We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In GitHub Security Advisory GHSA-32cj-5wx4-gq8p, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
id: GO-ID-PENDING modules: - module: github.com/hashicorp/vault non_go_versions: - introduced: TODO (earliest fixed "1.17.0", vuln range "= 1.17.0-rc1") vulnerable_at: 1.17.0 packages: - package: github.com/hashicorp/vault - module: github.com/hashicorp/vault versions: - introduced: 0.11.0 fixed: 1.15.9 packages: - package: github.com/hashicorp/vault - module: github.com/hashicorp/vault versions: - introduced: 1.16.0-rc1 fixed: 1.16.3 vulnerable_at: 1.16.2 packages: - package: github.com/hashicorp/vault summary: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault cves: - CVE-2024-5798 ghsas: - GHSA-32cj-5wx4-gq8p references: - advisory: https://github.com/advisories/GHSA-32cj-5wx4-gq8p - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-5798 - web: https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770 notes: - fix: 'module merge error: could not merge versions of module github.com/hashicorp/vault: invalid or non-canonical semver version (found TODO (earliest fixed "1.17.0", vuln range "= 1.17.0-rc1"))' - fix: 'github.com/hashicorp/vault: could not add vulnerable_at: version 1.15.9 does not exist' source: id: GHSA-32cj-5wx4-gq8p created: 2024-06-12T23:01:21.799534403Z review_status: UNREVIEWED
The text was updated successfully, but these errors were encountered:
Change https://go.dev/cl/595957 mentions this issue: data/reports: add 5 reports
data/reports: add 5 reports
Sorry, something went wrong.
95ad15a
Change https://go.dev/cl/606360 mentions this issue: data/reports: regenerate 8 reports
data/reports: regenerate 8 reports
9fd9786
- data/reports/GO-2024-2993.yaml - data/reports/GO-2024-2997.yaml - data/reports/GO-2024-3033.yaml - data/reports/GO-2024-3039.yaml - data/reports/GO-2024-2921.yaml - data/reports/GO-2024-2982.yaml - data/reports/GO-2024-3066.yaml - data/reports/GO-2024-3070.yaml Updates #2993 Updates #2997 Updates #3033 Updates #3039 Updates #2921 Updates #2982 Updates #3066 Updates #3070 Change-Id: I5a682ceba4983a42b0d7783535488c5ecf049f25 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606360 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com>
tatianab
No branches or pull requests
In GitHub Security Advisory GHSA-32cj-5wx4-gq8p, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: