x/vulndb: potential Go vuln in github.com/amir20/dozzle: CVE-2024-47182

[GoVulnBot]

Advisory CVE-2024-47182 references a vulnerability in the following Go modules:

Module
github.com/amir20/dozzle

Description:
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-47182
• FIX: amir20/dozzle@de79f03
• WEB: GHSA-w7qr-q9fh-fj35

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/amir20/dozzle
      vulnerable_at: 1.29.0
summary: CVE-2024-47182 in github.com/amir20/dozzle
cves:
    - CVE-2024-47182
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-47182
    - fix: https://github.com/amir20/dozzle/commit/de79f03aa3dbe5bb1e154a7e8d3dccbd229f3ea3
    - web: https://github.com/amir20/dozzle/security/advisories/GHSA-w7qr-q9fh-fj35
source:
    id: CVE-2024-47182
    created: 2024-09-27T15:01:26.424577053Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/619135 mentions this issue: data/reports: add 15 reports