-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data/reports: add 9 unreviewed reports
- data/reports/GO-2024-3267.yaml - data/reports/GO-2024-3269.yaml - data/reports/GO-2024-3271.yaml - data/reports/GO-2024-3272.yaml - data/reports/GO-2024-3273.yaml - data/reports/GO-2024-3274.yaml - data/reports/GO-2024-3275.yaml - data/reports/GO-2024-3277.yaml - data/reports/GO-2024-3278.yaml Fixes #3267 Fixes #3269 Fixes #3271 Fixes #3272 Fixes #3273 Fixes #3274 Fixes #3275 Fixes #3277 Fixes #3278 Change-Id: Iff40e4830d8ead8505d427db90e38c3e08bc9e38 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/629356 Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
- Loading branch information
Showing
18 changed files
with
683 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3267", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-52010", | ||
| "GHSA-7hpf-g48v-hw3j" | ||
| ], | ||
| "summary": "Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy", | ||
| "details": "Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: .", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/tobychui/zoraxy", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "3.1.3+incompatible" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": { | ||
| "custom_ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "2.6.1" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/tobychui/zoraxy/security/advisories/GHSA-7hpf-g48v-hw3j" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52010" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/tobychui/zoraxy/commit/2e9bc77a5d832bff1093058d42ce7a61382e4bc6" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/tobychui/zoraxy/commit/c07d5f85dfc37bd32819358ed7d4bc32c604e8f0" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3267", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3269", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-52308", | ||
| "GHSA-p2h2-3vg9-4p87" | ||
| ], | ||
| "summary": "Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli", | ||
| "details": "Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/cli/cli", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "github.com/cli/cli/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "2.62.0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52308" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3269", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3271", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-52522" | ||
| ], | ||
| "summary": "Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata in github.com/rclone/rclone", | ||
| "details": "Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata in github.com/rclone/rclone", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/rclone/rclone", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "1.59.0" | ||
| }, | ||
| { | ||
| "fixed": "1.68.2" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52522" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3271", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3272", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-24425" | ||
| ], | ||
| "summary": "CVE-2024-24425 in github.com/magma/magma", | ||
| "details": "CVE-2024-24425 in github.com/magma/magma", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/magma/magma", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24425" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://cellularsecurity.org/ransacked" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/OPENAIRINTERFACE/openair-epc-fed" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/magma/magma" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3272", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3273", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-24426" | ||
| ], | ||
| "summary": "CVE-2024-24426 in github.com/magma/magma", | ||
| "details": "CVE-2024-24426 in github.com/magma/magma", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/magma/magma", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24426" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://cellularsecurity.org/ransacked" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/OPENAIRINTERFACE/openair-epc-fed" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/magma/magma" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3273", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3274", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2023-0109", | ||
| "GHSA-5r2g-59px-3q9w" | ||
| ], | ||
| "summary": "Stored XSS using two files in usememos/memos in github.com/usememos/memos", | ||
| "details": "Stored XSS using two files in usememos/memos in github.com/usememos/memos", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/usememos/memos", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "0.10.0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/advisories/GHSA-5r2g-59px-3q9w" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0109" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3274", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
Oops, something went wrong.