go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

data/reports: unexclude 20 reports (9) 

- data/reports/GO-2023-1955.yaml
  - data/reports/GO-2023-1956.yaml
  - data/reports/GO-2023-1957.yaml
  - data/reports/GO-2023-1959.yaml
  - data/reports/GO-2023-1961.yaml
  - data/reports/GO-2023-1962.yaml
  - data/reports/GO-2023-1965.yaml
  - data/reports/GO-2023-1971.yaml
  - data/reports/GO-2023-1972.yaml
  - data/reports/GO-2023-1973.yaml
  - data/reports/GO-2023-1977.yaml
  - data/reports/GO-2023-1979.yaml
  - data/reports/GO-2023-1980.yaml
  - data/reports/GO-2023-1982.yaml
  - data/reports/GO-2023-1985.yaml
  - data/reports/GO-2023-1986.yaml
  - data/reports/GO-2023-1991.yaml
  - data/reports/GO-2023-1993.yaml
  - data/reports/GO-2023-1995.yaml
  - data/reports/GO-2023-1996.yaml

Updates golang/vulndb#1955
Updates golang/vulndb#1956
Updates golang/vulndb#1957
Updates golang/vulndb#1959
Updates golang/vulndb#1961
Updates golang/vulndb#1962
Updates golang/vulndb#1965
Updates golang/vulndb#1971
Updates golang/vulndb#1972
Updates golang/vulndb#1973
Updates golang/vulndb#1977
Updates golang/vulndb#1979
Updates golang/vulndb#1980
Updates golang/vulndb#1982
Updates golang/vulndb#1985
Updates golang/vulndb#1986
Updates golang/vulndb#1991
Updates golang/vulndb#1993
Updates golang/vulndb#1995
Updates golang/vulndb#1996

Change-Id: I681627cba89cee6d3bc2def3924c65a3b5da4453
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606789
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
Tatiana Bradley 2024-08-20 12:49:55 -04:00 коммит произвёл Gopher Robot
Родитель adfc865483
Коммит d168918dee
60 изменённых файлов: 1739 добавлений и 160 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
data/excluded/GO-2023-1955.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1955
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/dapr/dapr
cves:
- CVE-2023-37918
ghsas:
- GHSA-59m6-82qm-vqgj

8
data/excluded/GO-2023-1956.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1956
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/KubeOperator/kubepi
cves:
- CVE-2023-37917
ghsas:
- GHSA-757p-vx43-fp9r

8
data/excluded/GO-2023-1957.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1957
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/KubeOperator/kubepi
cves:
- CVE-2023-37916
ghsas:
- GHSA-87f6-8gr7-pc6h

8
data/excluded/GO-2023-1959.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1959
excluded: EFFECTIVELY_PRIVATE
modules:
- module: k8s.io/kubernetes
cves:
- CVE-2018-1002100
ghsas:
- GHSA-2jq6-ffph-p4h8

8
data/excluded/GO-2023-1961.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1961
excluded: EFFECTIVELY_PRIVATE
modules:
- module: k8s.io/minikube
cves:
- CVE-2018-1002103
ghsas:
- GHSA-6pcv-qqx4-mxm3

8
data/excluded/GO-2023-1962.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1962
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/containers/podman/v4
cves:
- CVE-2018-10856
ghsas:
- GHSA-wp7w-vx86-vj9h

8
data/excluded/GO-2023-1965.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1965
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/apptainer/apptainer
cves:
- CVE-2023-38496
ghsas:
- GHSA-mmx5-32m4-wxvx

8
data/excluded/GO-2023-1971.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1971
excluded: NOT_IMPORTABLE
modules:
- module: gogs.io/gogs
cves:
- CVE-2018-15192
ghsas:
- GHSA-fg3x-rwq9-74cw

8
data/excluded/GO-2023-1972.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1972
excluded: NOT_IMPORTABLE
modules:
- module: gogs.io/gogs
cves:
- CVE-2018-17031
ghsas:
- GHSA-px5r-fqj6-r2f8

8
data/excluded/GO-2023-1973.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1973
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/rancher/rancher
cves:
- CVE-2017-7297
ghsas:
- GHSA-w3x4-9854-95x8

8
data/excluded/GO-2023-1977.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1977
excluded: EFFECTIVELY_PRIVATE
modules:
- module: k8s.io/kubernetes
cves:
- CVE-2017-1002102
ghsas:
- GHSA-mm7g-f2gg-cw8g

8
data/excluded/GO-2023-1979.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1979
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/crossplane/crossplane
cves:
- CVE-2023-37900
ghsas:
- GHSA-68p4-95xf-7gx8

8
data/excluded/GO-2023-1980.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1980
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/crossplane/crossplane
cves:
- CVE-2023-38495
ghsas:
- GHSA-pj4x-2xr5-w87m

8
data/excluded/GO-2023-1982.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1982
excluded: NOT_IMPORTABLE
modules:
- module: github.com/gophish/gophish
cves:
- CVE-2020-24710
ghsas:
- GHSA-9c9w-9pq7-f35h

8
data/excluded/GO-2023-1985.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1985
excluded: EFFECTIVELY_PRIVATE
modules:
- module: k8s.io/kubernetes
cves:
- CVE-2015-7561
ghsas:
- GHSA-2h9c-34v6-3qmr

8
data/excluded/GO-2023-1986.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1986
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/hashicorp/vault
cves:
- CVE-2023-3462
ghsas:
- GHSA-9v3w-w2jh-4hff

8
data/excluded/GO-2023-1991.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1991
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/rancher/rancher
cves:
- CVE-2019-12274
ghsas:
- GHSA-gc62-j469-9gjm

8
data/excluded/GO-2023-1993.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1993
excluded: EFFECTIVELY_PRIVATE
modules:
- module: helm.sh/helm
cves:
- CVE-2019-1010275
ghsas:
- GHSA-x6r5-vxfg-gq3v

8
data/excluded/GO-2023-1995.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1995
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/answerdev/answer
cves:
- CVE-2023-4127
ghsas:
- GHSA-52h8-c876-989c

8
data/excluded/GO-2023-1996.yaml
Просмотреть файл

@ -1,8 +0,0 @@
id: GO-2023-1996
excluded: EFFECTIVELY_PRIVATE
modules:
- module: github.com/answerdev/answer
cves:
- CVE-2023-4126
ghsas:
- GHSA-ggcf-hwxp-rc77

66
data/osv/GO-2023-1955.json Normal file
Просмотреть файл

@ -0,0 +1,66 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1955",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-37918",
"GHSA-59m6-82qm-vqgj"
],
"summary": "Dapr API token authentication bypass in HTTP endpoints in github.com/dapr/dapr",
"details": "Dapr API token authentication bypass in HTTP endpoints in github.com/dapr/dapr",
"affected": [
{
"package": {
"name": "github.com/dapr/dapr",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.9"
},
{
"introduced": "1.11.0"
},
{
"fixed": "1.11.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37918"
},
{
"type": "FIX",
"url": "https://github.com/dapr/dapr/commit/83ca1abb11ffe34211db55dcd36d96b94252827a"
},
{
"type": "FIX",
"url": "https://github.com/dapr/dapr/commit/99d6799c97b79397443c8c96737c9b893126a1ae"
},
{
"type": "WEB",
"url": "https://docs.dapr.io/operations/security/api-token"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1955",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2023-1956.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1956",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-37917",
"GHSA-757p-vx43-fp9r"
],
"summary": "KubePi Privilege Escalation vulnerability in github.com/KubeOperator/kubepi",
"details": "KubePi Privilege Escalation vulnerability in github.com/KubeOperator/kubepi",
"affected": [
{
"package": {
"name": "github.com/KubeOperator/kubepi",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.5"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-757p-vx43-fp9r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37917"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1e8XJbIFIDXaFiL-dqn0a0b6u7o3CwqSG/preview"
},
{
"type": "WEB",
"url": "https://github.com/1Panel-dev/KubePi/releases/tag/v1.6.5"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1956",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2023-1957.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1957",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-37916",
"GHSA-87f6-8gr7-pc6h"
],
"summary": "KubePi may leak password hash of any user in github.com/KubeOperator/kubepi",
"details": "KubePi may leak password hash of any user in github.com/KubeOperator/kubepi",
"affected": [
{
"package": {
"name": "github.com/KubeOperator/kubepi",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.5"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37916"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1ksdawJ1vShRJyT3wAgpqVmz-Ls6hMA7M/preview"
},
{
"type": "WEB",
"url": "https://github.com/1Panel-dev/KubePi/releases/tag/v1.6.5"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1957",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2023-1959.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1959",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-1002100",
"GHSA-2jq6-ffph-p4h8"
],
"summary": "Kubernetes arbitrary file overwrite in k8s.io/kubernetes",
"details": "Kubernetes arbitrary file overwrite in k8s.io/kubernetes",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.5.0"
},
{
"fixed": "1.9.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2jq6-ffph-p4h8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002100"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/61297"
},
{
"type": "WEB",
"url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1959",
"review_status": "UNREVIEWED"
}
}

49
data/osv/GO-2023-1961.json Normal file
Просмотреть файл

@ -0,0 +1,49 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1961",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-1002103",
"GHSA-6pcv-qqx4-mxm3"
],
"summary": "Minikube RCE via DNS Rebinding in k8s.io/minikube",
"details": "Minikube RCE via DNS Rebinding in k8s.io/minikube",
"affected": [
{
"package": {
"name": "k8s.io/minikube",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.3.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-6pcv-qqx4-mxm3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002103"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/minikube/issues/3208"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1961",
"review_status": "UNREVIEWED"
}
}

111
data/osv/GO-2023-1962.json Normal file
Просмотреть файл

@ -0,0 +1,111 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1962",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-10856",
"GHSA-wp7w-vx86-vj9h"
],
"summary": "Podman Elevated Container Privileges in github.com/containers/podman",
"details": "Podman Elevated Container Privileges in github.com/containers/podman",
"affected": [
{
"package": {
"name": "github.com/containers/podman",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.1"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/containers/podman/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/containers/podman/v3",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/containers/podman/v4",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-wp7w-vx86-vj9h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10856"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2037"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856"
},
{
"type": "WEB",
"url": "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1962",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2023-1965.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1965",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-38496",
"GHSA-mmx5-32m4-wxvx"
],
"summary": "Ineffective privileges drop when requesting container network in github.com/apptainer/apptainer",
"details": "Ineffective privileges drop when requesting container network in github.com/apptainer/apptainer",
"affected": [
{
"package": {
"name": "github.com/apptainer/apptainer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "1.2.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38496"
},
{
"type": "FIX",
"url": "https://github.com/apptainer/apptainer/pull/1523"
},
{
"type": "FIX",
"url": "https://github.com/apptainer/apptainer/pull/1578"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1965",
"review_status": "UNREVIEWED"
}
}

92
data/osv/GO-2023-1971.json Normal file
Просмотреть файл

@ -0,0 +1,92 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1971",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-15192",
"GHSA-fg3x-rwq9-74cw"
],
"summary": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
"details": "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea",
"affected": [
{
"package": {
"name": "code.gitea.io/gitea",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.0-rc1"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "gogs.io/gogs",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fg3x-rwq9-74cw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15192"
},
{
"type": "WEB",
"url": "https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9"
},
{
"type": "WEB",
"url": "https://github.com/go-gitea/gitea/issues/4624"
},
{
"type": "WEB",
"url": "https://github.com/go-gitea/gitea/pull/17482"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/issues/5366"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/pull/6002"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1971",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2023-1972.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1972",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2018-17031",
"GHSA-px5r-fqj6-r2f8"
],
"summary": "Gogs XSS Vulnerability in gogs.io/gogs",
"details": "Gogs XSS Vulnerability in gogs.io/gogs",
"affected": [
{
"package": {
"name": "gogs.io/gogs",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-px5r-fqj6-r2f8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17031"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/commit/e14b6abf9dae13bc087c9d9db8fe7c7a5125c792"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/issues/5397"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/pull/6008"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1972",
"review_status": "UNREVIEWED"
}
}

74
data/osv/GO-2023-1973.json Normal file
Просмотреть файл

@ -0,0 +1,74 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1973",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2017-7297",
"GHSA-w3x4-9854-95x8"
],
"summary": "Rancher Access Control Vulnerability in github.com/rancher/rancher",
"details": "Rancher Access Control Vulnerability in github.com/rancher/rancher",
"affected": [
{
"package": {
"name": "github.com/rancher/rancher",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "1.2.4"
},
{
"introduced": "1.3.0"
},
{
"fixed": "1.3.5"
},
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.3"
},
{
"introduced": "1.5.0"
},
{
"fixed": "1.5.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-w3x4-9854-95x8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7297"
},
{
"type": "REPORT",
"url": "https://github.com/rancher/rancher/issues/8296"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227181556/http://www.securityfocus.com/bid/97180"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1973",
"review_status": "UNREVIEWED"
}
}

68
data/osv/GO-2023-1977.json Normal file
Просмотреть файл

@ -0,0 +1,68 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1977",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2017-1002102",
"GHSA-mm7g-f2gg-cw8g"
],
"summary": "Kubernetes arbitrary file overwrite in k8s.io/kubernetes",
"details": "Kubernetes arbitrary file overwrite in k8s.io/kubernetes",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.3.0"
},
{
"fixed": "1.7.14"
},
{
"introduced": "1.8.0"
},
{
"fixed": "1.8.9"
},
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.4"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-mm7g-f2gg-cw8g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1002102"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/60814"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1977",
"review_status": "UNREVIEWED"
}
}

58
data/osv/GO-2023-1979.json Normal file
Просмотреть файл

@ -0,0 +1,58 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1979",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-37900",
"GHSA-68p4-95xf-7gx8"
],
"summary": "Denial of service from large image in github.com/crossplane/crossplane",
"details": "Denial of service from large image in github.com/crossplane/crossplane",
"affected": [
{
"package": {
"name": "github.com/crossplane/crossplane",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.5"
},
{
"introduced": "1.12.0"
},
{
"fixed": "1.12.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/crossplane/crossplane/security/advisories/GHSA-68p4-95xf-7gx8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37900"
},
{
"type": "WEB",
"url": "https://github.com/crossplane/crossplane/blob/ac8b24fe739c5d942ea885157148497f196c3dd3/security/ADA-security-audit-23.pdf"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1979",
"review_status": "UNREVIEWED"
}
}

58
data/osv/GO-2023-1980.json Normal file
Просмотреть файл

@ -0,0 +1,58 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1980",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-38495",
"GHSA-pj4x-2xr5-w87m"
],
"summary": "Possible image tampering from missing image validation for Packages in github.com/crossplane/crossplane",
"details": "Possible image tampering from missing image validation for Packages in github.com/crossplane/crossplane",
"affected": [
{
"package": {
"name": "github.com/crossplane/crossplane",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.5"
},
{
"introduced": "1.12.0"
},
{
"fixed": "1.12.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/crossplane/crossplane/security/advisories/GHSA-pj4x-2xr5-w87m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38495"
},
{
"type": "WEB",
"url": "https://github.com/crossplane/crossplane/blob/ac8b24fe739c5d942ea885157148497f196c3dd3/security/ADA-security-audit-23.pdf"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1980",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2023-1982.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1982",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-24710",
"GHSA-9c9w-9pq7-f35h"
],
"summary": "Gophish vulnerable to Server-Side Request Forgery in github.com/gophish/gophish",
"details": "Gophish vulnerable to Server-Side Request Forgery in github.com/gophish/gophish",
"affected": [
{
"package": {
"name": "github.com/gophish/gophish",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9c9w-9pq7-f35h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24710"
},
{
"type": "FIX",
"url": "https://github.com/gophish/gophish/commit/e3352f481e94054ffe08494c9225d3878347b005"
},
{
"type": "WEB",
"url": "https://github.com/gophish/gophish/releases/tag/v0.11.0"
},
{
"type": "WEB",
"url": "https://herolab.usd.de/security-advisories/usd-2020-0054"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1982",
"review_status": "UNREVIEWED"
}
}

60
data/osv/GO-2023-1985.json Normal file
Просмотреть файл

@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1985",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2015-7561",
"GHSA-2h9c-34v6-3qmr"
],
"summary": "Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes",
"details": "Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0-alpha.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2h9c-34v6-3qmr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7561"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291963"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/e185b1028ac8459f7b451e1115399192e96f6ee9"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/18909"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1985",
"review_status": "UNREVIEWED"
}
}

58
data/osv/GO-2023-1986.json Normal file
Просмотреть файл

@ -0,0 +1,58 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1986",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-3462",
"GHSA-9v3w-w2jh-4hff"
],
"summary": "HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault",
"details": "HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault",
"affected": [
{
"package": {
"name": "github.com/hashicorp/vault",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.5"
},
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9v3w-w2jh-4hff"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3462"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1986",
"review_status": "UNREVIEWED"
}
}

58
data/osv/GO-2023-1991.json Normal file
Просмотреть файл

@ -0,0 +1,58 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1991",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2019-12274",
"GHSA-gc62-j469-9gjm"
],
"summary": "Rancher Privilege Escalation Vulnerability in github.com/rancher/rancher",
"details": "Rancher Privilege Escalation Vulnerability in github.com/rancher/rancher",
"affected": [
{
"package": {
"name": "github.com/rancher/rancher",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.27"
},
{
"introduced": "2.0.0+incompatible"
},
{
"fixed": "2.2.4+incompatible"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-gc62-j469-9gjm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12274"
},
{
"type": "WEB",
"url": "https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1991",
"review_status": "UNREVIEWED"
}
}

64
data/osv/GO-2023-1993.json Normal file
Просмотреть файл

@ -0,0 +1,64 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1993",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2019-1010275",
"GHSA-x6r5-vxfg-gq3v"
],
"summary": "Helm Improper Certificate Validation in helm.sh/helm",
"details": "Helm Improper Certificate Validation in helm.sh/helm",
"affected": [
{
"package": {
"name": "helm.sh/helm",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2+incompatible"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-x6r5-vxfg-gq3v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010275"
},
{
"type": "WEB",
"url": "https://github.com/helm/helm/commit/1096813bf9a425e2aa4ac755b6c991b626dfab50"
},
{
"type": "WEB",
"url": "https://github.com/helm/helm/pull/3152"
},
{
"type": "WEB",
"url": "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50"
},
{
"type": "WEB",
"url": "https://github.com/helm/helm/releases/tag/v2.7.2"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1993",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2023-1995.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1995",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-4127",
"GHSA-52h8-c876-989c"
],
"summary": "Answer has Race Condition within a Thread in github.com/answerdev/answer",
"details": "Answer has Race Condition within a Thread in github.com/answerdev/answer",
"affected": [
{
"package": {
"name": "github.com/answerdev/answer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-52h8-c876-989c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4127"
},
{
"type": "FIX",
"url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1995",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2023-1996.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2023-1996",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-4126",
"GHSA-ggcf-hwxp-rc77"
],
"summary": "Answer Insufficient Session Expiration vulnerability in github.com/answerdev/answer",
"details": "Answer Insufficient Session Expiration vulnerability in github.com/answerdev/answer",
"affected": [
{
"package": {
"name": "github.com/answerdev/answer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-ggcf-hwxp-rc77"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4126"
},
{
"type": "FIX",
"url": "https://github.com/answerdev/answer/commit/4f468b58d0dea51290bfbdd3e96332b0014c8730"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/7f50bf1c-bcb9-46ca-8cec-211493d280c5"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1996",
"review_status": "UNREVIEWED"
}
}

24
data/reports/GO-2023-1955.yaml Normal file
Просмотреть файл

@ -0,0 +1,24 @@
id: GO-2023-1955
modules:
- module: github.com/dapr/dapr
versions:
- fixed: 1.10.9
- introduced: 1.11.0
- fixed: 1.11.2
vulnerable_at: 1.11.2-rc.3
summary: Dapr API token authentication bypass in HTTP endpoints in github.com/dapr/dapr
cves:
- CVE-2023-37918
ghsas:
- GHSA-59m6-82qm-vqgj
references:
- advisory: https://github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-37918
- fix: https://github.com/dapr/dapr/commit/83ca1abb11ffe34211db55dcd36d96b94252827a
- fix: https://github.com/dapr/dapr/commit/99d6799c97b79397443c8c96737c9b893126a1ae
- web: https://docs.dapr.io/operations/security/api-token
source:
id: GHSA-59m6-82qm-vqgj
created: 2024-08-20T11:54:37.185639-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

21
data/reports/GO-2023-1956.yaml Normal file
Просмотреть файл

@ -0,0 +1,21 @@
id: GO-2023-1956
modules:
- module: github.com/KubeOperator/kubepi
versions:
- fixed: 1.6.5
vulnerable_at: 1.6.4
summary: KubePi Privilege Escalation vulnerability in github.com/KubeOperator/kubepi
cves:
- CVE-2023-37917
ghsas:
- GHSA-757p-vx43-fp9r
references:
- advisory: https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-757p-vx43-fp9r
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-37917
- web: https://drive.google.com/file/d/1e8XJbIFIDXaFiL-dqn0a0b6u7o3CwqSG/preview
- web: https://github.com/1Panel-dev/KubePi/releases/tag/v1.6.5
source:
id: GHSA-757p-vx43-fp9r
created: 2024-08-20T11:54:41.278464-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

21
data/reports/GO-2023-1957.yaml Normal file
Просмотреть файл

@ -0,0 +1,21 @@
id: GO-2023-1957
modules:
- module: github.com/KubeOperator/kubepi
versions:
- fixed: 1.6.5
vulnerable_at: 1.6.4
summary: KubePi may leak password hash of any user in github.com/KubeOperator/kubepi
cves:
- CVE-2023-37916
ghsas:
- GHSA-87f6-8gr7-pc6h
references:
- advisory: https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-37916
- web: https://drive.google.com/file/d/1ksdawJ1vShRJyT3wAgpqVmz-Ls6hMA7M/preview
- web: https://github.com/1Panel-dev/KubePi/releases/tag/v1.6.5
source:
id: GHSA-87f6-8gr7-pc6h
created: 2024-08-20T11:54:45.131036-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

23
data/reports/GO-2023-1959.yaml Normal file
Просмотреть файл

@ -0,0 +1,23 @@
id: GO-2023-1959
modules:
- module: k8s.io/kubernetes
versions:
- introduced: 1.5.0
- fixed: 1.9.6
vulnerable_at: 1.9.6-beta.0
summary: Kubernetes arbitrary file overwrite in k8s.io/kubernetes
cves:
- CVE-2018-1002100
ghsas:
- GHSA-2jq6-ffph-p4h8
references:
- advisory: https://github.com/advisories/GHSA-2jq6-ffph-p4h8
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-1002100
- web: https://bugzilla.redhat.com/show_bug.cgi?id=1564305
- web: https://github.com/kubernetes/kubernetes/issues/61297
- web: https://hansmi.ch/articles/2018-04-openshift-s2i-security
source:
id: GHSA-2jq6-ffph-p4h8
created: 2024-08-20T11:54:48.602404-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

22
data/reports/GO-2023-1961.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2023-1961
modules:
- module: k8s.io/minikube
versions:
- introduced: 0.3.0
unsupported_versions:
- last_affected: 0.29.0
vulnerable_at: 1.33.0
summary: Minikube RCE via DNS Rebinding in k8s.io/minikube
cves:
- CVE-2018-1002103
ghsas:
- GHSA-6pcv-qqx4-mxm3
references:
- advisory: https://github.com/advisories/GHSA-6pcv-qqx4-mxm3
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-1002103
- web: https://github.com/kubernetes/minikube/issues/3208
source:
id: GHSA-6pcv-qqx4-mxm3
created: 2024-08-20T11:55:11.546616-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

28
data/reports/GO-2023-1962.yaml Normal file
Просмотреть файл

@ -0,0 +1,28 @@
id: GO-2023-1962
modules:
- module: github.com/containers/podman
versions:
- fixed: 0.6.1
vulnerable_at: 0.5.4
- module: github.com/containers/podman/v2
vulnerable_at: 2.2.1
- module: github.com/containers/podman/v3
vulnerable_at: 3.4.7
- module: github.com/containers/podman/v4
vulnerable_at: 4.9.5
summary: Podman Elevated Container Privileges in github.com/containers/podman
cves:
- CVE-2018-10856
ghsas:
- GHSA-wp7w-vx86-vj9h
references:
- advisory: https://github.com/advisories/GHSA-wp7w-vx86-vj9h
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-10856
- web: https://access.redhat.com/errata/RHSA-2018:2037
- web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856
- web: https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24
source:
id: GHSA-wp7w-vx86-vj9h
created: 2024-08-20T11:55:14.73705-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

22
data/reports/GO-2023-1965.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2023-1965
modules:
- module: github.com/apptainer/apptainer
versions:
- introduced: 1.2.0
- fixed: 1.2.1
vulnerable_at: 1.2.0
summary: Ineffective privileges drop when requesting container network in github.com/apptainer/apptainer
cves:
- CVE-2023-38496
ghsas:
- GHSA-mmx5-32m4-wxvx
references:
- advisory: https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-38496
- fix: https://github.com/apptainer/apptainer/pull/1523
- fix: https://github.com/apptainer/apptainer/pull/1578
source:
id: GHSA-mmx5-32m4-wxvx
created: 2024-08-20T11:57:14.509753-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

29
data/reports/GO-2023-1971.yaml Normal file
Просмотреть файл

@ -0,0 +1,29 @@
id: GO-2023-1971
modules:
- module: code.gitea.io/gitea
versions:
- fixed: 1.16.0-rc1
vulnerable_at: 1.16.0-dev
- module: gogs.io/gogs
versions:
- fixed: 0.12.0
vulnerable_at: 0.11.91
summary: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea
cves:
- CVE-2018-15192
ghsas:
- GHSA-fg3x-rwq9-74cw
references:
- advisory: https://github.com/advisories/GHSA-fg3x-rwq9-74cw
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-15192
- web: https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9
- web: https://github.com/go-gitea/gitea/issues/4624
- web: https://github.com/go-gitea/gitea/pull/17482
- web: https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b
- web: https://github.com/gogs/gogs/issues/5366
- web: https://github.com/gogs/gogs/pull/6002
source:
id: GHSA-fg3x-rwq9-74cw
created: 2024-08-20T11:57:23.890576-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2023-1972.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2023-1972
modules:
- module: gogs.io/gogs
versions:
- fixed: 0.12.0
vulnerable_at: 0.11.91
summary: Gogs XSS Vulnerability in gogs.io/gogs
cves:
- CVE-2018-17031
ghsas:
- GHSA-px5r-fqj6-r2f8
references:
- advisory: https://github.com/advisories/GHSA-px5r-fqj6-r2f8
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-17031
- web: https://github.com/gogs/gogs/commit/e14b6abf9dae13bc087c9d9db8fe7c7a5125c792
- web: https://github.com/gogs/gogs/issues/5397
- web: https://github.com/gogs/gogs/pull/6008
source:
id: GHSA-px5r-fqj6-r2f8
created: 2024-08-20T11:57:34.044982-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

28
data/reports/GO-2023-1973.yaml Normal file
Просмотреть файл

@ -0,0 +1,28 @@
id: GO-2023-1973
modules:
- module: github.com/rancher/rancher
versions:
- introduced: 1.2.0
- fixed: 1.2.4
- introduced: 1.3.0
- fixed: 1.3.5
- introduced: 1.4.0
- fixed: 1.4.3
- introduced: 1.5.0
- fixed: 1.5.3
vulnerable_at: 1.5.3-try2
summary: Rancher Access Control Vulnerability in github.com/rancher/rancher
cves:
- CVE-2017-7297
ghsas:
- GHSA-w3x4-9854-95x8
references:
- advisory: https://github.com/advisories/GHSA-w3x4-9854-95x8
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2017-7297
- report: https://github.com/rancher/rancher/issues/8296
- web: https://web.archive.org/web/20200227181556/http://www.securityfocus.com/bid/97180
source:
id: GHSA-w3x4-9854-95x8
created: 2024-08-20T11:57:38.945315-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

26
data/reports/GO-2023-1977.yaml Normal file
Просмотреть файл

@ -0,0 +1,26 @@
id: GO-2023-1977
modules:
- module: k8s.io/kubernetes
versions:
- introduced: 1.3.0
- fixed: 1.7.14
- introduced: 1.8.0
- fixed: 1.8.9
- introduced: 1.9.0
- fixed: 1.9.4
vulnerable_at: 1.9.4-beta.0
summary: Kubernetes arbitrary file overwrite in k8s.io/kubernetes
cves:
- CVE-2017-1002102
ghsas:
- GHSA-mm7g-f2gg-cw8g
references:
- advisory: https://github.com/advisories/GHSA-mm7g-f2gg-cw8g
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2017-1002102
- web: https://access.redhat.com/errata/RHSA-2018:0475
- web: https://github.com/kubernetes/kubernetes/issues/60814
source:
id: GHSA-mm7g-f2gg-cw8g
created: 2024-08-20T11:58:59.502139-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

22
data/reports/GO-2023-1979.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2023-1979
modules:
- module: github.com/crossplane/crossplane
versions:
- fixed: 1.11.5
- introduced: 1.12.0
- fixed: 1.12.3
vulnerable_at: 1.12.2
summary: Denial of service from large image in github.com/crossplane/crossplane
cves:
- CVE-2023-37900
ghsas:
- GHSA-68p4-95xf-7gx8
references:
- advisory: https://github.com/crossplane/crossplane/security/advisories/GHSA-68p4-95xf-7gx8
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-37900
- web: https://github.com/crossplane/crossplane/blob/ac8b24fe739c5d942ea885157148497f196c3dd3/security/ADA-security-audit-23.pdf
source:
id: GHSA-68p4-95xf-7gx8
created: 2024-08-20T11:59:08.938684-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

22
data/reports/GO-2023-1980.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2023-1980
modules:
- module: github.com/crossplane/crossplane
versions:
- fixed: 1.11.5
- introduced: 1.12.0
- fixed: 1.12.3
vulnerable_at: 1.12.2
summary: Possible image tampering from missing image validation for Packages in github.com/crossplane/crossplane
cves:
- CVE-2023-38495
ghsas:
- GHSA-pj4x-2xr5-w87m
references:
- advisory: https://github.com/crossplane/crossplane/security/advisories/GHSA-pj4x-2xr5-w87m
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-38495
- web: https://github.com/crossplane/crossplane/blob/ac8b24fe739c5d942ea885157148497f196c3dd3/security/ADA-security-audit-23.pdf
source:
id: GHSA-pj4x-2xr5-w87m
created: 2024-08-20T11:59:12.603892-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

22
data/reports/GO-2023-1982.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2023-1982
modules:
- module: github.com/gophish/gophish
versions:
- fixed: 0.11.0
vulnerable_at: 0.10.1
summary: Gophish vulnerable to Server-Side Request Forgery in github.com/gophish/gophish
cves:
- CVE-2020-24710
ghsas:
- GHSA-9c9w-9pq7-f35h
references:
- advisory: https://github.com/advisories/GHSA-9c9w-9pq7-f35h
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-24710
- fix: https://github.com/gophish/gophish/commit/e3352f481e94054ffe08494c9225d3878347b005
- web: https://github.com/gophish/gophish/releases/tag/v0.11.0
- web: https://herolab.usd.de/security-advisories/usd-2020-0054
source:
id: GHSA-9c9w-9pq7-f35h
created: 2024-08-20T11:59:16.131057-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE

22
data/reports/GO-2023-1985.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2023-1985
modules:
- module: k8s.io/kubernetes
versions:
- fixed: 1.2.0-alpha.6
vulnerable_at: 1.2.0-alpha.5
summary: Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes
cves:
- CVE-2015-7561
ghsas:
- GHSA-2h9c-34v6-3qmr
references:
- advisory: https://github.com/advisories/GHSA-2h9c-34v6-3qmr
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2015-7561
- web: https://bugzilla.redhat.com/show_bug.cgi?id=1291963
- web: https://github.com/kubernetes/kubernetes/commit/e185b1028ac8459f7b451e1115399192e96f6ee9
- web: https://github.com/kubernetes/kubernetes/pull/18909
source:
id: GHSA-2h9c-34v6-3qmr
created: 2024-08-20T11:59:24.292891-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

22
data/reports/GO-2023-1986.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2023-1986
modules:
- module: github.com/hashicorp/vault
versions:
- fixed: 1.13.5
- introduced: 1.14.0
- fixed: 1.14.1
vulnerable_at: 1.14.0
summary: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault
cves:
- CVE-2023-3462
ghsas:
- GHSA-9v3w-w2jh-4hff
references:
- advisory: https://github.com/advisories/GHSA-9v3w-w2jh-4hff
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-3462
- web: https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714
source:
id: GHSA-9v3w-w2jh-4hff
created: 2024-08-20T11:59:31.329731-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

22
data/reports/GO-2023-1991.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2023-1991
modules:
- module: github.com/rancher/rancher
versions:
- fixed: 1.6.27
- introduced: 2.0.0+incompatible
- fixed: 2.2.4+incompatible
vulnerable_at: 2.2.4-rc9+incompatible
summary: Rancher Privilege Escalation Vulnerability in github.com/rancher/rancher
cves:
- CVE-2019-12274
ghsas:
- GHSA-gc62-j469-9gjm
references:
- advisory: https://github.com/advisories/GHSA-gc62-j469-9gjm
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-12274
- web: https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466
source:
id: GHSA-gc62-j469-9gjm
created: 2024-08-20T11:59:34.558968-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

23
data/reports/GO-2023-1993.yaml Normal file
Просмотреть файл

@ -0,0 +1,23 @@
id: GO-2023-1993
modules:
- module: helm.sh/helm
versions:
- fixed: 2.7.2+incompatible
vulnerable_at: 2.7.1+incompatible
summary: Helm Improper Certificate Validation in helm.sh/helm
cves:
- CVE-2019-1010275
ghsas:
- GHSA-x6r5-vxfg-gq3v
references:
- advisory: https://github.com/advisories/GHSA-x6r5-vxfg-gq3v
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-1010275
- web: https://github.com/helm/helm/commit/1096813bf9a425e2aa4ac755b6c991b626dfab50
- web: https://github.com/helm/helm/pull/3152
- web: https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50
- web: https://github.com/helm/helm/releases/tag/v2.7.2
source:
id: GHSA-x6r5-vxfg-gq3v
created: 2024-08-20T11:59:38.015923-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

21
data/reports/GO-2023-1995.yaml Normal file
Просмотреть файл

@ -0,0 +1,21 @@
id: GO-2023-1995
modules:
- module: github.com/answerdev/answer
versions:
- fixed: 1.1.1
vulnerable_at: 1.1.0
summary: Answer has Race Condition within a Thread in github.com/answerdev/answer
cves:
- CVE-2023-4127
ghsas:
- GHSA-52h8-c876-989c
references:
- advisory: https://github.com/advisories/GHSA-52h8-c876-989c
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-4127
- fix: https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182
- web: https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba
source:
id: GHSA-52h8-c876-989c
created: 2024-08-20T11:59:50.487927-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE

21
data/reports/GO-2023-1996.yaml Normal file
Просмотреть файл

@ -0,0 +1,21 @@
id: GO-2023-1996
modules:
- module: github.com/answerdev/answer
versions:
- fixed: 1.1.0
vulnerable_at: 1.1.0-beta.2
summary: Answer Insufficient Session Expiration vulnerability in github.com/answerdev/answer
cves:
- CVE-2023-4126
ghsas:
- GHSA-ggcf-hwxp-rc77
references:
- advisory: https://github.com/advisories/GHSA-ggcf-hwxp-rc77
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-4126
- fix: https://github.com/answerdev/answer/commit/4f468b58d0dea51290bfbdd3e96332b0014c8730
- web: https://huntr.dev/bounties/7f50bf1c-bcb9-46ca-8cec-211493d280c5
source:
id: GHSA-ggcf-hwxp-rc77
created: 2024-08-20T11:59:55.1436-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE