Skip to content

Commit

Permalink
data/excluded,data/reports: add 10 reports
Browse files Browse the repository at this point in the history
  - data/excluded/GO-2024-2890.yaml
  - data/excluded/GO-2024-2892.yaml
  - data/excluded/GO-2024-2893.yaml
  - data/excluded/GO-2024-2894.yaml
  - data/excluded/GO-2024-2895.yaml
  - data/excluded/GO-2024-2896.yaml
  - data/excluded/GO-2024-2897.yaml
  - data/reports/GO-2024-2922.yaml
  - data/reports/GO-2024-2923.yaml
  - data/excluded/GO-2024-2925.yaml

Fixes #2890
Fixes #2892
Fixes #2893
Fixes #2894
Fixes #2895
Fixes #2896
Fixes #2897
Fixes #2922
Fixes #2923
Fixes #2925

Change-Id: Ice699e7a8ddc84e18684a19a15e7ada897f3596f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/592765
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
  • Loading branch information
tatianab committed Jun 20, 2024
1 parent 4ec3107 commit e0d78a2
Show file tree
Hide file tree
Showing 12 changed files with 224 additions and 0 deletions.
6 changes: 6 additions & 0 deletions data/excluded/GO-2024-2890.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
id: GO-2024-2890
excluded: NOT_GO_CODE
modules:
- module: github.com/envoyproxy/envoy
cves:
- CVE-2024-23326
6 changes: 6 additions & 0 deletions data/excluded/GO-2024-2892.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
id: GO-2024-2892
excluded: NOT_GO_CODE
modules:
- module: github.com/envoyproxy/envoy
cves:
- CVE-2024-32974
6 changes: 6 additions & 0 deletions data/excluded/GO-2024-2893.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
id: GO-2024-2893
excluded: NOT_GO_CODE
modules:
- module: github.com/envoyproxy/envoy
cves:
- CVE-2024-32975
6 changes: 6 additions & 0 deletions data/excluded/GO-2024-2894.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
id: GO-2024-2894
excluded: NOT_GO_CODE
modules:
- module: github.com/envoyproxy/envoy
cves:
- CVE-2024-32976
6 changes: 6 additions & 0 deletions data/excluded/GO-2024-2895.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
id: GO-2024-2895
excluded: NOT_GO_CODE
modules:
- module: github.com/envoyproxy/envoy
cves:
- CVE-2024-34362
6 changes: 6 additions & 0 deletions data/excluded/GO-2024-2896.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
id: GO-2024-2896
excluded: NOT_GO_CODE
modules:
- module: github.com/envoyproxy/envoy
cves:
- CVE-2024-34363
6 changes: 6 additions & 0 deletions data/excluded/GO-2024-2897.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
id: GO-2024-2897
excluded: NOT_GO_CODE
modules:
- module: github.com/envoyproxy/envoy
cves:
- CVE-2024-34364
6 changes: 6 additions & 0 deletions data/excluded/GO-2024-2925.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
id: GO-2024-2925
excluded: NOT_GO_CODE
modules:
- module: github.com/apache/airflow
cves:
- CVE-2024-25142
84 changes: 84 additions & 0 deletions data/osv/GO-2024-2922.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2922",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-37307",
"GHSA-wh78-7948-358j"
],
"summary": "Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium",
"details": "Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium",
"affected": [
{
"package": {
"name": "github.com/cilium/cilium",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.13.17"
},
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.12"
},
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37307"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2922",
"review_status": "UNREVIEWED"
}
}
47 changes: 47 additions & 0 deletions data/osv/GO-2024-2923.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2923",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-85rg-8m6h-825p"
],
"summary": "Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt",
"details": "Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt",
"affected": [
{
"package": {
"name": "github.com/k8sgpt-ai/k8sgpt",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.33"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/k8sgpt-ai/k8sgpt/security/advisories/GHSA-85rg-8m6h-825p"
},
{
"type": "WEB",
"url": "https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2923",
"review_status": "UNREVIEWED"
}
}
29 changes: 29 additions & 0 deletions data/reports/GO-2024-2922.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: GO-2024-2922
modules:
- module: github.com/cilium/cilium
versions:
- introduced: 1.13.0
fixed: 1.13.17
- introduced: 1.14.0
fixed: 1.14.12
- introduced: 1.15.0
fixed: 1.15.6
vulnerable_at: 1.15.5
summary: Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium
cves:
- CVE-2024-37307
ghsas:
- GHSA-wh78-7948-358j
references:
- advisory: https://github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-37307
- fix: https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407
- fix: https://github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a
- fix: https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741
- fix: https://github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653
- fix: https://github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b
- fix: https://github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61
source:
id: GHSA-wh78-7948-358j
created: 2024-06-14T13:47:58.347002-04:00
review_status: UNREVIEWED
16 changes: 16 additions & 0 deletions data/reports/GO-2024-2923.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
id: GO-2024-2923
modules:
- module: github.com/k8sgpt-ai/k8sgpt
versions:
- fixed: 0.3.33
vulnerable_at: 0.3.32
summary: Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt
ghsas:
- GHSA-85rg-8m6h-825p
references:
- advisory: https://github.com/k8sgpt-ai/k8sgpt/security/advisories/GHSA-85rg-8m6h-825p
- web: https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33
source:
id: GHSA-85rg-8m6h-825p
created: 2024-06-14T13:47:55.972779-04:00
review_status: UNREVIEWED

0 comments on commit e0d78a2

Please sign in to comment.