Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: CVE-2022-24732 #349

Closed
GoVulnBot opened this issue Mar 9, 2022 · 1 comment
Closed

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: CVE-2022-24732 #349

GoVulnBot opened this issue Mar 9, 2022 · 1 comment
Assignees
@neild
Labels
cve-year-2022 excluded: NOT_GO_CODE This vulnerability does not refer to a Go module.

Comments

@GoVulnBot
Copy link

In CVE-2022-24732, the reference URL github.com/foxcpp/maddy (and possibly others) refers to something in Go.

module: github.com/foxcpp/maddy
package: maddy
description: |
    Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.
cves:
  - CVE-2022-24732
links:
    commit: https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583
    context:
      - https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9

See doc/triage.md for instructions on how to triage this report.
@neild
Copy link
Contributor

neild commented Mar 14, 2022

This is a vulnerability in a server, not a user-imported package.

@neild neild closed this as completed Mar 14, 2022
@neild neild added excluded: NOT_GO_CODE This vulnerability does not refer to a Go module. and removed NotGoVuln labels Aug 11, 2022
@GoVulnBot GoVulnBot mentioned this issue Mar 13, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neild neild

Labels
cve-year-2022 excluded: NOT_GO_CODE This vulnerability does not refer to a Go module.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@neild @julieqiu @GoVulnBot