diff --git a/data/excluded/GO-2024-2985.yaml b/data/excluded/GO-2024-2985.yaml new file mode 100644 index 00000000..15a5b435 --- /dev/null +++ b/data/excluded/GO-2024-2985.yaml @@ -0,0 +1,6 @@ +id: GO-2024-2985 +excluded: NOT_GO_CODE +modules: + - module: github.com/apache/airflow +cves: + - CVE-2024-39863 diff --git a/data/excluded/GO-2024-2986.yaml b/data/excluded/GO-2024-2986.yaml new file mode 100644 index 00000000..31c81fdc --- /dev/null +++ b/data/excluded/GO-2024-2986.yaml @@ -0,0 +1,6 @@ +id: GO-2024-2986 +excluded: NOT_GO_CODE +modules: + - module: github.com/apache/airflow +cves: + - CVE-2024-39877 diff --git a/data/osv/GO-2024-2987.json b/data/osv/GO-2024-2987.json new file mode 100644 index 00000000..e61059d9 --- /dev/null +++ b/data/osv/GO-2024-2987.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-2987", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-6535", + "GHSA-w799-v85j-88pg" + ], + "summary": "Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper", + "details": "Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper", + "affected": [ + { + "package": { + "name": "github.com/skupperproject/skupper", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.0.0-20240703184342-c26bce4079ff" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-w799-v85j-88pg" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6535" + }, + { + "type": "FIX", + "url": "https://github.com/skupperproject/skupper/commit/d2cb3782e807853694ee66b6e3d4a1917485eb71" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2024-6535" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-2987", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2024-2989.json b/data/osv/GO-2024-2989.json new file mode 100644 index 00000000..996128e2 --- /dev/null +++ b/data/osv/GO-2024-2989.json @@ -0,0 +1,82 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-2989", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-40641", + "GHSA-c3q9-c27p-cw9h" + ], + "summary": "projectdiscovery/nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei", + "details": "projectdiscovery/nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei", + "affected": [ + { + "package": { + "name": "github.com/projectdiscovery/nuclei", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/projectdiscovery/nuclei/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/projectdiscovery/nuclei/v3", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.3.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-c3q9-c27p-cw9h" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40641" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-2989", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2024-2990.json b/data/osv/GO-2024-2990.json new file mode 100644 index 00000000..c6fa9248 --- /dev/null +++ b/data/osv/GO-2024-2990.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-2990", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-39907", + "GHSA-5grx-v727-qmq6" + ], + "summary": "1Panel has an SQL injection issue related to the orderBy clause in github.com/1Panel-dev/1Panel", + "details": "1Panel has an SQL injection issue related to the orderBy clause in github.com/1Panel-dev/1Panel.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/1Panel-dev/1Panel before v1.10.12-tls.", + "affected": [ + { + "package": { + "name": "github.com/1Panel-dev/1Panel", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": { + "custom_ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.10.12-tls" + } + ] + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39907" + }, + { + "type": "FIX", + "url": "https://github.com/1Panel-dev/1Panel/commit/ff549a47937c1314e6ee08453a1d2128242440cd" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-2990", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2024-2992.json b/data/osv/GO-2024-2992.json new file mode 100644 index 00000000..45fd6811 --- /dev/null +++ b/data/osv/GO-2024-2992.json @@ -0,0 +1,51 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-2992", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-39911" + ], + "summary": "1Panel SQL injection in github.com/1Panel-dev/1Panel", + "details": "1Panel SQL injection in github.com/1Panel-dev/1Panel", + "affected": [ + { + "package": { + "name": "github.com/1Panel-dev/1Panel", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.10.12-lts" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39911" + }, + { + "type": "WEB", + "url": "https://blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.html" + }, + { + "type": "WEB", + "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-2992", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2024-2987.yaml b/data/reports/GO-2024-2987.yaml new file mode 100644 index 00000000..d4632301 --- /dev/null +++ b/data/reports/GO-2024-2987.yaml @@ -0,0 +1,22 @@ +id: GO-2024-2987 +modules: + - module: github.com/skupperproject/skupper + versions: + - fixed: 0.0.0-20240703184342-c26bce4079ff +summary: Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper +cves: + - CVE-2024-6535 +ghsas: + - GHSA-w799-v85j-88pg +references: + - advisory: https://github.com/advisories/GHSA-w799-v85j-88pg + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-6535 + - fix: https://github.com/skupperproject/skupper/commit/d2cb3782e807853694ee66b6e3d4a1917485eb71 + - web: https://access.redhat.com/security/cve/CVE-2024-6535 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=2296024 +notes: + - fix: 'github.com/skupperproject/skupper: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version' +source: + id: GHSA-w799-v85j-88pg + created: 2024-07-18T16:18:19.770441-04:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2989.yaml b/data/reports/GO-2024-2989.yaml new file mode 100644 index 00000000..fd64bb2a --- /dev/null +++ b/data/reports/GO-2024-2989.yaml @@ -0,0 +1,24 @@ +id: GO-2024-2989 +modules: + - module: github.com/projectdiscovery/nuclei + vulnerable_at: 1.1.7 + - module: github.com/projectdiscovery/nuclei/v2 + vulnerable_at: 2.9.15 + - module: github.com/projectdiscovery/nuclei/v3 + versions: + - fixed: 3.3.0 + vulnerable_at: 3.2.9 +summary: |- + projectdiscovery/nuclei allows unsigned code template execution through + workflows in github.com/projectdiscovery/nuclei +cves: + - CVE-2024-40641 +ghsas: + - GHSA-c3q9-c27p-cw9h +references: + - advisory: https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-c3q9-c27p-cw9h + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-40641 +source: + id: GHSA-c3q9-c27p-cw9h + created: 2024-07-18T16:18:07.953998-04:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2990.yaml b/data/reports/GO-2024-2990.yaml new file mode 100644 index 00000000..673d3276 --- /dev/null +++ b/data/reports/GO-2024-2990.yaml @@ -0,0 +1,19 @@ +id: GO-2024-2990 +modules: + - module: github.com/1Panel-dev/1Panel + non_go_versions: + - fixed: 1.10.12-tls + vulnerable_at: 1.9.6 +summary: 1Panel has an SQL injection issue related to the orderBy clause in github.com/1Panel-dev/1Panel +cves: + - CVE-2024-39907 +ghsas: + - GHSA-5grx-v727-qmq6 +references: + - advisory: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39907 + - fix: https://github.com/1Panel-dev/1Panel/commit/ff549a47937c1314e6ee08453a1d2128242440cd +source: + id: GHSA-5grx-v727-qmq6 + created: 2024-07-18T16:18:04.925699-04:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2992.yaml b/data/reports/GO-2024-2992.yaml new file mode 100644 index 00000000..969d4247 --- /dev/null +++ b/data/reports/GO-2024-2992.yaml @@ -0,0 +1,17 @@ +id: GO-2024-2992 +modules: + - module: github.com/1Panel-dev/1Panel + versions: + - fixed: 1.10.12-lts + vulnerable_at: 1.10.12-beta +summary: 1Panel SQL injection in github.com/1Panel-dev/1Panel +cves: + - CVE-2024-39911 +references: + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39911 + - web: https://blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.html + - web: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5 +source: + id: CVE-2024-39911 + created: 2024-07-18T16:18:00.687879-04:00 +review_status: UNREVIEWED