From f2aa41170f0756613e27e003b90d0d1b78472253 Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Tue, 20 Aug 2024 12:48:57 -0400 Subject: [PATCH] data/reports: unexclude 20 reports (3) - data/reports/GO-2023-1590.yaml - data/reports/GO-2023-1592.yaml - data/reports/GO-2023-1596.yaml - data/reports/GO-2023-1607.yaml - data/reports/GO-2023-1612.yaml - data/reports/GO-2023-1613.yaml - data/reports/GO-2023-1614.yaml - data/reports/GO-2023-1615.yaml - data/reports/GO-2023-1616.yaml - data/reports/GO-2023-1617.yaml - data/reports/GO-2023-1618.yaml - data/reports/GO-2023-1619.yaml - data/reports/GO-2023-1620.yaml - data/reports/GO-2023-1622.yaml - data/reports/GO-2023-1627.yaml - data/reports/GO-2023-1628.yaml - data/reports/GO-2023-1629.yaml - data/reports/GO-2023-1630.yaml - data/reports/GO-2023-1633.yaml - data/reports/GO-2023-1639.yaml Updates golang/vulndb#1590 Updates golang/vulndb#1592 Updates golang/vulndb#1596 Updates golang/vulndb#1607 Updates golang/vulndb#1612 Updates golang/vulndb#1613 Updates golang/vulndb#1614 Updates golang/vulndb#1615 Updates golang/vulndb#1616 Updates golang/vulndb#1617 Updates golang/vulndb#1618 Updates golang/vulndb#1619 Updates golang/vulndb#1620 Updates golang/vulndb#1622 Updates golang/vulndb#1627 Updates golang/vulndb#1628 Updates golang/vulndb#1629 Updates golang/vulndb#1630 Updates golang/vulndb#1633 Updates golang/vulndb#1639 Change-Id: I2441a82107b88955ddb98c7d3c55b7b2fe3e3aa7 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606783 LUCI-TryBot-Result: Go LUCI Reviewed-by: Damien Neil Auto-Submit: Tatiana Bradley --- data/excluded/GO-2023-1590.yaml | 8 --- data/excluded/GO-2023-1592.yaml | 8 --- data/excluded/GO-2023-1596.yaml | 8 --- data/excluded/GO-2023-1607.yaml | 6 -- data/excluded/GO-2023-1612.yaml | 8 --- data/excluded/GO-2023-1613.yaml | 8 --- data/excluded/GO-2023-1614.yaml | 8 --- data/excluded/GO-2023-1615.yaml | 8 --- data/excluded/GO-2023-1616.yaml | 8 --- data/excluded/GO-2023-1617.yaml | 8 --- data/excluded/GO-2023-1618.yaml | 8 --- data/excluded/GO-2023-1619.yaml | 8 --- data/excluded/GO-2023-1620.yaml | 8 --- data/excluded/GO-2023-1622.yaml | 6 -- data/excluded/GO-2023-1627.yaml | 8 --- data/excluded/GO-2023-1628.yaml | 8 --- data/excluded/GO-2023-1629.yaml | 8 --- data/excluded/GO-2023-1630.yaml | 8 --- data/excluded/GO-2023-1633.yaml | 8 --- data/excluded/GO-2023-1639.yaml | 8 --- data/osv/GO-2023-1590.json | 64 ++++++++++++++++++ data/osv/GO-2023-1592.json | 56 ++++++++++++++++ data/osv/GO-2023-1596.json | 64 ++++++++++++++++++ data/osv/GO-2023-1607.json | 67 +++++++++++++++++++ data/osv/GO-2023-1612.json | 56 ++++++++++++++++ data/osv/GO-2023-1613.json | 56 ++++++++++++++++ data/osv/GO-2023-1614.json | 56 ++++++++++++++++ data/osv/GO-2023-1615.json | 56 ++++++++++++++++ data/osv/GO-2023-1616.json | 56 ++++++++++++++++ data/osv/GO-2023-1617.json | 56 ++++++++++++++++ data/osv/GO-2023-1618.json | 56 ++++++++++++++++ data/osv/GO-2023-1619.json | 56 ++++++++++++++++ data/osv/GO-2023-1620.json | 56 ++++++++++++++++ data/osv/GO-2023-1622.json | 64 ++++++++++++++++++ data/osv/GO-2023-1627.json | 112 ++++++++++++++++++++++++++++++++ data/osv/GO-2023-1628.json | 78 ++++++++++++++++++++++ data/osv/GO-2023-1629.json | 78 ++++++++++++++++++++++ data/osv/GO-2023-1630.json | 60 +++++++++++++++++ data/osv/GO-2023-1633.json | 52 +++++++++++++++ data/osv/GO-2023-1639.json | 64 ++++++++++++++++++ data/reports/GO-2023-1590.yaml | 24 +++++++ data/reports/GO-2023-1592.yaml | 21 ++++++ data/reports/GO-2023-1596.yaml | 23 +++++++ data/reports/GO-2023-1607.yaml | 23 +++++++ data/reports/GO-2023-1612.yaml | 21 ++++++ data/reports/GO-2023-1613.yaml | 21 ++++++ data/reports/GO-2023-1614.yaml | 21 ++++++ data/reports/GO-2023-1615.yaml | 21 ++++++ data/reports/GO-2023-1616.yaml | 21 ++++++ data/reports/GO-2023-1617.yaml | 21 ++++++ data/reports/GO-2023-1618.yaml | 21 ++++++ data/reports/GO-2023-1619.yaml | 21 ++++++ data/reports/GO-2023-1620.yaml | 21 ++++++ data/reports/GO-2023-1622.yaml | 19 ++++++ data/reports/GO-2023-1627.yaml | 36 ++++++++++ data/reports/GO-2023-1628.yaml | 29 +++++++++ data/reports/GO-2023-1629.yaml | 29 +++++++++ data/reports/GO-2023-1630.yaml | 23 +++++++ data/reports/GO-2023-1633.yaml | 21 ++++++ data/reports/GO-2023-1639.yaml | 26 ++++++++ 60 files changed, 1726 insertions(+), 156 deletions(-) delete mode 100644 data/excluded/GO-2023-1590.yaml delete mode 100644 data/excluded/GO-2023-1592.yaml delete mode 100644 data/excluded/GO-2023-1596.yaml delete mode 100644 data/excluded/GO-2023-1607.yaml delete mode 100644 data/excluded/GO-2023-1612.yaml delete mode 100644 data/excluded/GO-2023-1613.yaml delete mode 100644 data/excluded/GO-2023-1614.yaml delete mode 100644 data/excluded/GO-2023-1615.yaml delete mode 100644 data/excluded/GO-2023-1616.yaml delete mode 100644 data/excluded/GO-2023-1617.yaml delete mode 100644 data/excluded/GO-2023-1618.yaml delete mode 100644 data/excluded/GO-2023-1619.yaml delete mode 100644 data/excluded/GO-2023-1620.yaml delete mode 100644 data/excluded/GO-2023-1622.yaml delete mode 100644 data/excluded/GO-2023-1627.yaml delete mode 100644 data/excluded/GO-2023-1628.yaml delete mode 100644 data/excluded/GO-2023-1629.yaml delete mode 100644 data/excluded/GO-2023-1630.yaml delete mode 100644 data/excluded/GO-2023-1633.yaml delete mode 100644 data/excluded/GO-2023-1639.yaml create mode 100644 data/osv/GO-2023-1590.json create mode 100644 data/osv/GO-2023-1592.json create mode 100644 data/osv/GO-2023-1596.json create mode 100644 data/osv/GO-2023-1607.json create mode 100644 data/osv/GO-2023-1612.json create mode 100644 data/osv/GO-2023-1613.json create mode 100644 data/osv/GO-2023-1614.json create mode 100644 data/osv/GO-2023-1615.json create mode 100644 data/osv/GO-2023-1616.json create mode 100644 data/osv/GO-2023-1617.json create mode 100644 data/osv/GO-2023-1618.json create mode 100644 data/osv/GO-2023-1619.json create mode 100644 data/osv/GO-2023-1620.json create mode 100644 data/osv/GO-2023-1622.json create mode 100644 data/osv/GO-2023-1627.json create mode 100644 data/osv/GO-2023-1628.json create mode 100644 data/osv/GO-2023-1629.json create mode 100644 data/osv/GO-2023-1630.json create mode 100644 data/osv/GO-2023-1633.json create mode 100644 data/osv/GO-2023-1639.json create mode 100644 data/reports/GO-2023-1590.yaml create mode 100644 data/reports/GO-2023-1592.yaml create mode 100644 data/reports/GO-2023-1596.yaml create mode 100644 data/reports/GO-2023-1607.yaml create mode 100644 data/reports/GO-2023-1612.yaml create mode 100644 data/reports/GO-2023-1613.yaml create mode 100644 data/reports/GO-2023-1614.yaml create mode 100644 data/reports/GO-2023-1615.yaml create mode 100644 data/reports/GO-2023-1616.yaml create mode 100644 data/reports/GO-2023-1617.yaml create mode 100644 data/reports/GO-2023-1618.yaml create mode 100644 data/reports/GO-2023-1619.yaml create mode 100644 data/reports/GO-2023-1620.yaml create mode 100644 data/reports/GO-2023-1622.yaml create mode 100644 data/reports/GO-2023-1627.yaml create mode 100644 data/reports/GO-2023-1628.yaml create mode 100644 data/reports/GO-2023-1629.yaml create mode 100644 data/reports/GO-2023-1630.yaml create mode 100644 data/reports/GO-2023-1633.yaml create mode 100644 data/reports/GO-2023-1639.yaml diff --git a/data/excluded/GO-2023-1590.yaml b/data/excluded/GO-2023-1590.yaml deleted file mode 100644 index b031f31a..00000000 --- a/data/excluded/GO-2023-1590.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1590 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/gopistolet/gopistolet -cves: - - CVE-2015-10085 -ghsas: - - GHSA-wr8h-w969-36m8 diff --git a/data/excluded/GO-2023-1592.yaml b/data/excluded/GO-2023-1592.yaml deleted file mode 100644 index bb977039..00000000 --- a/data/excluded/GO-2023-1592.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1592 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-0934 -ghsas: - - GHSA-6cvf-m58q-h9wf diff --git a/data/excluded/GO-2023-1596.yaml b/data/excluded/GO-2023-1596.yaml deleted file mode 100644 index daf23dca..00000000 --- a/data/excluded/GO-2023-1596.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1596 -excluded: NOT_IMPORTABLE -modules: - - module: gogs.io/gogs -cves: - - CVE-2022-2024 -ghsas: - - GHSA-pfvh-p8qp-9ww9 diff --git a/data/excluded/GO-2023-1607.yaml b/data/excluded/GO-2023-1607.yaml deleted file mode 100644 index 3e30d216..00000000 --- a/data/excluded/GO-2023-1607.yaml +++ /dev/null @@ -1,6 +0,0 @@ -id: GO-2023-1607 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/fkie-cad/yapscan -ghsas: - - GHSA-wxwq-525w-hcqx diff --git a/data/excluded/GO-2023-1612.yaml b/data/excluded/GO-2023-1612.yaml deleted file mode 100644 index c0f89b1a..00000000 --- a/data/excluded/GO-2023-1612.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1612 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1245 -ghsas: - - GHSA-6c32-3x46-m9rh diff --git a/data/excluded/GO-2023-1613.yaml b/data/excluded/GO-2023-1613.yaml deleted file mode 100644 index 35d27a53..00000000 --- a/data/excluded/GO-2023-1613.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1613 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1240 -ghsas: - - GHSA-55vm-3vq3-4jpc diff --git a/data/excluded/GO-2023-1614.yaml b/data/excluded/GO-2023-1614.yaml deleted file mode 100644 index fdd9a28f..00000000 --- a/data/excluded/GO-2023-1614.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1614 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1238 -ghsas: - - GHSA-5w78-v688-cx9q diff --git a/data/excluded/GO-2023-1615.yaml b/data/excluded/GO-2023-1615.yaml deleted file mode 100644 index 2eeb1641..00000000 --- a/data/excluded/GO-2023-1615.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1615 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1243 -ghsas: - - GHSA-8jh8-33f5-cgfp diff --git a/data/excluded/GO-2023-1616.yaml b/data/excluded/GO-2023-1616.yaml deleted file mode 100644 index 618eb210..00000000 --- a/data/excluded/GO-2023-1616.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1616 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1237 -ghsas: - - GHSA-9v4v-9fj5-p982 diff --git a/data/excluded/GO-2023-1617.yaml b/data/excluded/GO-2023-1617.yaml deleted file mode 100644 index 40d232ea..00000000 --- a/data/excluded/GO-2023-1617.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1617 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1241 -ghsas: - - GHSA-ff27-hrmr-ggpj diff --git a/data/excluded/GO-2023-1618.yaml b/data/excluded/GO-2023-1618.yaml deleted file mode 100644 index e8185818..00000000 --- a/data/excluded/GO-2023-1618.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1618 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1244 -ghsas: - - GHSA-h85v-cx5m-78wj diff --git a/data/excluded/GO-2023-1619.yaml b/data/excluded/GO-2023-1619.yaml deleted file mode 100644 index 17c55824..00000000 --- a/data/excluded/GO-2023-1619.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1619 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1242 -ghsas: - - GHSA-qrwm-xqfr-4vhv diff --git a/data/excluded/GO-2023-1620.yaml b/data/excluded/GO-2023-1620.yaml deleted file mode 100644 index 903f4f12..00000000 --- a/data/excluded/GO-2023-1620.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1620 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1239 -ghsas: - - GHSA-vxhr-p2vp-7gf8 diff --git a/data/excluded/GO-2023-1622.yaml b/data/excluded/GO-2023-1622.yaml deleted file mode 100644 index 328f2bfc..00000000 --- a/data/excluded/GO-2023-1622.yaml +++ /dev/null @@ -1,6 +0,0 @@ -id: GO-2023-1622 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/edgelesssys/constellation/v2 -ghsas: - - GHSA-6w5f-5wgr-qjg5 diff --git a/data/excluded/GO-2023-1627.yaml b/data/excluded/GO-2023-1627.yaml deleted file mode 100644 index 7bc2d5d0..00000000 --- a/data/excluded/GO-2023-1627.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1627 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/opencontainers/runc -cves: - - CVE-2023-27561 -ghsas: - - GHSA-vpvm-3wq2-2wvm diff --git a/data/excluded/GO-2023-1628.yaml b/data/excluded/GO-2023-1628.yaml deleted file mode 100644 index d04f0f01..00000000 --- a/data/excluded/GO-2023-1628.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1628 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/kubernetes/kubernetes -cves: - - CVE-2022-3162 -ghsas: - - GHSA-2394-5535-8j88 diff --git a/data/excluded/GO-2023-1629.yaml b/data/excluded/GO-2023-1629.yaml deleted file mode 100644 index 333202f0..00000000 --- a/data/excluded/GO-2023-1629.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1629 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/kubernetes/kubernetes -cves: - - CVE-2022-3294 -ghsas: - - GHSA-jh36-q97c-9928 diff --git a/data/excluded/GO-2023-1630.yaml b/data/excluded/GO-2023-1630.yaml deleted file mode 100644 index 8badd27b..00000000 --- a/data/excluded/GO-2023-1630.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1630 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/foxcpp/maddy -cves: - - CVE-2023-27582 -ghsas: - - GHSA-4g76-w3xw-2x6w diff --git a/data/excluded/GO-2023-1633.yaml b/data/excluded/GO-2023-1633.yaml deleted file mode 100644 index bab95657..00000000 --- a/data/excluded/GO-2023-1633.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1633 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/nomad -cves: - - CVE-2023-1299 -ghsas: - - GHSA-rqm8-q8j9-662f diff --git a/data/excluded/GO-2023-1639.yaml b/data/excluded/GO-2023-1639.yaml deleted file mode 100644 index eb98fc16..00000000 --- a/data/excluded/GO-2023-1639.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1639 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/consul -cves: - - CVE-2023-0845 -ghsas: - - GHSA-wj6x-hcc2-f32j diff --git a/data/osv/GO-2023-1590.json b/data/osv/GO-2023-1590.json new file mode 100644 index 00000000..9b3dadc3 --- /dev/null +++ b/data/osv/GO-2023-1590.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1590", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2015-10085", + "GHSA-wr8h-w969-36m8" + ], + "summary": "GoPistolet vulnerable to Improper Resource Shutdown or Release in github.com/gopistolet/gopistolet", + "details": "GoPistolet vulnerable to Improper Resource Shutdown or Release in github.com/gopistolet/gopistolet", + "affected": [ + { + "package": { + "name": "github.com/gopistolet/gopistolet", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.0.0-20210418093520-a5395f728f8d" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wr8h-w969-36m8" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-10085" + }, + { + "type": "FIX", + "url": "https://github.com/gopistolet/gopistolet/commit/b91aa4674d460993765884e8463c70e6d886bc90" + }, + { + "type": "FIX", + "url": "https://github.com/gopistolet/gopistolet/pull/27" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.221506" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.221506" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1590", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1592.json b/data/osv/GO-2023-1592.json new file mode 100644 index 00000000..75b41f9c --- /dev/null +++ b/data/osv/GO-2023-1592.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1592", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0934", + "GHSA-6cvf-m58q-h9wf" + ], + "summary": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-6cvf-m58q-h9wf" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0934" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/edc06942d51fa8e56a134c5c7e5c8826d9260da0" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/cd213098-5bab-487f-82c7-13698ad43b51" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1592", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1596.json b/data/osv/GO-2023-1596.json new file mode 100644 index 00000000..c64e4700 --- /dev/null +++ b/data/osv/GO-2023-1596.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1596", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-2024", + "GHSA-pfvh-p8qp-9ww9" + ], + "summary": "Gogs OS Command Injection vulnerability in gogs.io/gogs", + "details": "Gogs OS Command Injection vulnerability in gogs.io/gogs", + "affected": [ + { + "package": { + "name": "gogs.io/gogs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.12.11" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gogs/gogs/security/advisories/GHSA-pfvh-p8qp-9ww9" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2024" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/issues/7030" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1596", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1607.json b/data/osv/GO-2023-1607.json new file mode 100644 index 00000000..5c7cf4dd --- /dev/null +++ b/data/osv/GO-2023-1607.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1607", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-wxwq-525w-hcqx" + ], + "summary": "Yapscan Denial of Service vulnerability in report server in github.com/fkie-cad/yapscan", + "details": "Yapscan Denial of Service vulnerability in report server in github.com/fkie-cad/yapscan", + "affected": [ + { + "package": { + "name": "github.com/fkie-cad/yapscan", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.18.0" + }, + { + "fixed": "0.19.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/fkie-cad/yapscan/security/advisories/GHSA-wxwq-525w-hcqx" + }, + { + "type": "FIX", + "url": "https://github.com/fkie-cad/yapscan/commit/242b4b25b107deacddd4ca276b45d23e16bb3b88" + }, + { + "type": "FIX", + "url": "https://github.com/fkie-cad/yapscan/commit/65f277662c6475eb3f592e0e4fdfee902ecd9326" + }, + { + "type": "FIX", + "url": "https://github.com/fkie-cad/yapscan/pull/46" + }, + { + "type": "WEB", + "url": "https://github.com/advisories/GHSA-69cg-p879-7622" + }, + { + "type": "WEB", + "url": "https://github.com/advisories/GHSA-ppp9-7jff-5vj2" + }, + { + "type": "WEB", + "url": "https://github.com/fkie-cad/yapscan/releases/tag/v0.19.2" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1607", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1612.json b/data/osv/GO-2023-1612.json new file mode 100644 index 00000000..cd446cc2 --- /dev/null +++ b/data/osv/GO-2023-1612.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1612", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1245", + "GHSA-6c32-3x46-m9rh" + ], + "summary": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-6c32-3x46-m9rh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1245" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/71a4cdac81112975969129d308899edd155c0e80" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/f8011bb3-8212-4937-aa58-79f4b73be004" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1612", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1613.json b/data/osv/GO-2023-1613.json new file mode 100644 index 00000000..7b8f4415 --- /dev/null +++ b/data/osv/GO-2023-1613.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1613", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1240", + "GHSA-55vm-3vq3-4jpc" + ], + "summary": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-55vm-3vq3-4jpc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1240" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/90bfa0dcc7b49482f1d1e31aee3ab073f3c13dd9" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/a24f57a4-22e3-4a17-8227-6a410a11498a" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1613", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1614.json b/data/osv/GO-2023-1614.json new file mode 100644 index 00000000..e5e856dd --- /dev/null +++ b/data/osv/GO-2023-1614.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1614", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1238", + "GHSA-5w78-v688-cx9q" + ], + "summary": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-5w78-v688-cx9q" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1238" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/0566894a2c0e13cf07d877f41467e2e21529fee8" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/52f97267-1439-4bb6-862b-89b8fafce50d" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1614", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1615.json b/data/osv/GO-2023-1615.json new file mode 100644 index 00000000..7e1793e1 --- /dev/null +++ b/data/osv/GO-2023-1615.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1615", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1243", + "GHSA-8jh8-33f5-cgfp" + ], + "summary": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-8jh8-33f5-cgfp" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1243" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/9870ed87fb24ed468aaf1e169c2d028e0f375106" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/1d62d35a-b096-4b76-a021-347c3f1c570c" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1615", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1616.json b/data/osv/GO-2023-1616.json new file mode 100644 index 00000000..dade4180 --- /dev/null +++ b/data/osv/GO-2023-1616.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1616", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1237", + "GHSA-9v4v-9fj5-p982" + ], + "summary": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-9v4v-9fj5-p982" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1237" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/0566894a2c0e13cf07d877f41467e2e21529fee8" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/cc2aa618-05da-495d-a5cd-51c40557d481" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1616", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1617.json b/data/osv/GO-2023-1617.json new file mode 100644 index 00000000..4c1f0051 --- /dev/null +++ b/data/osv/GO-2023-1617.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1617", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1241", + "GHSA-ff27-hrmr-ggpj" + ], + "summary": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-ff27-hrmr-ggpj" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1241" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/90bfa0dcc7b49482f1d1e31aee3ab073f3c13dd9" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/e0e9b1bb-3025-4b9f-acb4-16a5da28aa3c" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1617", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1618.json b/data/osv/GO-2023-1618.json new file mode 100644 index 00000000..ca401dbc --- /dev/null +++ b/data/osv/GO-2023-1618.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1618", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1244", + "GHSA-h85v-cx5m-78wj" + ], + "summary": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-h85v-cx5m-78wj" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1244" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/9870ed87fb24ed468aaf1e169c2d028e0f375106" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/bcab9555-8a35-42b2-a7de-0a79fd710b52" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1618", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1619.json b/data/osv/GO-2023-1619.json new file mode 100644 index 00000000..c1fb6333 --- /dev/null +++ b/data/osv/GO-2023-1619.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1619", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1242", + "GHSA-qrwm-xqfr-4vhv" + ], + "summary": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qrwm-xqfr-4vhv" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1242" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/90bfa0dcc7b49482f1d1e31aee3ab073f3c13dd9" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/71c24c5e-ceb2-45cf-bda7-fa195d37e289" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1619", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1620.json b/data/osv/GO-2023-1620.json new file mode 100644 index 00000000..832ace12 --- /dev/null +++ b/data/osv/GO-2023-1620.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1620", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1239", + "GHSA-vxhr-p2vp-7gf8" + ], + "summary": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-vxhr-p2vp-7gf8" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1239" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/9870ed87fb24ed468aaf1e169c2d028e0f375106" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/3a22c609-d2d8-4613-815d-58f5990b8bd8" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1620", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1622.json b/data/osv/GO-2023-1622.json new file mode 100644 index 00000000..ffac9db3 --- /dev/null +++ b/data/osv/GO-2023-1622.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1622", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-6w5f-5wgr-qjg5" + ], + "summary": "Constellation allows Emergency shell access during initramfs boot phase in github.com/edgelesssys/constellation", + "details": "Constellation allows Emergency shell access during initramfs boot phase in github.com/edgelesssys/constellation", + "affected": [ + { + "package": { + "name": "github.com/edgelesssys/constellation", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/edgelesssys/constellation/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.6.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/edgelesssys/constellation/security/advisories/GHSA-6w5f-5wgr-qjg5" + }, + { + "type": "WEB", + "url": "https://github.com/edgelesssys/constellation/releases/tag/v2.6.0" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1622", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1627.json b/data/osv/GO-2023-1627.json new file mode 100644 index 00000000..bfffc6df --- /dev/null +++ b/data/osv/GO-2023-1627.json @@ -0,0 +1,112 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1627", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-27561", + "GHSA-vpvm-3wq2-2wvm" + ], + "summary": "Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc", + "details": "Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc", + "affected": [ + { + "package": { + "name": "github.com/opencontainers/runc", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.0.0-rc95" + }, + { + "fixed": "1.1.5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-vpvm-3wq2-2wvm" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27561" + }, + { + "type": "FIX", + "url": "https://github.com/opencontainers/runc/pull/3785" + }, + { + "type": "REPORT", + "url": "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334" + }, + { + "type": "REPORT", + "url": "https://github.com/opencontainers/runc/issues/3751" + }, + { + "type": "WEB", + "url": "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9" + }, + { + "type": "WEB", + "url": "https://github.com/opencontainers/runc/releases/tag/v1.1.5" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1627", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1628.json b/data/osv/GO-2023-1628.json new file mode 100644 index 00000000..6e30e92f --- /dev/null +++ b/data/osv/GO-2023-1628.json @@ -0,0 +1,78 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1628", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-3162", + "GHSA-2394-5535-8j88" + ], + "summary": "Kubernetes vulnerable to path traversal in k8s.io/kubernetes", + "details": "Kubernetes vulnerable to path traversal in k8s.io/kubernetes", + "affected": [ + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.22.0" + }, + { + "fixed": "1.22.16" + }, + { + "introduced": "1.23.0" + }, + { + "fixed": "1.23.14" + }, + { + "introduced": "1.24.0" + }, + { + "fixed": "1.24.8" + }, + { + "introduced": "1.25.0" + }, + { + "fixed": "1.25.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-2394-5535-8j88" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3162" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/issues/113756" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20230511-0004" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1628", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1629.json b/data/osv/GO-2023-1629.json new file mode 100644 index 00000000..e38191e3 --- /dev/null +++ b/data/osv/GO-2023-1629.json @@ -0,0 +1,78 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1629", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-3294", + "GHSA-jh36-q97c-9928" + ], + "summary": "Kubernetes vulnerable to validation bypass in k8s.io/kubernetes", + "details": "Kubernetes vulnerable to validation bypass in k8s.io/kubernetes", + "affected": [ + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.22.0" + }, + { + "fixed": "1.22.16" + }, + { + "introduced": "1.23.0" + }, + { + "fixed": "1.23.14" + }, + { + "introduced": "1.24.0" + }, + { + "fixed": "1.24.8" + }, + { + "introduced": "1.25.0" + }, + { + "fixed": "1.25.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-jh36-q97c-9928" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3294" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/issues/113757" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20230505-0007" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1629", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1630.json b/data/osv/GO-2023-1630.json new file mode 100644 index 00000000..c6d72f79 --- /dev/null +++ b/data/osv/GO-2023-1630.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1630", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-27582", + "GHSA-4g76-w3xw-2x6w" + ], + "summary": "Full authentication bypass if SASL authorization username is specified in github.com/foxcpp/maddy", + "details": "Full authentication bypass if SASL authorization username is specified in github.com/foxcpp/maddy", + "affected": [ + { + "package": { + "name": "github.com/foxcpp/maddy", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.2.0" + }, + { + "fixed": "0.6.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-4g76-w3xw-2x6w" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27582" + }, + { + "type": "FIX", + "url": "https://github.com/foxcpp/maddy/commit/55a91a37b71210f34f98f4d327c30308fe24399a" + }, + { + "type": "FIX", + "url": "https://github.com/foxcpp/maddy/commit/9f58cb64b39cdc01928ec463bdb198c4c2313a9c" + }, + { + "type": "WEB", + "url": "https://github.com/foxcpp/maddy/releases/tag/v0.6.3" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1630", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1633.json b/data/osv/GO-2023-1633.json new file mode 100644 index 00000000..24563b40 --- /dev/null +++ b/data/osv/GO-2023-1633.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1633", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1299", + "GHSA-rqm8-q8j9-662f" + ], + "summary": "Nomad Job Submitter Privilege Escalation Using Workload Identity in github.com/hashicorp/nomad", + "details": "Nomad Job Submitter Privilege Escalation Using Workload Identity in github.com/hashicorp/nomad", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/nomad", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.5.0" + }, + { + "fixed": "1.5.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rqm8-q8j9-662f" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1299" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1633", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1639.json b/data/osv/GO-2023-1639.json new file mode 100644 index 00000000..3ba1fa88 --- /dev/null +++ b/data/osv/GO-2023-1639.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1639", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0845", + "GHSA-wj6x-hcc2-f32j" + ], + "summary": "Consul Server Panic when Ingress and API Gateways Configured with Peering Connections in github.com/hashicorp/consul", + "details": "Consul Server Panic when Ingress and API Gateways Configured with Peering Connections in github.com/hashicorp/consul", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/consul", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.14.0" + }, + { + "fixed": "1.14.5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wj6x-hcc2-f32j" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0845" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1639", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2023-1590.yaml b/data/reports/GO-2023-1590.yaml new file mode 100644 index 00000000..7f06d4f0 --- /dev/null +++ b/data/reports/GO-2023-1590.yaml @@ -0,0 +1,24 @@ +id: GO-2023-1590 +modules: + - module: github.com/gopistolet/gopistolet + versions: + - fixed: 0.0.0-20210418093520-a5395f728f8d +summary: GoPistolet vulnerable to Improper Resource Shutdown or Release in github.com/gopistolet/gopistolet +cves: + - CVE-2015-10085 +ghsas: + - GHSA-wr8h-w969-36m8 +references: + - advisory: https://github.com/advisories/GHSA-wr8h-w969-36m8 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2015-10085 + - fix: https://github.com/gopistolet/gopistolet/commit/b91aa4674d460993765884e8463c70e6d886bc90 + - fix: https://github.com/gopistolet/gopistolet/pull/27 + - web: https://vuldb.com/?ctiid.221506 + - web: https://vuldb.com/?id.221506 +notes: + - fix: 'github.com/gopistolet/gopistolet: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version' +source: + id: GHSA-wr8h-w969-36m8 + created: 2024-08-20T11:32:00.231537-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1592.yaml b/data/reports/GO-2023-1592.yaml new file mode 100644 index 00000000..b148ed82 --- /dev/null +++ b/data/reports/GO-2023-1592.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1592 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.5 + vulnerable_at: 1.0.4 +summary: Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-0934 +ghsas: + - GHSA-6cvf-m58q-h9wf +references: + - advisory: https://github.com/advisories/GHSA-6cvf-m58q-h9wf + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0934 + - fix: https://github.com/answerdev/answer/commit/edc06942d51fa8e56a134c5c7e5c8826d9260da0 + - web: https://huntr.dev/bounties/cd213098-5bab-487f-82c7-13698ad43b51 +source: + id: GHSA-6cvf-m58q-h9wf + created: 2024-08-20T11:32:10.914085-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1596.yaml b/data/reports/GO-2023-1596.yaml new file mode 100644 index 00000000..169e3f4a --- /dev/null +++ b/data/reports/GO-2023-1596.yaml @@ -0,0 +1,23 @@ +id: GO-2023-1596 +modules: + - module: gogs.io/gogs + versions: + - fixed: 0.12.11 + vulnerable_at: 0.12.11-rc.1 +summary: Gogs OS Command Injection vulnerability in gogs.io/gogs +cves: + - CVE-2022-2024 +ghsas: + - GHSA-pfvh-p8qp-9ww9 +references: + - advisory: https://github.com/gogs/gogs/security/advisories/GHSA-pfvh-p8qp-9ww9 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-2024 + - web: https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129 + - web: https://github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41 + - web: https://github.com/gogs/gogs/issues/7030 + - web: https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97 +source: + id: GHSA-pfvh-p8qp-9ww9 + created: 2024-08-20T11:32:20.33039-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1607.yaml b/data/reports/GO-2023-1607.yaml new file mode 100644 index 00000000..a4db7b56 --- /dev/null +++ b/data/reports/GO-2023-1607.yaml @@ -0,0 +1,23 @@ +id: GO-2023-1607 +modules: + - module: github.com/fkie-cad/yapscan + versions: + - introduced: 0.18.0 + - fixed: 0.19.2 + vulnerable_at: 0.19.1 +summary: Yapscan Denial of Service vulnerability in report server in github.com/fkie-cad/yapscan +ghsas: + - GHSA-wxwq-525w-hcqx +references: + - advisory: https://github.com/fkie-cad/yapscan/security/advisories/GHSA-wxwq-525w-hcqx + - fix: https://github.com/fkie-cad/yapscan/commit/242b4b25b107deacddd4ca276b45d23e16bb3b88 + - fix: https://github.com/fkie-cad/yapscan/commit/65f277662c6475eb3f592e0e4fdfee902ecd9326 + - fix: https://github.com/fkie-cad/yapscan/pull/46 + - web: https://github.com/advisories/GHSA-69cg-p879-7622 + - web: https://github.com/advisories/GHSA-ppp9-7jff-5vj2 + - web: https://github.com/fkie-cad/yapscan/releases/tag/v0.19.2 +source: + id: GHSA-wxwq-525w-hcqx + created: 2024-08-20T11:34:56.675613-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1612.yaml b/data/reports/GO-2023-1612.yaml new file mode 100644 index 00000000..0078f481 --- /dev/null +++ b/data/reports/GO-2023-1612.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1612 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1245 +ghsas: + - GHSA-6c32-3x46-m9rh +references: + - advisory: https://github.com/advisories/GHSA-6c32-3x46-m9rh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1245 + - fix: https://github.com/answerdev/answer/commit/71a4cdac81112975969129d308899edd155c0e80 + - web: https://huntr.dev/bounties/f8011bb3-8212-4937-aa58-79f4b73be004 +source: + id: GHSA-6c32-3x46-m9rh + created: 2024-08-20T11:35:07.285309-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1613.yaml b/data/reports/GO-2023-1613.yaml new file mode 100644 index 00000000..d7171c58 --- /dev/null +++ b/data/reports/GO-2023-1613.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1613 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1240 +ghsas: + - GHSA-55vm-3vq3-4jpc +references: + - advisory: https://github.com/advisories/GHSA-55vm-3vq3-4jpc + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1240 + - fix: https://github.com/answerdev/answer/commit/90bfa0dcc7b49482f1d1e31aee3ab073f3c13dd9 + - web: https://huntr.dev/bounties/a24f57a4-22e3-4a17-8227-6a410a11498a +source: + id: GHSA-55vm-3vq3-4jpc + created: 2024-08-20T11:35:11.553211-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1614.yaml b/data/reports/GO-2023-1614.yaml new file mode 100644 index 00000000..e77255cc --- /dev/null +++ b/data/reports/GO-2023-1614.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1614 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1238 +ghsas: + - GHSA-5w78-v688-cx9q +references: + - advisory: https://github.com/advisories/GHSA-5w78-v688-cx9q + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1238 + - fix: https://github.com/answerdev/answer/commit/0566894a2c0e13cf07d877f41467e2e21529fee8 + - web: https://huntr.dev/bounties/52f97267-1439-4bb6-862b-89b8fafce50d +source: + id: GHSA-5w78-v688-cx9q + created: 2024-08-20T11:35:15.23495-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1615.yaml b/data/reports/GO-2023-1615.yaml new file mode 100644 index 00000000..72d3cf0a --- /dev/null +++ b/data/reports/GO-2023-1615.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1615 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1243 +ghsas: + - GHSA-8jh8-33f5-cgfp +references: + - advisory: https://github.com/advisories/GHSA-8jh8-33f5-cgfp + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1243 + - fix: https://github.com/answerdev/answer/commit/9870ed87fb24ed468aaf1e169c2d028e0f375106 + - web: https://huntr.dev/bounties/1d62d35a-b096-4b76-a021-347c3f1c570c +source: + id: GHSA-8jh8-33f5-cgfp + created: 2024-08-20T11:35:19.198034-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1616.yaml b/data/reports/GO-2023-1616.yaml new file mode 100644 index 00000000..e0efa2ab --- /dev/null +++ b/data/reports/GO-2023-1616.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1616 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1237 +ghsas: + - GHSA-9v4v-9fj5-p982 +references: + - advisory: https://github.com/advisories/GHSA-9v4v-9fj5-p982 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1237 + - fix: https://github.com/answerdev/answer/commit/0566894a2c0e13cf07d877f41467e2e21529fee8 + - web: https://huntr.dev/bounties/cc2aa618-05da-495d-a5cd-51c40557d481 +source: + id: GHSA-9v4v-9fj5-p982 + created: 2024-08-20T11:35:23.342103-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1617.yaml b/data/reports/GO-2023-1617.yaml new file mode 100644 index 00000000..d764322c --- /dev/null +++ b/data/reports/GO-2023-1617.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1617 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1241 +ghsas: + - GHSA-ff27-hrmr-ggpj +references: + - advisory: https://github.com/advisories/GHSA-ff27-hrmr-ggpj + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1241 + - fix: https://github.com/answerdev/answer/commit/90bfa0dcc7b49482f1d1e31aee3ab073f3c13dd9 + - web: https://huntr.dev/bounties/e0e9b1bb-3025-4b9f-acb4-16a5da28aa3c +source: + id: GHSA-ff27-hrmr-ggpj + created: 2024-08-20T11:35:26.89742-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1618.yaml b/data/reports/GO-2023-1618.yaml new file mode 100644 index 00000000..06a54e22 --- /dev/null +++ b/data/reports/GO-2023-1618.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1618 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1244 +ghsas: + - GHSA-h85v-cx5m-78wj +references: + - advisory: https://github.com/advisories/GHSA-h85v-cx5m-78wj + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1244 + - fix: https://github.com/answerdev/answer/commit/9870ed87fb24ed468aaf1e169c2d028e0f375106 + - web: https://huntr.dev/bounties/bcab9555-8a35-42b2-a7de-0a79fd710b52 +source: + id: GHSA-h85v-cx5m-78wj + created: 2024-08-20T11:35:30.275544-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1619.yaml b/data/reports/GO-2023-1619.yaml new file mode 100644 index 00000000..d9945380 --- /dev/null +++ b/data/reports/GO-2023-1619.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1619 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1242 +ghsas: + - GHSA-qrwm-xqfr-4vhv +references: + - advisory: https://github.com/advisories/GHSA-qrwm-xqfr-4vhv + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1242 + - fix: https://github.com/answerdev/answer/commit/90bfa0dcc7b49482f1d1e31aee3ab073f3c13dd9 + - web: https://huntr.dev/bounties/71c24c5e-ceb2-45cf-bda7-fa195d37e289 +source: + id: GHSA-qrwm-xqfr-4vhv + created: 2024-08-20T11:35:33.815946-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1620.yaml b/data/reports/GO-2023-1620.yaml new file mode 100644 index 00000000..12ccc8ff --- /dev/null +++ b/data/reports/GO-2023-1620.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1620 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1239 +ghsas: + - GHSA-vxhr-p2vp-7gf8 +references: + - advisory: https://github.com/advisories/GHSA-vxhr-p2vp-7gf8 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1239 + - fix: https://github.com/answerdev/answer/commit/9870ed87fb24ed468aaf1e169c2d028e0f375106 + - web: https://huntr.dev/bounties/3a22c609-d2d8-4613-815d-58f5990b8bd8 +source: + id: GHSA-vxhr-p2vp-7gf8 + created: 2024-08-20T11:35:37.708515-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1622.yaml b/data/reports/GO-2023-1622.yaml new file mode 100644 index 00000000..ffcfc074 --- /dev/null +++ b/data/reports/GO-2023-1622.yaml @@ -0,0 +1,19 @@ +id: GO-2023-1622 +modules: + - module: github.com/edgelesssys/constellation + vulnerable_at: 0.0.0 + - module: github.com/edgelesssys/constellation/v2 + versions: + - fixed: 2.6.0 + vulnerable_at: 2.6.0-pre +summary: Constellation allows Emergency shell access during initramfs boot phase in github.com/edgelesssys/constellation +ghsas: + - GHSA-6w5f-5wgr-qjg5 +references: + - advisory: https://github.com/edgelesssys/constellation/security/advisories/GHSA-6w5f-5wgr-qjg5 + - web: https://github.com/edgelesssys/constellation/releases/tag/v2.6.0 +source: + id: GHSA-6w5f-5wgr-qjg5 + created: 2024-08-20T11:35:40.537733-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1627.yaml b/data/reports/GO-2023-1627.yaml new file mode 100644 index 00000000..817fc704 --- /dev/null +++ b/data/reports/GO-2023-1627.yaml @@ -0,0 +1,36 @@ +id: GO-2023-1627 +modules: + - module: github.com/opencontainers/runc + versions: + - introduced: 1.0.0-rc95 + - fixed: 1.1.5 + vulnerable_at: 1.1.4 +summary: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc +cves: + - CVE-2023-27561 +ghsas: + - GHSA-vpvm-3wq2-2wvm +references: + - advisory: https://github.com/advisories/GHSA-vpvm-3wq2-2wvm + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-27561 + - fix: https://github.com/opencontainers/runc/pull/3785 + - report: https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334 + - report: https://github.com/opencontainers/runc/issues/3751 + - web: https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9 + - web: https://github.com/opencontainers/runc/releases/tag/v1.1.5 + - web: https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html + - web: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN + - web: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF + - web: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD + - web: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5 + - web: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5 + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ +source: + id: GHSA-vpvm-3wq2-2wvm + created: 2024-08-20T11:35:42.672385-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1628.yaml b/data/reports/GO-2023-1628.yaml new file mode 100644 index 00000000..edc03113 --- /dev/null +++ b/data/reports/GO-2023-1628.yaml @@ -0,0 +1,29 @@ +id: GO-2023-1628 +modules: + - module: k8s.io/kubernetes + versions: + - introduced: 1.22.0 + - fixed: 1.22.16 + - introduced: 1.23.0 + - fixed: 1.23.14 + - introduced: 1.24.0 + - fixed: 1.24.8 + - introduced: 1.25.0 + - fixed: 1.25.4 + vulnerable_at: 1.25.4-rc.0 +summary: Kubernetes vulnerable to path traversal in k8s.io/kubernetes +cves: + - CVE-2022-3162 +ghsas: + - GHSA-2394-5535-8j88 +references: + - advisory: https://github.com/advisories/GHSA-2394-5535-8j88 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-3162 + - web: https://github.com/kubernetes/kubernetes/issues/113756 + - web: https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA + - web: https://security.netapp.com/advisory/ntap-20230511-0004 +source: + id: GHSA-2394-5535-8j88 + created: 2024-08-20T11:35:53.599633-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1629.yaml b/data/reports/GO-2023-1629.yaml new file mode 100644 index 00000000..8b6b52c9 --- /dev/null +++ b/data/reports/GO-2023-1629.yaml @@ -0,0 +1,29 @@ +id: GO-2023-1629 +modules: + - module: k8s.io/kubernetes + versions: + - introduced: 1.22.0 + - fixed: 1.22.16 + - introduced: 1.23.0 + - fixed: 1.23.14 + - introduced: 1.24.0 + - fixed: 1.24.8 + - introduced: 1.25.0 + - fixed: 1.25.4 + vulnerable_at: 1.25.4-rc.0 +summary: Kubernetes vulnerable to validation bypass in k8s.io/kubernetes +cves: + - CVE-2022-3294 +ghsas: + - GHSA-jh36-q97c-9928 +references: + - advisory: https://github.com/advisories/GHSA-jh36-q97c-9928 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-3294 + - web: https://github.com/kubernetes/kubernetes/issues/113757 + - web: https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA + - web: https://security.netapp.com/advisory/ntap-20230505-0007 +source: + id: GHSA-jh36-q97c-9928 + created: 2024-08-20T11:36:01.197956-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1630.yaml b/data/reports/GO-2023-1630.yaml new file mode 100644 index 00000000..800fec39 --- /dev/null +++ b/data/reports/GO-2023-1630.yaml @@ -0,0 +1,23 @@ +id: GO-2023-1630 +modules: + - module: github.com/foxcpp/maddy + versions: + - introduced: 0.2.0 + - fixed: 0.6.3 + vulnerable_at: 0.6.2 +summary: Full authentication bypass if SASL authorization username is specified in github.com/foxcpp/maddy +cves: + - CVE-2023-27582 +ghsas: + - GHSA-4g76-w3xw-2x6w +references: + - advisory: https://github.com/foxcpp/maddy/security/advisories/GHSA-4g76-w3xw-2x6w + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-27582 + - fix: https://github.com/foxcpp/maddy/commit/55a91a37b71210f34f98f4d327c30308fe24399a + - fix: https://github.com/foxcpp/maddy/commit/9f58cb64b39cdc01928ec463bdb198c4c2313a9c + - web: https://github.com/foxcpp/maddy/releases/tag/v0.6.3 +source: + id: GHSA-4g76-w3xw-2x6w + created: 2024-08-20T11:36:05.860642-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1633.yaml b/data/reports/GO-2023-1633.yaml new file mode 100644 index 00000000..d339754a --- /dev/null +++ b/data/reports/GO-2023-1633.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1633 +modules: + - module: github.com/hashicorp/nomad + versions: + - introduced: 1.5.0 + - fixed: 1.5.1 + vulnerable_at: 1.5.0 +summary: Nomad Job Submitter Privilege Escalation Using Workload Identity in github.com/hashicorp/nomad +cves: + - CVE-2023-1299 +ghsas: + - GHSA-rqm8-q8j9-662f +references: + - advisory: https://github.com/advisories/GHSA-rqm8-q8j9-662f + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1299 + - web: https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389 +source: + id: GHSA-rqm8-q8j9-662f + created: 2024-08-20T11:36:34.607837-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1639.yaml b/data/reports/GO-2023-1639.yaml new file mode 100644 index 00000000..55b5676c --- /dev/null +++ b/data/reports/GO-2023-1639.yaml @@ -0,0 +1,26 @@ +id: GO-2023-1639 +modules: + - module: github.com/hashicorp/consul + versions: + - introduced: 1.14.0 + - fixed: 1.14.5 + vulnerable_at: 1.14.4 +summary: |- + Consul Server Panic when Ingress and API Gateways Configured with Peering + Connections in github.com/hashicorp/consul +cves: + - CVE-2023-0845 +ghsas: + - GHSA-wj6x-hcc2-f32j +references: + - advisory: https://github.com/advisories/GHSA-wj6x-hcc2-f32j + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0845 + - web: https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197 + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI +source: + id: GHSA-wj6x-hcc2-f32j + created: 2024-08-20T11:37:04.853408-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE