diff --git a/data/osv/GO-2024-3005.json b/data/osv/GO-2024-3005.json new file mode 100644 index 00000000..d5d9a197 --- /dev/null +++ b/data/osv/GO-2024-3005.json @@ -0,0 +1,279 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-3005", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-41110" + ], + "summary": "Moby authz zero length regression in github.com/moby/moby", + "details": "Moby authz zero length regression in github.com/moby/moby", + "affected": [ + { + "package": { + "name": "github.com/moby/moby", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "20.10.0+incompatible" + }, + { + "fixed": "25.0.6+incompatible" + }, + { + "introduced": "26.0.0+incompatible" + }, + { + "fixed": "26.1.5+incompatible" + }, + { + "introduced": "27.0.0+incompatible" + }, + { + "fixed": "27.1.1+incompatible" + } + ] + } + ], + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/moby/moby/pkg/authorization", + "symbols": [ + "Ctx.AuthZRequest", + "Ctx.AuthZResponse", + "sendBody" + ] + } + ], + "custom_ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "19.0.0" + }, + { + "fixed": "19.03.16" + }, + { + "introduced": "23.0.0" + }, + { + "fixed": "23.0.15" + }, + { + "introduced": "24.0.0" + }, + { + "fixed": "24.0.10" + }, + { + "introduced": "20.0.0" + }, + { + "fixed": "20.10.28" + }, + { + "introduced": "25.0.0" + }, + { + "fixed": "25.0.6" + }, + { + "introduced": "26.0.0" + }, + { + "fixed": "26.0.3" + }, + { + "introduced": "26.1.0" + }, + { + "fixed": "26.1.15" + }, + { + "introduced": "27.0.0" + }, + { + "fixed": "27.0.4" + }, + { + "introduced": "27.1.0" + }, + { + "fixed": "27.1.1" + } + ] + } + ] + } + }, + { + "package": { + "name": "github.com/docker/docker", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "20.10.0+incompatible" + }, + { + "fixed": "25.0.6+incompatible" + }, + { + "introduced": "26.0.0+incompatible" + }, + { + "fixed": "26.1.5+incompatible" + }, + { + "introduced": "27.0.0+incompatible" + }, + { + "fixed": "27.1.1+incompatible" + } + ] + } + ], + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/docker/docker/pkg/authorization", + "symbols": [ + "Ctx.AuthZRequest", + "Ctx.AuthZResponse", + "sendBody" + ] + } + ], + "custom_ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "19.0.0" + }, + { + "fixed": "19.03.16" + }, + { + "introduced": "23.0.0" + }, + { + "fixed": "23.0.15" + }, + { + "introduced": "24.0.0" + }, + { + "fixed": "24.0.10" + }, + { + "introduced": "20.0.0" + }, + { + "fixed": "20.10.28" + }, + { + "introduced": "25.0.0" + }, + { + "fixed": "25.0.6" + }, + { + "introduced": "26.0.0" + }, + { + "fixed": "26.0.3" + }, + { + "introduced": "26.1.0" + }, + { + "fixed": "26.1.15" + }, + { + "introduced": "27.0.0" + }, + { + "fixed": "27.0.4" + }, + { + "introduced": "27.1.0" + }, + { + "fixed": "27.1.1" + } + ] + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110" + }, + { + "type": "FIX", + "url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191" + }, + { + "type": "FIX", + "url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76" + }, + { + "type": "FIX", + "url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919" + }, + { + "type": "FIX", + "url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b" + }, + { + "type": "FIX", + "url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0" + }, + { + "type": "FIX", + "url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1" + }, + { + "type": "FIX", + "url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00" + }, + { + "type": "FIX", + "url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f" + }, + { + "type": "FIX", + "url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801" + }, + { + "type": "FIX", + "url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq" + }, + { + "type": "WEB", + "url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-3005", + "review_status": "REVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2024-3005.yaml b/data/reports/GO-2024-3005.yaml new file mode 100644 index 00000000..dc6ce41c --- /dev/null +++ b/data/reports/GO-2024-3005.yaml @@ -0,0 +1,93 @@ +id: GO-2024-3005 +modules: + - module: github.com/moby/moby + versions: + - introduced: 20.10.0+incompatible + - fixed: 25.0.6+incompatible + - introduced: 26.0.0+incompatible + - fixed: 26.1.5+incompatible + - introduced: 27.0.0+incompatible + - fixed: 27.1.1+incompatible + non_go_versions: + - introduced: 19.0.0 + - fixed: 19.03.16 + - introduced: 23.0.0 + - fixed: 23.0.15 + - introduced: 24.0.0 + - fixed: 24.0.10 + - introduced: 20.0.0 + - fixed: 20.10.28 + - introduced: 25.0.0 + - fixed: 25.0.6 + - introduced: 26.0.0 + - fixed: 26.0.3 + - introduced: 26.1.0 + - fixed: 26.1.15 + - introduced: 27.0.0 + - fixed: 27.0.4 + - introduced: 27.1.0 + - fixed: 27.1.1 + vulnerable_at: 27.1.0+incompatible + packages: + - package: github.com/moby/moby/pkg/authorization + symbols: + - Ctx.AuthZRequest + - sendBody + derived_symbols: + - Ctx.AuthZResponse + - module: github.com/docker/docker + versions: + - introduced: 20.10.0+incompatible + - fixed: 25.0.6+incompatible + - introduced: 26.0.0+incompatible + - fixed: 26.1.5+incompatible + - introduced: 27.0.0+incompatible + - fixed: 27.1.1+incompatible + non_go_versions: + - introduced: 19.0.0 + - fixed: 19.03.16 + - introduced: 23.0.0 + - fixed: 23.0.15 + - introduced: 24.0.0 + - fixed: 24.0.10 + - introduced: 20.0.0 + - fixed: 20.10.28 + - introduced: 25.0.0 + - fixed: 25.0.6 + - introduced: 26.0.0 + - fixed: 26.0.3 + - introduced: 26.1.0 + - fixed: 26.1.15 + - introduced: 27.0.0 + - fixed: 27.0.4 + - introduced: 27.1.0 + - fixed: 27.1.1 + vulnerable_at: 27.1.0+incompatible + packages: + - package: github.com/docker/docker/pkg/authorization + symbols: + - Ctx.AuthZRequest + - sendBody + derived_symbols: + - Ctx.AuthZResponse +summary: Moby authz zero length regression in github.com/moby/moby +cves: + - CVE-2024-41110 +references: + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41110 + - fix: https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 + - fix: https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 + - fix: https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 + - fix: https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b + - fix: https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 + - fix: https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 + - fix: https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 + - fix: https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f + - fix: https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 + - fix: https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb + - web: https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq + - web: https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin +source: + id: CVE-2024-41110 + created: 2024-07-29T10:49:08.963064-04:00 +review_status: REVIEWED