-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- data/reports/GO-2024-3184.yaml - data/reports/GO-2024-3185.yaml - data/reports/GO-2024-3186.yaml - data/reports/GO-2024-3188.yaml - data/reports/GO-2024-3190.yaml - data/reports/GO-2024-3191.yaml Fixes #3184 Fixes #3185 Fixes #3186 Fixes #3188 Fixes #3190 Fixes #3191 Change-Id: I5f0ad208f0a7e8bebe71f9b15ff38ebc852b783e Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/619696 Auto-Submit: Maceo Thompson <maceothompson@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
- Loading branch information
Showing
12 changed files
with
468 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3184", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-36814", | ||
"GHSA-9cp9-8gw2-8v7m" | ||
], | ||
"summary": "Adguard Home arbitrary file read vulnerability in github.com/AdguardTeam/AdGuardHome", | ||
"details": "Adguard Home arbitrary file read vulnerability in github.com/AdguardTeam/AdGuardHome", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/AdguardTeam/AdGuardHome", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "0.107.53" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-9cp9-8gw2-8v7m" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36814" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/AdguardTeam/AdGuardHome/commit/e8fd4b187287a562cbe9018999e5ea576b4c7d68" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/AdguardTeam/AdGuardHome/blob/7c002e1a99b9b4e4a40e8c66851eda33e666d52d/internal/filtering/http.go#L23C1-L51C2" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.53" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/itz-d0dgy" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://happy-little-accidents.pages.dev/posts/CVE-2024-36814" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3184", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3185", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-47832" | ||
], | ||
"summary": "XML Signature Bypass via differential XML parsing in ssoready in github.com/ssoready/ssoready", | ||
"details": "XML Signature Bypass via differential XML parsing in ssoready in github.com/ssoready/ssoready", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/ssoready/ssoready", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47832" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/ssoready/ssoready/commit/7f92a0630439972fcbefa8c7eafe8c144bd89915" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/ssoready/ssoready/security/advisories/GHSA-j2hr-q93x-gxvh" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://ssoready.com/docs/self-hosting/self-hosting-sso-ready" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3185", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3186", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-9675", | ||
"GHSA-586p-749j-fhwp" | ||
], | ||
"summary": "Buildah allows arbitrary directory mount in github.com/containers/buildah", | ||
"details": "Buildah allows arbitrary directory mount in github.com/containers/buildah", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/containers/buildah", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-586p-749j-fhwp" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9675" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://access.redhat.com/security/cve/CVE-2024-9675" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317458" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3186", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3188", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-9312", | ||
"GHSA-4gfw-wf7c-w6g2" | ||
], | ||
"summary": "Authd allows attacker-controlled usernames to yield controllable UIDs in github.com/ubuntu/authd", | ||
"details": "Authd allows attacker-controlled usernames to yield controllable UIDs in github.com/ubuntu/authd", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/ubuntu/authd", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9312" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9312" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3188", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3190", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-47067", | ||
"GHSA-8pph-gfhp-w226" | ||
], | ||
"summary": "Alist reflected Cross-Site Scripting vulnerability in github.com/alist-org/alist", | ||
"details": "Alist reflected Cross-Site Scripting vulnerability in github.com/alist-org/alist", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/alist-org/alist", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
}, | ||
{ | ||
"package": { | ||
"name": "github.com/alist-org/alist/v3", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "3.29.0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-8pph-gfhp-w226" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47067" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://securitylab.github.com/advisories/GHSL-2023-220_Alist" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/alist-org/alist/commit/6100647310594868e931f3de1188ddd8bde93b78" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3190", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3191", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-9180", | ||
"GHSA-rr8j-7w34-xp5j" | ||
], | ||
"summary": "Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault", | ||
"details": "Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/hashicorp/vault", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "1.18.0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-rr8j-7w34-xp5j" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9180" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3191", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
id: GO-2024-3184 | ||
modules: | ||
- module: github.com/AdguardTeam/AdGuardHome | ||
versions: | ||
- fixed: 0.107.53 | ||
vulnerable_at: 0.107.52 | ||
summary: Adguard Home arbitrary file read vulnerability in github.com/AdguardTeam/AdGuardHome | ||
cves: | ||
- CVE-2024-36814 | ||
ghsas: | ||
- GHSA-9cp9-8gw2-8v7m | ||
references: | ||
- advisory: https://github.com/advisories/GHSA-9cp9-8gw2-8v7m | ||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-36814 | ||
- fix: https://github.com/AdguardTeam/AdGuardHome/commit/e8fd4b187287a562cbe9018999e5ea576b4c7d68 | ||
- web: https://github.com/AdguardTeam/AdGuardHome/blob/7c002e1a99b9b4e4a40e8c66851eda33e666d52d/internal/filtering/http.go#L23C1-L51C2 | ||
- web: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.53 | ||
- web: https://github.com/itz-d0dgy | ||
- web: https://happy-little-accidents.pages.dev/posts/CVE-2024-36814 | ||
source: | ||
id: GHSA-9cp9-8gw2-8v7m | ||
created: 2024-10-11T10:16:23.951474-04:00 | ||
review_status: UNREVIEWED |
Oops, something went wrong.