From 7cb2ee2ca57cb091e612a15bd3a4fef287013bdf Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Tue, 20 Aug 2024 12:49:07 -0400 Subject: [PATCH] data/reports: unexclude 20 reports (4) - data/reports/GO-2023-1643.yaml - data/reports/GO-2023-1644.yaml - data/reports/GO-2023-1651.yaml - data/reports/GO-2023-1652.yaml - data/reports/GO-2023-1653.yaml - data/reports/GO-2023-1654.yaml - data/reports/GO-2023-1655.yaml - data/reports/GO-2023-1656.yaml - data/reports/GO-2023-1657.yaml - data/reports/GO-2023-1658.yaml - data/reports/GO-2023-1659.yaml - data/reports/GO-2023-1660.yaml - data/reports/GO-2023-1661.yaml - data/reports/GO-2023-1662.yaml - data/reports/GO-2023-1670.yaml - data/reports/GO-2023-1671.yaml - data/reports/GO-2023-1682.yaml - data/reports/GO-2023-1683.yaml - data/reports/GO-2023-1685.yaml - data/reports/GO-2023-1699.yaml Updates golang/vulndb#1643 Updates golang/vulndb#1644 Updates golang/vulndb#1651 Updates golang/vulndb#1652 Updates golang/vulndb#1653 Updates golang/vulndb#1654 Updates golang/vulndb#1655 Updates golang/vulndb#1656 Updates golang/vulndb#1657 Updates golang/vulndb#1658 Updates golang/vulndb#1659 Updates golang/vulndb#1660 Updates golang/vulndb#1661 Updates golang/vulndb#1662 Updates golang/vulndb#1670 Updates golang/vulndb#1671 Updates golang/vulndb#1682 Updates golang/vulndb#1683 Updates golang/vulndb#1685 Updates golang/vulndb#1699 Change-Id: Iddcfb6c5438e03827049eecbf0a95fae6c078436 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606784 Reviewed-by: Damien Neil LUCI-TryBot-Result: Go LUCI Auto-Submit: Tatiana Bradley --- data/excluded/GO-2023-1643.yaml | 8 --- data/excluded/GO-2023-1644.yaml | 8 --- data/excluded/GO-2023-1651.yaml | 8 --- data/excluded/GO-2023-1652.yaml | 8 --- data/excluded/GO-2023-1653.yaml | 8 --- data/excluded/GO-2023-1654.yaml | 8 --- data/excluded/GO-2023-1655.yaml | 8 --- data/excluded/GO-2023-1656.yaml | 8 --- data/excluded/GO-2023-1657.yaml | 8 --- data/excluded/GO-2023-1658.yaml | 8 --- data/excluded/GO-2023-1659.yaml | 8 --- data/excluded/GO-2023-1660.yaml | 8 --- data/excluded/GO-2023-1661.yaml | 8 --- data/excluded/GO-2023-1662.yaml | 8 --- data/excluded/GO-2023-1670.yaml | 9 --- data/excluded/GO-2023-1671.yaml | 8 --- data/excluded/GO-2023-1682.yaml | 8 --- data/excluded/GO-2023-1683.yaml | 8 --- data/excluded/GO-2023-1685.yaml | 8 --- data/excluded/GO-2023-1699.yaml | 15 ----- data/osv/GO-2023-1643.json | 72 ++++++++++++++++++++++++ data/osv/GO-2023-1644.json | 56 +++++++++++++++++++ data/osv/GO-2023-1651.json | 90 ++++++++++++++++++++++++++++++ data/osv/GO-2023-1652.json | 56 +++++++++++++++++++ data/osv/GO-2023-1653.json | 60 ++++++++++++++++++++ data/osv/GO-2023-1654.json | 56 +++++++++++++++++++ data/osv/GO-2023-1655.json | 56 +++++++++++++++++++ data/osv/GO-2023-1656.json | 56 +++++++++++++++++++ data/osv/GO-2023-1657.json | 56 +++++++++++++++++++ data/osv/GO-2023-1658.json | 56 +++++++++++++++++++ data/osv/GO-2023-1659.json | 56 +++++++++++++++++++ data/osv/GO-2023-1660.json | 56 +++++++++++++++++++ data/osv/GO-2023-1661.json | 56 +++++++++++++++++++ data/osv/GO-2023-1662.json | 56 +++++++++++++++++++ data/osv/GO-2023-1670.json | 97 +++++++++++++++++++++++++++++++++ data/osv/GO-2023-1671.json | 60 ++++++++++++++++++++ data/osv/GO-2023-1682.json | 52 ++++++++++++++++++ data/osv/GO-2023-1683.json | 52 ++++++++++++++++++ data/osv/GO-2023-1685.json | 84 ++++++++++++++++++++++++++++ data/osv/GO-2023-1699.json | 78 ++++++++++++++++++++++++++ data/reports/GO-2023-1643.yaml | 26 +++++++++ data/reports/GO-2023-1644.yaml | 22 ++++++++ data/reports/GO-2023-1651.yaml | 25 +++++++++ data/reports/GO-2023-1652.yaml | 22 ++++++++ data/reports/GO-2023-1653.yaml | 22 ++++++++ data/reports/GO-2023-1654.yaml | 21 +++++++ data/reports/GO-2023-1655.yaml | 21 +++++++ data/reports/GO-2023-1656.yaml | 21 +++++++ data/reports/GO-2023-1657.yaml | 21 +++++++ data/reports/GO-2023-1658.yaml | 21 +++++++ data/reports/GO-2023-1659.yaml | 21 +++++++ data/reports/GO-2023-1660.yaml | 21 +++++++ data/reports/GO-2023-1661.yaml | 21 +++++++ data/reports/GO-2023-1662.yaml | 21 +++++++ data/reports/GO-2023-1670.yaml | 36 ++++++++++++ data/reports/GO-2023-1671.yaml | 25 +++++++++ data/reports/GO-2023-1682.yaml | 20 +++++++ data/reports/GO-2023-1683.yaml | 20 +++++++ data/reports/GO-2023-1685.yaml | 32 +++++++++++ data/reports/GO-2023-1699.yaml | 28 ++++++++++ 60 files changed, 1728 insertions(+), 168 deletions(-) delete mode 100644 data/excluded/GO-2023-1643.yaml delete mode 100644 data/excluded/GO-2023-1644.yaml delete mode 100644 data/excluded/GO-2023-1651.yaml delete mode 100644 data/excluded/GO-2023-1652.yaml delete mode 100644 data/excluded/GO-2023-1653.yaml delete mode 100644 data/excluded/GO-2023-1654.yaml delete mode 100644 data/excluded/GO-2023-1655.yaml delete mode 100644 data/excluded/GO-2023-1656.yaml delete mode 100644 data/excluded/GO-2023-1657.yaml delete mode 100644 data/excluded/GO-2023-1658.yaml delete mode 100644 data/excluded/GO-2023-1659.yaml delete mode 100644 data/excluded/GO-2023-1660.yaml delete mode 100644 data/excluded/GO-2023-1661.yaml delete mode 100644 data/excluded/GO-2023-1662.yaml delete mode 100644 data/excluded/GO-2023-1670.yaml delete mode 100644 data/excluded/GO-2023-1671.yaml delete mode 100644 data/excluded/GO-2023-1682.yaml delete mode 100644 data/excluded/GO-2023-1683.yaml delete mode 100644 data/excluded/GO-2023-1685.yaml delete mode 100644 data/excluded/GO-2023-1699.yaml create mode 100644 data/osv/GO-2023-1643.json create mode 100644 data/osv/GO-2023-1644.json create mode 100644 data/osv/GO-2023-1651.json create mode 100644 data/osv/GO-2023-1652.json create mode 100644 data/osv/GO-2023-1653.json create mode 100644 data/osv/GO-2023-1654.json create mode 100644 data/osv/GO-2023-1655.json create mode 100644 data/osv/GO-2023-1656.json create mode 100644 data/osv/GO-2023-1657.json create mode 100644 data/osv/GO-2023-1658.json create mode 100644 data/osv/GO-2023-1659.json create mode 100644 data/osv/GO-2023-1660.json create mode 100644 data/osv/GO-2023-1661.json create mode 100644 data/osv/GO-2023-1662.json create mode 100644 data/osv/GO-2023-1670.json create mode 100644 data/osv/GO-2023-1671.json create mode 100644 data/osv/GO-2023-1682.json create mode 100644 data/osv/GO-2023-1683.json create mode 100644 data/osv/GO-2023-1685.json create mode 100644 data/osv/GO-2023-1699.json create mode 100644 data/reports/GO-2023-1643.yaml create mode 100644 data/reports/GO-2023-1644.yaml create mode 100644 data/reports/GO-2023-1651.yaml create mode 100644 data/reports/GO-2023-1652.yaml create mode 100644 data/reports/GO-2023-1653.yaml create mode 100644 data/reports/GO-2023-1654.yaml create mode 100644 data/reports/GO-2023-1655.yaml create mode 100644 data/reports/GO-2023-1656.yaml create mode 100644 data/reports/GO-2023-1657.yaml create mode 100644 data/reports/GO-2023-1658.yaml create mode 100644 data/reports/GO-2023-1659.yaml create mode 100644 data/reports/GO-2023-1660.yaml create mode 100644 data/reports/GO-2023-1661.yaml create mode 100644 data/reports/GO-2023-1662.yaml create mode 100644 data/reports/GO-2023-1670.yaml create mode 100644 data/reports/GO-2023-1671.yaml create mode 100644 data/reports/GO-2023-1682.yaml create mode 100644 data/reports/GO-2023-1683.yaml create mode 100644 data/reports/GO-2023-1685.yaml create mode 100644 data/reports/GO-2023-1699.yaml diff --git a/data/excluded/GO-2023-1643.yaml b/data/excluded/GO-2023-1643.yaml deleted file mode 100644 index cf4431de9..000000000 --- a/data/excluded/GO-2023-1643.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1643 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/cilium/cilium -cves: - - CVE-2023-27594 -ghsas: - - GHSA-8fg8-jh2h-f2hc diff --git a/data/excluded/GO-2023-1644.yaml b/data/excluded/GO-2023-1644.yaml deleted file mode 100644 index 2d74f49bf..000000000 --- a/data/excluded/GO-2023-1644.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1644 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/cilium/cilium -cves: - - CVE-2023-27595 -ghsas: - - GHSA-r5x6-w42p-jhpp diff --git a/data/excluded/GO-2023-1651.yaml b/data/excluded/GO-2023-1651.yaml deleted file mode 100644 index d474ee2d7..000000000 --- a/data/excluded/GO-2023-1651.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1651 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/imgproxy/imgproxy/v3 -cves: - - CVE-2023-1496 -ghsas: - - GHSA-ch9g-x9j7-rcgp diff --git a/data/excluded/GO-2023-1652.yaml b/data/excluded/GO-2023-1652.yaml deleted file mode 100644 index df1ddf333..000000000 --- a/data/excluded/GO-2023-1652.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1652 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/cloudflare/cloudflared -cves: - - CVE-2023-1314 -ghsas: - - GHSA-7mjv-x3jf-545x diff --git a/data/excluded/GO-2023-1653.yaml b/data/excluded/GO-2023-1653.yaml deleted file mode 100644 index 6f22f5197..000000000 --- a/data/excluded/GO-2023-1653.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1653 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/cilium/cilium-cli -cves: - - CVE-2023-28114 -ghsas: - - GHSA-6f27-3p6c-p5jc diff --git a/data/excluded/GO-2023-1654.yaml b/data/excluded/GO-2023-1654.yaml deleted file mode 100644 index 362baafd0..000000000 --- a/data/excluded/GO-2023-1654.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1654 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1540 -ghsas: - - GHSA-6x5v-cxpp-pc5x diff --git a/data/excluded/GO-2023-1655.yaml b/data/excluded/GO-2023-1655.yaml deleted file mode 100644 index 54da60f9d..000000000 --- a/data/excluded/GO-2023-1655.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1655 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1543 -ghsas: - - GHSA-79hx-g43v-xfmr diff --git a/data/excluded/GO-2023-1656.yaml b/data/excluded/GO-2023-1656.yaml deleted file mode 100644 index a479621be..000000000 --- a/data/excluded/GO-2023-1656.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1656 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1535 -ghsas: - - GHSA-83qr-c7m9-wmgw diff --git a/data/excluded/GO-2023-1657.yaml b/data/excluded/GO-2023-1657.yaml deleted file mode 100644 index ba2186b66..000000000 --- a/data/excluded/GO-2023-1657.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1657 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1539 -ghsas: - - GHSA-g44v-6qfm-f6ch diff --git a/data/excluded/GO-2023-1658.yaml b/data/excluded/GO-2023-1658.yaml deleted file mode 100644 index 5828c61d0..000000000 --- a/data/excluded/GO-2023-1658.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1658 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1541 -ghsas: - - GHSA-h2wg-83fc-xvm9 diff --git a/data/excluded/GO-2023-1659.yaml b/data/excluded/GO-2023-1659.yaml deleted file mode 100644 index bae8cabed..000000000 --- a/data/excluded/GO-2023-1659.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1659 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1537 -ghsas: - - GHSA-hwj7-frgj-7829 diff --git a/data/excluded/GO-2023-1660.yaml b/data/excluded/GO-2023-1660.yaml deleted file mode 100644 index 36bee034a..000000000 --- a/data/excluded/GO-2023-1660.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1660 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1542 -ghsas: - - GHSA-r95w-7cpx-h5mx diff --git a/data/excluded/GO-2023-1661.yaml b/data/excluded/GO-2023-1661.yaml deleted file mode 100644 index d9a5cd6f5..000000000 --- a/data/excluded/GO-2023-1661.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1661 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1538 -ghsas: - - GHSA-rvjp-8qj4-8p29 diff --git a/data/excluded/GO-2023-1662.yaml b/data/excluded/GO-2023-1662.yaml deleted file mode 100644 index 8ad412546..000000000 --- a/data/excluded/GO-2023-1662.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1662 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1536 -ghsas: - - GHSA-xvfj-84vc-hrmf diff --git a/data/excluded/GO-2023-1670.yaml b/data/excluded/GO-2023-1670.yaml deleted file mode 100644 index e7c55414d..000000000 --- a/data/excluded/GO-2023-1670.yaml +++ /dev/null @@ -1,9 +0,0 @@ -id: GO-2023-1670 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/argoproj/argo-cd/v2 - - module: github.com/argoproj/argo-cd -cves: - - CVE-2022-41354 -ghsas: - - GHSA-2q5c-qw9c-fmvq diff --git a/data/excluded/GO-2023-1671.yaml b/data/excluded/GO-2023-1671.yaml deleted file mode 100644 index 78eefc380..000000000 --- a/data/excluded/GO-2023-1671.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1671 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: tailscale.com -cves: - - CVE-2023-28436 -ghsas: - - GHSA-vfgq-g5x8-g595 diff --git a/data/excluded/GO-2023-1682.yaml b/data/excluded/GO-2023-1682.yaml deleted file mode 100644 index b2a450092..000000000 --- a/data/excluded/GO-2023-1682.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1682 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/opencontainers/runc -cves: - - CVE-2023-25809 -ghsas: - - GHSA-m8cg-xc2p-r3fc diff --git a/data/excluded/GO-2023-1683.yaml b/data/excluded/GO-2023-1683.yaml deleted file mode 100644 index 7b377834c..000000000 --- a/data/excluded/GO-2023-1683.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1683 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/opencontainers/runc -cves: - - CVE-2023-28642 -ghsas: - - GHSA-g2j6-57v7-gm8c diff --git a/data/excluded/GO-2023-1685.yaml b/data/excluded/GO-2023-1685.yaml deleted file mode 100644 index a321a89a1..000000000 --- a/data/excluded/GO-2023-1685.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1685 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/vault -cves: - - CVE-2023-0620 -ghsas: - - GHSA-v3hp-mcj5-pg39 diff --git a/data/excluded/GO-2023-1699.yaml b/data/excluded/GO-2023-1699.yaml deleted file mode 100644 index ac1b32a24..000000000 --- a/data/excluded/GO-2023-1699.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: GO-2023-1699 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/moby/moby -cves: - - CVE-2023-28840 -ghsas: - - GHSA-232p-vwff-86mp -related: - - CVE-2023-28841 - - CVE-2023-28842 - - GHSA-33pg-m6jh-5237 - - GHSA-6wrf-mxfj-pf5p - - GHSA-gvm4-2qqg-m333 - - GHSA-vwm3-crmr-xfxw diff --git a/data/osv/GO-2023-1643.json b/data/osv/GO-2023-1643.json new file mode 100644 index 000000000..ec5d85f90 --- /dev/null +++ b/data/osv/GO-2023-1643.json @@ -0,0 +1,72 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1643", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-27594", + "GHSA-8fg8-jh2h-f2hc" + ], + "summary": "Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium", + "details": "Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium", + "affected": [ + { + "package": { + "name": "github.com/cilium/cilium", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.11.15" + }, + { + "introduced": "1.12.0" + }, + { + "fixed": "1.12.8" + }, + { + "introduced": "1.13.0" + }, + { + "fixed": "1.13.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/cilium/cilium/security/advisories/GHSA-8fg8-jh2h-f2hc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27594" + }, + { + "type": "WEB", + "url": "https://github.com/cilium/cilium/releases/tag/v1.11.15" + }, + { + "type": "WEB", + "url": "https://github.com/cilium/cilium/releases/tag/v1.12.8" + }, + { + "type": "WEB", + "url": "https://github.com/cilium/cilium/releases/tag/v1.13.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1643", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1644.json b/data/osv/GO-2023-1644.json new file mode 100644 index 000000000..e0f25a425 --- /dev/null +++ b/data/osv/GO-2023-1644.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1644", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-27595", + "GHSA-r5x6-w42p-jhpp" + ], + "summary": "Cilium eBPF filters may be temporarily removed during agent restart in github.com/cilium/cilium", + "details": "Cilium eBPF filters may be temporarily removed during agent restart in github.com/cilium/cilium", + "affected": [ + { + "package": { + "name": "github.com/cilium/cilium", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.13.0" + }, + { + "fixed": "1.13.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/cilium/cilium/security/advisories/GHSA-r5x6-w42p-jhpp" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27595" + }, + { + "type": "FIX", + "url": "https://github.com/cilium/cilium/pull/24336" + }, + { + "type": "WEB", + "url": "https://github.com/cilium/cilium/releases/tag/v1.13.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1644", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1651.json b/data/osv/GO-2023-1651.json new file mode 100644 index 000000000..c100bd1ed --- /dev/null +++ b/data/osv/GO-2023-1651.json @@ -0,0 +1,90 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1651", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1496", + "GHSA-ch9g-x9j7-rcgp" + ], + "summary": "imgproxy Cross-site Scripting vulnerability in github.com/imgproxy/imgproxy", + "details": "imgproxy Cross-site Scripting vulnerability in github.com/imgproxy/imgproxy", + "affected": [ + { + "package": { + "name": "github.com/imgproxy/imgproxy", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/imgproxy/imgproxy/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/imgproxy/imgproxy/v3", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.14.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-ch9g-x9j7-rcgp" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1496" + }, + { + "type": "FIX", + "url": "https://github.com/imgproxy/imgproxy/commit/62f8d08a93d301285dcd1dabcc7ba10c6c65b689" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/de603972-935a-401a-96fb-17ddadd282b2" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1651", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1652.json b/data/osv/GO-2023-1652.json new file mode 100644 index 000000000..c056b0430 --- /dev/null +++ b/data/osv/GO-2023-1652.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1652", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1314", + "GHSA-7mjv-x3jf-545x" + ], + "summary": "cloudflared's Installer has Local Privilege Escalation Vulnerability in github.com/cloudflare/cloudflared", + "details": "cloudflared's Installer has Local Privilege Escalation Vulnerability in github.com/cloudflare/cloudflared", + "affected": [ + { + "package": { + "name": "github.com/cloudflare/cloudflared", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.0.0-20230313153246-f686da832f85" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/cloudflare/cloudflared/security/advisories/GHSA-7mjv-x3jf-545x" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1314" + }, + { + "type": "FIX", + "url": "https://github.com/cloudflare/cloudflared/commit/9c15f31d003bebfbe6467c2b42972df3e7c9b886" + }, + { + "type": "WEB", + "url": "https://github.com/cloudflare/cloudflared/releases" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1652", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1653.json b/data/osv/GO-2023-1653.json new file mode 100644 index 000000000..fad7518c9 --- /dev/null +++ b/data/osv/GO-2023-1653.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1653", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-28114", + "GHSA-6f27-3p6c-p5jc" + ], + "summary": "`cilium-cli` disables etcd authorization for clustermesh clusters in github.com/cilium/cilium-cli", + "details": "`cilium-cli` disables etcd authorization for clustermesh clusters in github.com/cilium/cilium-cli", + "affected": [ + { + "package": { + "name": "github.com/cilium/cilium-cli", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.13.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/cilium/cilium-cli/security/advisories/GHSA-6f27-3p6c-p5jc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28114" + }, + { + "type": "FIX", + "url": "https://github.com/cilium/cilium-cli/commit/fb1427025764e1eebc4a7710d902c4f22cae2610" + }, + { + "type": "WEB", + "url": "https://artifacthub.io/packages/helm/cilium/cilium" + }, + { + "type": "WEB", + "url": "https://github.com/cilium/cilium-cli/releases/tag/v0.13.2" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1653", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1654.json b/data/osv/GO-2023-1654.json new file mode 100644 index 000000000..68f57c9b8 --- /dev/null +++ b/data/osv/GO-2023-1654.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1654", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1540", + "GHSA-6x5v-cxpp-pc5x" + ], + "summary": "Answer has Observable Response Discrepancy in github.com/answerdev/answer", + "details": "Answer has Observable Response Discrepancy in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-6x5v-cxpp-pc5x" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1540" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/1de3ec27e50ba7389c9449c59e8ea3a37a908ee4" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/d8d6c259-a0f2-4209-a3b0-ecbf3eb092f4" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1654", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1655.json b/data/osv/GO-2023-1655.json new file mode 100644 index 000000000..c82947447 --- /dev/null +++ b/data/osv/GO-2023-1655.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1655", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1543", + "GHSA-79hx-g43v-xfmr" + ], + "summary": "Answer vulnerable to Insufficient Session Expiration in github.com/answerdev/answer", + "details": "Answer vulnerable to Insufficient Session Expiration in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-79hx-g43v-xfmr" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1543" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/cd742b75605c99776f32d271c0a60e0f468e181c" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/f82388d6-dfc3-4fbc-bea6-eb40cf5b2683" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1655", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1656.json b/data/osv/GO-2023-1656.json new file mode 100644 index 000000000..466024394 --- /dev/null +++ b/data/osv/GO-2023-1656.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1656", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1535", + "GHSA-83qr-c7m9-wmgw" + ], + "summary": "Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.7" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-83qr-c7m9-wmgw" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1535" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/c3743bad4f2a69f69f8f1e1e5b4b6524fc03da25" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/4d4b0caa-6d8c-4574-ae7e-e9ef5e2e1a40" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1656", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1657.json b/data/osv/GO-2023-1657.json new file mode 100644 index 000000000..c59a0d970 --- /dev/null +++ b/data/osv/GO-2023-1657.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1657", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1539", + "GHSA-g44v-6qfm-f6ch" + ], + "summary": "Answer has Guessable CAPTCHA in github.com/answerdev/answer", + "details": "Answer has Guessable CAPTCHA in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-g44v-6qfm-f6ch" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1539" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/b4df67f4-14ea-4051-97d4-26690c979a28" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1657", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1658.json b/data/osv/GO-2023-1658.json new file mode 100644 index 000000000..7749b546e --- /dev/null +++ b/data/osv/GO-2023-1658.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1658", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1541", + "GHSA-h2wg-83fc-xvm9" + ], + "summary": "Answer vulnerable to Business Logic Errors in github.com/answerdev/answer", + "details": "Answer vulnerable to Business Logic Errors in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-h2wg-83fc-xvm9" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1541" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/15390adbfcd5fd37af4661f992f8873ae5a6b840" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/8fd891c6-b04e-4dac-818f-9ea30861cd92" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1658", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1659.json b/data/osv/GO-2023-1659.json new file mode 100644 index 000000000..748472117 --- /dev/null +++ b/data/osv/GO-2023-1659.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1659", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1537", + "GHSA-hwj7-frgj-7829" + ], + "summary": "Answer vulnerable to Authentication Bypass by Capture-replay in github.com/answerdev/answer", + "details": "Answer vulnerable to Authentication Bypass by Capture-replay in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hwj7-frgj-7829" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1537" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/171cde18-a447-446c-a9ab-297953ad9b86" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1659", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1660.json b/data/osv/GO-2023-1660.json new file mode 100644 index 000000000..84019b663 --- /dev/null +++ b/data/osv/GO-2023-1660.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1660", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1542", + "GHSA-r95w-7cpx-h5mx" + ], + "summary": "Answer vulnerable to Business Logic Errors in github.com/answerdev/answer", + "details": "Answer vulnerable to Business Logic Errors in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-r95w-7cpx-h5mx" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1542" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/4ca2429d190a6e614f5bbee1173c80a7cffcc568" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/d947417c-5a12-407a-9a2f-fa696f65126f" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1660", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1661.json b/data/osv/GO-2023-1661.json new file mode 100644 index 000000000..6b2a18ba1 --- /dev/null +++ b/data/osv/GO-2023-1661.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1661", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1538", + "GHSA-rvjp-8qj4-8p29" + ], + "summary": "Answer has Observable Timing Discrepancy in github.com/answerdev/answer", + "details": "Answer has Observable Timing Discrepancy in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rvjp-8qj4-8p29" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1538" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/ac0271eb-660f-4966-8b57-4bc660a9a1a0" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1661", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1662.json b/data/osv/GO-2023-1662.json new file mode 100644 index 000000000..53bb4b4e9 --- /dev/null +++ b/data/osv/GO-2023-1662.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1662", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1536", + "GHSA-xvfj-84vc-hrmf" + ], + "summary": "Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer", + "details": "Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.7" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-xvfj-84vc-hrmf" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1536" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/c3743bad4f2a69f69f8f1e1e5b4b6524fc03da25" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/538207f4-f805-419a-a314-51716643f05e" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1662", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1670.json b/data/osv/GO-2023-1670.json new file mode 100644 index 000000000..ccba7702f --- /dev/null +++ b/data/osv/GO-2023-1670.json @@ -0,0 +1,97 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1670", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-41354", + "GHSA-2q5c-qw9c-fmvq" + ], + "summary": "Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd", + "details": "Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.5.0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.4.28" + }, + { + "introduced": "2.5.0" + }, + { + "fixed": "2.5.16" + }, + { + "introduced": "2.6.0" + }, + { + "fixed": "2.6.7" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41354" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/commit/3a28c8a18cc2aa84fe81492625545d25c7a90bc3" + }, + { + "type": "WEB", + "url": "http://argo.com" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.4.28" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.5.16" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.6.7" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1670", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1671.json b/data/osv/GO-2023-1671.json new file mode 100644 index 000000000..b3de5b669 --- /dev/null +++ b/data/osv/GO-2023-1671.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1671", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-28436", + "GHSA-vfgq-g5x8-g595" + ], + "summary": "Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com", + "details": "Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com", + "affected": [ + { + "package": { + "name": "tailscale.com", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.34.0" + }, + { + "fixed": "1.38.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vfgq-g5x8-g595" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28436" + }, + { + "type": "WEB", + "url": "https://github.com/tailscale/tailscale/commit/d00c046b723dff6e3775d7d35f891403ac21a47d" + }, + { + "type": "WEB", + "url": "https://github.com/tailscale/tailscale/releases/tag/v1.38.2" + }, + { + "type": "WEB", + "url": "https://tailscale.com/security-bulletins/#ts-2023-003" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1671", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1682.json b/data/osv/GO-2023-1682.json new file mode 100644 index 000000000..ae650cabf --- /dev/null +++ b/data/osv/GO-2023-1682.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1682", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-25809", + "GHSA-m8cg-xc2p-r3fc" + ], + "summary": "rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc", + "details": "rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc", + "affected": [ + { + "package": { + "name": "github.com/opencontainers/runc", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.1.5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25809" + }, + { + "type": "FIX", + "url": "https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1682", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1683.json b/data/osv/GO-2023-1683.json new file mode 100644 index 000000000..d2772e181 --- /dev/null +++ b/data/osv/GO-2023-1683.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1683", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-28642", + "GHSA-g2j6-57v7-gm8c" + ], + "summary": "runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc", + "details": "runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc", + "affected": [ + { + "package": { + "name": "github.com/opencontainers/runc", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.1.5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642" + }, + { + "type": "FIX", + "url": "https://github.com/opencontainers/runc/pull/3785" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1683", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1685.json b/data/osv/GO-2023-1685.json new file mode 100644 index 000000000..5fc755e6d --- /dev/null +++ b/data/osv/GO-2023-1685.json @@ -0,0 +1,84 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1685", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0620", + "GHSA-v3hp-mcj5-pg39" + ], + "summary": "HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault", + "details": "HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/vault", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.8.0" + }, + { + "fixed": "1.11.9" + }, + { + "introduced": "1.12.0" + }, + { + "fixed": "1.12.5" + }, + { + "introduced": "1.13.0" + }, + { + "fixed": "1.13.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-v3hp-mcj5-pg39" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0620" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/vault/pull/19591" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/vault/releases/tag/v1.11.9" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/vault/releases/tag/v1.12.5" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/vault/releases/tag/v1.13.1" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20230526-0008" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1685", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1699.json b/data/osv/GO-2023-1699.json new file mode 100644 index 000000000..347f0ab8f --- /dev/null +++ b/data/osv/GO-2023-1699.json @@ -0,0 +1,78 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1699", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-28840", + "GHSA-232p-vwff-86mp" + ], + "summary": "Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker", + "details": "Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker", + "affected": [ + { + "package": { + "name": "github.com/docker/docker", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.12.0" + }, + { + "fixed": "20.10.24+incompatible" + }, + { + "introduced": "23.0.0+incompatible" + }, + { + "fixed": "23.0.3+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28840" + }, + { + "type": "WEB", + "url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/issues/43382" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/pull/45118" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1699", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2023-1643.yaml b/data/reports/GO-2023-1643.yaml new file mode 100644 index 000000000..282788ebe --- /dev/null +++ b/data/reports/GO-2023-1643.yaml @@ -0,0 +1,26 @@ +id: GO-2023-1643 +modules: + - module: github.com/cilium/cilium + versions: + - fixed: 1.11.15 + - introduced: 1.12.0 + - fixed: 1.12.8 + - introduced: 1.13.0 + - fixed: 1.13.1 + vulnerable_at: 1.13.0 +summary: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium +cves: + - CVE-2023-27594 +ghsas: + - GHSA-8fg8-jh2h-f2hc +references: + - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-8fg8-jh2h-f2hc + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-27594 + - web: https://github.com/cilium/cilium/releases/tag/v1.11.15 + - web: https://github.com/cilium/cilium/releases/tag/v1.12.8 + - web: https://github.com/cilium/cilium/releases/tag/v1.13.1 +source: + id: GHSA-8fg8-jh2h-f2hc + created: 2024-08-20T11:37:13.171231-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1644.yaml b/data/reports/GO-2023-1644.yaml new file mode 100644 index 000000000..29cd004ef --- /dev/null +++ b/data/reports/GO-2023-1644.yaml @@ -0,0 +1,22 @@ +id: GO-2023-1644 +modules: + - module: github.com/cilium/cilium + versions: + - introduced: 1.13.0 + - fixed: 1.13.1 + vulnerable_at: 1.13.0 +summary: Cilium eBPF filters may be temporarily removed during agent restart in github.com/cilium/cilium +cves: + - CVE-2023-27595 +ghsas: + - GHSA-r5x6-w42p-jhpp +references: + - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-r5x6-w42p-jhpp + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-27595 + - fix: https://github.com/cilium/cilium/pull/24336 + - web: https://github.com/cilium/cilium/releases/tag/v1.13.1 +source: + id: GHSA-r5x6-w42p-jhpp + created: 2024-08-20T11:37:18.393241-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1651.yaml b/data/reports/GO-2023-1651.yaml new file mode 100644 index 000000000..e158ccb40 --- /dev/null +++ b/data/reports/GO-2023-1651.yaml @@ -0,0 +1,25 @@ +id: GO-2023-1651 +modules: + - module: github.com/imgproxy/imgproxy + vulnerable_at: 1.1.8 + - module: github.com/imgproxy/imgproxy/v2 + vulnerable_at: 2.17.0 + - module: github.com/imgproxy/imgproxy/v3 + versions: + - fixed: 3.14.0 + vulnerable_at: 3.13.2 +summary: imgproxy Cross-site Scripting vulnerability in github.com/imgproxy/imgproxy +cves: + - CVE-2023-1496 +ghsas: + - GHSA-ch9g-x9j7-rcgp +references: + - advisory: https://github.com/advisories/GHSA-ch9g-x9j7-rcgp + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1496 + - fix: https://github.com/imgproxy/imgproxy/commit/62f8d08a93d301285dcd1dabcc7ba10c6c65b689 + - web: https://huntr.dev/bounties/de603972-935a-401a-96fb-17ddadd282b2 +source: + id: GHSA-ch9g-x9j7-rcgp + created: 2024-08-20T11:37:47.736414-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1652.yaml b/data/reports/GO-2023-1652.yaml new file mode 100644 index 000000000..e70974555 --- /dev/null +++ b/data/reports/GO-2023-1652.yaml @@ -0,0 +1,22 @@ +id: GO-2023-1652 +modules: + - module: github.com/cloudflare/cloudflared + versions: + - fixed: 0.0.0-20230313153246-f686da832f85 +summary: cloudflared's Installer has Local Privilege Escalation Vulnerability in github.com/cloudflare/cloudflared +cves: + - CVE-2023-1314 +ghsas: + - GHSA-7mjv-x3jf-545x +references: + - advisory: https://github.com/cloudflare/cloudflared/security/advisories/GHSA-7mjv-x3jf-545x + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1314 + - fix: https://github.com/cloudflare/cloudflared/commit/9c15f31d003bebfbe6467c2b42972df3e7c9b886 + - web: https://github.com/cloudflare/cloudflared/releases +notes: + - fix: 'github.com/cloudflare/cloudflared: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version' +source: + id: GHSA-7mjv-x3jf-545x + created: 2024-08-20T11:37:52.854605-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1653.yaml b/data/reports/GO-2023-1653.yaml new file mode 100644 index 000000000..e61c08a26 --- /dev/null +++ b/data/reports/GO-2023-1653.yaml @@ -0,0 +1,22 @@ +id: GO-2023-1653 +modules: + - module: github.com/cilium/cilium-cli + versions: + - fixed: 0.13.2 + vulnerable_at: 0.13.1 +summary: '`cilium-cli` disables etcd authorization for clustermesh clusters in github.com/cilium/cilium-cli' +cves: + - CVE-2023-28114 +ghsas: + - GHSA-6f27-3p6c-p5jc +references: + - advisory: https://github.com/cilium/cilium-cli/security/advisories/GHSA-6f27-3p6c-p5jc + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-28114 + - fix: https://github.com/cilium/cilium-cli/commit/fb1427025764e1eebc4a7710d902c4f22cae2610 + - web: https://artifacthub.io/packages/helm/cilium/cilium + - web: https://github.com/cilium/cilium-cli/releases/tag/v0.13.2 +source: + id: GHSA-6f27-3p6c-p5jc + created: 2024-08-20T11:37:56.863902-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1654.yaml b/data/reports/GO-2023-1654.yaml new file mode 100644 index 000000000..ee0ae4d12 --- /dev/null +++ b/data/reports/GO-2023-1654.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1654 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer has Observable Response Discrepancy in github.com/answerdev/answer +cves: + - CVE-2023-1540 +ghsas: + - GHSA-6x5v-cxpp-pc5x +references: + - advisory: https://github.com/advisories/GHSA-6x5v-cxpp-pc5x + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1540 + - fix: https://github.com/answerdev/answer/commit/1de3ec27e50ba7389c9449c59e8ea3a37a908ee4 + - web: https://huntr.dev/bounties/d8d6c259-a0f2-4209-a3b0-ecbf3eb092f4 +source: + id: GHSA-6x5v-cxpp-pc5x + created: 2024-08-20T11:38:01.262158-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1655.yaml b/data/reports/GO-2023-1655.yaml new file mode 100644 index 000000000..70668ca2e --- /dev/null +++ b/data/reports/GO-2023-1655.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1655 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Insufficient Session Expiration in github.com/answerdev/answer +cves: + - CVE-2023-1543 +ghsas: + - GHSA-79hx-g43v-xfmr +references: + - advisory: https://github.com/advisories/GHSA-79hx-g43v-xfmr + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1543 + - fix: https://github.com/answerdev/answer/commit/cd742b75605c99776f32d271c0a60e0f468e181c + - web: https://huntr.dev/bounties/f82388d6-dfc3-4fbc-bea6-eb40cf5b2683 +source: + id: GHSA-79hx-g43v-xfmr + created: 2024-08-20T11:38:05.14999-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1656.yaml b/data/reports/GO-2023-1656.yaml new file mode 100644 index 000000000..f9f1e08b1 --- /dev/null +++ b/data/reports/GO-2023-1656.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1656 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.7 + vulnerable_at: 1.0.6 +summary: Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1535 +ghsas: + - GHSA-83qr-c7m9-wmgw +references: + - advisory: https://github.com/advisories/GHSA-83qr-c7m9-wmgw + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1535 + - fix: https://github.com/answerdev/answer/commit/c3743bad4f2a69f69f8f1e1e5b4b6524fc03da25 + - web: https://huntr.dev/bounties/4d4b0caa-6d8c-4574-ae7e-e9ef5e2e1a40 +source: + id: GHSA-83qr-c7m9-wmgw + created: 2024-08-20T11:38:09.180965-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1657.yaml b/data/reports/GO-2023-1657.yaml new file mode 100644 index 000000000..5e8b644d5 --- /dev/null +++ b/data/reports/GO-2023-1657.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1657 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer has Guessable CAPTCHA in github.com/answerdev/answer +cves: + - CVE-2023-1539 +ghsas: + - GHSA-g44v-6qfm-f6ch +references: + - advisory: https://github.com/advisories/GHSA-g44v-6qfm-f6ch + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1539 + - fix: https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af + - web: https://huntr.dev/bounties/b4df67f4-14ea-4051-97d4-26690c979a28 +source: + id: GHSA-g44v-6qfm-f6ch + created: 2024-08-20T11:38:12.933735-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1658.yaml b/data/reports/GO-2023-1658.yaml new file mode 100644 index 000000000..64307f4c7 --- /dev/null +++ b/data/reports/GO-2023-1658.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1658 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Business Logic Errors in github.com/answerdev/answer +cves: + - CVE-2023-1541 +ghsas: + - GHSA-h2wg-83fc-xvm9 +references: + - advisory: https://github.com/advisories/GHSA-h2wg-83fc-xvm9 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1541 + - fix: https://github.com/answerdev/answer/commit/15390adbfcd5fd37af4661f992f8873ae5a6b840 + - web: https://huntr.dev/bounties/8fd891c6-b04e-4dac-818f-9ea30861cd92 +source: + id: GHSA-h2wg-83fc-xvm9 + created: 2024-08-20T11:38:16.953629-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1659.yaml b/data/reports/GO-2023-1659.yaml new file mode 100644 index 000000000..0ee6a691e --- /dev/null +++ b/data/reports/GO-2023-1659.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1659 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Authentication Bypass by Capture-replay in github.com/answerdev/answer +cves: + - CVE-2023-1537 +ghsas: + - GHSA-hwj7-frgj-7829 +references: + - advisory: https://github.com/advisories/GHSA-hwj7-frgj-7829 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1537 + - fix: https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af + - web: https://huntr.dev/bounties/171cde18-a447-446c-a9ab-297953ad9b86 +source: + id: GHSA-hwj7-frgj-7829 + created: 2024-08-20T11:38:21.057296-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1660.yaml b/data/reports/GO-2023-1660.yaml new file mode 100644 index 000000000..c52f11f6e --- /dev/null +++ b/data/reports/GO-2023-1660.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1660 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to Business Logic Errors in github.com/answerdev/answer +cves: + - CVE-2023-1542 +ghsas: + - GHSA-r95w-7cpx-h5mx +references: + - advisory: https://github.com/advisories/GHSA-r95w-7cpx-h5mx + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1542 + - fix: https://github.com/answerdev/answer/commit/4ca2429d190a6e614f5bbee1173c80a7cffcc568 + - web: https://huntr.dev/bounties/d947417c-5a12-407a-9a2f-fa696f65126f +source: + id: GHSA-r95w-7cpx-h5mx + created: 2024-08-20T11:38:24.644692-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1661.yaml b/data/reports/GO-2023-1661.yaml new file mode 100644 index 000000000..e8f9a4c35 --- /dev/null +++ b/data/reports/GO-2023-1661.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1661 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer has Observable Timing Discrepancy in github.com/answerdev/answer +cves: + - CVE-2023-1538 +ghsas: + - GHSA-rvjp-8qj4-8p29 +references: + - advisory: https://github.com/advisories/GHSA-rvjp-8qj4-8p29 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1538 + - fix: https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af + - web: https://huntr.dev/bounties/ac0271eb-660f-4966-8b57-4bc660a9a1a0 +source: + id: GHSA-rvjp-8qj4-8p29 + created: 2024-08-20T11:38:28.679583-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1662.yaml b/data/reports/GO-2023-1662.yaml new file mode 100644 index 000000000..70d85507b --- /dev/null +++ b/data/reports/GO-2023-1662.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1662 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.7 + vulnerable_at: 1.0.6 +summary: Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer +cves: + - CVE-2023-1536 +ghsas: + - GHSA-xvfj-84vc-hrmf +references: + - advisory: https://github.com/advisories/GHSA-xvfj-84vc-hrmf + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1536 + - fix: https://github.com/answerdev/answer/commit/c3743bad4f2a69f69f8f1e1e5b4b6524fc03da25 + - web: https://huntr.dev/bounties/538207f4-f805-419a-a314-51716643f05e +source: + id: GHSA-xvfj-84vc-hrmf + created: 2024-08-20T11:38:32.332792-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1670.yaml b/data/reports/GO-2023-1670.yaml new file mode 100644 index 000000000..e565ebffa --- /dev/null +++ b/data/reports/GO-2023-1670.yaml @@ -0,0 +1,36 @@ +id: GO-2023-1670 +modules: + - module: github.com/argoproj/argo-cd + versions: + - introduced: 0.5.0 + unsupported_versions: + - last_affected: 1.8.7 + vulnerable_at: 1.8.6 + - module: github.com/argoproj/argo-cd/v2 + versions: + - fixed: 2.4.28 + - introduced: 2.5.0 + - fixed: 2.5.16 + - introduced: 2.6.0 + - fixed: 2.6.7 + vulnerable_at: 2.6.6 +summary: |- + Argo CD authenticated but unauthorized users may enumerate Application names via + the API in github.com/argoproj/argo-cd +cves: + - CVE-2022-41354 +ghsas: + - GHSA-2q5c-qw9c-fmvq +references: + - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-41354 + - fix: https://github.com/argoproj/argo-cd/commit/3a28c8a18cc2aa84fe81492625545d25c7a90bc3 + - web: http://argo.com + - web: https://github.com/argoproj/argo-cd/releases/tag/v2.4.28 + - web: https://github.com/argoproj/argo-cd/releases/tag/v2.5.16 + - web: https://github.com/argoproj/argo-cd/releases/tag/v2.6.7 +source: + id: GHSA-2q5c-qw9c-fmvq + created: 2024-08-20T11:39:00.564716-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1671.yaml b/data/reports/GO-2023-1671.yaml new file mode 100644 index 000000000..532c5c1e5 --- /dev/null +++ b/data/reports/GO-2023-1671.yaml @@ -0,0 +1,25 @@ +id: GO-2023-1671 +modules: + - module: tailscale.com + versions: + - introduced: 1.34.0 + - fixed: 1.38.2 + vulnerable_at: 1.38.1 +summary: |- + Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID + of the tailscaled process in tailscale.com +cves: + - CVE-2023-28436 +ghsas: + - GHSA-vfgq-g5x8-g595 +references: + - advisory: https://github.com/tailscale/tailscale/security/advisories/GHSA-vfgq-g5x8-g595 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-28436 + - web: https://github.com/tailscale/tailscale/commit/d00c046b723dff6e3775d7d35f891403ac21a47d + - web: https://github.com/tailscale/tailscale/releases/tag/v1.38.2 + - web: https://tailscale.com/security-bulletins/#ts-2023-003 +source: + id: GHSA-vfgq-g5x8-g595 + created: 2024-08-20T11:39:07.016065-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1682.yaml b/data/reports/GO-2023-1682.yaml new file mode 100644 index 000000000..5627032ca --- /dev/null +++ b/data/reports/GO-2023-1682.yaml @@ -0,0 +1,20 @@ +id: GO-2023-1682 +modules: + - module: github.com/opencontainers/runc + versions: + - fixed: 1.1.5 + vulnerable_at: 1.1.4 +summary: 'rootless: `/sys/fs/cgroup` is writable when cgroupns isn''t unshared in runc in github.com/opencontainers/runc' +cves: + - CVE-2023-25809 +ghsas: + - GHSA-m8cg-xc2p-r3fc +references: + - advisory: https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-25809 + - fix: https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17 +source: + id: GHSA-m8cg-xc2p-r3fc + created: 2024-08-20T11:39:25.265773-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1683.yaml b/data/reports/GO-2023-1683.yaml new file mode 100644 index 000000000..27ce936e5 --- /dev/null +++ b/data/reports/GO-2023-1683.yaml @@ -0,0 +1,20 @@ +id: GO-2023-1683 +modules: + - module: github.com/opencontainers/runc + versions: + - fixed: 1.1.5 + vulnerable_at: 1.1.4 +summary: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc +cves: + - CVE-2023-28642 +ghsas: + - GHSA-g2j6-57v7-gm8c +references: + - advisory: https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-28642 + - fix: https://github.com/opencontainers/runc/pull/3785 +source: + id: GHSA-g2j6-57v7-gm8c + created: 2024-08-20T11:39:28.577313-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1685.yaml b/data/reports/GO-2023-1685.yaml new file mode 100644 index 000000000..c341a2b8b --- /dev/null +++ b/data/reports/GO-2023-1685.yaml @@ -0,0 +1,32 @@ +id: GO-2023-1685 +modules: + - module: github.com/hashicorp/vault + versions: + - introduced: 0.8.0 + - fixed: 1.11.9 + - introduced: 1.12.0 + - fixed: 1.12.5 + - introduced: 1.13.0 + - fixed: 1.13.1 + vulnerable_at: 1.13.0 +summary: |- + HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL + Injection Via Configuration File in github.com/hashicorp/vault +cves: + - CVE-2023-0620 +ghsas: + - GHSA-v3hp-mcj5-pg39 +references: + - advisory: https://github.com/advisories/GHSA-v3hp-mcj5-pg39 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0620 + - fix: https://github.com/hashicorp/vault/pull/19591 + - web: https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1 + - web: https://github.com/hashicorp/vault/releases/tag/v1.11.9 + - web: https://github.com/hashicorp/vault/releases/tag/v1.12.5 + - web: https://github.com/hashicorp/vault/releases/tag/v1.13.1 + - web: https://security.netapp.com/advisory/ntap-20230526-0008 +source: + id: GHSA-v3hp-mcj5-pg39 + created: 2024-08-20T11:39:32.133068-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1699.yaml b/data/reports/GO-2023-1699.yaml new file mode 100644 index 000000000..5901c5b59 --- /dev/null +++ b/data/reports/GO-2023-1699.yaml @@ -0,0 +1,28 @@ +id: GO-2023-1699 +modules: + - module: github.com/docker/docker + versions: + - introduced: 1.12.0 + - fixed: 20.10.24+incompatible + - introduced: 23.0.0+incompatible + - fixed: 23.0.3+incompatible + vulnerable_at: 23.0.2+incompatible +summary: Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker +cves: + - CVE-2023-28840 +ghsas: + - GHSA-232p-vwff-86mp +references: + - advisory: https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-28840 + - web: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 + - web: https://github.com/moby/moby/issues/43382 + - web: https://github.com/moby/moby/pull/45118 + - web: https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237 + - web: https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p + - web: https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw +source: + id: GHSA-232p-vwff-86mp + created: 2024-08-20T11:39:59.101185-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE