Skip to content

Commit

Permalink
data/reports: add 6 unreviewed reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-3109.yaml
  - data/reports/GO-2024-3342.yaml
  - data/reports/GO-2024-3343.yaml
  - data/reports/GO-2024-3349.yaml
  - data/reports/GO-2024-3350.yaml
  - data/reports/GO-2024-3354.yaml

Fixes #3109
Fixes #3342
Fixes #3343
Fixes #3349
Fixes #3350
Fixes #3354

Change-Id: I147491bcc57baf150f3c25a10c8fbe3d30d781a1
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/637956
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Dec 20, 2024
1 parent 230cf22 commit 83c1120
Show file tree
Hide file tree
Showing 12 changed files with 549 additions and 0 deletions.
84 changes: 84 additions & 0 deletions data/osv/GO-2024-3109.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3109",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-43803",
"GHSA-pqfh-xh7w-7h3p"
],
"summary": "The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator",
"details": "The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator",
"affected": [
{
"package": {
"name": "github.com/metal3-io/baremetal-operator",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.2"
},
{
"introduced": "0.6.0"
},
{
"fixed": "0.6.2"
},
{
"introduced": "0.7.0-rc.0"
},
{
"fixed": "0.8.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-pqfh-xh7w-7h3p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43803"
},
{
"type": "FIX",
"url": "https://github.com/metal3-io/baremetal-operator/commit/3af4882e9c5fadc1a7550f53daea21dccd271f74"
},
{
"type": "FIX",
"url": "https://github.com/metal3-io/baremetal-operator/commit/bedae7b997d16f36e772806681569bb8eb4dadbb"
},
{
"type": "FIX",
"url": "https://github.com/metal3-io/baremetal-operator/commit/c2b5a557641bc273367635124047d6c958aa15f7"
},
{
"type": "FIX",
"url": "https://github.com/metal3-io/baremetal-operator/pull/1929"
},
{
"type": "FIX",
"url": "https://github.com/metal3-io/baremetal-operator/pull/1930"
},
{
"type": "FIX",
"url": "https://github.com/metal3-io/baremetal-operator/pull/1931"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3109",
"review_status": "UNREVIEWED"
}
}
88 changes: 88 additions & 0 deletions data/osv/GO-2024-3342.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3342",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-hxr6-2p24-hf98"
],
"summary": "Traefik affected by CVE-2024-53259 in github.com/traefik/traefik",
"details": "Traefik affected by CVE-2024-53259 in github.com/traefik/traefik",
"affected": [
{
"package": {
"name": "github.com/traefik/traefik",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/traefik/traefik/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.15"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/traefik/traefik/v3",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-hxr6-2p24-hf98"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.15"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/releases/tag/v3.2.2"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3342",
"review_status": "UNREVIEWED"
}
}
68 changes: 68 additions & 0 deletions data/osv/GO-2024-3343.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3343",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-9779",
"GHSA-jhh6-6fhp-q2xp"
],
"summary": "Open Cluster Management vulnerable to Trust Boundary Violation in open-cluster-management.io/ocm",
"details": "Open Cluster Management vulnerable to Trust Boundary Violation in open-cluster-management.io/ocm",
"affected": [
{
"package": {
"name": "open-cluster-management.io/ocm",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.13.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-jhh6-6fhp-q2xp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9779"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-9779"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317916"
},
{
"type": "WEB",
"url": "https://github.com/open-cluster-management-io/ocm/pull/325"
},
{
"type": "WEB",
"url": "https://github.com/open-cluster-management-io/ocm/releases/tag/v0.13.0"
},
{
"type": "WEB",
"url": "https://github.com/open-cluster-management-io/registration-operator/issues/361"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3343",
"review_status": "UNREVIEWED"
}
}
75 changes: 75 additions & 0 deletions data/osv/GO-2024-3349.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3349",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-25131",
"GHSA-77c2-c35q-254w"
],
"summary": "OpenShift Must Gather Operator Improper Input Validation vulnerability in github.com/openshift/must-gather",
"details": "OpenShift Must Gather Operator Improper Input Validation vulnerability in github.com/openshift/must-gather.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/openshift/must-gather before v0.0.0-20240604173837-d1557bc283dd.",
"affected": [
{
"package": {
"name": "github.com/openshift/must-gather",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20240604173837-d1557bc283dd"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-77c2-c35q-254w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25131"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-25131"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258856"
},
{
"type": "WEB",
"url": "https://github.com/openshift/must-gather-operator/pull/135"
},
{
"type": "WEB",
"url": "https://github.com/openshift/must-gather-operator/pull/138"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3349",
"review_status": "UNREVIEWED"
}
}
44 changes: 44 additions & 0 deletions data/osv/GO-2024-3350.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3350",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-5pf6-cq2v-23ww"
],
"summary": "WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service in github.com/clidey/whodb/core",
"details": "WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service in github.com/clidey/whodb/core",
"affected": [
{
"package": {
"name": "github.com/clidey/whodb/core",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/clidey/whodb/security/advisories/GHSA-5pf6-cq2v-23ww"
},
{
"type": "WEB",
"url": "https://github.com/clidey/whodb/commit/e8b608d35422e1a2bfffe8ed26f0211ea80cb439"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3350",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit 83c1120

Please sign in to comment.