From adfc8654834ced5758aa0c854fd809ccf8089e60 Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Tue, 20 Aug 2024 12:49:45 -0400 Subject: [PATCH] data/reports: unexclude 20 reports (8) - data/reports/GO-2023-1912.yaml - data/reports/GO-2023-1915.yaml - data/reports/GO-2023-1919.yaml - data/reports/GO-2023-1922.yaml - data/reports/GO-2023-1924.yaml - data/reports/GO-2023-1925.yaml - data/reports/GO-2023-1927.yaml - data/reports/GO-2023-1928.yaml - data/reports/GO-2023-1931.yaml - data/reports/GO-2023-1932.yaml - data/reports/GO-2023-1936.yaml - data/reports/GO-2023-1938.yaml - data/reports/GO-2023-1939.yaml - data/reports/GO-2023-1940.yaml - data/reports/GO-2023-1942.yaml - data/reports/GO-2023-1945.yaml - data/reports/GO-2023-1946.yaml - data/reports/GO-2023-1948.yaml - data/reports/GO-2023-1950.yaml - data/reports/GO-2023-1952.yaml Updates golang/vulndb#1912 Updates golang/vulndb#1915 Updates golang/vulndb#1919 Updates golang/vulndb#1922 Updates golang/vulndb#1924 Updates golang/vulndb#1925 Updates golang/vulndb#1927 Updates golang/vulndb#1928 Updates golang/vulndb#1931 Updates golang/vulndb#1932 Updates golang/vulndb#1936 Updates golang/vulndb#1938 Updates golang/vulndb#1939 Updates golang/vulndb#1940 Updates golang/vulndb#1942 Updates golang/vulndb#1945 Updates golang/vulndb#1946 Updates golang/vulndb#1948 Updates golang/vulndb#1950 Updates golang/vulndb#1952 Change-Id: Id25f09c8f7270af68238752db96d6a399b91ef36 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606788 Auto-Submit: Tatiana Bradley LUCI-TryBot-Result: Go LUCI Reviewed-by: Damien Neil --- data/excluded/GO-2023-1912.yaml | 8 -- data/excluded/GO-2023-1915.yaml | 8 -- data/excluded/GO-2023-1919.yaml | 8 -- data/excluded/GO-2023-1922.yaml | 8 -- data/excluded/GO-2023-1924.yaml | 8 -- data/excluded/GO-2023-1925.yaml | 8 -- data/excluded/GO-2023-1927.yaml | 8 -- data/excluded/GO-2023-1928.yaml | 8 -- data/excluded/GO-2023-1931.yaml | 8 -- data/excluded/GO-2023-1932.yaml | 8 -- data/excluded/GO-2023-1936.yaml | 8 -- data/excluded/GO-2023-1938.yaml | 8 -- data/excluded/GO-2023-1939.yaml | 8 -- data/excluded/GO-2023-1940.yaml | 8 -- data/excluded/GO-2023-1942.yaml | 8 -- data/excluded/GO-2023-1945.yaml | 8 -- data/excluded/GO-2023-1946.yaml | 8 -- data/excluded/GO-2023-1948.yaml | 8 -- data/excluded/GO-2023-1950.yaml | 8 -- data/excluded/GO-2023-1952.yaml | 8 -- data/osv/GO-2023-1912.json | 60 ++++++++++++++ data/osv/GO-2023-1915.json | 72 +++++++++++++++++ data/osv/GO-2023-1919.json | 60 ++++++++++++++ data/osv/GO-2023-1922.json | 52 ++++++++++++ data/osv/GO-2023-1924.json | 56 +++++++++++++ data/osv/GO-2023-1925.json | 78 ++++++++++++++++++ data/osv/GO-2023-1927.json | 68 ++++++++++++++++ data/osv/GO-2023-1928.json | 60 ++++++++++++++ data/osv/GO-2023-1931.json | 56 +++++++++++++ data/osv/GO-2023-1932.json | 56 +++++++++++++ data/osv/GO-2023-1936.json | 56 +++++++++++++ data/osv/GO-2023-1938.json | 52 ++++++++++++ data/osv/GO-2023-1939.json | 90 +++++++++++++++++++++ data/osv/GO-2023-1940.json | 56 +++++++++++++ data/osv/GO-2023-1942.json | 136 ++++++++++++++++++++++++++++++++ data/osv/GO-2023-1945.json | 60 ++++++++++++++ data/osv/GO-2023-1946.json | 129 ++++++++++++++++++++++++++++++ data/osv/GO-2023-1948.json | 52 ++++++++++++ data/osv/GO-2023-1950.json | 64 +++++++++++++++ data/osv/GO-2023-1952.json | 64 +++++++++++++++ data/reports/GO-2023-1912.yaml | 22 ++++++ data/reports/GO-2023-1915.yaml | 25 ++++++ data/reports/GO-2023-1919.yaml | 23 ++++++ data/reports/GO-2023-1922.yaml | 20 +++++ data/reports/GO-2023-1924.yaml | 22 ++++++ data/reports/GO-2023-1925.yaml | 27 +++++++ data/reports/GO-2023-1927.yaml | 24 ++++++ data/reports/GO-2023-1928.yaml | 23 ++++++ data/reports/GO-2023-1931.yaml | 21 +++++ data/reports/GO-2023-1932.yaml | 21 +++++ data/reports/GO-2023-1936.yaml | 21 +++++ data/reports/GO-2023-1938.yaml | 21 +++++ data/reports/GO-2023-1939.yaml | 25 ++++++ data/reports/GO-2023-1940.yaml | 21 +++++ data/reports/GO-2023-1942.yaml | 32 ++++++++ data/reports/GO-2023-1945.yaml | 23 ++++++ data/reports/GO-2023-1946.yaml | 44 +++++++++++ data/reports/GO-2023-1948.yaml | 21 +++++ data/reports/GO-2023-1950.yaml | 24 ++++++ data/reports/GO-2023-1952.yaml | 23 ++++++ 60 files changed, 1860 insertions(+), 160 deletions(-) delete mode 100644 data/excluded/GO-2023-1912.yaml delete mode 100644 data/excluded/GO-2023-1915.yaml delete mode 100644 data/excluded/GO-2023-1919.yaml delete mode 100644 data/excluded/GO-2023-1922.yaml delete mode 100644 data/excluded/GO-2023-1924.yaml delete mode 100644 data/excluded/GO-2023-1925.yaml delete mode 100644 data/excluded/GO-2023-1927.yaml delete mode 100644 data/excluded/GO-2023-1928.yaml delete mode 100644 data/excluded/GO-2023-1931.yaml delete mode 100644 data/excluded/GO-2023-1932.yaml delete mode 100644 data/excluded/GO-2023-1936.yaml delete mode 100644 data/excluded/GO-2023-1938.yaml delete mode 100644 data/excluded/GO-2023-1939.yaml delete mode 100644 data/excluded/GO-2023-1940.yaml delete mode 100644 data/excluded/GO-2023-1942.yaml delete mode 100644 data/excluded/GO-2023-1945.yaml delete mode 100644 data/excluded/GO-2023-1946.yaml delete mode 100644 data/excluded/GO-2023-1948.yaml delete mode 100644 data/excluded/GO-2023-1950.yaml delete mode 100644 data/excluded/GO-2023-1952.yaml create mode 100644 data/osv/GO-2023-1912.json create mode 100644 data/osv/GO-2023-1915.json create mode 100644 data/osv/GO-2023-1919.json create mode 100644 data/osv/GO-2023-1922.json create mode 100644 data/osv/GO-2023-1924.json create mode 100644 data/osv/GO-2023-1925.json create mode 100644 data/osv/GO-2023-1927.json create mode 100644 data/osv/GO-2023-1928.json create mode 100644 data/osv/GO-2023-1931.json create mode 100644 data/osv/GO-2023-1932.json create mode 100644 data/osv/GO-2023-1936.json create mode 100644 data/osv/GO-2023-1938.json create mode 100644 data/osv/GO-2023-1939.json create mode 100644 data/osv/GO-2023-1940.json create mode 100644 data/osv/GO-2023-1942.json create mode 100644 data/osv/GO-2023-1945.json create mode 100644 data/osv/GO-2023-1946.json create mode 100644 data/osv/GO-2023-1948.json create mode 100644 data/osv/GO-2023-1950.json create mode 100644 data/osv/GO-2023-1952.json create mode 100644 data/reports/GO-2023-1912.yaml create mode 100644 data/reports/GO-2023-1915.yaml create mode 100644 data/reports/GO-2023-1919.yaml create mode 100644 data/reports/GO-2023-1922.yaml create mode 100644 data/reports/GO-2023-1924.yaml create mode 100644 data/reports/GO-2023-1925.yaml create mode 100644 data/reports/GO-2023-1927.yaml create mode 100644 data/reports/GO-2023-1928.yaml create mode 100644 data/reports/GO-2023-1931.yaml create mode 100644 data/reports/GO-2023-1932.yaml create mode 100644 data/reports/GO-2023-1936.yaml create mode 100644 data/reports/GO-2023-1938.yaml create mode 100644 data/reports/GO-2023-1939.yaml create mode 100644 data/reports/GO-2023-1940.yaml create mode 100644 data/reports/GO-2023-1942.yaml create mode 100644 data/reports/GO-2023-1945.yaml create mode 100644 data/reports/GO-2023-1946.yaml create mode 100644 data/reports/GO-2023-1948.yaml create mode 100644 data/reports/GO-2023-1950.yaml create mode 100644 data/reports/GO-2023-1952.yaml diff --git a/data/excluded/GO-2023-1912.yaml b/data/excluded/GO-2023-1912.yaml deleted file mode 100644 index 2fe9af72..00000000 --- a/data/excluded/GO-2023-1912.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1912 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/multiversx/mx-chain-go -cves: - - CVE-2023-34458 -ghsas: - - GHSA-j494-7x2v-vvvp diff --git a/data/excluded/GO-2023-1915.yaml b/data/excluded/GO-2023-1915.yaml deleted file mode 100644 index 4ce6f649..00000000 --- a/data/excluded/GO-2023-1915.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1915 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/containernetworking/plugins -cves: - - CVE-2020-10749 -ghsas: - - GHSA-fx6x-h9g4-56f8 diff --git a/data/excluded/GO-2023-1919.yaml b/data/excluded/GO-2023-1919.yaml deleted file mode 100644 index abfcc3b4..00000000 --- a/data/excluded/GO-2023-1919.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1919 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/traefik/traefik/v3 -cves: - - CVE-2019-12452 -ghsas: - - GHSA-r3fq-cmmw-cpmm diff --git a/data/excluded/GO-2023-1922.yaml b/data/excluded/GO-2023-1922.yaml deleted file mode 100644 index e0bd70c6..00000000 --- a/data/excluded/GO-2023-1922.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1922 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: code.gitea.io/gitea -cves: - - CVE-2019-1010261 -ghsas: - - GHSA-5rh7-6gfj-mc87 diff --git a/data/excluded/GO-2023-1924.yaml b/data/excluded/GO-2023-1924.yaml deleted file mode 100644 index e8b67392..00000000 --- a/data/excluded/GO-2023-1924.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1924 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/b3log/wide -cves: - - CVE-2019-13915 -ghsas: - - GHSA-6452-jr93-r5qm diff --git a/data/excluded/GO-2023-1925.yaml b/data/excluded/GO-2023-1925.yaml deleted file mode 100644 index ff3c597b..00000000 --- a/data/excluded/GO-2023-1925.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1925 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/weaveworks/tf-controller -cves: - - CVE-2023-34236 -ghsas: - - GHSA-6hvv-j432-23cv diff --git a/data/excluded/GO-2023-1927.yaml b/data/excluded/GO-2023-1927.yaml deleted file mode 100644 index b39dfb38..00000000 --- a/data/excluded/GO-2023-1927.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1927 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/containers/podman/v4 -cves: - - CVE-2019-10152 -ghsas: - - GHSA-rh5f-2w6r-q7vj diff --git a/data/excluded/GO-2023-1928.yaml b/data/excluded/GO-2023-1928.yaml deleted file mode 100644 index 5f934a75..00000000 --- a/data/excluded/GO-2023-1928.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1928 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/nomad -cves: - - CVE-2019-12618 -ghsas: - - GHSA-2w2v-xcr9-mj4m diff --git a/data/excluded/GO-2023-1931.yaml b/data/excluded/GO-2023-1931.yaml deleted file mode 100644 index c76b418b..00000000 --- a/data/excluded/GO-2023-1931.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1931 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/IceWhaleTech/CasaOS -cves: - - CVE-2023-37266 -ghsas: - - GHSA-m5q5-8mfw-p2hr diff --git a/data/excluded/GO-2023-1932.yaml b/data/excluded/GO-2023-1932.yaml deleted file mode 100644 index 569c98de..00000000 --- a/data/excluded/GO-2023-1932.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1932 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/IceWhaleTech/CasaOS-Gateway -cves: - - CVE-2023-37265 -ghsas: - - GHSA-vjh7-5r6x-xh6g diff --git a/data/excluded/GO-2023-1936.yaml b/data/excluded/GO-2023-1936.yaml deleted file mode 100644 index 28d28ae9..00000000 --- a/data/excluded/GO-2023-1936.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1936 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/gophish/gophish -cves: - - CVE-2019-16146 -ghsas: - - GHSA-9h9f-9q8g-6764 diff --git a/data/excluded/GO-2023-1938.yaml b/data/excluded/GO-2023-1938.yaml deleted file mode 100644 index b3b01690..00000000 --- a/data/excluded/GO-2023-1938.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1938 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: helm.sh/helm/v3 -cves: - - CVE-2019-18658 -ghsas: - - GHSA-p5pc-m4q7-7qm9 diff --git a/data/excluded/GO-2023-1939.yaml b/data/excluded/GO-2023-1939.yaml deleted file mode 100644 index 8a94661b..00000000 --- a/data/excluded/GO-2023-1939.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1939 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/mattermost/mattermost -cves: - - CVE-2020-14457 -ghsas: - - GHSA-j2h2-cvwh-cr64 diff --git a/data/excluded/GO-2023-1940.yaml b/data/excluded/GO-2023-1940.yaml deleted file mode 100644 index 98e9acca..00000000 --- a/data/excluded/GO-2023-1940.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1940 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/1Panel-dev/1Panel -cves: - - CVE-2023-37477 -ghsas: - - GHSA-p9xf-74xh-mhw5 diff --git a/data/excluded/GO-2023-1942.yaml b/data/excluded/GO-2023-1942.yaml deleted file mode 100644 index b1a30314..00000000 --- a/data/excluded/GO-2023-1942.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1942 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/containers/podman/v4 -cves: - - CVE-2019-18466 -ghsas: - - GHSA-r34v-gqmw-qvgj diff --git a/data/excluded/GO-2023-1945.yaml b/data/excluded/GO-2023-1945.yaml deleted file mode 100644 index fbac9df7..00000000 --- a/data/excluded/GO-2023-1945.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1945 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/consul -cves: - - CVE-2019-8336 -ghsas: - - GHSA-fhm8-cxcv-pwvc diff --git a/data/excluded/GO-2023-1946.yaml b/data/excluded/GO-2023-1946.yaml deleted file mode 100644 index a00463ec..00000000 --- a/data/excluded/GO-2023-1946.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1946 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: k8s.io/kubernetes -cves: - - CVE-2019-1002100 -ghsas: - - GHSA-q4rr-64r9-fwgf diff --git a/data/excluded/GO-2023-1948.yaml b/data/excluded/GO-2023-1948.yaml deleted file mode 100644 index 80e97f4e..00000000 --- a/data/excluded/GO-2023-1948.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1948 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: helm.sh/helm/v3 -cves: - - CVE-2019-1000008 -ghsas: - - GHSA-xrxm-mvqm-r553 diff --git a/data/excluded/GO-2023-1950.yaml b/data/excluded/GO-2023-1950.yaml deleted file mode 100644 index fb5989f8..00000000 --- a/data/excluded/GO-2023-1950.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1950 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/traefik/traefik/v3 -cves: - - CVE-2018-15598 -ghsas: - - GHSA-2cjc-rgmp-x649 diff --git a/data/excluded/GO-2023-1952.yaml b/data/excluded/GO-2023-1952.yaml deleted file mode 100644 index b4cab187..00000000 --- a/data/excluded/GO-2023-1952.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1952 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/argoproj/argo-cd/v2 -cves: - - CVE-2018-21034 -ghsas: - - GHSA-xj7v-c82w-92q2 diff --git a/data/osv/GO-2023-1912.json b/data/osv/GO-2023-1912.json new file mode 100644 index 00000000..657a5755 --- /dev/null +++ b/data/osv/GO-2023-1912.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1912", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-34458", + "GHSA-j494-7x2v-vvvp" + ], + "summary": "mx-chain-go's relayed transactions always increment nonce in github.com/multiversx/mx-chain-go", + "details": "mx-chain-go's relayed transactions always increment nonce in github.com/multiversx/mx-chain-go", + "affected": [ + { + "package": { + "name": "github.com/multiversx/mx-chain-go", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.17" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/multiversx/mx-chain-go/security/advisories/GHSA-j494-7x2v-vvvp" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34458" + }, + { + "type": "FIX", + "url": "https://github.com/multiversx/mx-chain-go/commit/babdb144f1316ab6176bf3dbd7d4621120414d43" + }, + { + "type": "WEB", + "url": "https://github.com/multiversx/mx-chain-go/blob/babdb144f1316ab6176bf3dbd7d4621120414d43/integrationTests/vm/txsFee/relayedMoveBalance_test.go#LL165C14-L165C14" + }, + { + "type": "WEB", + "url": "https://github.com/multiversx/mx-chain-go/releases/tag/v1.4.17" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1912", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1915.json b/data/osv/GO-2023-1915.json new file mode 100644 index 00000000..df29c2dc --- /dev/null +++ b/data/osv/GO-2023-1915.json @@ -0,0 +1,72 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1915", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-10749", + "GHSA-fx6x-h9g4-56f8" + ], + "summary": "containernetworking/plugins vulnerable to MitM attacks in github.com/containernetworking/plugins", + "details": "containernetworking/plugins vulnerable to MitM attacks in github.com/containernetworking/plugins", + "affected": [ + { + "package": { + "name": "github.com/containernetworking/plugins", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.8.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-fx6x-h9g4-56f8" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10749" + }, + { + "type": "WEB", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html" + }, + { + "type": "WEB", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749" + }, + { + "type": "WEB", + "url": "https://github.com/containernetworking/plugins/releases/tag/v0.8.6" + }, + { + "type": "WEB", + "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1915", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1919.json b/data/osv/GO-2023-1919.json new file mode 100644 index 00000000..8e94ff5b --- /dev/null +++ b/data/osv/GO-2023-1919.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1919", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-12452", + "GHSA-r3fq-cmmw-cpmm" + ], + "summary": "Containous Traefik Exposes Password Hashes in github.com/traefik/traefik", + "details": "Containous Traefik Exposes Password Hashes in github.com/traefik/traefik", + "affected": [ + { + "package": { + "name": "github.com/traefik/traefik", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.7.0" + }, + { + "fixed": "1.7.12" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-r3fq-cmmw-cpmm" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12452" + }, + { + "type": "FIX", + "url": "https://github.com/traefik/traefik/commit/a169fec2e08e391d24b509c00fcf011656c1395c" + }, + { + "type": "WEB", + "url": "https://github.com/containous/traefik/issues/4917" + }, + { + "type": "WEB", + "url": "https://github.com/containous/traefik/pull/4918" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1919", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1922.json b/data/osv/GO-2023-1922.json new file mode 100644 index 00000000..c4e33be5 --- /dev/null +++ b/data/osv/GO-2023-1922.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1922", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-1010261", + "GHSA-5rh7-6gfj-mc87" + ], + "summary": "Gitea XSS Vulnerability in code.gitea.io/gitea", + "details": "Gitea XSS Vulnerability in code.gitea.io/gitea", + "affected": [ + { + "package": { + "name": "code.gitea.io/gitea", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.7.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-5rh7-6gfj-mc87" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010261" + }, + { + "type": "WEB", + "url": "https://github.com/go-gitea/gitea/pull/5905" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1922", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1924.json b/data/osv/GO-2023-1924.json new file mode 100644 index 00000000..34896c5f --- /dev/null +++ b/data/osv/GO-2023-1924.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1924", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-13915", + "GHSA-6452-jr93-r5qm" + ], + "summary": "b3log Wide unauthenticated file access in github.com/b3log/wide", + "details": "b3log Wide unauthenticated file access in github.com/b3log/wide", + "affected": [ + { + "package": { + "name": "github.com/b3log/wide", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.6.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-6452-jr93-r5qm" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13915" + }, + { + "type": "WEB", + "url": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/arbitrary-file-reads-and-writes/go/sid-20862" + }, + { + "type": "WEB", + "url": "https://web.archive.org/web/20190522035724/https://github.com/b3log/wide" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1924", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1925.json b/data/osv/GO-2023-1925.json new file mode 100644 index 00000000..9dc0f328 --- /dev/null +++ b/data/osv/GO-2023-1925.json @@ -0,0 +1,78 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1925", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-34236", + "GHSA-6hvv-j432-23cv" + ], + "summary": "Weave GitOps Terraform Controller Information Disclosure Vulnerability in github.com/weaveworks/tf-controller", + "details": "Weave GitOps Terraform Controller Information Disclosure Vulnerability in github.com/weaveworks/tf-controller", + "affected": [ + { + "package": { + "name": "github.com/weaveworks/tf-controller", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.14.4" + }, + { + "introduced": "0.15.0-rc.1" + }, + { + "fixed": "0.15.0-rc.5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/weaveworks/tf-controller/security/advisories/GHSA-6hvv-j432-23cv" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34236" + }, + { + "type": "FIX", + "url": "https://github.com/weaveworks/tf-controller/commit/28282bc644054e157c3b9a3d38f1f9551ce09074" + }, + { + "type": "FIX", + "url": "https://github.com/weaveworks/tf-controller/commit/6323b355bd7f5d2ce85d0244fe0883af3881df4e" + }, + { + "type": "FIX", + "url": "https://github.com/weaveworks/tf-controller/commit/9708fda28ccd0466cb0a8fd409854ab4d92f7dca" + }, + { + "type": "FIX", + "url": "https://github.com/weaveworks/tf-controller/commit/98a0688036e9dbcf43fa84960d9a1ef3e09a69cf" + }, + { + "type": "REPORT", + "url": "https://github.com/weaveworks/tf-controller/issues/637" + }, + { + "type": "REPORT", + "url": "https://github.com/weaveworks/tf-controller/issues/649" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1925", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1927.json b/data/osv/GO-2023-1927.json new file mode 100644 index 00000000..e0e803ab --- /dev/null +++ b/data/osv/GO-2023-1927.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1927", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-10152", + "GHSA-rh5f-2w6r-q7vj" + ], + "summary": "Podman Path Traversal Vulnerability leads to arbitrary file read/write in github.com/containers/podman", + "details": "Podman Path Traversal Vulnerability leads to arbitrary file read/write in github.com/containers/podman", + "affected": [ + { + "package": { + "name": "github.com/containers/podman", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rh5f-2w6r-q7vj" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10152" + }, + { + "type": "WEB", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152" + }, + { + "type": "WEB", + "url": "https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140" + }, + { + "type": "WEB", + "url": "https://github.com/containers/libpod/issues/3211" + }, + { + "type": "WEB", + "url": "https://github.com/containers/libpod/pull/3214" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1927", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1928.json b/data/osv/GO-2023-1928.json new file mode 100644 index 00000000..ca00660d --- /dev/null +++ b/data/osv/GO-2023-1928.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1928", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-12618", + "GHSA-2w2v-xcr9-mj4m" + ], + "summary": "Hashicorp Nomad Access Control Issues in github.com/hashicorp/nomad", + "details": "Hashicorp Nomad Access Control Issues in github.com/hashicorp/nomad", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/nomad", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.9.0" + }, + { + "fixed": "0.9.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-2w2v-xcr9-mj4m" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12618" + }, + { + "type": "REPORT", + "url": "https://github.com/hashicorp/nomad/issues/5783" + }, + { + "type": "WEB", + "url": "https://www.hashicorp.com/blog/category/nomad" + }, + { + "type": "WEB", + "url": "https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1928", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1931.json b/data/osv/GO-2023-1931.json new file mode 100644 index 00000000..9357a4d4 --- /dev/null +++ b/data/osv/GO-2023-1931.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1931", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-37266", + "GHSA-m5q5-8mfw-p2hr" + ], + "summary": "CasaOS contains weak JWT secrets in github.com/IceWhaleTech/CasaOS", + "details": "CasaOS contains weak JWT secrets in github.com/IceWhaleTech/CasaOS", + "affected": [ + { + "package": { + "name": "github.com/IceWhaleTech/CasaOS", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.4.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/IceWhaleTech/CasaOS/security/advisories/GHSA-m5q5-8mfw-p2hr" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37266" + }, + { + "type": "FIX", + "url": "https://github.com/IceWhaleTech/CasaOS/commit/705bf1facbffd2ca40b159b0303132b6fdf657ad" + }, + { + "type": "WEB", + "url": "https://www.sonarsource.com/blog/security-vulnerabilities-in-casaos" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1931", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1932.json b/data/osv/GO-2023-1932.json new file mode 100644 index 00000000..a683a3c6 --- /dev/null +++ b/data/osv/GO-2023-1932.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1932", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-37265", + "GHSA-vjh7-5r6x-xh6g" + ], + "summary": "CasaOS Gateway vulnerable to incorrect identification of source IP addresses in github.com/IceWhaleTech/CasaOS-Gateway", + "details": "CasaOS Gateway vulnerable to incorrect identification of source IP addresses in github.com/IceWhaleTech/CasaOS-Gateway", + "affected": [ + { + "package": { + "name": "github.com/IceWhaleTech/CasaOS-Gateway", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.4.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/IceWhaleTech/CasaOS-Gateway/security/advisories/GHSA-vjh7-5r6x-xh6g" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37265" + }, + { + "type": "FIX", + "url": "https://github.com/IceWhaleTech/CasaOS-Gateway/commit/391dd7f0f239020c46bf057cfa25f82031fc15f7" + }, + { + "type": "WEB", + "url": "https://www.sonarsource.com/blog/security-vulnerabilities-in-casaos" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1932", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1936.json b/data/osv/GO-2023-1936.json new file mode 100644 index 00000000..adfc2872 --- /dev/null +++ b/data/osv/GO-2023-1936.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1936", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-16146", + "GHSA-9h9f-9q8g-6764" + ], + "summary": "Gophish XSS Vulnerability in github.com/gophish/gophish", + "details": "Gophish XSS Vulnerability in github.com/gophish/gophish", + "affected": [ + { + "package": { + "name": "github.com/gophish/gophish", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-9h9f-9q8g-6764" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16146" + }, + { + "type": "FIX", + "url": "https://github.com/gophish/gophish/commit/24fe998a3aa04e205900476a9601d481e94d8eea" + }, + { + "type": "FIX", + "url": "https://github.com/gophish/gophish/pull/1547" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1936", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1938.json b/data/osv/GO-2023-1938.json new file mode 100644 index 00000000..9773144e --- /dev/null +++ b/data/osv/GO-2023-1938.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1938", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-18658", + "GHSA-p5pc-m4q7-7qm9" + ], + "summary": "Helm Unsafe Link Following in helm.sh/helm", + "details": "Helm Unsafe Link Following in helm.sh/helm", + "affected": [ + { + "package": { + "name": "helm.sh/helm", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "2.0.0+incompatible" + }, + { + "fixed": "2.15.2+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-p5pc-m4q7-7qm9" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18658" + }, + { + "type": "WEB", + "url": "https://helm.sh/blog/2019-10-30-helm-symlink-security-notice" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1938", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1939.json b/data/osv/GO-2023-1939.json new file mode 100644 index 00000000..b0bc73bf --- /dev/null +++ b/data/osv/GO-2023-1939.json @@ -0,0 +1,90 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1939", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-14457", + "GHSA-j2h2-cvwh-cr64" + ], + "summary": "Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost", + "details": "Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.20.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-j2h2-cvwh-cr64" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14457" + }, + { + "type": "FIX", + "url": "https://github.com/mattermost/mattermost/pull/13848" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1939", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1940.json b/data/osv/GO-2023-1940.json new file mode 100644 index 00000000..35dca46c --- /dev/null +++ b/data/osv/GO-2023-1940.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1940", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-37477", + "GHSA-p9xf-74xh-mhw5" + ], + "summary": "1Panel command injection vulnerability in Firewall ip functionality in github.com/1Panel-dev/1Panel", + "details": "1Panel command injection vulnerability in Firewall ip functionality in github.com/1Panel-dev/1Panel", + "affected": [ + { + "package": { + "name": "github.com/1Panel-dev/1Panel", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-p9xf-74xh-mhw5" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37477" + }, + { + "type": "FIX", + "url": "https://github.com/1Panel-dev/1Panel/commit/e17b80cff4975ee343568ff526b62319f499005d" + }, + { + "type": "WEB", + "url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.4.3" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1940", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1942.json b/data/osv/GO-2023-1942.json new file mode 100644 index 00000000..93a5384c --- /dev/null +++ b/data/osv/GO-2023-1942.json @@ -0,0 +1,136 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1942", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-18466", + "GHSA-r34v-gqmw-qvgj" + ], + "summary": "Podman Symlink Vulnerability in github.com/containers/libpod", + "details": "Podman Symlink Vulnerability in github.com/containers/libpod", + "affected": [ + { + "package": { + "name": "github.com/containers/libpod", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.6.0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/containers/podman", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/containers/podman/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/containers/podman/v3", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/containers/podman/v4", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-r34v-gqmw-qvgj" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18466" + }, + { + "type": "FIX", + "url": "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e" + }, + { + "type": "REPORT", + "url": "https://github.com/containers/libpod/issues/3829" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2019:4269" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744588" + }, + { + "type": "WEB", + "url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1942", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1945.json b/data/osv/GO-2023-1945.json new file mode 100644 index 00000000..ed9f6f81 --- /dev/null +++ b/data/osv/GO-2023-1945.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1945", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-8336", + "GHSA-fhm8-cxcv-pwvc" + ], + "summary": "HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul", + "details": "HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/consul", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.4.0" + }, + { + "fixed": "1.4.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-fhm8-cxcv-pwvc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8336" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/commit/90040f8bffb311e6cd8599273e95b607175e311f" + }, + { + "type": "REPORT", + "url": "https://github.com/hashicorp/consul/issues/5423" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/consul/blob/003370ded024096cd89fb2aa2bc15293c23b9707/agent/consul/leader.go#L405" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1945", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1946.json b/data/osv/GO-2023-1946.json new file mode 100644 index 00000000..781cafbd --- /dev/null +++ b/data/osv/GO-2023-1946.json @@ -0,0 +1,129 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1946", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-1002100", + "GHSA-q4rr-64r9-fwgf" + ], + "summary": "Kubernetes DoS Vulnerability in k8s.io/kubernetes", + "details": "Kubernetes DoS Vulnerability in k8s.io/kubernetes", + "affected": [ + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.0.0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.8" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.12.0" + }, + { + "fixed": "1.12.6" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.13.0" + }, + { + "fixed": "1.13.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-q4rr-64r9-fwgf" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1002100" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2019:1851" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2019:3239" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/issues/74534" + }, + { + "type": "WEB", + "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20190416-0002" + }, + { + "type": "WEB", + "url": "https://web.archive.org/web/20210125011246/https://www.securityfocus.com/bid/107290" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1946", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1948.json b/data/osv/GO-2023-1948.json new file mode 100644 index 00000000..c92d87fb --- /dev/null +++ b/data/osv/GO-2023-1948.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1948", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-1000008", + "GHSA-xrxm-mvqm-r553" + ], + "summary": "Helm Path Traversal in helm.sh/helm", + "details": "Helm Path Traversal in helm.sh/helm", + "affected": [ + { + "package": { + "name": "helm.sh/helm", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "2.0.0+incompatible" + }, + { + "fixed": "2.12.2+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-xrxm-mvqm-r553" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000008" + }, + { + "type": "WEB", + "url": "https://helm.sh/blog/helm-security-notice-2019/index.html" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1948", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1950.json b/data/osv/GO-2023-1950.json new file mode 100644 index 00000000..02bdfc4c --- /dev/null +++ b/data/osv/GO-2023-1950.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1950", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2018-15598", + "GHSA-2cjc-rgmp-x649" + ], + "summary": "Traefik Missing Authentication in github.com/traefik/traefik", + "details": "Traefik Missing Authentication in github.com/traefik/traefik", + "affected": [ + { + "package": { + "name": "github.com/traefik/traefik", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.6.0" + }, + { + "fixed": "1.6.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-2cjc-rgmp-x649" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15598" + }, + { + "type": "WEB", + "url": "https://github.com/containous/traefik/commit/113250ce5735d554c502ca16fb03bb9119ca79f1" + }, + { + "type": "WEB", + "url": "https://github.com/containous/traefik/commit/368bd170913078732bde58160f92f202f370278b" + }, + { + "type": "WEB", + "url": "https://github.com/containous/traefik/pull/3790" + }, + { + "type": "WEB", + "url": "https://github.com/containous/traefik/releases/tag/v1.6.6" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1950", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1952.json b/data/osv/GO-2023-1952.json new file mode 100644 index 00000000..cf6cea4e --- /dev/null +++ b/data/osv/GO-2023-1952.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1952", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2018-21034", + "GHSA-xj7v-c82w-92q2" + ], + "summary": "Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd", + "details": "Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.5.0-rc1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-xj7v-c82w-92q2" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21034" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/commit/916d4aed5775fead4ab75f47c1d352cd0e73b815" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/pull/3088" + }, + { + "type": "REPORT", + "url": "https://github.com/argoproj/argo-cd/issues/470" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1952", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2023-1912.yaml b/data/reports/GO-2023-1912.yaml new file mode 100644 index 00000000..7f387b66 --- /dev/null +++ b/data/reports/GO-2023-1912.yaml @@ -0,0 +1,22 @@ +id: GO-2023-1912 +modules: + - module: github.com/multiversx/mx-chain-go + versions: + - fixed: 1.4.17 + vulnerable_at: 1.4.16 +summary: mx-chain-go's relayed transactions always increment nonce in github.com/multiversx/mx-chain-go +cves: + - CVE-2023-34458 +ghsas: + - GHSA-j494-7x2v-vvvp +references: + - advisory: https://github.com/multiversx/mx-chain-go/security/advisories/GHSA-j494-7x2v-vvvp + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-34458 + - fix: https://github.com/multiversx/mx-chain-go/commit/babdb144f1316ab6176bf3dbd7d4621120414d43 + - web: https://github.com/multiversx/mx-chain-go/blob/babdb144f1316ab6176bf3dbd7d4621120414d43/integrationTests/vm/txsFee/relayedMoveBalance_test.go#LL165C14-L165C14 + - web: https://github.com/multiversx/mx-chain-go/releases/tag/v1.4.17 +source: + id: GHSA-j494-7x2v-vvvp + created: 2024-08-20T11:51:37.102036-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1915.yaml b/data/reports/GO-2023-1915.yaml new file mode 100644 index 00000000..b1726b7d --- /dev/null +++ b/data/reports/GO-2023-1915.yaml @@ -0,0 +1,25 @@ +id: GO-2023-1915 +modules: + - module: github.com/containernetworking/plugins + versions: + - fixed: 0.8.6 + vulnerable_at: 0.8.5 +summary: containernetworking/plugins vulnerable to MitM attacks in github.com/containernetworking/plugins +cves: + - CVE-2020-10749 +ghsas: + - GHSA-fx6x-h9g4-56f8 +references: + - advisory: https://github.com/advisories/GHSA-fx6x-h9g4-56f8 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-10749 + - web: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html + - web: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html + - web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749 + - web: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 + - web: https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8 + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC +source: + id: GHSA-fx6x-h9g4-56f8 + created: 2024-08-20T11:51:41.44601-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1919.yaml b/data/reports/GO-2023-1919.yaml new file mode 100644 index 00000000..70222885 --- /dev/null +++ b/data/reports/GO-2023-1919.yaml @@ -0,0 +1,23 @@ +id: GO-2023-1919 +modules: + - module: github.com/traefik/traefik + versions: + - introduced: 1.7.0 + - fixed: 1.7.12 + vulnerable_at: 1.7.11 +summary: Containous Traefik Exposes Password Hashes in github.com/traefik/traefik +cves: + - CVE-2019-12452 +ghsas: + - GHSA-r3fq-cmmw-cpmm +references: + - advisory: https://github.com/advisories/GHSA-r3fq-cmmw-cpmm + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-12452 + - fix: https://github.com/traefik/traefik/commit/a169fec2e08e391d24b509c00fcf011656c1395c + - web: https://github.com/containous/traefik/issues/4917 + - web: https://github.com/containous/traefik/pull/4918 +source: + id: GHSA-r3fq-cmmw-cpmm + created: 2024-08-20T11:51:57.232804-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1922.yaml b/data/reports/GO-2023-1922.yaml new file mode 100644 index 00000000..1ac0003f --- /dev/null +++ b/data/reports/GO-2023-1922.yaml @@ -0,0 +1,20 @@ +id: GO-2023-1922 +modules: + - module: code.gitea.io/gitea + versions: + - fixed: 1.7.1 + vulnerable_at: 1.7.0 +summary: Gitea XSS Vulnerability in code.gitea.io/gitea +cves: + - CVE-2019-1010261 +ghsas: + - GHSA-5rh7-6gfj-mc87 +references: + - advisory: https://github.com/advisories/GHSA-5rh7-6gfj-mc87 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-1010261 + - web: https://github.com/go-gitea/gitea/pull/5905 +source: + id: GHSA-5rh7-6gfj-mc87 + created: 2024-08-20T11:52:01.472196-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1924.yaml b/data/reports/GO-2023-1924.yaml new file mode 100644 index 00000000..15e47dd8 --- /dev/null +++ b/data/reports/GO-2023-1924.yaml @@ -0,0 +1,22 @@ +id: GO-2023-1924 +modules: + - module: github.com/b3log/wide + versions: + - fixed: 1.6.0 +summary: b3log Wide unauthenticated file access in github.com/b3log/wide +cves: + - CVE-2019-13915 +ghsas: + - GHSA-6452-jr93-r5qm +references: + - advisory: https://github.com/advisories/GHSA-6452-jr93-r5qm + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-13915 + - web: https://sca.analysiscenter.veracode.com/vulnerability-database/security/arbitrary-file-reads-and-writes/go/sid-20862 + - web: https://web.archive.org/web/20190522035724/https://github.com/b3log/wide +notes: + - fix: 'github.com/b3log/wide: could not add vulnerable_at: could not find tagged version between introduced and fixed' +source: + id: GHSA-6452-jr93-r5qm + created: 2024-08-20T11:52:06.175521-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1925.yaml b/data/reports/GO-2023-1925.yaml new file mode 100644 index 00000000..c094b761 --- /dev/null +++ b/data/reports/GO-2023-1925.yaml @@ -0,0 +1,27 @@ +id: GO-2023-1925 +modules: + - module: github.com/weaveworks/tf-controller + versions: + - fixed: 0.14.4 + - introduced: 0.15.0-rc.1 + - fixed: 0.15.0-rc.5 + vulnerable_at: 0.15.0-rc.4 +summary: Weave GitOps Terraform Controller Information Disclosure Vulnerability in github.com/weaveworks/tf-controller +cves: + - CVE-2023-34236 +ghsas: + - GHSA-6hvv-j432-23cv +references: + - advisory: https://github.com/weaveworks/tf-controller/security/advisories/GHSA-6hvv-j432-23cv + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-34236 + - fix: https://github.com/weaveworks/tf-controller/commit/28282bc644054e157c3b9a3d38f1f9551ce09074 + - fix: https://github.com/weaveworks/tf-controller/commit/6323b355bd7f5d2ce85d0244fe0883af3881df4e + - fix: https://github.com/weaveworks/tf-controller/commit/9708fda28ccd0466cb0a8fd409854ab4d92f7dca + - fix: https://github.com/weaveworks/tf-controller/commit/98a0688036e9dbcf43fa84960d9a1ef3e09a69cf + - report: https://github.com/weaveworks/tf-controller/issues/637 + - report: https://github.com/weaveworks/tf-controller/issues/649 +source: + id: GHSA-6hvv-j432-23cv + created: 2024-08-20T11:52:10.908462-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1927.yaml b/data/reports/GO-2023-1927.yaml new file mode 100644 index 00000000..cd67c441 --- /dev/null +++ b/data/reports/GO-2023-1927.yaml @@ -0,0 +1,24 @@ +id: GO-2023-1927 +modules: + - module: github.com/containers/podman + versions: + - fixed: 1.4.0 + vulnerable_at: 1.3.2 +summary: Podman Path Traversal Vulnerability leads to arbitrary file read/write in github.com/containers/podman +cves: + - CVE-2019-10152 +ghsas: + - GHSA-rh5f-2w6r-q7vj +references: + - advisory: https://github.com/advisories/GHSA-rh5f-2w6r-q7vj + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-10152 + - web: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html + - web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152 + - web: https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140 + - web: https://github.com/containers/libpod/issues/3211 + - web: https://github.com/containers/libpod/pull/3214 +source: + id: GHSA-rh5f-2w6r-q7vj + created: 2024-08-20T11:52:16.867762-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1928.yaml b/data/reports/GO-2023-1928.yaml new file mode 100644 index 00000000..2f7351f4 --- /dev/null +++ b/data/reports/GO-2023-1928.yaml @@ -0,0 +1,23 @@ +id: GO-2023-1928 +modules: + - module: github.com/hashicorp/nomad + versions: + - introduced: 0.9.0 + - fixed: 0.9.2 + vulnerable_at: 0.9.2-rc1 +summary: Hashicorp Nomad Access Control Issues in github.com/hashicorp/nomad +cves: + - CVE-2019-12618 +ghsas: + - GHSA-2w2v-xcr9-mj4m +references: + - advisory: https://github.com/advisories/GHSA-2w2v-xcr9-mj4m + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-12618 + - report: https://github.com/hashicorp/nomad/issues/5783 + - web: https://www.hashicorp.com/blog/category/nomad + - web: https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2 +source: + id: GHSA-2w2v-xcr9-mj4m + created: 2024-08-20T11:52:25.578447-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1931.yaml b/data/reports/GO-2023-1931.yaml new file mode 100644 index 00000000..73202646 --- /dev/null +++ b/data/reports/GO-2023-1931.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1931 +modules: + - module: github.com/IceWhaleTech/CasaOS + versions: + - fixed: 0.4.4 + vulnerable_at: 0.4.4-alpha9 +summary: CasaOS contains weak JWT secrets in github.com/IceWhaleTech/CasaOS +cves: + - CVE-2023-37266 +ghsas: + - GHSA-m5q5-8mfw-p2hr +references: + - advisory: https://github.com/IceWhaleTech/CasaOS/security/advisories/GHSA-m5q5-8mfw-p2hr + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-37266 + - fix: https://github.com/IceWhaleTech/CasaOS/commit/705bf1facbffd2ca40b159b0303132b6fdf657ad + - web: https://www.sonarsource.com/blog/security-vulnerabilities-in-casaos +source: + id: GHSA-m5q5-8mfw-p2hr + created: 2024-08-20T11:52:31.059067-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1932.yaml b/data/reports/GO-2023-1932.yaml new file mode 100644 index 00000000..578b7a6d --- /dev/null +++ b/data/reports/GO-2023-1932.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1932 +modules: + - module: github.com/IceWhaleTech/CasaOS-Gateway + versions: + - fixed: 0.4.4 + vulnerable_at: 0.4.4-alpha1 +summary: CasaOS Gateway vulnerable to incorrect identification of source IP addresses in github.com/IceWhaleTech/CasaOS-Gateway +cves: + - CVE-2023-37265 +ghsas: + - GHSA-vjh7-5r6x-xh6g +references: + - advisory: https://github.com/IceWhaleTech/CasaOS-Gateway/security/advisories/GHSA-vjh7-5r6x-xh6g + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-37265 + - fix: https://github.com/IceWhaleTech/CasaOS-Gateway/commit/391dd7f0f239020c46bf057cfa25f82031fc15f7 + - web: https://www.sonarsource.com/blog/security-vulnerabilities-in-casaos +source: + id: GHSA-vjh7-5r6x-xh6g + created: 2024-08-20T11:52:36.502787-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1936.yaml b/data/reports/GO-2023-1936.yaml new file mode 100644 index 00000000..1f054791 --- /dev/null +++ b/data/reports/GO-2023-1936.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1936 +modules: + - module: github.com/gophish/gophish + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.0 +summary: Gophish XSS Vulnerability in github.com/gophish/gophish +cves: + - CVE-2019-16146 +ghsas: + - GHSA-9h9f-9q8g-6764 +references: + - advisory: https://github.com/advisories/GHSA-9h9f-9q8g-6764 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-16146 + - fix: https://github.com/gophish/gophish/commit/24fe998a3aa04e205900476a9601d481e94d8eea + - fix: https://github.com/gophish/gophish/pull/1547 +source: + id: GHSA-9h9f-9q8g-6764 + created: 2024-08-20T11:52:39.855889-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1938.yaml b/data/reports/GO-2023-1938.yaml new file mode 100644 index 00000000..755fdf07 --- /dev/null +++ b/data/reports/GO-2023-1938.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1938 +modules: + - module: helm.sh/helm + versions: + - introduced: 2.0.0+incompatible + - fixed: 2.15.2+incompatible + vulnerable_at: 2.15.1+incompatible +summary: Helm Unsafe Link Following in helm.sh/helm +cves: + - CVE-2019-18658 +ghsas: + - GHSA-p5pc-m4q7-7qm9 +references: + - advisory: https://github.com/advisories/GHSA-p5pc-m4q7-7qm9 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-18658 + - web: https://helm.sh/blog/2019-10-30-helm-symlink-security-notice +source: + id: GHSA-p5pc-m4q7-7qm9 + created: 2024-08-20T11:52:54.483939-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1939.yaml b/data/reports/GO-2023-1939.yaml new file mode 100644 index 00000000..0b9452f6 --- /dev/null +++ b/data/reports/GO-2023-1939.yaml @@ -0,0 +1,25 @@ +id: GO-2023-1939 +modules: + - module: github.com/mattermost/mattermost + vulnerable_at: 9.11.0+incompatible + - module: github.com/mattermost/mattermost-server + vulnerable_at: 9.11.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + versions: + - fixed: 5.20.0 + vulnerable_at: 5.20.0-rc5 +summary: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost +cves: + - CVE-2020-14457 +ghsas: + - GHSA-j2h2-cvwh-cr64 +references: + - advisory: https://github.com/advisories/GHSA-j2h2-cvwh-cr64 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-14457 + - fix: https://github.com/mattermost/mattermost/pull/13848 + - web: https://mattermost.com/security-updates +source: + id: GHSA-j2h2-cvwh-cr64 + created: 2024-08-20T11:53:03.083865-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1940.yaml b/data/reports/GO-2023-1940.yaml new file mode 100644 index 00000000..13190156 --- /dev/null +++ b/data/reports/GO-2023-1940.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1940 +modules: + - module: github.com/1Panel-dev/1Panel + versions: + - fixed: 1.4.3 + vulnerable_at: 1.4.2 +summary: 1Panel command injection vulnerability in Firewall ip functionality in github.com/1Panel-dev/1Panel +cves: + - CVE-2023-37477 +ghsas: + - GHSA-p9xf-74xh-mhw5 +references: + - advisory: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-p9xf-74xh-mhw5 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-37477 + - fix: https://github.com/1Panel-dev/1Panel/commit/e17b80cff4975ee343568ff526b62319f499005d + - web: https://github.com/1Panel-dev/1Panel/releases/tag/v1.4.3 +source: + id: GHSA-p9xf-74xh-mhw5 + created: 2024-08-20T11:53:19.224251-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1942.yaml b/data/reports/GO-2023-1942.yaml new file mode 100644 index 00000000..14ffae90 --- /dev/null +++ b/data/reports/GO-2023-1942.yaml @@ -0,0 +1,32 @@ +id: GO-2023-1942 +modules: + - module: github.com/containers/libpod + versions: + - fixed: 1.6.0 + vulnerable_at: 1.6.0-rc2 + - module: github.com/containers/podman + vulnerable_at: 1.9.3 + - module: github.com/containers/podman/v2 + vulnerable_at: 2.2.1 + - module: github.com/containers/podman/v3 + vulnerable_at: 3.4.7 + - module: github.com/containers/podman/v4 + vulnerable_at: 4.9.5 +summary: Podman Symlink Vulnerability in github.com/containers/libpod +cves: + - CVE-2019-18466 +ghsas: + - GHSA-r34v-gqmw-qvgj +references: + - advisory: https://github.com/advisories/GHSA-r34v-gqmw-qvgj + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-18466 + - fix: https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e + - report: https://github.com/containers/libpod/issues/3829 + - web: https://access.redhat.com/errata/RHSA-2019:4269 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=1744588 + - web: https://github.com/containers/libpod/compare/v1.5.1...v1.6.0 +source: + id: GHSA-r34v-gqmw-qvgj + created: 2024-08-20T11:53:22.86758-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1945.yaml b/data/reports/GO-2023-1945.yaml new file mode 100644 index 00000000..c94294ca --- /dev/null +++ b/data/reports/GO-2023-1945.yaml @@ -0,0 +1,23 @@ +id: GO-2023-1945 +modules: + - module: github.com/hashicorp/consul + versions: + - introduced: 1.4.0 + - fixed: 1.4.3 + vulnerable_at: 1.4.2 +summary: HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul +cves: + - CVE-2019-8336 +ghsas: + - GHSA-fhm8-cxcv-pwvc +references: + - advisory: https://github.com/advisories/GHSA-fhm8-cxcv-pwvc + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-8336 + - fix: https://github.com/hashicorp/consul/commit/90040f8bffb311e6cd8599273e95b607175e311f + - report: https://github.com/hashicorp/consul/issues/5423 + - web: https://github.com/hashicorp/consul/blob/003370ded024096cd89fb2aa2bc15293c23b9707/agent/consul/leader.go#L405 +source: + id: GHSA-fhm8-cxcv-pwvc + created: 2024-08-20T11:53:53.606819-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1946.yaml b/data/reports/GO-2023-1946.yaml new file mode 100644 index 00000000..e212119c --- /dev/null +++ b/data/reports/GO-2023-1946.yaml @@ -0,0 +1,44 @@ +id: GO-2023-1946 +modules: + - module: k8s.io/kubernetes + versions: + - introduced: 1.0.0 + unsupported_versions: + - last_affected: 1.10.0 + vulnerable_at: 1.31.0 + - module: k8s.io/kubernetes + versions: + - introduced: 1.11.0 + - fixed: 1.11.8 + vulnerable_at: 1.11.8-beta.0 + - module: k8s.io/kubernetes + versions: + - introduced: 1.12.0 + - fixed: 1.12.6 + vulnerable_at: 1.12.6-beta.0 + - module: k8s.io/kubernetes + versions: + - introduced: 1.13.0 + - fixed: 1.13.4 + vulnerable_at: 1.13.4-beta.0 +summary: Kubernetes DoS Vulnerability in k8s.io/kubernetes +cves: + - CVE-2019-1002100 +ghsas: + - GHSA-q4rr-64r9-fwgf +references: + - advisory: https://github.com/advisories/GHSA-q4rr-64r9-fwgf + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-1002100 + - web: https://access.redhat.com/errata/RHSA-2019:1851 + - web: https://access.redhat.com/errata/RHSA-2019:3239 + - web: https://github.com/kubernetes/kubernetes/issues/74534 + - web: https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g + - web: https://security.netapp.com/advisory/ntap-20190416-0002 + - web: https://web.archive.org/web/20210125011246/https://www.securityfocus.com/bid/107290 +notes: + - fix: 'module merge error: could not merge versions of module k8s.io/kubernetes: introduced and fixed versions must alternate' +source: + id: GHSA-q4rr-64r9-fwgf + created: 2024-08-20T11:53:57.834032-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1948.yaml b/data/reports/GO-2023-1948.yaml new file mode 100644 index 00000000..c168d0c9 --- /dev/null +++ b/data/reports/GO-2023-1948.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1948 +modules: + - module: helm.sh/helm + versions: + - introduced: 2.0.0+incompatible + - fixed: 2.12.2+incompatible + vulnerable_at: 2.12.1+incompatible +summary: Helm Path Traversal in helm.sh/helm +cves: + - CVE-2019-1000008 +ghsas: + - GHSA-xrxm-mvqm-r553 +references: + - advisory: https://github.com/advisories/GHSA-xrxm-mvqm-r553 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-1000008 + - web: https://helm.sh/blog/helm-security-notice-2019/index.html +source: + id: GHSA-xrxm-mvqm-r553 + created: 2024-08-20T11:54:16.769975-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1950.yaml b/data/reports/GO-2023-1950.yaml new file mode 100644 index 00000000..525bb689 --- /dev/null +++ b/data/reports/GO-2023-1950.yaml @@ -0,0 +1,24 @@ +id: GO-2023-1950 +modules: + - module: github.com/traefik/traefik + versions: + - introduced: 1.6.0 + - fixed: 1.6.6 + vulnerable_at: 1.6.5 +summary: Traefik Missing Authentication in github.com/traefik/traefik +cves: + - CVE-2018-15598 +ghsas: + - GHSA-2cjc-rgmp-x649 +references: + - advisory: https://github.com/advisories/GHSA-2cjc-rgmp-x649 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-15598 + - web: https://github.com/containous/traefik/commit/113250ce5735d554c502ca16fb03bb9119ca79f1 + - web: https://github.com/containous/traefik/commit/368bd170913078732bde58160f92f202f370278b + - web: https://github.com/containous/traefik/pull/3790 + - web: https://github.com/containous/traefik/releases/tag/v1.6.6 +source: + id: GHSA-2cjc-rgmp-x649 + created: 2024-08-20T11:54:20.113905-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1952.yaml b/data/reports/GO-2023-1952.yaml new file mode 100644 index 00000000..460b028b --- /dev/null +++ b/data/reports/GO-2023-1952.yaml @@ -0,0 +1,23 @@ +id: GO-2023-1952 +modules: + - module: github.com/argoproj/argo-cd + versions: + - fixed: 1.5.0-rc1 + vulnerable_at: 1.4.3 +summary: Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd +cves: + - CVE-2018-21034 +ghsas: + - GHSA-xj7v-c82w-92q2 +references: + - advisory: https://github.com/advisories/GHSA-xj7v-c82w-92q2 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-21034 + - fix: https://github.com/argoproj/argo-cd/commit/916d4aed5775fead4ab75f47c1d352cd0e73b815 + - fix: https://github.com/argoproj/argo-cd/pull/3088 + - report: https://github.com/argoproj/argo-cd/issues/470 + - web: https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399 +source: + id: GHSA-xj7v-c82w-92q2 + created: 2024-08-20T11:54:25.108822-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE