diff --git a/data/excluded/GO-2023-1700.yaml b/data/excluded/GO-2023-1700.yaml deleted file mode 100644 index 57d83e5e5..000000000 --- a/data/excluded/GO-2023-1700.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: GO-2023-1700 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/moby/moby -cves: - - CVE-2023-28841 -ghsas: - - GHSA-33pg-m6jh-5237 -related: - - CVE-2023-28840 - - CVE-2023-28842 - - GHSA-232p-vwff-86mp - - GHSA-6wrf-mxfj-pf5p - - GHSA-gvm4-2qqg-m333 - - GHSA-vwm3-crmr-xfxw diff --git a/data/excluded/GO-2023-1701.yaml b/data/excluded/GO-2023-1701.yaml deleted file mode 100644 index 0a6ac5ef3..000000000 --- a/data/excluded/GO-2023-1701.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: GO-2023-1701 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/moby/moby -cves: - - CVE-2023-28842 -ghsas: - - GHSA-6wrf-mxfj-pf5p -related: - - CVE-2023-28840 - - CVE-2023-28841 - - GHSA-232p-vwff-86mp - - GHSA-33pg-m6jh-5237 - - GHSA-gvm4-2qqg-m333 - - GHSA-vwm3-crmr-xfxw diff --git a/data/excluded/GO-2023-1707.yaml b/data/excluded/GO-2023-1707.yaml deleted file mode 100644 index c4d449e52..000000000 --- a/data/excluded/GO-2023-1707.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1707 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/nomad -cves: - - CVE-2023-1782 -ghsas: - - GHSA-f8r8-h93m-mj77 diff --git a/data/excluded/GO-2023-1708.yaml b/data/excluded/GO-2023-1708.yaml deleted file mode 100644 index 01e763d4e..000000000 --- a/data/excluded/GO-2023-1708.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1708 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/vault -cves: - - CVE-2023-0665 -ghsas: - - GHSA-hwc3-3qh6-r4gg diff --git a/data/excluded/GO-2023-1716.yaml b/data/excluded/GO-2023-1716.yaml deleted file mode 100644 index 351ce3573..000000000 --- a/data/excluded/GO-2023-1716.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1716 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1975 -ghsas: - - GHSA-65v8-6pvw-jwvq diff --git a/data/excluded/GO-2023-1718.yaml b/data/excluded/GO-2023-1718.yaml deleted file mode 100644 index 777b151be..000000000 --- a/data/excluded/GO-2023-1718.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1718 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1974 -ghsas: - - GHSA-8jg3-rx43-3fv4 diff --git a/data/excluded/GO-2023-1719.yaml b/data/excluded/GO-2023-1719.yaml deleted file mode 100644 index d72202dd3..000000000 --- a/data/excluded/GO-2023-1719.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1719 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-1976 -ghsas: - - GHSA-j97g-77fj-9c4p diff --git a/data/excluded/GO-2023-1721.yaml b/data/excluded/GO-2023-1721.yaml deleted file mode 100644 index 87dc93f3f..000000000 --- a/data/excluded/GO-2023-1721.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1721 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/open-feature/open-feature-operator -cves: - - CVE-2023-29018 -ghsas: - - GHSA-cwf6-xj49-wp83 diff --git a/data/excluded/GO-2023-1723.yaml b/data/excluded/GO-2023-1723.yaml deleted file mode 100644 index c409b4a0d..000000000 --- a/data/excluded/GO-2023-1723.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1723 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/authzed/spicedb -cves: - - CVE-2023-29193 -ghsas: - - GHSA-cjr9-mr35-7xh6 diff --git a/data/excluded/GO-2023-1730.yaml b/data/excluded/GO-2023-1730.yaml deleted file mode 100644 index 234d63e95..000000000 --- a/data/excluded/GO-2023-1730.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1730 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/cilium/cilium -cves: - - CVE-2023-29002 -ghsas: - - GHSA-pg5p-wwp8-97g8 diff --git a/data/excluded/GO-2023-1735.yaml b/data/excluded/GO-2023-1735.yaml deleted file mode 100644 index c2d7c3453..000000000 --- a/data/excluded/GO-2023-1735.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1735 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/clusternet/clusternet -cves: - - CVE-2023-30622 -ghsas: - - GHSA-833c-xh79-p429 diff --git a/data/excluded/GO-2023-1738.yaml b/data/excluded/GO-2023-1738.yaml deleted file mode 100644 index 311a7600d..000000000 --- a/data/excluded/GO-2023-1738.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1738 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/apptainer/apptainer -cves: - - CVE-2023-30549 -ghsas: - - GHSA-j4rf-7357-f4cg diff --git a/data/excluded/GO-2023-1747.yaml b/data/excluded/GO-2023-1747.yaml deleted file mode 100644 index 106b437c7..000000000 --- a/data/excluded/GO-2023-1747.yaml +++ /dev/null @@ -1,6 +0,0 @@ -id: GO-2023-1747 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/ory/oathkeeper -ghsas: - - GHSA-w9mr-28mw-j8hg diff --git a/data/excluded/GO-2023-1754.yaml b/data/excluded/GO-2023-1754.yaml deleted file mode 100644 index 431d2f28f..000000000 --- a/data/excluded/GO-2023-1754.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1754 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/sigstore/rekor -cves: - - CVE-2023-30551 -ghsas: - - GHSA-2h5h-59f5-c5x9 diff --git a/data/excluded/GO-2023-1758.yaml b/data/excluded/GO-2023-1758.yaml deleted file mode 100644 index 8ccba02ae..000000000 --- a/data/excluded/GO-2023-1758.yaml +++ /dev/null @@ -1,6 +0,0 @@ -id: GO-2023-1758 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/mutagen-io/mutagen -ghsas: - - GHSA-fwj4-72fm-c93g diff --git a/data/excluded/GO-2023-1761.yaml b/data/excluded/GO-2023-1761.yaml deleted file mode 100644 index c98113e84..000000000 --- a/data/excluded/GO-2023-1761.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1761 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/imgproxy/imgproxy -cves: - - CVE-2023-30019 -ghsas: - - GHSA-9x7h-ggc3-xg47 diff --git a/data/excluded/GO-2023-1763.yaml b/data/excluded/GO-2023-1763.yaml deleted file mode 100644 index 3ceb2af09..000000000 --- a/data/excluded/GO-2023-1763.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1763 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/fluid-cloudnative/fluid -cves: - - CVE-2023-30840 -ghsas: - - GHSA-93xx-cvmc-9w3v diff --git a/data/excluded/GO-2023-1764.yaml b/data/excluded/GO-2023-1764.yaml deleted file mode 100644 index b4c8ccced..000000000 --- a/data/excluded/GO-2023-1764.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1764 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/mutagen-io/mutagen -cves: - - CVE-2023-30844 -ghsas: - - GHSA-jmp2-wc4p-wfh2 diff --git a/data/excluded/GO-2023-1768.yaml b/data/excluded/GO-2023-1768.yaml deleted file mode 100644 index 149ca7844..000000000 --- a/data/excluded/GO-2023-1768.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1768 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/pterodactyl/wings -cves: - - CVE-2023-32080 -ghsas: - - GHSA-p744-4q6p-hvc2 diff --git a/data/excluded/GO-2023-1774.yaml b/data/excluded/GO-2023-1774.yaml deleted file mode 100644 index 9c50f773d..000000000 --- a/data/excluded/GO-2023-1774.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1774 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-2590 -ghsas: - - GHSA-qmqw-r4x6-3w2q diff --git a/data/osv/GO-2023-1700.json b/data/osv/GO-2023-1700.json new file mode 100644 index 000000000..5e389f557 --- /dev/null +++ b/data/osv/GO-2023-1700.json @@ -0,0 +1,82 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1700", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-28841", + "GHSA-33pg-m6jh-5237" + ], + "summary": "Docker Swarm encrypted overlay network traffic may be unencrypted in github.com/docker/docker", + "details": "Docker Swarm encrypted overlay network traffic may be unencrypted in github.com/docker/docker", + "affected": [ + { + "package": { + "name": "github.com/docker/docker", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.12.0" + }, + { + "fixed": "20.10.24+incompatible" + }, + { + "introduced": "23.0.0+incompatible" + }, + { + "fixed": "23.0.3+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28841" + }, + { + "type": "WEB", + "url": "https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207" + }, + { + "type": "WEB", + "url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/issues/43382" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/pull/45118" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1700", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1701.json b/data/osv/GO-2023-1701.json new file mode 100644 index 000000000..28851f466 --- /dev/null +++ b/data/osv/GO-2023-1701.json @@ -0,0 +1,70 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1701", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-28842", + "GHSA-6wrf-mxfj-pf5p" + ], + "summary": "Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker", + "details": "Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker", + "affected": [ + { + "package": { + "name": "github.com/docker/docker", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.12.0" + }, + { + "fixed": "20.10.24+incompatible" + }, + { + "introduced": "23.0.0+incompatible" + }, + { + "fixed": "23.0.3+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28842" + }, + { + "type": "WEB", + "url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237" + }, + { + "type": "WEB", + "url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1701", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1707.json b/data/osv/GO-2023-1707.json new file mode 100644 index 000000000..4e7aca752 --- /dev/null +++ b/data/osv/GO-2023-1707.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1707", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1782", + "GHSA-f8r8-h93m-mj77" + ], + "summary": "HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation in github.com/hashicorp/nomad", + "details": "HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation in github.com/hashicorp/nomad", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/nomad", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.5.0" + }, + { + "fixed": "1.5.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-f8r8-h93m-mj77" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1782" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2023-12-nomad-unauthenticated-client-agent-http-request-privilege-escalation/52375" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1707", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1708.json b/data/osv/GO-2023-1708.json new file mode 100644 index 000000000..d0b4b3ae1 --- /dev/null +++ b/data/osv/GO-2023-1708.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1708", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0665", + "GHSA-hwc3-3qh6-r4gg" + ], + "summary": "HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault", + "details": "HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/vault", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.11.9" + }, + { + "introduced": "1.12.0" + }, + { + "fixed": "1.12.5" + }, + { + "introduced": "1.13.0" + }, + { + "fixed": "1.13.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hwc3-3qh6-r4gg" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0665" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20230526-0008" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1708", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1716.json b/data/osv/GO-2023-1716.json new file mode 100644 index 000000000..3e4b6e07b --- /dev/null +++ b/data/osv/GO-2023-1716.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1716", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1975", + "GHSA-65v8-6pvw-jwvq" + ], + "summary": "Answer vulnerable to Insertion of Sensitive Information Into Sent Data in github.com/answerdev/answer", + "details": "Answer vulnerable to Insertion of Sensitive Information Into Sent Data in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.8" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-65v8-6pvw-jwvq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1975" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1716", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1718.json b/data/osv/GO-2023-1718.json new file mode 100644 index 000000000..369048957 --- /dev/null +++ b/data/osv/GO-2023-1718.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1718", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1974", + "GHSA-8jg3-rx43-3fv4" + ], + "summary": "Answer vulnerable to Exposure of Sensitive Information Through Metadata in github.com/answerdev/answer", + "details": "Answer vulnerable to Exposure of Sensitive Information Through Metadata in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.8" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-8jg3-rx43-3fv4" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1974" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/852781c6-9cc8-4d25-9336-bf3cb8ee3439" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1718", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1719.json b/data/osv/GO-2023-1719.json new file mode 100644 index 000000000..58b72a854 --- /dev/null +++ b/data/osv/GO-2023-1719.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1719", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-1976", + "GHSA-j97g-77fj-9c4p" + ], + "summary": "Answer vulnerable to account takeover because password reset links do not expire in github.com/answerdev/answer", + "details": "Answer vulnerable to account takeover because password reset links do not expire in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-j97g-77fj-9c4p" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1976" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/469bcabf-b315-4750-b63c-82ac86d153de" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1719", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1721.json b/data/osv/GO-2023-1721.json new file mode 100644 index 000000000..64a950320 --- /dev/null +++ b/data/osv/GO-2023-1721.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1721", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-29018", + "GHSA-cwf6-xj49-wp83" + ], + "summary": "OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator", + "details": "OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator", + "affected": [ + { + "package": { + "name": "github.com/open-feature/open-feature-operator", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.2.32" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/open-feature/open-feature-operator/security/advisories/GHSA-cwf6-xj49-wp83" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29018" + }, + { + "type": "WEB", + "url": "https://github.com/open-feature/open-feature-operator/releases/tag/v0.2.32" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1721", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1723.json b/data/osv/GO-2023-1723.json new file mode 100644 index 000000000..32ecb8bd7 --- /dev/null +++ b/data/osv/GO-2023-1723.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1723", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-29193", + "GHSA-cjr9-mr35-7xh6" + ], + "summary": "SpiceDB binding metrics port to untrusted networks and can leak command-line flags in github.com/authzed/spicedb", + "details": "SpiceDB binding metrics port to untrusted networks and can leak command-line flags in github.com/authzed/spicedb", + "affected": [ + { + "package": { + "name": "github.com/authzed/spicedb", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.19.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29193" + }, + { + "type": "FIX", + "url": "https://github.com/authzed/spicedb/commit/9bbd7d76b6eaba33fe0236014f9b175d21232999" + }, + { + "type": "WEB", + "url": "https://github.com/authzed/spicedb/releases/tag/v1.19.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1723", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1730.json b/data/osv/GO-2023-1730.json new file mode 100644 index 000000000..3c44dc528 --- /dev/null +++ b/data/osv/GO-2023-1730.json @@ -0,0 +1,105 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1730", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-29002", + "GHSA-pg5p-wwp8-97g8" + ], + "summary": "Debug mode leaks confidential data in Cilium in github.com/cilium/cilium", + "details": "Debug mode leaks confidential data in Cilium in github.com/cilium/cilium", + "affected": [ + { + "package": { + "name": "github.com/cilium/cilium", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.7.0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/cilium/cilium", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.16" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/cilium/cilium", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.12.0" + }, + { + "fixed": "1.12.9" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/cilium/cilium", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.13.0" + }, + { + "fixed": "1.13.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29002" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1730", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1735.json b/data/osv/GO-2023-1735.json new file mode 100644 index 000000000..a256d5701 --- /dev/null +++ b/data/osv/GO-2023-1735.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1735", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-30622", + "GHSA-833c-xh79-p429" + ], + "summary": "A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation in github.com/clusternet/clusternet", + "details": "A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation in github.com/clusternet/clusternet", + "affected": [ + { + "package": { + "name": "github.com/clusternet/clusternet", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.15.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/clusternet/clusternet/security/advisories/GHSA-833c-xh79-p429" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30622" + }, + { + "type": "WEB", + "url": "https://github.com/clusternet/clusternet/releases/tag/v0.15.2" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1735", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1738.json b/data/osv/GO-2023-1738.json new file mode 100644 index 000000000..285d6323a --- /dev/null +++ b/data/osv/GO-2023-1738.json @@ -0,0 +1,108 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1738", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-30549", + "GHSA-j4rf-7357-f4cg" + ], + "summary": "Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer in github.com/apptainer/apptainer", + "details": "Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer in github.com/apptainer/apptainer", + "affected": [ + { + "package": { + "name": "github.com/apptainer/apptainer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.1.8" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30549" + }, + { + "type": "FIX", + "url": "https://github.com/apptainer/apptainer/commit/5a4964f5ba9c8d89a0e353b97f51fd607670a9f7" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/cve-2022-1184" + }, + { + "type": "WEB", + "url": "https://github.com/apptainer/apptainer/releases/tag/v1.1.8" + }, + { + "type": "WEB", + "url": "https://github.com/torvalds/linux/commit/2220eaf90992c11d888fe771055d4de3303" + }, + { + "type": "WEB", + "url": "https://github.com/torvalds/linux/commit/4f04351888a83e595571de672e0a4a8b74f" + }, + { + "type": "WEB", + "url": "https://github.com/torvalds/linux/commit/61a1d87a324ad5e3ed27c6699dfc93218fcf3201" + }, + { + "type": "WEB", + "url": "https://github.com/torvalds/linux/commit/65f8ea4cd57dbd46ea13b41dc8bac03176b04233" + }, + { + "type": "WEB", + "url": "https://lwn.net/Articles/932136" + }, + { + "type": "WEB", + "url": "https://lwn.net/Articles/932137" + }, + { + "type": "WEB", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1184" + }, + { + "type": "WEB", + "url": "https://security-tracker.debian.org/tracker/CVE-2022-1184" + }, + { + "type": "WEB", + "url": "https://security.gentoo.org/glsa/202311-13" + }, + { + "type": "WEB", + "url": "https://sylabs.io/2023/04/response-to-cve-2023-30549" + }, + { + "type": "WEB", + "url": "https://ubuntu.com/security/CVE-2022-1184" + }, + { + "type": "WEB", + "url": "https://www.suse.com/security/cve/CVE-2022-1184.html" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1738", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1747.json b/data/osv/GO-2023-1747.json new file mode 100644 index 000000000..6a6ff8978 --- /dev/null +++ b/data/osv/GO-2023-1747.json @@ -0,0 +1,43 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1747", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-w9mr-28mw-j8hg" + ], + "summary": "Hop-by-hop abuse to malform header mutator in github.com/ory/oathkeeper", + "details": "Hop-by-hop abuse to malform header mutator in github.com/ory/oathkeeper", + "affected": [ + { + "package": { + "name": "github.com/ory/oathkeeper", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.40.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/ory/oathkeeper/security/advisories/GHSA-w9mr-28mw-j8hg" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1747", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1754.json b/data/osv/GO-2023-1754.json new file mode 100644 index 000000000..43ff3e218 --- /dev/null +++ b/data/osv/GO-2023-1754.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1754", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-30551", + "GHSA-2h5h-59f5-c5x9" + ], + "summary": "Rekor's compressed archives can result in OOM conditions in github.com/sigstore/rekor", + "details": "Rekor's compressed archives can result in OOM conditions in github.com/sigstore/rekor", + "affected": [ + { + "package": { + "name": "github.com/sigstore/rekor", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.1.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30551" + }, + { + "type": "FIX", + "url": "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48" + }, + { + "type": "WEB", + "url": "https://github.com/sigstore/rekor/releases/tag/v1.1.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1754", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1758.json b/data/osv/GO-2023-1758.json new file mode 100644 index 000000000..e3812b1af --- /dev/null +++ b/data/osv/GO-2023-1758.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1758", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-fwj4-72fm-c93g" + ], + "summary": "Under-validated ComSpec and cmd.exe resolution in Mutagen projects in github.com/mutagen-io/mutagen", + "details": "Under-validated ComSpec and cmd.exe resolution in Mutagen projects in github.com/mutagen-io/mutagen", + "affected": [ + { + "package": { + "name": "github.com/mutagen-io/mutagen", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.16.6" + }, + { + "introduced": "0.17.0" + }, + { + "fixed": "0.17.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/mutagen-io/mutagen/security/advisories/GHSA-fwj4-72fm-c93g" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1758", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1761.json b/data/osv/GO-2023-1761.json new file mode 100644 index 000000000..65ea64a18 --- /dev/null +++ b/data/osv/GO-2023-1761.json @@ -0,0 +1,94 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1761", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-30019", + "GHSA-9x7h-ggc3-xg47" + ], + "summary": "imgproxy is vulnerable to Server-Side Request Forgery in github.com/imgproxy/imgproxy", + "details": "imgproxy is vulnerable to Server-Side Request Forgery in github.com/imgproxy/imgproxy", + "affected": [ + { + "package": { + "name": "github.com/imgproxy/imgproxy", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/imgproxy/imgproxy/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/imgproxy/imgproxy/v3", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.15.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-9x7h-ggc3-xg47" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30019" + }, + { + "type": "FIX", + "url": "https://github.com/imgproxy/imgproxy/commit/1a9768a2c682e88820064aa3d9a05ea234ff3cc4" + }, + { + "type": "WEB", + "url": "https://breakandpray.com/cve-2023-30019-ssrf-in-imgproxy" + }, + { + "type": "WEB", + "url": "https://github.com/imgproxy/imgproxy/blob/ee9e8f0cb101ec22318caffd552a23cc0548d5ce/imagedata/download.go#L142" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1761", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1763.json b/data/osv/GO-2023-1763.json new file mode 100644 index 000000000..6b27a2a8c --- /dev/null +++ b/data/osv/GO-2023-1763.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1763", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-30840", + "GHSA-93xx-cvmc-9w3v" + ], + "summary": "On a compromised node, the fluid-csi service account can be used to modify node specs in github.com/fluid-cloudnative/fluid", + "details": "On a compromised node, the fluid-csi service account can be used to modify node specs in github.com/fluid-cloudnative/fluid", + "affected": [ + { + "package": { + "name": "github.com/fluid-cloudnative/fluid", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.7.0" + }, + { + "fixed": "0.8.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/fluid-cloudnative/fluid/security/advisories/GHSA-93xx-cvmc-9w3v" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30840" + }, + { + "type": "FIX", + "url": "https://github.com/fluid-cloudnative/fluid/commit/77c8110a3d1ec077ae2bce6bd88d296505db1550" + }, + { + "type": "FIX", + "url": "https://github.com/fluid-cloudnative/fluid/commit/91c05c32db131997b5ca065e869c9918a125c149" + }, + { + "type": "WEB", + "url": "https://github.com/fluid-cloudnative/fluid/releases/tag/v0.8.6" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1763", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1764.json b/data/osv/GO-2023-1764.json new file mode 100644 index 000000000..fac8a2b83 --- /dev/null +++ b/data/osv/GO-2023-1764.json @@ -0,0 +1,82 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1764", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-30844", + "GHSA-jmp2-wc4p-wfh2" + ], + "summary": "Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints in github.com/mutagen-io/mutagen", + "details": "Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints in github.com/mutagen-io/mutagen", + "affected": [ + { + "package": { + "name": "github.com/mutagen-io/mutagen", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.16.6" + }, + { + "introduced": "0.17.0" + }, + { + "fixed": "0.17.1" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mutagen-io/mutagen-compose", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.17.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/mutagen-io/mutagen/security/advisories/GHSA-jmp2-wc4p-wfh2" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30844" + }, + { + "type": "WEB", + "url": "https://github.com/mutagen-io/mutagen/releases/tag/v0.16.6" + }, + { + "type": "WEB", + "url": "https://github.com/mutagen-io/mutagen/releases/tag/v0.17.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1764", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1768.json b/data/osv/GO-2023-1768.json new file mode 100644 index 000000000..427b991d0 --- /dev/null +++ b/data/osv/GO-2023-1768.json @@ -0,0 +1,62 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1768", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-32080", + "GHSA-p744-4q6p-hvc2" + ], + "summary": "Wings vulnerable to escape to host from installation container in github.com/pterodactyl/wings", + "details": "Wings vulnerable to escape to host from installation container in github.com/pterodactyl/wings", + "affected": [ + { + "package": { + "name": "github.com/pterodactyl/wings", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.7.5" + }, + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-p744-4q6p-hvc2" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32080" + }, + { + "type": "WEB", + "url": "https://github.com/pterodactyl/wings/releases/tag/v1.11.6" + }, + { + "type": "WEB", + "url": "https://github.com/pterodactyl/wings/releases/tag/v1.7.5" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1768", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1774.json b/data/osv/GO-2023-1774.json new file mode 100644 index 000000000..cb961f06f --- /dev/null +++ b/data/osv/GO-2023-1774.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1774", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-2590", + "GHSA-qmqw-r4x6-3w2q" + ], + "summary": "Answer Missing Authorization vulnerability in github.com/answerdev/answer", + "details": "Answer Missing Authorization vulnerability in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.9" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qmqw-r4x6-3w2q" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2590" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/51ac1e6b76ae9ab3ca2008ca4819c0cc3bd2fcd3" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/a4238a30-3ddb-4415-9055-e179c3d4dea7" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1774", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2023-1700.yaml b/data/reports/GO-2023-1700.yaml new file mode 100644 index 000000000..2a32d6332 --- /dev/null +++ b/data/reports/GO-2023-1700.yaml @@ -0,0 +1,29 @@ +id: GO-2023-1700 +modules: + - module: github.com/docker/docker + versions: + - introduced: 1.12.0 + - fixed: 20.10.24+incompatible + - introduced: 23.0.0+incompatible + - fixed: 23.0.3+incompatible + vulnerable_at: 23.0.2+incompatible +summary: Docker Swarm encrypted overlay network traffic may be unencrypted in github.com/docker/docker +cves: + - CVE-2023-28841 +ghsas: + - GHSA-33pg-m6jh-5237 +references: + - advisory: https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-28841 + - web: https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207 + - web: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 + - web: https://github.com/moby/moby/issues/43382 + - web: https://github.com/moby/moby/pull/45118 + - web: https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp + - web: https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p + - web: https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw +source: + id: GHSA-33pg-m6jh-5237 + created: 2024-08-20T11:40:20.897365-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1701.yaml b/data/reports/GO-2023-1701.yaml new file mode 100644 index 000000000..8ab3a0e01 --- /dev/null +++ b/data/reports/GO-2023-1701.yaml @@ -0,0 +1,26 @@ +id: GO-2023-1701 +modules: + - module: github.com/docker/docker + versions: + - introduced: 1.12.0 + - fixed: 20.10.24+incompatible + - introduced: 23.0.0+incompatible + - fixed: 23.0.3+incompatible + vulnerable_at: 23.0.2+incompatible +summary: Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker +cves: + - CVE-2023-28842 +ghsas: + - GHSA-6wrf-mxfj-pf5p +references: + - advisory: https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-28842 + - web: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 + - web: https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp + - web: https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237 + - web: https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw +source: + id: GHSA-6wrf-mxfj-pf5p + created: 2024-08-20T11:40:24.363584-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1707.yaml b/data/reports/GO-2023-1707.yaml new file mode 100644 index 000000000..918534275 --- /dev/null +++ b/data/reports/GO-2023-1707.yaml @@ -0,0 +1,23 @@ +id: GO-2023-1707 +modules: + - module: github.com/hashicorp/nomad + versions: + - introduced: 1.5.0 + - fixed: 1.5.3 + vulnerable_at: 1.5.2 +summary: |- + HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request + privilege escalation in github.com/hashicorp/nomad +cves: + - CVE-2023-1782 +ghsas: + - GHSA-f8r8-h93m-mj77 +references: + - advisory: https://github.com/advisories/GHSA-f8r8-h93m-mj77 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1782 + - web: https://discuss.hashicorp.com/t/hcsec-2023-12-nomad-unauthenticated-client-agent-http-request-privilege-escalation/52375 +source: + id: GHSA-f8r8-h93m-mj77 + created: 2024-08-20T11:40:31.231623-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1708.yaml b/data/reports/GO-2023-1708.yaml new file mode 100644 index 000000000..25f2dc97c --- /dev/null +++ b/data/reports/GO-2023-1708.yaml @@ -0,0 +1,25 @@ +id: GO-2023-1708 +modules: + - module: github.com/hashicorp/vault + versions: + - fixed: 1.11.9 + - introduced: 1.12.0 + - fixed: 1.12.5 + - introduced: 1.13.0 + - fixed: 1.13.1 + vulnerable_at: 1.13.0 +summary: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault +cves: + - CVE-2023-0665 +ghsas: + - GHSA-hwc3-3qh6-r4gg +references: + - advisory: https://github.com/advisories/GHSA-hwc3-3qh6-r4gg + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0665 + - web: https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1 + - web: https://security.netapp.com/advisory/ntap-20230526-0008 +source: + id: GHSA-hwc3-3qh6-r4gg + created: 2024-08-20T11:40:35.310478-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1716.yaml b/data/reports/GO-2023-1716.yaml new file mode 100644 index 000000000..ebb15f232 --- /dev/null +++ b/data/reports/GO-2023-1716.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1716 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.8 + vulnerable_at: 1.0.7 +summary: Answer vulnerable to Insertion of Sensitive Information Into Sent Data in github.com/answerdev/answer +cves: + - CVE-2023-1975 +ghsas: + - GHSA-65v8-6pvw-jwvq +references: + - advisory: https://github.com/advisories/GHSA-65v8-6pvw-jwvq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1975 + - fix: https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a + - web: https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff +source: + id: GHSA-65v8-6pvw-jwvq + created: 2024-08-20T11:41:56.311012-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1718.yaml b/data/reports/GO-2023-1718.yaml new file mode 100644 index 000000000..ca6f6b54d --- /dev/null +++ b/data/reports/GO-2023-1718.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1718 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.8 + vulnerable_at: 1.0.7 +summary: Answer vulnerable to Exposure of Sensitive Information Through Metadata in github.com/answerdev/answer +cves: + - CVE-2023-1974 +ghsas: + - GHSA-8jg3-rx43-3fv4 +references: + - advisory: https://github.com/advisories/GHSA-8jg3-rx43-3fv4 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1974 + - fix: https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a + - web: https://huntr.dev/bounties/852781c6-9cc8-4d25-9336-bf3cb8ee3439 +source: + id: GHSA-8jg3-rx43-3fv4 + created: 2024-08-20T11:42:00.736225-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1719.yaml b/data/reports/GO-2023-1719.yaml new file mode 100644 index 000000000..49b5035f0 --- /dev/null +++ b/data/reports/GO-2023-1719.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1719 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Answer vulnerable to account takeover because password reset links do not expire in github.com/answerdev/answer +cves: + - CVE-2023-1976 +ghsas: + - GHSA-j97g-77fj-9c4p +references: + - advisory: https://github.com/advisories/GHSA-j97g-77fj-9c4p + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1976 + - fix: https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af + - web: https://huntr.dev/bounties/469bcabf-b315-4750-b63c-82ac86d153de +source: + id: GHSA-j97g-77fj-9c4p + created: 2024-08-20T11:42:04.214397-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1721.yaml b/data/reports/GO-2023-1721.yaml new file mode 100644 index 000000000..208777058 --- /dev/null +++ b/data/reports/GO-2023-1721.yaml @@ -0,0 +1,20 @@ +id: GO-2023-1721 +modules: + - module: github.com/open-feature/open-feature-operator + versions: + - fixed: 0.2.32 + vulnerable_at: 0.2.31 +summary: OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator +cves: + - CVE-2023-29018 +ghsas: + - GHSA-cwf6-xj49-wp83 +references: + - advisory: https://github.com/open-feature/open-feature-operator/security/advisories/GHSA-cwf6-xj49-wp83 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29018 + - web: https://github.com/open-feature/open-feature-operator/releases/tag/v0.2.32 +source: + id: GHSA-cwf6-xj49-wp83 + created: 2024-08-20T11:42:18.532941-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1723.yaml b/data/reports/GO-2023-1723.yaml new file mode 100644 index 000000000..feabd128a --- /dev/null +++ b/data/reports/GO-2023-1723.yaml @@ -0,0 +1,23 @@ +id: GO-2023-1723 +modules: + - module: github.com/authzed/spicedb + versions: + - fixed: 1.19.1 + vulnerable_at: 1.19.0 +summary: |- + SpiceDB binding metrics port to untrusted networks and can leak command-line + flags in github.com/authzed/spicedb +cves: + - CVE-2023-29193 +ghsas: + - GHSA-cjr9-mr35-7xh6 +references: + - advisory: https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29193 + - fix: https://github.com/authzed/spicedb/commit/9bbd7d76b6eaba33fe0236014f9b175d21232999 + - web: https://github.com/authzed/spicedb/releases/tag/v1.19.1 +source: + id: GHSA-cjr9-mr35-7xh6 + created: 2024-08-20T11:42:22.226813-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1730.yaml b/data/reports/GO-2023-1730.yaml new file mode 100644 index 000000000..e3fb64a50 --- /dev/null +++ b/data/reports/GO-2023-1730.yaml @@ -0,0 +1,38 @@ +id: GO-2023-1730 +modules: + - module: github.com/cilium/cilium + versions: + - introduced: 1.7.0 + unsupported_versions: + - last_affected: 1.10.0 + vulnerable_at: 1.16.1 + - module: github.com/cilium/cilium + versions: + - introduced: 1.11.0 + - fixed: 1.11.16 + vulnerable_at: 1.11.15 + - module: github.com/cilium/cilium + versions: + - introduced: 1.12.0 + - fixed: 1.12.9 + vulnerable_at: 1.12.8 + - module: github.com/cilium/cilium + versions: + - introduced: 1.13.0 + - fixed: 1.13.2 + vulnerable_at: 1.13.1 +summary: Debug mode leaks confidential data in Cilium in github.com/cilium/cilium +cves: + - CVE-2023-29002 +ghsas: + - GHSA-pg5p-wwp8-97g8 +references: + - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-29002 +notes: + - fix: 'module merge error: could not merge versions of module github.com/cilium/cilium: introduced and fixed versions must alternate' +source: + id: GHSA-pg5p-wwp8-97g8 + created: 2024-08-20T11:42:37.146859-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1735.yaml b/data/reports/GO-2023-1735.yaml new file mode 100644 index 000000000..54c54c1bf --- /dev/null +++ b/data/reports/GO-2023-1735.yaml @@ -0,0 +1,22 @@ +id: GO-2023-1735 +modules: + - module: github.com/clusternet/clusternet + versions: + - fixed: 0.15.2 + vulnerable_at: 0.15.1 +summary: |- + A potential risk in clusternet which can be leveraged to make a cluster-level + privilege escalation in github.com/clusternet/clusternet +cves: + - CVE-2023-30622 +ghsas: + - GHSA-833c-xh79-p429 +references: + - advisory: https://github.com/clusternet/clusternet/security/advisories/GHSA-833c-xh79-p429 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-30622 + - web: https://github.com/clusternet/clusternet/releases/tag/v0.15.2 +source: + id: GHSA-833c-xh79-p429 + created: 2024-08-20T11:42:46.448836-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1738.yaml b/data/reports/GO-2023-1738.yaml new file mode 100644 index 000000000..2c9d3be4e --- /dev/null +++ b/data/reports/GO-2023-1738.yaml @@ -0,0 +1,34 @@ +id: GO-2023-1738 +modules: + - module: github.com/apptainer/apptainer + versions: + - fixed: 1.1.8 + vulnerable_at: 1.1.7 +summary: Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer in github.com/apptainer/apptainer +cves: + - CVE-2023-30549 +ghsas: + - GHSA-j4rf-7357-f4cg +references: + - advisory: https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-30549 + - fix: https://github.com/apptainer/apptainer/commit/5a4964f5ba9c8d89a0e353b97f51fd607670a9f7 + - web: https://access.redhat.com/security/cve/cve-2022-1184 + - web: https://github.com/apptainer/apptainer/releases/tag/v1.1.8 + - web: https://github.com/torvalds/linux/commit/2220eaf90992c11d888fe771055d4de3303 + - web: https://github.com/torvalds/linux/commit/4f04351888a83e595571de672e0a4a8b74f + - web: https://github.com/torvalds/linux/commit/61a1d87a324ad5e3ed27c6699dfc93218fcf3201 + - web: https://github.com/torvalds/linux/commit/65f8ea4cd57dbd46ea13b41dc8bac03176b04233 + - web: https://lwn.net/Articles/932136 + - web: https://lwn.net/Articles/932137 + - web: https://nvd.nist.gov/vuln/detail/CVE-2022-1184 + - web: https://security-tracker.debian.org/tracker/CVE-2022-1184 + - web: https://security.gentoo.org/glsa/202311-13 + - web: https://sylabs.io/2023/04/response-to-cve-2023-30549 + - web: https://ubuntu.com/security/CVE-2022-1184 + - web: https://www.suse.com/security/cve/CVE-2022-1184.html +source: + id: GHSA-j4rf-7357-f4cg + created: 2024-08-20T11:42:53.04748-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1747.yaml b/data/reports/GO-2023-1747.yaml new file mode 100644 index 000000000..f58f7b64b --- /dev/null +++ b/data/reports/GO-2023-1747.yaml @@ -0,0 +1,16 @@ +id: GO-2023-1747 +modules: + - module: github.com/ory/oathkeeper + versions: + - fixed: 0.40.3 + vulnerable_at: 0.40.2 +summary: Hop-by-hop abuse to malform header mutator in github.com/ory/oathkeeper +ghsas: + - GHSA-w9mr-28mw-j8hg +references: + - advisory: https://github.com/ory/oathkeeper/security/advisories/GHSA-w9mr-28mw-j8hg +source: + id: GHSA-w9mr-28mw-j8hg + created: 2024-08-20T11:43:06.11639-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1754.yaml b/data/reports/GO-2023-1754.yaml new file mode 100644 index 000000000..32a9e92a1 --- /dev/null +++ b/data/reports/GO-2023-1754.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1754 +modules: + - module: github.com/sigstore/rekor + versions: + - fixed: 1.1.1 + vulnerable_at: 1.1.0 +summary: Rekor's compressed archives can result in OOM conditions in github.com/sigstore/rekor +cves: + - CVE-2023-30551 +ghsas: + - GHSA-2h5h-59f5-c5x9 +references: + - advisory: https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-30551 + - fix: https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48 + - web: https://github.com/sigstore/rekor/releases/tag/v1.1.1 +source: + id: GHSA-2h5h-59f5-c5x9 + created: 2024-08-20T11:43:17.943724-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1758.yaml b/data/reports/GO-2023-1758.yaml new file mode 100644 index 000000000..ef331856b --- /dev/null +++ b/data/reports/GO-2023-1758.yaml @@ -0,0 +1,18 @@ +id: GO-2023-1758 +modules: + - module: github.com/mutagen-io/mutagen + versions: + - fixed: 0.16.6 + - introduced: 0.17.0 + - fixed: 0.17.1 + vulnerable_at: 0.17.0 +summary: Under-validated ComSpec and cmd.exe resolution in Mutagen projects in github.com/mutagen-io/mutagen +ghsas: + - GHSA-fwj4-72fm-c93g +references: + - advisory: https://github.com/mutagen-io/mutagen/security/advisories/GHSA-fwj4-72fm-c93g +source: + id: GHSA-fwj4-72fm-c93g + created: 2024-08-20T11:43:21.270677-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1761.yaml b/data/reports/GO-2023-1761.yaml new file mode 100644 index 000000000..22556245f --- /dev/null +++ b/data/reports/GO-2023-1761.yaml @@ -0,0 +1,26 @@ +id: GO-2023-1761 +modules: + - module: github.com/imgproxy/imgproxy + vulnerable_at: 1.1.8 + - module: github.com/imgproxy/imgproxy/v2 + vulnerable_at: 2.17.0 + - module: github.com/imgproxy/imgproxy/v3 + versions: + - fixed: 3.15.0 + vulnerable_at: 3.14.0 +summary: imgproxy is vulnerable to Server-Side Request Forgery in github.com/imgproxy/imgproxy +cves: + - CVE-2023-30019 +ghsas: + - GHSA-9x7h-ggc3-xg47 +references: + - advisory: https://github.com/advisories/GHSA-9x7h-ggc3-xg47 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-30019 + - fix: https://github.com/imgproxy/imgproxy/commit/1a9768a2c682e88820064aa3d9a05ea234ff3cc4 + - web: https://breakandpray.com/cve-2023-30019-ssrf-in-imgproxy + - web: https://github.com/imgproxy/imgproxy/blob/ee9e8f0cb101ec22318caffd552a23cc0548d5ce/imagedata/download.go#L142 +source: + id: GHSA-9x7h-ggc3-xg47 + created: 2024-08-20T11:43:23.974913-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1763.yaml b/data/reports/GO-2023-1763.yaml new file mode 100644 index 000000000..de710d9b0 --- /dev/null +++ b/data/reports/GO-2023-1763.yaml @@ -0,0 +1,25 @@ +id: GO-2023-1763 +modules: + - module: github.com/fluid-cloudnative/fluid + versions: + - introduced: 0.7.0 + - fixed: 0.8.6 + vulnerable_at: 0.8.5 +summary: |- + On a compromised node, the fluid-csi service account can be used to modify node + specs in github.com/fluid-cloudnative/fluid +cves: + - CVE-2023-30840 +ghsas: + - GHSA-93xx-cvmc-9w3v +references: + - advisory: https://github.com/fluid-cloudnative/fluid/security/advisories/GHSA-93xx-cvmc-9w3v + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-30840 + - fix: https://github.com/fluid-cloudnative/fluid/commit/77c8110a3d1ec077ae2bce6bd88d296505db1550 + - fix: https://github.com/fluid-cloudnative/fluid/commit/91c05c32db131997b5ca065e869c9918a125c149 + - web: https://github.com/fluid-cloudnative/fluid/releases/tag/v0.8.6 +source: + id: GHSA-93xx-cvmc-9w3v + created: 2024-08-20T11:43:28.797374-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1764.yaml b/data/reports/GO-2023-1764.yaml new file mode 100644 index 000000000..1717630a1 --- /dev/null +++ b/data/reports/GO-2023-1764.yaml @@ -0,0 +1,29 @@ +id: GO-2023-1764 +modules: + - module: github.com/mutagen-io/mutagen + versions: + - fixed: 0.16.6 + - introduced: 0.17.0 + - fixed: 0.17.1 + vulnerable_at: 0.17.0 + - module: github.com/mutagen-io/mutagen-compose + versions: + - fixed: 0.17.1 + vulnerable_at: 0.17.0 +summary: |- + Mutagen list and monitor operations do not neutralize control characters in text + controlled by remote endpoints in github.com/mutagen-io/mutagen +cves: + - CVE-2023-30844 +ghsas: + - GHSA-jmp2-wc4p-wfh2 +references: + - advisory: https://github.com/mutagen-io/mutagen/security/advisories/GHSA-jmp2-wc4p-wfh2 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-30844 + - web: https://github.com/mutagen-io/mutagen/releases/tag/v0.16.6 + - web: https://github.com/mutagen-io/mutagen/releases/tag/v0.17.1 +source: + id: GHSA-jmp2-wc4p-wfh2 + created: 2024-08-20T11:43:33.076636-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1768.yaml b/data/reports/GO-2023-1768.yaml new file mode 100644 index 000000000..c238d3297 --- /dev/null +++ b/data/reports/GO-2023-1768.yaml @@ -0,0 +1,23 @@ +id: GO-2023-1768 +modules: + - module: github.com/pterodactyl/wings + versions: + - fixed: 1.7.5 + - introduced: 1.11.0 + - fixed: 1.11.6 + vulnerable_at: 1.11.5 +summary: Wings vulnerable to escape to host from installation container in github.com/pterodactyl/wings +cves: + - CVE-2023-32080 +ghsas: + - GHSA-p744-4q6p-hvc2 +references: + - advisory: https://github.com/pterodactyl/wings/security/advisories/GHSA-p744-4q6p-hvc2 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-32080 + - web: https://github.com/pterodactyl/wings/releases/tag/v1.11.6 + - web: https://github.com/pterodactyl/wings/releases/tag/v1.7.5 +source: + id: GHSA-p744-4q6p-hvc2 + created: 2024-08-20T11:43:37.498519-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1774.yaml b/data/reports/GO-2023-1774.yaml new file mode 100644 index 000000000..40d8d91be --- /dev/null +++ b/data/reports/GO-2023-1774.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1774 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.9 + vulnerable_at: 1.0.8 +summary: Answer Missing Authorization vulnerability in github.com/answerdev/answer +cves: + - CVE-2023-2590 +ghsas: + - GHSA-qmqw-r4x6-3w2q +references: + - advisory: https://github.com/advisories/GHSA-qmqw-r4x6-3w2q + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-2590 + - fix: https://github.com/answerdev/answer/commit/51ac1e6b76ae9ab3ca2008ca4819c0cc3bd2fcd3 + - web: https://huntr.dev/bounties/a4238a30-3ddb-4415-9055-e179c3d4dea7 +source: + id: GHSA-qmqw-r4x6-3w2q + created: 2024-08-20T11:43:56.471681-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE