data/reports: unexclude 20 reports (29)

  - data/reports/GO-2022-1079.yaml
  - data/reports/GO-2022-1080.yaml
  - data/reports/GO-2022-1081.yaml
  - data/reports/GO-2022-1089.yaml
  - data/reports/GO-2022-1099.yaml
  - data/reports/GO-2022-1100.yaml
  - data/reports/GO-2022-1105.yaml
  - data/reports/GO-2022-1106.yaml
  - data/reports/GO-2022-1107.yaml
  - data/reports/GO-2022-1119.yaml
  - data/reports/GO-2022-1120.yaml
  - data/reports/GO-2022-1121.yaml
  - data/reports/GO-2022-1132.yaml
  - data/reports/GO-2022-1135.yaml
  - data/reports/GO-2022-1138.yaml
  - data/reports/GO-2022-1147.yaml
  - data/reports/GO-2022-1151.yaml
  - data/reports/GO-2022-1152.yaml
  - data/reports/GO-2022-1153.yaml
  - data/reports/GO-2022-1154.yaml

Updates #1079
Updates #1080
Updates #1081
Updates #1089
Updates #1099
Updates #1100
Updates #1105
Updates #1106
Updates #1107
Updates #1119
Updates #1120
Updates #1121
Updates #1132
Updates #1135
Updates #1138
Updates #1147
Updates #1151
Updates #1152
Updates #1153
Updates #1154

Change-Id: Ice57e62cbaec73a848639ed6de50434eac91a368
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607231
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Commit-Queue: Tatiana Bradley <tatianabradley@google.com>

data/osv/GO-2022-1079.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-1079",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-39340",
+    "GHSA-95x7-mh78-7w2r"
+  ],
+  "summary": "OpenFGA subject to Information Disclosure via streamed-list-objects endpoint in github.com/openfga/openfga",
+  "details": "OpenFGA subject to Information Disclosure via streamed-list-objects endpoint in github.com/openfga/openfga",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/openfga/openfga",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.2.4"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/openfga/openfga/security/advisories/GHSA-95x7-mh78-7w2r"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39340"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/openfga/openfga/commit/779d73d4b6d067ee042ec9b59fec707eed71e42f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openfga/openfga/releases/tag/v0.2.4"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-1079",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2022-1080.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-1080",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-39341",
+    "GHSA-vj4m-83m8-xpw5"
+  ],
+  "summary": "OpenFGA Authorization Bypass via tupleset wildcard in github.com/openfga/openfga",
+  "details": "OpenFGA Authorization Bypass via tupleset wildcard in github.com/openfga/openfga",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/openfga/openfga",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.2.4"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/openfga/openfga/security/advisories/GHSA-vj4m-83m8-xpw5"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39341"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/openfga/openfga/commit/b466769cc100b2065047786578718d313f52695b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openfga/openfga/releases/tag/v0.2.4"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-1080",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2022-1081.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-1081",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-39342",
+    "GHSA-f4mm-2r69-mg5f"
+  ],
+  "summary": "OpenFGA Authorization Bypass in github.com/openfga/openfga",
+  "details": "OpenFGA Authorization Bypass in github.com/openfga/openfga",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/openfga/openfga",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.2.4"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/openfga/openfga/security/advisories/GHSA-f4mm-2r69-mg5f"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39342"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/openfga/openfga/commit/c8db1ee3d2a366f18e585dd33236340e76e784c4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openfga/openfga/releases/tag/v0.2.4"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-1081",
+    "review_status": "UNREVIEWED"
+  }
+}