x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-36458

[GoVulnBot]

CVE-2023-36458 references github.com/1Panel-dev/1Panel, which may be a Go module.

Description:
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-36458
• JSON: https://github.com/CVEProject/cvelist/tree/8f68496b383774d91698a6d78b09674534632fdc/2023/36xxx/CVE-2023-36458.json
• advisory: GHSA-7x2c-fgx6-xf9h
• web: https://github.com/1Panel-dev/1Panel/releases/tag/v1.3.6
• Imported by: https://pkg.go.dev/github.com/1Panel-dev/1Panel?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/1Panel-dev/1Panel
      vulnerable_at: 1.3.6
      packages:
        - package: 1Panel
description: |-
    1Panel is an open source Linux server operation and maintenance management
    panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious
    payloads to achieve command injection when entering the container terminal. The
    vulnerability has been fixed in v1.3.6.
cves:
    - CVE-2023-36458
references:
    - advisory: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7x2c-fgx6-xf9h
    - web: https://github.com/1Panel-dev/1Panel/releases/tag/v1.3.6

[gopherbot]

Change https://go.dev/cl/508456 mentions this issue: data/excluded: batch add 14 excluded reports

[gopherbot]

Change https://go.dev/cl/592761 mentions this issue: data/reports: unexclude 75 reports

[gopherbot]

Change https://go.dev/cl/606787 mentions this issue: data/reports: unexclude 20 reports (7)