-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
- data/reports/GO-2023-1785.yaml - data/reports/GO-2023-1793.yaml - data/reports/GO-2023-1795.yaml - data/reports/GO-2023-1800.yaml - data/reports/GO-2023-1801.yaml - data/reports/GO-2023-1803.yaml - data/reports/GO-2023-1804.yaml - data/reports/GO-2023-1806.yaml - data/reports/GO-2023-1808.yaml - data/reports/GO-2023-1809.yaml - data/reports/GO-2023-1819.yaml - data/reports/GO-2023-1827.yaml - data/reports/GO-2023-1828.yaml - data/reports/GO-2023-1829.yaml - data/reports/GO-2023-1831.yaml - data/reports/GO-2023-1849.yaml - data/reports/GO-2023-1850.yaml - data/reports/GO-2023-1851.yaml - data/reports/GO-2023-1852.yaml - data/reports/GO-2023-1853.yaml Updates #1785 Updates #1793 Updates #1795 Updates #1800 Updates #1801 Updates #1803 Updates #1804 Updates #1806 Updates #1808 Updates #1809 Updates #1819 Updates #1827 Updates #1828 Updates #1829 Updates #1831 Updates #1849 Updates #1850 Updates #1851 Updates #1852 Updates #1853 Change-Id: Ib6fb15714358b0a9d7644d6ed43de25bdbd8434b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606786 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com>
- Loading branch information
There are no files selected for viewing
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2023-1785", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2023-30851", | ||
"GHSA-2h44-x2wx-49f4" | ||
], | ||
"summary": "Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium", | ||
"details": "Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/cilium/cilium", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "1.11.16" | ||
}, | ||
{ | ||
"introduced": "1.12.0" | ||
}, | ||
{ | ||
"fixed": "1.12.9" | ||
}, | ||
{ | ||
"introduced": "1.13.0" | ||
}, | ||
{ | ||
"fixed": "1.13.2" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-2h44-x2wx-49f4" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30851" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/cilium/cilium/releases/tag/v1.11.16" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/cilium/cilium/releases/tag/v1.12.9" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/cilium/cilium/releases/tag/v1.13.2" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2023-1785", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2023-1793", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2023-2878", | ||
"GHSA-g82w-58jf-gcxx" | ||
], | ||
"summary": "secrets-store-csi-driver discloses service account tokens in logs in sigs.k8s.io/secrets-store-csi-driver", | ||
"details": "secrets-store-csi-driver discloses service account tokens in logs in sigs.k8s.io/secrets-store-csi-driver", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "sigs.k8s.io/secrets-store-csi-driver", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "1.3.3" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/security/advisories/GHSA-g82w-58jf-gcxx" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2878" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v1.3.3" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/kubernetes/kubernetes/issues/118419" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.netapp.com/advisory/ntap-20230814-0003" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2023-1793", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2023-1795", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2023-33199", | ||
"GHSA-frqx-jfcm-6jjr" | ||
], | ||
"summary": "malformed proposed intoto entries can cause a panic in github.com/sigstore/rekor", | ||
"details": "malformed proposed intoto entries can cause a panic in github.com/sigstore/rekor", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/sigstore/rekor", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "1.2.0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/sigstore/rekor/security/advisories/GHSA-frqx-jfcm-6jjr" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33199" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2023-1795", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |