive.Close
- TzArchive.ExtractTo
- TzArchive.Flush
- TzArchive.Open
versions:
- fixed: 1.0.1
- module: github.com/unknwon/cae
package: github.com/unknwon/cae/zip
symbols:
- ZipArchive.Open
- ZipArchive.ExtractToFunc
derived_symbols:
- Create
- ExtractTo
- ExtractToFunc
- Open
- OpenFile
- ZipArchive.Close
- ZipArchive.ExtractTo
- ZipArchive.Flush
versions:
- fixed: 1.0.1
packages:
- package: github.com/unknwon/cae/tz
symbols:
- TzArchive.syncFiles
- TzArchive.ExtractToFunc
derived_symbols:
- Create
- ExtractTo
- Open
- OpenFile
- TzArchive.Close
- TzArchive.ExtractTo
- TzArchive.Flush
- TzArchive.Open
- package: github.com/unknwon/cae/zip
symbols:
- ZipArchive.Open
- ZipArchive.ExtractToFunc
derived_symbols:
- Create
- ExtractTo
- ExtractToFunc
- Open
- OpenFile
- ZipArchive.Close
- ZipArchive.ExtractTo
- ZipArchive.Flush
description: |
Due to improper path santization, archives containing relative file
paths can cause files to be written (or overwritten) outside of the

9
data/reports/GO-2020-0042.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/sassoftware/go-rpmutils
package: github.com/sassoftware/go-rpmutils/cpio
symbols:
- Extract
versions:
- fixed: 0.1.0
packages:
- package: github.com/sassoftware/go-rpmutils/cpio
symbols:
- Extract
description: |
Due to improper path santization, RPMs containing relative file
paths can cause files to be written (or overwritten) outside of the

13
data/reports/GO-2020-0043.yaml
Просмотреть файл

@ -1,12 +1,13 @@
packages:
modules:
- module: github.com/mholt/caddy
package: github.com/mholt/caddy/caddyhttp/httpserver
symbols:
- httpContext.MakeServers
- Server.serveHTTP
- assertConfigsCompatible
versions:
- fixed: 0.10.13
packages:
- package: github.com/mholt/caddy/caddyhttp/httpserver
symbols:
- httpContext.MakeServers
- Server.serveHTTP
- assertConfigsCompatible
description: |
Due to improper TLS verification when serving traffic for multiple
SNIs, an attacker may bypass TLS client authentication by indicating

20
data/reports/GO-2020-0045.yaml
Просмотреть файл

@ -1,23 +1,25 @@
packages:
modules:
- module: github.com/dinever/golf
symbols:
- randomBytes
derived_symbols:
- Context.Render
- Context.RenderFromString
versions:
- fixed: 0.3.0
packages:
- package: github.com/dinever/golf
symbols:
- randomBytes
derived_symbols:
- Context.Render
- Context.RenderFromString
description: |
CSRF tokens are generated using math/rand, which is not a cryptographically secure
rander number generation, making predicting their values relatively trivial and
allowing an attacker to bypass CSRF protections which relatively few requests.
published: 2021-04-14T20:04:52Z
credit: '@elithrar'
cve_metadata:
id: CVE-2016-15005
cwe: "CWE 338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
links:
pr: https://github.com/dinever/golf/pull/24
commit: https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe
context:
- https://github.com/dinever/golf/issues/20
cve_metadata:
id: CVE-2016-15005
cwe: 'CWE 338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)'

20
data/reports/GO-2020-0046.yaml
Просмотреть файл

@ -1,17 +1,21 @@
packages:
modules:
- module: github.com/russellhaering/goxmldsig
symbols:
- ValidationContext.validateSignature
versions:
- fixed: 1.1.0
packages:
- package: github.com/russellhaering/goxmldsig
symbols:
- ValidationContext.validateSignature
- module: github.com/russellhaering/gosaml2
symbols:
- SAMLServiceProvider.validateAssertionSignatures
derived_symbols:
- SAMLServiceProvider.RetrieveAssertionInfo
- SAMLServiceProvider.ValidateEncodedResponse
versions:
- fixed: 0.6.0
packages:
- package: github.com/russellhaering/gosaml2
symbols:
- SAMLServiceProvider.validateAssertionSignatures
derived_symbols:
- SAMLServiceProvider.RetrieveAssertionInfo
- SAMLServiceProvider.ValidateEncodedResponse
description: |
Due to a nil pointer dereference, a malformed XML Digital Signature
can cause a panic during validation. If user supplied signatures are

18
data/reports/GO-2020-0047.yaml
Просмотреть файл

@ -1,17 +1,19 @@
packages:
modules:
- module: github.com/RobotsAndPencils/go-saml
symbols:
- AuthnRequest.Validate
- NewAuthnRequest
- NewSignedResponse
packages:
- package: github.com/RobotsAndPencils/go-saml
symbols:
- AuthnRequest.Validate
- NewAuthnRequest
- NewSignedResponse
description: |
XML Digital Signatures generated and validated using this package use
SHA-1, which may allow an attacker to craft inputs which cause hash
collisions depending on their control over the input.
published: 2021-04-14T20:04:52Z
cve_metadata:
id: CVE-2020-36563
cwe: "CWE 328: Use of Weak Hash"
links:
context:
- https://github.com/RobotsAndPencils/go-saml/pull/38
cve_metadata:
id: CVE-2020-36563
cwe: 'CWE 328: Use of Weak Hash'

8
data/reports/GO-2020-0048.yaml
Просмотреть файл

@ -1,9 +1,11 @@
packages:
modules:
- module: github.com/antchfx/xmlquery
symbols:
- LoadURL
versions:
- fixed: 1.3.1
packages:
- package: github.com/antchfx/xmlquery
symbols:
- LoadURL
description: |
LoadURL does not check the Content-Type of loaded resources,
which can cause a panic due to nil pointer deference if the loaded

20
data/reports/GO-2020-0049.yaml
Просмотреть файл

@ -1,21 +1,23 @@
packages:
modules:
- module: github.com/justinas/nosurf
symbols:
- VerifyToken
- verifyToken
derived_symbols:
- CSRFHandler.ServeHTTP
versions:
- fixed: 1.1.1
packages:
- package: github.com/justinas/nosurf
symbols:
- VerifyToken
- verifyToken
derived_symbols:
- CSRFHandler.ServeHTTP
description: |
Due to improper validation of caller input, validation is silently disabled
if the provided expected token is malformed, causing any user supplied token
to be considered valid.
published: 2021-04-14T20:04:52Z
credit: '@aeneasr'
cve_metadata:
id: CVE-2020-36564
cwe: "CWE 345: Insufficient Verification of Data Authenticity"
links:
pr: https://github.com/justinas/nosurf/pull/60
commit: https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314
cve_metadata:
id: CVE-2020-36564
cwe: 'CWE 345: Insufficient Verification of Data Authenticity'

12
data/reports/GO-2020-0050.yaml
Просмотреть файл

@ -1,12 +1,14 @@
packages:
modules:
- module: github.com/russellhaering/goxmldsig
symbols:
- ValidationContext.findSignature
derived_symbols:
- ValidationContext.Validate
versions:
- fixed: 1.1.0
vulnerable_at: 0.0.0-20200902171629-2e1fbc2c5593
packages:
- package: github.com/russellhaering/goxmldsig
symbols:
- ValidationContext.findSignature
derived_symbols:
- ValidationContext.Validate
description: |
Due to the behavior of encoding/xml, a crafted XML document may cause
XML Digital Signature validation to be entirely bypassed, causing an

21
data/reports/GO-2021-0051.yaml
Просмотреть файл

@ -1,20 +1,25 @@
packages:
modules:
- module: github.com/labstack/echo/v4
symbols:
- common.static
versions:
- fixed: 4.1.18-0.20201215153152-4422e3b66b9f
packages:
- package: github.com/labstack/echo/v4
goos:
- windows
symbols:
- common.static
description: |
Due to improper sanitization of user input on Windows, the static file handler
allows for directory traversal, allowing an attacker to read files outside of
the target directory that the server has permission to read.
published: 2021-04-14T20:04:52Z
credit: '@little-cui (Apache ServiceComb)'
cve_metadata:
id: CVE-2020-36565
cwe: "CWE 22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
os:
- windows
links:
pr: https://github.com/labstack/echo/pull/1718
commit: https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
cve_metadata:
id: CVE-2020-36565
cwe: 'CWE 22: Improper Limitation of a Pathname to a Restricted Directory (''Path
Traversal'')'
os:
- windows

8
data/reports/GO-2021-0052.yaml
Просмотреть файл

@ -1,9 +1,11 @@
packages:
modules:
- module: github.com/gin-gonic/gin
symbols:
- Context.ClientIP
versions:
- fixed: 1.6.3-0.20210406033725-bfc8ca285eb4
packages:
- package: github.com/gin-gonic/gin
symbols:
- Context.ClientIP
description: |
Due to improper HTTP header santization, a malicious user can spoof their
source IP address by setting the X-Forwarded-For header. This may allow

4
data/reports/GO-2021-0053.yaml
Просмотреть файл

@ -1,7 +1,9 @@
packages:
modules:
- module: github.com/gogo/protobuf
versions:
- fixed: 1.3.2
packages:
- package: github.com/gogo/protobuf
description: |
Due to improper bounds checking, maliciously crafted input to generated
Unmarshal methods can cause an out-of-bounds panic. If parsing messages

12
data/reports/GO-2021-0054.yaml
Просмотреть файл

@ -1,11 +1,13 @@
packages:
modules:
- module: github.com/tidwall/gjson
symbols:
- unwrap
derived_symbols:
- Result.ForEach
versions:
- fixed: 1.6.6
packages:
- package: github.com/tidwall/gjson
symbols:
- unwrap
derived_symbols:
- Result.ForEach
description: |
Due to improper bounds checking, maliciously crafted JSON objects
can cause an out-of-bounds panic. If parsing user input, this may

50
data/reports/GO-2021-0057.yaml
Просмотреть файл

@ -1,30 +1,32 @@
packages:
modules:
- module: github.com/buger/jsonparser
symbols:
- searchKeys
derived_symbols:
- ArrayEach
- Delete
- EachKey
- FuzzDelete
- FuzzEachKey
- FuzzGetBoolean
- FuzzGetFloat
- FuzzGetInt
- FuzzGetString
- FuzzGetUnsafeString
- FuzzObjectEach
- FuzzSet
- Get
- GetBoolean
- GetFloat
- GetInt
- GetString
- GetUnsafeString
- ObjectEach
- Set
versions:
- fixed: 1.1.1
packages:
- package: github.com/buger/jsonparser
symbols:
- searchKeys
derived_symbols:
- ArrayEach
- Delete
- EachKey
- FuzzDelete
- FuzzEachKey
- FuzzGetBoolean
- FuzzGetFloat
- FuzzGetInt
- FuzzGetString
- FuzzGetUnsafeString
- FuzzObjectEach
- FuzzSet
- Get
- GetBoolean
- GetFloat
- GetInt
- GetString
- GetUnsafeString
- ObjectEach
- Set
description: |
Due to improper bounds checking, maliciously crafted JSON objects
can cause an out-of-bounds panic. If parsing user input, this may

32
data/reports/GO-2021-0058.yaml
Просмотреть файл

@ -1,24 +1,20 @@
packages:
modules:
- module: github.com/crewjam/saml
symbols:
- IdpAuthnRequest.Validate
- ServiceProvider.ParseXMLResponse
- ServiceProvider.ValidateLogoutResponseForm
- ServiceProvider.ValidateLogoutResponseRedirect
derived_symbols:
- IdentityProvider.ServeSSO
- ServiceProvider.ParseResponse
- ServiceProvider.ValidateLogoutResponseRequest
versions:
- fixed: 0.4.3
- module: github.com/crewjam/saml
package: github.com/crewjam/saml/samlidp
versions:
- fixed: 0.4.3
- module: github.com/crewjam/saml
package: github.com/crewjam/saml/samlsp
versions:
- fixed: 0.4.3
packages:
- package: github.com/crewjam/saml
symbols:
- IdpAuthnRequest.Validate
- ServiceProvider.ParseXMLResponse
- ServiceProvider.ValidateLogoutResponseForm
- ServiceProvider.ValidateLogoutResponseRedirect
derived_symbols:
- IdentityProvider.ServeSSO
- ServiceProvider.ParseResponse
- ServiceProvider.ValidateLogoutResponseRequest
- package: github.com/crewjam/saml/samlidp
- package: github.com/crewjam/saml/samlsp
description: |
Due to the behavior of encoding/xml, a crafted XML document may cause
XML Digital Signature validation to be entirely bypassed, causing an

8
data/reports/GO-2021-0059.yaml
Просмотреть файл

@ -1,9 +1,11 @@
packages:
modules:
- module: github.com/tidwall/gjson
symbols:
- sqaush
versions:
- fixed: 1.6.4
packages:
- package: github.com/tidwall/gjson
symbols:
- sqaush
description: |
Due to improper bounds checking, maliciously crafted JSON objects
can cause an out-of-bounds panic. If parsing user input, this may

18
data/reports/GO-2021-0060.yaml
Просмотреть файл

@ -1,14 +1,16 @@
packages:
modules:
- module: github.com/russellhaering/gosaml2
symbols:
- parseResponse
derived_symbols:
- SAMLServiceProvider.RetrieveAssertionInfo
- SAMLServiceProvider.ValidateEncodedLogoutRequestPOST
- SAMLServiceProvider.ValidateEncodedLogoutResponsePOST
- SAMLServiceProvider.ValidateEncodedResponse
versions:
- fixed: 0.6.0
packages:
- package: github.com/russellhaering/gosaml2
symbols:
- parseResponse
derived_symbols:
- SAMLServiceProvider.RetrieveAssertionInfo
- SAMLServiceProvider.ValidateEncodedLogoutRequestPOST
- SAMLServiceProvider.ValidateEncodedLogoutResponsePOST
- SAMLServiceProvider.ValidateEncodedResponse
description: |
Due to the behavior of encoding/xml, a crafted XML document may cause
XML Digital Signature validation to be entirely bypassed, causing an

36
data/reports/GO-2021-0061.yaml
Просмотреть файл

@ -1,29 +1,33 @@
packages:
modules:
- module: gopkg.in/yaml.v2
symbols:
- decoder.unmarshal
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
versions:
- fixed: 2.2.3
packages:
- package: gopkg.in/yaml.v2
symbols:
- decoder.unmarshal
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
- module: github.com/go-yaml/yaml
symbols:
- decoder.unmarshal
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
packages:
- package: github.com/go-yaml/yaml
symbols:
- decoder.unmarshal
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
description: |
Due to unbounded alias chasing, a maliciously crafted YAML file
can cause the system to consume significant system resources. If
parsing user input, this may be used as a denial of service vector.
cve_metadata:
id: CVE-2021-4235
cwe: "CWE 400: Uncontrolled Resource Consumption"
published: 2021-04-14T20:04:52Z
credit: '@simonferquel'
links:
pr: https://github.com/go-yaml/yaml/pull/375
commit: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241
cve_metadata:
id: CVE-2021-4235
cwe: 'CWE 400: Uncontrolled Resource Consumption'

13
data/reports/GO-2021-0063.yaml
Просмотреть файл

@ -1,12 +1,13 @@
packages:
modules:
- module: github.com/ethereum/go-ethereum
package: github.com/ethereum/go-ethereum/les
symbols:
- serverHandler.handleMsg
derived_symbols:
- PrivateLightServerAPI.Benchmark
versions:
- fixed: 1.9.25
packages:
- package: github.com/ethereum/go-ethereum/les
symbols:
- serverHandler.handleMsg
derived_symbols:
- PrivateLightServerAPI.Benchmark
description: |
Due to a nil pointer dereference, a malicously crafted RPC message
can cause a panic. If handling RPC messages from untrusted clients,

16
data/reports/GO-2021-0064.yaml
Просмотреть файл

@ -1,16 +1,18 @@
packages:
modules:
- module: k8s.io/client-go
package: k8s.io/client-go/transport
symbols:
- requestInfo.toCurl
versions:
- fixed: 0.20.0-alpha.2
packages:
- package: k8s.io/client-go/transport
symbols:
- requestInfo.toCurl
- module: k8s.io/kubernetes
package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
symbols:
- requestInfo.toCurl
versions:
- fixed: 1.20.0-alpha.2
packages:
- package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
symbols:
- requestInfo.toCurl
description: |
Authorization tokens may be inappropriately logged if the verbosity
level is set to a debug level.

16
data/reports/GO-2021-0065.yaml
Просмотреть файл

@ -1,16 +1,18 @@
packages:
modules:
- module: k8s.io/client-go
package: k8s.io/client-go/transport
symbols:
- debuggingRoundTripper.RoundTrip
versions:
- fixed: 0.17.0
packages:
- package: k8s.io/client-go/transport
symbols:
- debuggingRoundTripper.RoundTrip
- module: k8s.io/kubernetes
package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
symbols:
- debuggingRoundTripper.RoundTrip
versions:
- fixed: 1.16.0-beta.1
packages:
- package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
symbols:
- debuggingRoundTripper.RoundTrip
description: |
Authorization tokens may be inappropriately logged if the verbosity
level is set to a debug level.

11
data/reports/GO-2021-0066.yaml
Просмотреть файл

@ -1,11 +1,12 @@
packages:
modules:
- module: k8s.io/kubernetes
package: k8s.io/kubernetes/pkg/credentialprovider
symbols:
- readDockerConfigFileFromBytes
- readDockerConfigJSONFileFromBytes
versions:
- fixed: 1.20.0-alpha.1
packages:
- package: k8s.io/kubernetes/pkg/credentialprovider
symbols:
- readDockerConfigFileFromBytes
- readDockerConfigJSONFileFromBytes
description: |
Attempting to read a malformed .dockercfg may cause secrets to be
inappropriately logged.

9
data/reports/GO-2021-0067.yaml
Просмотреть файл

@ -1,11 +1,12 @@
packages:
modules:
- module: std
package: archive/zip
symbols:
- toValidName
versions:
- introduced: 1.16.0
fixed: 1.16.1
packages:
- package: archive/zip
symbols:
- toValidName
description: |
Using Reader.Open on an archive containing a file with a path
prefixed by "../" will cause a panic due to a stack overflow.

11
data/reports/GO-2021-0068.yaml
Просмотреть файл

@ -1,11 +1,14 @@
do_not_export: true
packages:
modules:
- module: std
package: cmd/go
versions:
- fixed: 1.14.14
- introduced: 1.15.0
fixed: 1.15.7
packages:
- package: cmd/go
goos:
- windows
description: |
The go command may execute arbitrary code at build time when using cgo on Windows.
This can be triggered by running go get on a malicious module, or any other time
@ -14,8 +17,6 @@ published: 2021-04-14T20:04:52Z
cves:
- CVE-2021-3115
credit: RyotaK
os:
- windows
links:
pr: https://go.dev/cl/284783
commit: https://go.googlesource.com/go/+/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0
@ -24,3 +25,5 @@ links:
- https://groups.google.com/g/golang-announce/c/mperVMGa98w/m/yo5W5wnvAAAJ
- https://go.dev/cl/284780
- https://go.googlesource.com/go/+/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0
os:
- windows

9
data/reports/GO-2021-0069.yaml
Просмотреть файл

@ -1,13 +1,14 @@
packages:
modules:
- module: std
package: math/big
symbols:
- nat.divRecursiveStep
versions:
- introduced: 1.14.0
fixed: 1.14.12
- introduced: 1.15.0
fixed: 1.15.5
packages:
- package: math/big
symbols:
- nat.divRecursiveStep
description: |
A number of math/big.Int methods can panic when provided large inputs due
to a flawed division method.

13
data/reports/GO-2021-0070.yaml
Просмотреть файл

@ -1,12 +1,13 @@
packages:
modules:
- module: github.com/opencontainers/runc
package: github.com/opencontainers/runc/libcontainer/user
symbols:
- GetExecUser
derived_symbols:
- GetExecUserPath
versions:
- fixed: 0.1.0
packages:
- package: github.com/opencontainers/runc/libcontainer/user
symbols:
- GetExecUser
derived_symbols:
- GetExecUserPath
description: |
GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
improperly interpret numeric UIDs as usernames. If the method is used without

9
data/reports/GO-2021-0071.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/lxc/lxd
package: github.com/lxc/lxd/shared
symbols:
- IdmapSet.doUidshiftIntoContainer
versions:
- fixed: 0.0.0-20151004155856-19c6961cc101
packages:
- package: github.com/lxc/lxd/shared
symbols:
- IdmapSet.doUidshiftIntoContainer
description: |
A race between chown and chmod operations during a container
filesystem shift may allow a user who can modify the filesystem to

50
data/reports/GO-2021-0072.yaml
Просмотреть файл

@ -1,32 +1,30 @@
packages:
modules:
- module: github.com/docker/distribution
package: github.com/docker/distribution/registry/handlers
symbols:
- copyFullPayload
derived_symbols:
- blobUploadHandler.PatchBlobData
- blobUploadHandler.PutBlobUploadComplete
- imageManifestHandler.GetImageManifest
- imageManifestHandler.PutImageManifest
versions:
- fixed: 2.7.0-rc.0+incompatible
- module: github.com/docker/distribution
package: github.com/docker/distribution/registry/storage
symbols:
- blobStore.Get
derived_symbols:
- PurgeUploads
- Walk
- blobStore.Enumerate
- blobStore.Get
- linkedBlobStore.Enumerate
- linkedBlobStore.Get
- manifestStore.Enumerate
- manifestStore.Get
- registry.Enumerate
- registry.Repositories
versions:
- fixed: 2.7.0-rc.0+incompatible
packages:
- package: github.com/docker/distribution/registry/handlers
symbols:
- copyFullPayload
derived_symbols:
- blobUploadHandler.PatchBlobData
- blobUploadHandler.PutBlobUploadComplete
- imageManifestHandler.GetImageManifest
- imageManifestHandler.PutImageManifest
- package: github.com/docker/distribution/registry/storage
symbols:
- blobStore.Get
derived_symbols:
- PurgeUploads
- Walk
- blobStore.Enumerate
- blobStore.Get
- linkedBlobStore.Enumerate
- linkedBlobStore.Get
- manifestStore.Enumerate
- manifestStore.Get
- registry.Enumerate
- registry.Repositories
description: |
Various storage methods do not impose limits on how much content is accepted
from user requests, allowing a malicious user to force the caller to allocate

9
data/reports/GO-2021-0073.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/lfsapi
symbols:
- sshGetLFSExeAndArgs
versions:
- fixed: 2.1.1-0.20170519163204-f913f5f9c7c6+incompatible
packages:
- package: github.com/git-lfs/git-lfs/lfsapi
symbols:
- sshGetLFSExeAndArgs
description: |
Arbitrary command execution can be triggered by improperly
sanitized SSH URLs in LFS configuration files. This can be

9
data/reports/GO-2021-0075.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/ethereum/go-ethereum
package: github.com/ethereum/go-ethereum/les
symbols:
- protocolManager.handleMsg
versions:
- fixed: 1.8.11
packages:
- package: github.com/ethereum/go-ethereum/les
symbols:
- protocolManager.handleMsg
description: |
Due to improper argument validation in RPC messages, a maliciously crafted
message can cause a panic, leading to denial of service.

8
data/reports/GO-2021-0076.yaml
Просмотреть файл

@ -1,9 +1,11 @@
packages:
modules:
- module: github.com/evanphx/json-patch
symbols:
- partialArray.add
versions:
- fixed: 0.5.2
packages:
- package: github.com/evanphx/json-patch
symbols:
- partialArray.add
description: |
A malicious JSON patch can cause a panic due to an out-of-bounds
write attempt. This can be used as a denial of service vector if

9
data/reports/GO-2021-0077.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: go.etcd.io/etcd
package: go.etcd.io/etcd/auth
symbols:
- authStore.AuthInfoFromTLS
versions:
- fixed: 0.5.0-alpha.5.0.20190108173120-83c051b701d3
packages:
- package: go.etcd.io/etcd/auth
symbols:
- authStore.AuthInfoFromTLS
description: |
A user can use a valid client certificate that contains a CommonName that matches a
valid RBAC username to authenticate themselves as that user, despite lacking the

11
data/reports/GO-2021-0078.yaml
Просмотреть файл

@ -1,11 +1,12 @@
packages:
modules:
- module: golang.org/x/net
package: golang.org/x/net/html
symbols:
- inBodyIM
- inFramesetIM
versions:
- fixed: 0.0.0-20180816102801-aaf60122140d
packages:
- package: golang.org/x/net/html
symbols:
- inBodyIM
- inFramesetIM
description: |
The HTML parser does not properly handle "in frameset" insertion mode, and can be made
to panic when operating on malformed HTML that contains <template> tags. If operating

9
data/reports/GO-2021-0079.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/bytom/bytom
package: github.com/bytom/bytom/p2p/discover
symbols:
- Network.checkTopicRegister
versions:
- fixed: 1.0.4-0.20180831054840-1ac3c8ac4f2b
packages:
- package: github.com/bytom/bytom/p2p/discover
symbols:
- Network.checkTopicRegister
description: |
A malformed query can cause an out-of-bounds panic due to improper
validation of arguments. If processing queries from untrusted

9
data/reports/GO-2021-0081.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/containers/image
package: github.com/containers/image/docker
symbols:
- dockerClient.getBearerToken
versions:
- fixed: 2.0.2-0.20190802080134-634605d06e73+incompatible
packages:
- package: github.com/containers/image/docker
symbols:
- dockerClient.getBearerToken
description: |
The HTTP client used to connect to the container registry authorization
service explicitly disables TLS verification, allowing an attacker that

5
data/reports/GO-2021-0082.yaml
Просмотреть файл

@ -1,8 +1,9 @@
packages:
modules:
- module: github.com/facebook/fbthrift
package: github.com/facebook/fbthrift/thrift/lib/go/thrift
versions:
- fixed: 0.31.1-0.20200311080807-483ed864d69f
packages:
- package: github.com/facebook/fbthrift/thrift/lib/go/thrift
description: |
Thirft Servers preallocate memory for the declared size of messages before
checking the actual size of the message. This allows a malicious user to

9
data/reports/GO-2021-0083.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/hybridgroup/gobot
package: github.com/hybridgroup/gobot/platforms/mqtt
symbols:
- Adaptor.newTLSConfig
versions:
- fixed: 1.12.1-0.20190521122906-c1aa4f867846
packages:
- package: github.com/hybridgroup/gobot/platforms/mqtt
symbols:
- Adaptor.newTLSConfig
description: |
TLS certificate verification is skipped when connecting to a MQTT server.
This allows an attacker who can MITM the connection to read, or forge,

11
data/reports/GO-2021-0084.yaml
Просмотреть файл

@ -1,11 +1,12 @@
packages:
modules:
- module: github.com/astaxie/beego
package: github.com/astaxie/beego/session
symbols:
- FileProvider.SessionRead
- FileProvider.SessionRegenerate
versions:
- fixed: 1.12.2-0.20200613154013-bac2b31afecc
packages:
- package: github.com/astaxie/beego/session
symbols:
- FileProvider.SessionRead
- FileProvider.SessionRegenerate
description: |
Session data is stored using permissive permissions, allowing local users
with filesystem access to read arbitrary data.

8
data/reports/GO-2021-0085.yaml
Просмотреть файл

@ -1,12 +1,14 @@
packages:
modules:
- module: github.com/opencontainers/runc
package: github.com/opencontainers/runc/libcontainer
versions:
- fixed: 1.0.0-rc8.0.20190930145003-cad42f6e0932
packages:
- package: github.com/opencontainers/runc/libcontainer
- module: github.com/opencontainers/selinux
package: github.com/opencontainers/selinux/go-selinux
versions:
- fixed: 1.3.1-0.20190929122143-5215b1806f52
packages:
- package: github.com/opencontainers/selinux/go-selinux
description: |
AppArmor restrictions may be bypassed due to improper validation of mount
targets, allowing a malicious image to mount volumes over e.g. /proc.

9
data/reports/GO-2021-0086.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/documize/community
package: github.com/documize/community/domain/section/markdown
symbols:
- Provider.Render
versions:
- fixed: 1.76.3-0.20191119114751-a4384210d4d0
packages:
- package: github.com/documize/community/domain/section/markdown
symbols:
- Provider.Render
description: |
HTML content in markdown is not santized during rendering, possibly allowing
XSS if used to render untrusted user input.

9
data/reports/GO-2021-0087.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/opencontainers/runc
package: github.com/opencontainers/runc/libcontainer
symbols:
- mountToRootfs
versions:
- fixed: 1.0.0-rc9.0.20200122160610-2fc03cc11c77
packages:
- package: github.com/opencontainers/runc/libcontainer
symbols:
- mountToRootfs
description: |
A race while mounting volumes allows a possible symlink-exchange
attack, allowing a user whom can start multiple containers with

9
data/reports/GO-2021-0088.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/facebook/fbthrift
package: github.com/facebook/fbthrift/thrift/lib/go/thrift
symbols:
- Skip
versions:
- fixed: 0.31.1-0.20190225164308-c461c1bd1a3e
packages:
- package: github.com/facebook/fbthrift/thrift/lib/go/thrift
symbols:
- Skip
description: |
Skip ignores unknown fields, rather than failing. A malicious user can craft small
messages with unknown fields which can take significant resources to parse. If a

8
data/reports/GO-2021-0089.yaml
Просмотреть файл

@ -1,9 +1,11 @@
packages:
modules:
- module: github.com/buger/jsonparser
symbols:
- findKeyStart
versions:
- fixed: 0.0.0-20200321185410-91ac96899e49
packages:
- package: github.com/buger/jsonparser
symbols:
- findKeyStart
description: |
Parsing malformed JSON which contain opening brackets, but not closing brackets,
leads to an infinite loop. If operating on untrusted user input this can be

13
data/reports/GO-2021-0090.yaml
Просмотреть файл

@ -1,13 +1,14 @@
packages:
modules:
- module: github.com/tendermint/tendermint
package: github.com/tendermint/tendermint/types
symbols:
- VoteSet.MakeCommit
derived_symbols:
- MakeCommit
versions:
- introduced: 0.33.0
fixed: 0.34.0-dev1.0.20200702134149-480b995a3172
packages:
- package: github.com/tendermint/tendermint/types
symbols:
- VoteSet.MakeCommit
derived_symbols:
- MakeCommit
description: |
Proposed commits may contain signatures for blocks not contained
within the commit. Instead of skipping these signatures, they

8
data/reports/GO-2021-0091.yaml
Просмотреть файл

@ -1,9 +1,11 @@
packages:
modules:
- module: github.com/gofiber/fiber
symbols:
- Ctx.Attachment
versions:
- fixed: 1.12.6-0.20200710202935-a8ad5454363f
packages:
- package: github.com/gofiber/fiber
symbols:
- Ctx.Attachment
description: |
Due to improper input validation when uploading a file, a malicious user may
force the server to return arbitrary HTTP headers when the uploaded

14
data/reports/GO-2021-0092.yaml
Просмотреть файл

@ -1,12 +1,14 @@
packages:
modules:
- module: github.com/ory/fosite
symbols:
- Fosite.AuthenticateClient
derived_symbols:
- Fosite.NewAccessRequest
- Fosite.NewRevocationRequest
versions:
- fixed: 0.31.0
packages:
- package: github.com/ory/fosite
symbols:
- Fosite.AuthenticateClient
derived_symbols:
- Fosite.NewAccessRequest
- Fosite.NewRevocationRequest
description: |
Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be
replayed.

8
data/reports/GO-2021-0094.yaml
Просмотреть файл

@ -1,9 +1,11 @@
packages:
modules:
- module: github.com/hashicorp/go-slug
symbols:
- Unpack
versions:
- fixed: 0.5.0
packages:
- package: github.com/hashicorp/go-slug
symbols:
- Unpack
description: |
Protections against directory traversal during archive extraction can be
bypassed by chaining multiple symbolic links within the archive. This allows

9
data/reports/GO-2021-0095.yaml
Просмотреть файл

@ -1,10 +1,11 @@
packages:
modules:
- module: github.com/google/go-tpm
package: github.com/google/go-tpm/tpm
symbols:
- CreateWrapKey
versions:
- fixed: 0.3.0
packages:
- package: github.com/google/go-tpm/tpm
symbols:
- CreateWrapKey
description: |
Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport
is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,

4
data/reports/GO-2021-0096.yaml
Просмотреть файл

@ -1,7 +1,9 @@
packages:
modules:
- module: github.com/proglottis/gpgme
versions:
- fixed: 0.1.1
packages:
- package: github.com/proglottis/gpgme
description: |
Due to improper setting of finalizers, memory passed to C may be freed before it is used,
leading to crashes due to memory corruption or possible code execution.

14
data/reports/GO-2021-0097.yaml
Просмотреть файл

@ -1,12 +1,14 @@
packages:
modules:
- module: github.com/dhowden/tag
symbols:
- readPICFrame
- readAPICFrame
- readTextWithDescrFrame
- readAtomData
versions:
- fixed: 0.0.0-20201120070457-d52dcb253c63
packages:
- package: github.com/dhowden/tag
symbols:
- readPICFrame
- readAPICFrame
- readTextWithDescrFrame
- readAtomData
description: |
Due to improper bounds checking, a number of methods can trigger a panic due to attempted
out-of-bounds reads. If the package is used to parse user supplied input, this may be

50
data/reports/GO-2021-0098.yaml
Просмотреть файл

@ -1,29 +1,29 @@
packages:
modules:
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/commands
symbols:
- PipeCommand
versions:
- fixed: 1.5.1-0.20210113180018-fc664697ed2c
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/creds
symbols:
- AskPassCredentialHelper.getFromProgram
- commandCredentialHelper.Approve
versions:
- fixed: 1.5.1-0.20210113180018-fc664697ed2c
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/lfs
symbols:
- pipeExtensions
versions:
- fixed: 1.5.1-0.20210113180018-fc664697ed2c
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/lfshttp
symbols:
- sshAuthClient.Resolve
versions:
- fixed: 1.5.1-0.20210113180018-fc664697ed2c
packages:
- package: github.com/git-lfs/git-lfs/commands
goos:
- windows
symbols:
- PipeCommand
- package: github.com/git-lfs/git-lfs/creds
goos:
- windows
symbols:
- AskPassCredentialHelper.getFromProgram
- commandCredentialHelper.Approve
- package: github.com/git-lfs/git-lfs/lfs
goos:
- windows
symbols:
- pipeExtensions
- package: github.com/git-lfs/git-lfs/lfshttp
goos:
- windows
symbols:
- sshAuthClient.Resolve
description: |
Due to the standard library behavior of exec.LookPath on Windows a number of methods may
result in arbitrary code execution when cloning or operating on untrusted Git repositories.
@ -33,9 +33,9 @@ cves:
ghsas:
- GHSA-cx3w-xqmc-84g5
credit: '@Ry0taK'
os:
- windows
links:
commit: https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a
context:
- https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5
os:
- windows

13
data/reports/GO-2021-0099.yaml
Просмотреть файл

@ -1,12 +1,13 @@
packages:
modules:
- module: github.com/deislabs/oras
package: github.com/deislabs/oras/pkg/content
symbols:
- extractTarDirectory
derived_symbols:
- fileWriter.Commit
versions:
- fixed: 0.9.0
packages:
- package: github.com/deislabs/oras/pkg/content
symbols:
- extractTarDirectory
derived_symbols:
- fileWriter.Commit
description: |
Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore
content store may result in directory traversal during archive extraction, allowing a

37
data/reports/GO-2021-0100.yaml
Просмотреть файл

@ -1,24 +1,25 @@
packages:
modules:
- module: github.com/containers/storage
package: github.com/containers/storage/pkg/archive
symbols:
- cmdStream
derived_symbols:
- ApplyLayer
- ApplyUncompressedLayer
- Archiver.CopyFileWithTar
- Archiver.CopyWithTar
- Archiver.TarUntar
- Archiver.UntarPath
- CopyResource
- CopyTo
- DecompressStream
- IsArchivePath
- Untar
- UntarPath
- UntarUncompressed
versions:
- fixed: 1.28.1
packages:
- package: github.com/containers/storage/pkg/archive
symbols:
- cmdStream
derived_symbols:
- ApplyLayer
- ApplyUncompressedLayer
- Archiver.CopyFileWithTar
- Archiver.CopyWithTar
- Archiver.TarUntar
- Archiver.UntarPath
- CopyResource
- CopyTo
- DecompressStream
- IsArchivePath
- Untar
- UntarPath
- UntarUncompressed
description: |
Due to a goroutine deadlock, using github.com/containers/storage/pkg/archive.DecompressStream
on a xz archive returns a reader which will hang indefinitely when Close is called. An attacker

103
data/reports/GO-2021-0101.yaml
Просмотреть файл

@ -1,58 +1,59 @@
packages:
modules:
- module: github.com/apache/thrift
package: github.com/apache/thrift/lib/go/thrift
symbols:
- TSimpleJSONProtocol.safePeekContains
derived_symbols:
- Skip
- SkipDefaultDepth
- TJSONProtocol.ParseElemListBegin
- TJSONProtocol.ReadBool
- TJSONProtocol.ReadByte
- TJSONProtocol.ReadDouble
- TJSONProtocol.ReadFieldBegin
- TJSONProtocol.ReadFieldEnd
- TJSONProtocol.ReadI16
- TJSONProtocol.ReadI32
- TJSONProtocol.ReadI64
- TJSONProtocol.ReadListBegin
- TJSONProtocol.ReadListEnd
- TJSONProtocol.ReadMapBegin
- TJSONProtocol.ReadMapEnd
- TJSONProtocol.ReadMessageBegin
- TJSONProtocol.ReadMessageEnd
- TJSONProtocol.ReadSetBegin
- TJSONProtocol.ReadSetEnd
- TJSONProtocol.ReadStructBegin
- TJSONProtocol.ReadStructEnd
- TSimpleJSONProtocol.ParseElemListBegin
- TSimpleJSONProtocol.ParseF64
- TSimpleJSONProtocol.ParseI64
- TSimpleJSONProtocol.ParseListBegin
- TSimpleJSONProtocol.ParseListEnd
- TSimpleJSONProtocol.ParseObjectEnd
- TSimpleJSONProtocol.ParseObjectStart
- TSimpleJSONProtocol.ReadByte
- TSimpleJSONProtocol.ReadDouble
- TSimpleJSONProtocol.ReadI16
- TSimpleJSONProtocol.ReadI32
- TSimpleJSONProtocol.ReadI64
- TSimpleJSONProtocol.ReadListBegin
- TSimpleJSONProtocol.ReadListEnd
- TSimpleJSONProtocol.ReadMapBegin
- TSimpleJSONProtocol.ReadMapEnd
- TSimpleJSONProtocol.ReadMessageBegin
- TSimpleJSONProtocol.ReadMessageEnd
- TSimpleJSONProtocol.ReadSetBegin
- TSimpleJSONProtocol.ReadSetEnd
- TSimpleJSONProtocol.ReadStructBegin
- TSimpleJSONProtocol.ReadStructEnd
- TStandardClient.Call
- TStandardClient.Recv
- tApplicationException.Read
versions:
- introduced: 0.0.0-20151001171628-53dd39833a08
- fixed: 0.13.0
packages:
- package: github.com/apache/thrift/lib/go/thrift
symbols:
- TSimpleJSONProtocol.safePeekContains
derived_symbols:
- Skip
- SkipDefaultDepth
- TJSONProtocol.ParseElemListBegin
- TJSONProtocol.ReadBool
- TJSONProtocol.ReadByte
- TJSONProtocol.ReadDouble
- TJSONProtocol.ReadFieldBegin
- TJSONProtocol.ReadFieldEnd
- TJSONProtocol.ReadI16
- TJSONProtocol.ReadI32
- TJSONProtocol.ReadI64
- TJSONProtocol.ReadListBegin
- TJSONProtocol.ReadListEnd
- TJSONProtocol.ReadMapBegin
- TJSONProtocol.ReadMapEnd
- TJSONProtocol.ReadMessageBegin
- TJSONProtocol.ReadMessageEnd
- TJSONProtocol.ReadSetBegin
- TJSONProtocol.ReadSetEnd
- TJSONProtocol.ReadStructBegin
- TJSONProtocol.ReadStructEnd
- TSimpleJSONProtocol.ParseElemListBegin
- TSimpleJSONProtocol.ParseF64
- TSimpleJSONProtocol.ParseI64
- TSimpleJSONProtocol.ParseListBegin
- TSimpleJSONProtocol.ParseListEnd
- TSimpleJSONProtocol.ParseObjectEnd
- TSimpleJSONProtocol.ParseObjectStart
- TSimpleJSONProtocol.ReadByte
- TSimpleJSONProtocol.ReadDouble
- TSimpleJSONProtocol.ReadI16
- TSimpleJSONProtocol.ReadI32
- TSimpleJSONProtocol.ReadI64
- TSimpleJSONProtocol.ReadListBegin
- TSimpleJSONProtocol.ReadListEnd
- TSimpleJSONProtocol.ReadMapBegin
- TSimpleJSONProtocol.ReadMapEnd
- TSimpleJSONProtocol.ReadMessageBegin
- TSimpleJSONProtocol.ReadMessageEnd
- TSimpleJSONProtocol.ReadSetBegin
- TSimpleJSONProtocol.ReadSetEnd
- TSimpleJSONProtocol.ReadStructBegin
- TSimpleJSONProtocol.ReadStructEnd
- TStandardClient.Call
- TStandardClient.Recv
- tApplicationException.Read
description: |
Due to an improper bounds check, parsing maliciously crafted messages can cause panics. If
this package is used to parse untrusted input, this may be used as a vector for a denial of

16
data/reports/GO-2021-0102.yaml
Просмотреть файл

@ -1,16 +1,18 @@
packages:
modules:
- module: code.cloudfoundry.org/gorouter
package: code.cloudfoundry.org/gorouter/common/secure
symbols:
- AesGCM.Decrypt
versions:
- fixed: 0.0.0-20191101214924-b1b5c44e050f
packages:
- package: code.cloudfoundry.org/gorouter/common/secure
symbols:
- AesGCM.Decrypt
- module: github.com/cloudfoundry/gorouter
package: github.com/cloudfoundry/gorouter/common/secure
symbols:
- AesGCM.Decrypt
versions:
- fixed: 0.0.0-20191101214924-b1b5c44e050f
packages:
- package: github.com/cloudfoundry/gorouter/common/secure
symbols:
- AesGCM.Decrypt
description: |
Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect
nonce size. If this package is used to decrypt user supplied messages without checking the size of

22
data/reports/GO-2021-0103.yaml
Просмотреть файл

@ -1,17 +1,19 @@
packages:
modules:
- module: github.com/holiman/uint256
symbols:
- udivrem
derived_symbols:
- Int.AddMod
- Int.Div
- Int.Mod
- Int.MulMod
- Int.SDiv
- Int.SMod
versions:
- introduced: 0.1.0
- fixed: 1.1.1
packages:
- package: github.com/holiman/uint256
symbols:
- udivrem
derived_symbols:
- Int.AddMod
- Int.Div
- Int.Mod
- Int.MulMod
- Int.SDiv
- Int.SMod
description: |
Due to improper bounds checking, certain mathmatical operations can cause a panic via an
out of bounds read. If this package is used to process untrusted user inputs, this may be used

26
data/reports/GO-2021-0104.yaml
Просмотреть файл

@ -1,18 +1,20 @@
packages:
modules:
- module: github.com/pion/webrtc/v3
symbols:
- DTLSTransport.Start
derived_symbols:
- PeerConnection.AddTrack
- PeerConnection.AddTransceiverFromTrack
- PeerConnection.CreateDataChannel
- PeerConnection.RemoveTrack
- PeerConnection.SetLocalDescription
- PeerConnection.SetRemoteDescription
- operations.Done
- operations.Enqueue
versions:
- fixed: 3.0.15
packages:
- package: github.com/pion/webrtc/v3
symbols:
- DTLSTransport.Start
derived_symbols:
- PeerConnection.AddTrack
- PeerConnection.AddTransceiverFromTrack
- PeerConnection.CreateDataChannel
- PeerConnection.RemoveTrack
- PeerConnection.SetLocalDescription
- PeerConnection.SetRemoteDescription
- operations.Done
- operations.Enqueue
description: |
Due to improper error handling, DTLS connections were not killed when certificate verification
failed, causing users who did not check the connection state to continue to use the connection.

9
data/reports/GO-2021-0105.yaml
Просмотреть файл

@ -1,11 +1,12 @@
packages:
modules:
- module: github.com/ethereum/go-ethereum
package: github.com/ethereum/go-ethereum/core
symbols:
- StateDB.createObject
versions:
- introduced: 1.9.4
- fixed: 1.9.20
packages:
- package: github.com/ethereum/go-ethereum/core
symbols:
- StateDB.createObject
description: |
Due to an incorrect state calculation, a specific set of
transactions could cause a consensus disagreement,

15
data/reports/GO-2021-0106.yaml
Просмотреть файл

@ -1,18 +1,21 @@
packages:
modules:
- module: github.com/whyrusleeping/tar-utils
symbols:
- Extractor.outputPath
versions:
- fixed: 0.0.0-20201201191210-20a61371de5b
packages:
- package: github.com/whyrusleeping/tar-utils
symbols:
- Extractor.outputPath
description: |
Due to improper path santization, archives containing relative file
paths can cause files to be written (or overwritten) outside of the
target directory.
published: 2021-07-28T18:08:05Z
cve_metadata:
id: CVE-2020-36566
cwe: "CWE 22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
links:
commit: https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227
context:
- https://snyk.io/research/zip-slip-vulnerability
cve_metadata:
id: CVE-2020-36566
cwe: 'CWE 22: Improper Limitation of a Pathname to a Restricted Directory (''Path
Traversal'')'

18
data/reports/GO-2021-0107.yaml
Просмотреть файл

@ -1,20 +1,22 @@
packages:
modules:
- module: github.com/ecnepsnai/web
symbols:
- Server.socketHandler
derived_symbols:
- Server.Socket
versions:
- fixed: 1.5.2
packages:
- package: github.com/ecnepsnai/web
symbols:
- Server.socketHandler
derived_symbols:
- Server.Socket
description: |
Web Sockets do not execute any AuthenticateMethod methods which may be set,leading to a
nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or
authentication bypass.
published: 2021-07-28T18:08:05Z
cve_metadata:
id: CVE-2021-4236
cwe: 'CWE-400: Uncontrolled Resource Consumption'
ghsas:
- GHSA-5gjg-jgh4-gppm
links:
commit: https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f
cve_metadata:
id: CVE-2021-4236
cwe: 'CWE-400: Uncontrolled Resource Consumption'

8
data/reports/GO-2021-0108.yaml
Просмотреть файл

@ -1,9 +1,11 @@
packages:
modules:
- module: github.com/gofiber/fiber
symbols:
- Ctx.Attachment
versions:
- fixed: 1.12.6
packages:
- package: github.com/gofiber/fiber
symbols:
- Ctx.Attachment
description: |
Due to improper input sanitization, a maliciously constructed filename could cause a file
download to use an attacker controlled filename, as well as injecting additional headers

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше