x/vulndb: potential Go vuln in github.com/bytebase/bytebase: GHSA-9mmc-27gw-w6mq

[GoVulnBot]

In GitHub Security Advisory GHSA-9mmc-27gw-w6mq, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/bytebase/bytebase		>= 0.1.0, <= 1.0.4

Cross references:

• Module github.com/bytebase/bytebase appears in issue x/vulndb: potential Go vuln in github.com/bytebase/bytebase: GHSA-5rc4-v5mj-g8c4 #1036 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/bytebase/bytebase
      versions:
        - introduced: TODO (earliest fixed "", vuln range ">= 0.1.0, <= 1.0.4")
      packages:
        - package: github.com/bytebase/bytebase
summary: Bytebase allows low-privilege users to view admin projects in github.com/bytebase/bytebase
cves:
    - CVE-2022-32170
ghsas:
    - GHSA-9mmc-27gw-w6mq
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2022-32170
    - web: https://www.mend.io/vulnerability-database/CVE-2022-32170
    - web: https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts
    - advisory: https://github.com/advisories/GHSA-9mmc-27gw-w6mq
source:
    id: GHSA-9mmc-27gw-w6mq

[gopherbot]

Change https://go.dev/cl/590855 mentions this issue: data/excluded: add 20 excluded reports