data/reports: add 21 unreviewed reports

- data/reports/GO-2024-3081.yaml - data/reports/GO-2024-3082.yaml - data/reports/GO-2024-3083.yaml - data/reports/GO-2024-3085.yaml - data/reports/GO-2024-3086.yaml - data/reports/GO-2024-3087.yaml - data/reports/GO-2024-3088.yaml - data/reports/GO-2024-3089.yaml - data/reports/GO-2024-3090.yaml - data/reports/GO-2024-3091.yaml - data/reports/GO-2024-3092.yaml - data/reports/GO-2024-3093.yaml - data/reports/GO-2024-3094.yaml - data/reports/GO-2024-3095.yaml - data/reports/GO-2024-3096.yaml - data/reports/GO-2024-3097.yaml - data/reports/GO-2024-3099.yaml - data/reports/GO-2024-3100.yaml - data/reports/GO-2024-3102.yaml - data/reports/GO-2024-3103.yaml - data/reports/GO-2024-3104.yaml Fixes #3081 Fixes #3082 Fixes #3083 Fixes #3085 Fixes #3086 Fixes #3087 Fixes #3088 Fixes #3089 Fixes #3090 Fixes #3091 Fixes #3092 Fixes #3093 Fixes #3094 Fixes #3095 Fixes #3096 Fixes #3097 Fixes #3099 Fixes #3100 Fixes #3102 Fixes #3103 Fixes #3104 Change-Id: If55f3ff19b07f49b6477d5c0d3eb5f5b6f3adbd0 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/609141 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
golang · Aug 30, 2024 · fe86cd7 · fe86cd7
1 parent ed618e2
commit fe86cd7
Show file tree

Hide file tree

Showing 42 changed files with 2,260 additions and 0 deletions.
diff --git a/data/osv/GO-2024-3081.json b/data/osv/GO-2024-3081.json
@@ -0,0 +1,51 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2024-3081",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "GHSA-fpgj-cr28-fvpx"
+ ],
+ "summary": "CWA-2024-006: wasmd non-deterministic module_query_safe query in github.com/CosmWasm/wasmd",
+ "details": "CWA-2024-006: wasmd non-deterministic module_query_safe query in github.com/CosmWasm/wasmd",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/CosmWasm/wasmd",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0.52.0"
+ },
+ {
+ "fixed": "0.53.0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/CosmWasm/wasmd/security/advisories/GHSA-fpgj-cr28-fvpx"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/CosmWasm/wasmd/commit/db8981db8419fc4daa042ce04e279efb53c4ff29"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-006.md"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2024-3081",
+ "review_status": "UNREVIEWED"
+ }
+}
diff --git a/data/osv/GO-2024-3082.json b/data/osv/GO-2024-3082.json
@@ -0,0 +1,61 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2024-3082",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "GHSA-g8w7-7vgg-x7xg"
+ ],
+ "summary": "CWA-2024-005: Stackoverflow in wasmd in github.com/CosmWasm/wasmd",
+ "details": "CWA-2024-005: Stackoverflow in wasmd in github.com/CosmWasm/wasmd",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/CosmWasm/wasmd",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "0.46.0"
+ },
+ {
+ "introduced": "0.50.0"
+ },
+ {
+ "fixed": "0.53.0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/CosmWasm/wasmd/security/advisories/GHSA-g8w7-7vgg-x7xg"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/CosmWasm/wasmd/commit/71cf6a8145426b82ed6249ecc86ddd281af9f97b"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/CosmWasm/wasmd/commit/db8981db8419fc4daa042ce04e279efb53c4ff29"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-005.md"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2024-3082",
+ "review_status": "UNREVIEWED"
+ }
+}
diff --git a/data/osv/GO-2024-3083.json b/data/osv/GO-2024-3083.json
@@ -0,0 +1,53 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2024-3083",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2024-6508",
+ "GHSA-4crf-28c7-v4gr"
+ ],
+ "summary": "Openshift Console insufficient entropy vulnerability in github.com/openshift/console",
+ "details": "Openshift Console insufficient entropy vulnerability in github.com/openshift/console",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/openshift/console",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-4crf-28c7-v4gr"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6508"
+ },
+ {
+ "type": "WEB",
+ "url": "https://access.redhat.com/security/cve/CVE-2024-6508"
+ },
+ {
+ "type": "WEB",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295777"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2024-3083",
+ "review_status": "UNREVIEWED"
+ }
+}
diff --git a/data/osv/GO-2024-3085.json b/data/osv/GO-2024-3085.json
@@ -0,0 +1,73 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2024-3085",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2024-42490",
+ "GHSA-qxqc-27pr-wgc8"
+ ],
+ "summary": "GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io",
+ "details": "GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: goauthentik.io before v2024.4.4, from v2024.6.0-rc1 before v2024.6.4.",
+ "affected": [
+ {
+ "package": {
+ "name": "goauthentik.io",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "custom_ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "2024.4.4"
+ },
+ {
+ "introduced": "2024.6.0-rc1"
+ },
+ {
+ "fixed": "2024.6.4"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-qxqc-27pr-wgc8"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42490"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/goauthentik/authentik/commit/19318d4c00bb02c4ec3c4f8f15ac2e1dbe8d846c"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/goauthentik/authentik/commit/359b343f51524342a5ca03828e7c975a1d654b11"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2024-3085",
+ "review_status": "UNREVIEWED"
+ }
+}
diff --git a/data/osv/GO-2024-3086.json b/data/osv/GO-2024-3086.json
@@ -0,0 +1,53 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2024-3086",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2024-41658",
+ "GHSA-gv2p-4mvg-g32h"
+ ],
+ "summary": "Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) in github.com/casdoor/casdoor",
+ "details": "Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) in github.com/casdoor/casdoor",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/casdoor/casdoor",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-gv2p-4mvg-g32h"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41658"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/casdoor/casdoor/blob/v1.577.0/web/src/QrCodePage.js"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2024-3086",
+ "review_status": "UNREVIEWED"
+ }
+}
diff --git a/data/osv/GO-2024-3087.json b/data/osv/GO-2024-3087.json
@@ -0,0 +1,53 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2024-3087",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2024-41657",
+ "GHSA-mchx-7j67-8mcf"
+ ],
+ "summary": "Casdoor CORS misconfiguration (GHSL-2024-035) in github.com/casdoor/casdoor",
+ "details": "Casdoor CORS misconfiguration (GHSL-2024-035) in github.com/casdoor/casdoor",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/casdoor/casdoor",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-mchx-7j67-8mcf"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41657"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/casdoor/casdoor/blob/v1.577.0/routers/cors_filter.go#L45"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2024-3087",
+ "review_status": "UNREVIEWED"
+ }
+}