go
/
vulndb
зеркало из https://github.com/golang/vulndb.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

data/reports: add 7 unreviewed reports 

- data/reports/GO-2024-3057.yaml
  - data/reports/GO-2024-3059.yaml
  - data/reports/GO-2024-3061.yaml
  - data/reports/GO-2024-3063.yaml
  - data/reports/GO-2024-3064.yaml
  - data/reports/GO-2024-3065.yaml
  - data/reports/GO-2024-3066.yaml

Fixes golang/vulndb#3057
Fixes golang/vulndb#3059
Fixes golang/vulndb#3061
Fixes golang/vulndb#3063
Fixes golang/vulndb#3064
Fixes golang/vulndb#3065
Fixes golang/vulndb#3066

Change-Id: I68723f28b953cf3ba7f3777ff51e8fe586fcfdbb
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/605315
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
This commit is contained in:
Tatiana Bradley 2024-08-13 16:03:55 -04:00 коммит произвёл Gopher Robot
Родитель 1be2c0b98a
Коммит e6a6b5e3aa
14 изменённых файлов: 505 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

53
data/osv/GO-2024-3057.json Normal file
Просмотреть файл

@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3057",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-41260",
"GHSA-9v35-4xcr-w9ph"
],
"summary": "NetBird uses a static initialization vector (IV) in github.com/netbirdio/netbird",
"details": "NetBird uses a static initialization vector (IV) in github.com/netbirdio/netbird",
"affected": [
{
"package": {
"name": "github.com/netbirdio/netbird",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9v35-4xcr-w9ph"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41260"
},
{
"type": "REPORT",
"url": "https://github.com/netbirdio/netbird/issues/2246"
},
{
"type": "WEB",
"url": "https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3057",
"review_status": "UNREVIEWED"
}
}

51
data/osv/GO-2024-3059.json Normal file
Просмотреть файл

@ -0,0 +1,51 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3059",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-m3rh-cvr5-x6q4"
],
"summary": "CosmWasm wasmd has large address count in ValidateBasic in github.com/CosmWasm/wasmd",
"details": "CosmWasm wasmd has large address count in ValidateBasic in github.com/CosmWasm/wasmd",
"affected": [
{
"package": {
"name": "github.com/CosmWasm/wasmd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.52.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/CosmWasm/wasmd/security/advisories/GHSA-m3rh-cvr5-x6q4"
},
{
"type": "FIX",
"url": "https://github.com/CosmWasm/wasmd/commit/76c0c061c9cb6b142163883e46c26d99384dc443"
},
{
"type": "WEB",
"url": "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-003.md"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3059",
"review_status": "UNREVIEWED"
}
}

45
data/osv/GO-2024-3061.json Normal file
Просмотреть файл

@ -0,0 +1,45 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3061",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-42473",
"GHSA-3f6g-m4hr-59h8"
],
"summary": "OpenFGA Authorization Bypass in github.com/openfga/openfga",
"details": "OpenFGA Authorization Bypass in github.com/openfga/openfga",
"affected": [
{
"package": {
"name": "github.com/openfga/openfga",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.5.7"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-3f6g-m4hr-59h8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42473"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3061",
"review_status": "UNREVIEWED"
}
}

53
data/osv/GO-2024-3063.json Normal file
Просмотреть файл

@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3063",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-42480",
"GHSA-6r4j-4rjc-8vw5"
],
"summary": "RBAC Roles for `etcd` created by Kamaji are not disjunct in github.com/clastix/kamaji",
"details": "RBAC Roles for `etcd` created by Kamaji are not disjunct in github.com/clastix/kamaji",
"affected": [
{
"package": {
"name": "github.com/clastix/kamaji",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/clastix/kamaji/security/advisories/GHSA-6r4j-4rjc-8vw5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42480"
},
{
"type": "FIX",
"url": "https://github.com/clastix/kamaji/commit/1731e8c2ed5148b125ecfbdf091ee177bd44f3db"
},
{
"type": "WEB",
"url": "https://github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.go#L19-L24"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3063",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2024-3064.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3064",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-41890",
"GHSA-gvpv-r32v-9737"
],
"summary": "Apache Answer: The link to reset the user's password will remain valid after sending a new link in github.com/apache/incubator-answer",
"details": "Apache Answer: The link to reset the user's password will remain valid after sending a new link in github.com/apache/incubator-answer",
"affected": [
{
"package": {
"name": "github.com/apache/incubator-answer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-gvpv-r32v-9737"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41890"
},
{
"type": "FIX",
"url": "https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/j7c080xj31x8rvz1pyk2h47rdd9pwbv9"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3064",
"review_status": "UNREVIEWED"
}
}

56
data/osv/GO-2024-3065.json Normal file
Просмотреть файл

@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3065",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-41888",
"GHSA-v3x9-wrq5-868j"
],
"summary": "Apache Answer: The link for resetting user password is not Single-Use in github.com/apache/incubator-answer",
"details": "Apache Answer: The link for resetting user password is not Single-Use in github.com/apache/incubator-answer",
"affected": [
{
"package": {
"name": "github.com/apache/incubator-answer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-v3x9-wrq5-868j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41888"
},
{
"type": "FIX",
"url": "https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3065",
"review_status": "UNREVIEWED"
}
}

52
data/osv/GO-2024-3066.json Normal file
Просмотреть файл

@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3066",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-42368",
"GHSA-rfxf-mf63-cpqv"
],
"summary": "open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension",
"details": "open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension",
"affected": [
{
"package": {
"name": "github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.80.0"
},
{
"fixed": "0.107.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-rfxf-mf63-cpqv"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-collector-contrib/commit/c9bd3eff0bb357d9c812a0d8defd3b09db95699a"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/34516"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3066",
"review_status": "UNREVIEWED"
}
}

20
data/reports/GO-2024-3057.yaml Normal file
Просмотреть файл

@ -0,0 +1,20 @@
id: GO-2024-3057
modules:
- module: github.com/netbirdio/netbird
unsupported_versions:
- last_affected: 0.28.7
vulnerable_at: 0.28.7
summary: NetBird uses a static initialization vector (IV) in github.com/netbirdio/netbird
cves:
- CVE-2024-41260
ghsas:
- GHSA-9v35-4xcr-w9ph
references:
- advisory: https://github.com/advisories/GHSA-9v35-4xcr-w9ph
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41260
- report: https://github.com/netbirdio/netbird/issues/2246
- web: https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636
source:
id: GHSA-9v35-4xcr-w9ph
created: 2024-08-13T16:01:38.012502-04:00
review_status: UNREVIEWED

17
data/reports/GO-2024-3059.yaml Normal file
Просмотреть файл

@ -0,0 +1,17 @@
id: GO-2024-3059
modules:
- module: github.com/CosmWasm/wasmd
versions:
- fixed: 0.52.0
vulnerable_at: 0.51.0
summary: CosmWasm wasmd has large address count in ValidateBasic in github.com/CosmWasm/wasmd
ghsas:
- GHSA-m3rh-cvr5-x6q4
references:
- advisory: https://github.com/CosmWasm/wasmd/security/advisories/GHSA-m3rh-cvr5-x6q4
- fix: https://github.com/CosmWasm/wasmd/commit/76c0c061c9cb6b142163883e46c26d99384dc443
- web: https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-003.md
source:
id: GHSA-m3rh-cvr5-x6q4
created: 2024-08-13T16:01:32.501447-04:00
review_status: UNREVIEWED

20
data/reports/GO-2024-3061.yaml Normal file
Просмотреть файл

@ -0,0 +1,20 @@
id: GO-2024-3061
modules:
- module: github.com/openfga/openfga
versions:
- introduced: 1.5.7
unsupported_versions:
- last_affected: 1.5.8
vulnerable_at: 1.5.8
summary: OpenFGA Authorization Bypass in github.com/openfga/openfga
cves:
- CVE-2024-42473
ghsas:
- GHSA-3f6g-m4hr-59h8
references:
- advisory: https://github.com/openfga/openfga/security/advisories/GHSA-3f6g-m4hr-59h8
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-42473
source:
id: GHSA-3f6g-m4hr-59h8
created: 2024-08-13T16:01:28.756929-04:00
review_status: UNREVIEWED

20
data/reports/GO-2024-3063.yaml Normal file
Просмотреть файл

@ -0,0 +1,20 @@
id: GO-2024-3063
modules:
- module: github.com/clastix/kamaji
unsupported_versions:
- last_affected: 1.0.0
vulnerable_at: 1.0.0
summary: RBAC Roles for `etcd` created by Kamaji are not disjunct in github.com/clastix/kamaji
cves:
- CVE-2024-42480
ghsas:
- GHSA-6r4j-4rjc-8vw5
references:
- advisory: https://github.com/clastix/kamaji/security/advisories/GHSA-6r4j-4rjc-8vw5
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-42480
- fix: https://github.com/clastix/kamaji/commit/1731e8c2ed5148b125ecfbdf091ee177bd44f3db
- web: https://github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.go#L19-L24
source:
id: GHSA-6r4j-4rjc-8vw5
created: 2024-08-13T16:01:25.444213-04:00
review_status: UNREVIEWED

22
data/reports/GO-2024-3064.yaml Normal file
Просмотреть файл

@ -0,0 +1,22 @@
id: GO-2024-3064
modules:
- module: github.com/apache/incubator-answer
versions:
- fixed: 1.3.6
vulnerable_at: 1.3.6-RC1
summary: |-
Apache Answer: The link to reset the user's password will remain valid after
sending a new link in github.com/apache/incubator-answer
cves:
- CVE-2024-41890
ghsas:
- GHSA-gvpv-r32v-9737
references:
- advisory: https://github.com/advisories/GHSA-gvpv-r32v-9737
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41890
- fix: https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b
- web: https://lists.apache.org/thread/j7c080xj31x8rvz1pyk2h47rdd9pwbv9
source:
id: GHSA-gvpv-r32v-9737
created: 2024-08-13T16:01:21.6681-04:00
review_status: UNREVIEWED

20
data/reports/GO-2024-3065.yaml Normal file
Просмотреть файл

@ -0,0 +1,20 @@
id: GO-2024-3065
modules:
- module: github.com/apache/incubator-answer
versions:
- fixed: 1.3.6
vulnerable_at: 1.3.6-RC1
summary: 'Apache Answer: The link for resetting user password is not Single-Use in github.com/apache/incubator-answer'
cves:
- CVE-2024-41888
ghsas:
- GHSA-v3x9-wrq5-868j
references:
- advisory: https://github.com/advisories/GHSA-v3x9-wrq5-868j
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41888
- fix: https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b
- web: https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4
source:
id: GHSA-v3x9-wrq5-868j
created: 2024-08-13T16:01:16.810392-04:00
review_status: UNREVIEWED

20
data/reports/GO-2024-3066.yaml Normal file
Просмотреть файл

@ -0,0 +1,20 @@
id: GO-2024-3066
modules:
- module: github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
versions:
- introduced: 0.80.0
- fixed: 0.107.0
vulnerable_at: 0.106.1
summary: open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
cves:
- CVE-2024-42368
ghsas:
- GHSA-rfxf-mf63-cpqv
references:
- advisory: https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-rfxf-mf63-cpqv
- web: https://github.com/open-telemetry/opentelemetry-collector-contrib/commit/c9bd3eff0bb357d9c812a0d8defd3b09db95699a
- web: https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/34516
source:
id: GHSA-rfxf-mf63-cpqv
created: 2024-08-13T16:01:13.116826-04:00
review_status: UNREVIEWED