data/reports: unexclude 20 reports (1)

- data/reports/GO-2023-1270.yaml - data/reports/GO-2023-1283.yaml - data/reports/GO-2023-1285.yaml - data/reports/GO-2023-1291.yaml - data/reports/GO-2023-1292.yaml - data/reports/GO-2023-1294.yaml - data/reports/GO-2023-1377.yaml - data/reports/GO-2023-1388.yaml - data/reports/GO-2023-1449.yaml - data/reports/GO-2023-1461.yaml - data/reports/GO-2023-1462.yaml - data/reports/GO-2023-1463.yaml - data/reports/GO-2023-1465.yaml - data/reports/GO-2023-1468.yaml - data/reports/GO-2023-1469.yaml - data/reports/GO-2023-1471.yaml - data/reports/GO-2023-1492.yaml - data/reports/GO-2023-1502.yaml - data/reports/GO-2023-1504.yaml - data/reports/GO-2023-1509.yaml Updates #1270 Updates #1283 Updates #1285 Updates #1291 Updates #1292 Updates #1294 Updates #1377 Updates #1388 Updates #1449 Updates #1461 Updates #1462 Updates #1463 Updates #1465 Updates #1468 Updates #1469 Updates #1471 Updates #1492 Updates #1502 Updates #1504 Updates #1509 Change-Id: Ic7939af0290afe43600530ce10f5af9f2a0f7408 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606781 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
golang · Aug 20, 2024 · 1761aab · 1761aab
1 parent d50389d
commit 1761aab
Show file tree

Hide file tree

Showing 60 changed files with 1,619 additions and 158 deletions.
diff --git a/data/excluded/GO-2023-1270.yaml b/data/excluded/GO-2023-1270.yaml
diff --git a/data/excluded/GO-2023-1283.yaml b/data/excluded/GO-2023-1283.yaml
diff --git a/data/excluded/GO-2023-1285.yaml b/data/excluded/GO-2023-1285.yaml
diff --git a/data/excluded/GO-2023-1291.yaml b/data/excluded/GO-2023-1291.yaml
diff --git a/data/excluded/GO-2023-1292.yaml b/data/excluded/GO-2023-1292.yaml
diff --git a/data/excluded/GO-2023-1294.yaml b/data/excluded/GO-2023-1294.yaml
diff --git a/data/excluded/GO-2023-1377.yaml b/data/excluded/GO-2023-1377.yaml
diff --git a/data/excluded/GO-2023-1388.yaml b/data/excluded/GO-2023-1388.yaml
diff --git a/data/excluded/GO-2023-1449.yaml b/data/excluded/GO-2023-1449.yaml
diff --git a/data/excluded/GO-2023-1461.yaml b/data/excluded/GO-2023-1461.yaml
diff --git a/data/excluded/GO-2023-1462.yaml b/data/excluded/GO-2023-1462.yaml
diff --git a/data/excluded/GO-2023-1463.yaml b/data/excluded/GO-2023-1463.yaml
diff --git a/data/excluded/GO-2023-1465.yaml b/data/excluded/GO-2023-1465.yaml
diff --git a/data/excluded/GO-2023-1468.yaml b/data/excluded/GO-2023-1468.yaml
diff --git a/data/excluded/GO-2023-1469.yaml b/data/excluded/GO-2023-1469.yaml
diff --git a/data/excluded/GO-2023-1471.yaml b/data/excluded/GO-2023-1471.yaml
diff --git a/data/excluded/GO-2023-1492.yaml b/data/excluded/GO-2023-1492.yaml
diff --git a/data/excluded/GO-2023-1502.yaml b/data/excluded/GO-2023-1502.yaml
diff --git a/data/excluded/GO-2023-1504.yaml b/data/excluded/GO-2023-1504.yaml
diff --git a/data/excluded/GO-2023-1509.yaml b/data/excluded/GO-2023-1509.yaml
diff --git a/data/osv/GO-2023-1270.json b/data/osv/GO-2023-1270.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-1270",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-4863",
+    "GHSA-6whj-8g9g-5jvx"
+  ],
+  "summary": "usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos",
+  "details": "usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/usememos/memos",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.9.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-6whj-8g9g-5jvx"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4863"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-1270",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2023-1283.json b/data/osv/GO-2023-1283.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-1283",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-22463",
+    "GHSA-vjhf-8vqx-vqpq"
+  ],
+  "summary": "KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys in github.com/KubeOperator/kubepi",
+  "details": "KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys in github.com/KubeOperator/kubepi",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/KubeOperator/kubepi",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.6.3"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/KubeOperator/KubePi/security/advisories/GHSA-vjhf-8vqx-vqpq"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22463"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/KubeOperator/KubePi/blob/da784f5532ea2495b92708cacb32703bff3a45a3/internal/api/v1/session/session.go#L35"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/KubeOperator/KubePi/commit/3be58b8df5bc05d2343c30371dd5fcf6a9fbbf8b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/KubeOperator/KubePi/releases/tag/v1.6.3"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-1283",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2023-1285.json b/data/osv/GO-2023-1285.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-1285",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-4851",
+    "GHSA-42q2-m54f-jh95"
+  ],
+  "summary": "sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos",
+  "details": "sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/usememos/memos",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.9.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-42q2-m54f-jh95"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4851"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-1285",
+    "review_status": "UNREVIEWED"
+  }
+}