data/reports: unexclude 20 reports (17)

- data/reports/GO-2022-0457.yaml - data/reports/GO-2022-0458.yaml - data/reports/GO-2022-0459.yaml - data/reports/GO-2022-0471.yaml - data/reports/GO-2022-0473.yaml - data/reports/GO-2022-0480.yaml - data/reports/GO-2022-0482.yaml - data/reports/GO-2022-0483.yaml - data/reports/GO-2022-0490.yaml - data/reports/GO-2022-0491.yaml - data/reports/GO-2022-0494.yaml - data/reports/GO-2022-0495.yaml - data/reports/GO-2022-0496.yaml - data/reports/GO-2022-0497.yaml - data/reports/GO-2022-0498.yaml - data/reports/GO-2022-0499.yaml - data/reports/GO-2022-0500.yaml - data/reports/GO-2022-0501.yaml - data/reports/GO-2022-0502.yaml - data/reports/GO-2022-0505.yaml Updates #457 Updates #458 Updates #459 Updates #471 Updates #473 Updates #480 Updates #482 Updates #483 Updates #490 Updates #491 Updates #494 Updates #495 Updates #496 Updates #497 Updates #498 Updates #499 Updates #500 Updates #501 Updates #502 Updates #505 Change-Id: I92c5f4afd83bb1c6bd9f448bc65ca730c64ce770 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607219 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
golang · Aug 21, 2024 · 41b516d · 41b516d
1 parent e9d3f29
commit 41b516d
Show file tree

Hide file tree

Showing 60 changed files with 1,885 additions and 160 deletions.
diff --git a/data/excluded/GO-2022-0457.yaml b/data/excluded/GO-2022-0457.yaml
diff --git a/data/excluded/GO-2022-0458.yaml b/data/excluded/GO-2022-0458.yaml
diff --git a/data/excluded/GO-2022-0459.yaml b/data/excluded/GO-2022-0459.yaml
diff --git a/data/excluded/GO-2022-0471.yaml b/data/excluded/GO-2022-0471.yaml
diff --git a/data/excluded/GO-2022-0473.yaml b/data/excluded/GO-2022-0473.yaml
diff --git a/data/excluded/GO-2022-0480.yaml b/data/excluded/GO-2022-0480.yaml
diff --git a/data/excluded/GO-2022-0482.yaml b/data/excluded/GO-2022-0482.yaml
diff --git a/data/excluded/GO-2022-0483.yaml b/data/excluded/GO-2022-0483.yaml
diff --git a/data/excluded/GO-2022-0490.yaml b/data/excluded/GO-2022-0490.yaml
diff --git a/data/excluded/GO-2022-0491.yaml b/data/excluded/GO-2022-0491.yaml
diff --git a/data/excluded/GO-2022-0494.yaml b/data/excluded/GO-2022-0494.yaml
diff --git a/data/excluded/GO-2022-0495.yaml b/data/excluded/GO-2022-0495.yaml
diff --git a/data/excluded/GO-2022-0496.yaml b/data/excluded/GO-2022-0496.yaml
diff --git a/data/excluded/GO-2022-0497.yaml b/data/excluded/GO-2022-0497.yaml
diff --git a/data/excluded/GO-2022-0498.yaml b/data/excluded/GO-2022-0498.yaml
diff --git a/data/excluded/GO-2022-0499.yaml b/data/excluded/GO-2022-0499.yaml
diff --git a/data/excluded/GO-2022-0500.yaml b/data/excluded/GO-2022-0500.yaml
diff --git a/data/excluded/GO-2022-0501.yaml b/data/excluded/GO-2022-0501.yaml
diff --git a/data/excluded/GO-2022-0502.yaml b/data/excluded/GO-2022-0502.yaml
diff --git a/data/excluded/GO-2022-0505.yaml b/data/excluded/GO-2022-0505.yaml
diff --git a/data/osv/GO-2022-0457.json b/data/osv/GO-2022-0457.json
@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0457",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-29178",
+    "GHSA-6p8v-8cq8-v2r3"
+  ],
+  "summary": "Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium",
+  "details": "Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/cilium/cilium",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.9.16"
+            },
+            {
+              "introduced": "1.10.0"
+            },
+            {
+              "fixed": "1.10.11"
+            },
+            {
+              "introduced": "1.11.0"
+            },
+            {
+              "fixed": "1.11.5"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-6p8v-8cq8-v2r3"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29178"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.10.11"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.11.5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.9.16"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0457",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2022-0458.json b/data/osv/GO-2022-0458.json
@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0458",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-29179",
+    "GHSA-fmrf-gvjp-5j5g"
+  ],
+  "summary": "Improper Privilege Management in Cilium in github.com/cilium/cilium",
+  "details": "Improper Privilege Management in Cilium in github.com/cilium/cilium",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/cilium/cilium",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.9.16"
+            },
+            {
+              "introduced": "1.10.0"
+            },
+            {
+              "fixed": "1.10.11"
+            },
+            {
+              "introduced": "1.11.0"
+            },
+            {
+              "fixed": "1.11.5"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-fmrf-gvjp-5j5g"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29179"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.10.11"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.11.5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.9.16"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0458",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2022-0459.json b/data/osv/GO-2022-0459.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0459",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-29188",
+    "GHSA-qwrf-gfpj-qvj6"
+  ],
+  "summary": "Smokescreen SSRF via deny list bypass (square brackets) in github.com/stripe/smokescreen",
+  "details": "Smokescreen SSRF via deny list bypass (square brackets) in github.com/stripe/smokescreen",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/stripe/smokescreen",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.0.4"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/stripe/smokescreen/security/advisories/GHSA-qwrf-gfpj-qvj6"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29188"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/stripe/smokescreen/commit/dea7b3c89df000f4072ff9866d61d78e30df6a36"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0459",
+    "review_status": "UNREVIEWED"
+  }
+}