Skip to content

Commit

Permalink
data/reports: add 16 unreviewed reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-2902.yaml
  - data/reports/GO-2024-2915.yaml
  - data/reports/GO-2024-2901.yaml
  - data/reports/GO-2024-2913.yaml
  - data/reports/GO-2024-2911.yaml
  - data/reports/GO-2024-2914.yaml
  - data/reports/GO-2024-2916.yaml
  - data/reports/GO-2024-2891.yaml
  - data/reports/GO-2024-2907.yaml
  - data/reports/GO-2024-2919.yaml
  - data/reports/GO-2024-2899.yaml
  - data/reports/GO-2024-2904.yaml
  - data/reports/GO-2024-2906.yaml
  - data/reports/GO-2024-2917.yaml
  - data/reports/GO-2024-2903.yaml
  - data/reports/GO-2024-2900.yaml

Fixes #2902
Fixes #2915
Fixes #2901
Fixes #2913
Fixes #2911
Fixes #2914
Fixes #2916
Fixes #2891
Fixes #2907
Fixes #2919
Fixes #2899
Fixes #2904
Fixes #2906
Fixes #2917
Fixes #2903
Fixes #2900

Change-Id: I9f2058ccf726462824192c0a7da1c227a8224661
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/592457
Reviewed-by: Damien Neil <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
  • Loading branch information
@tatianab
tatianab committed Jun 14, 2024
1 parent 12d366a commit 06cdadd
Show file tree
Hide file tree
Showing 32 changed files with 2,050 additions and 0 deletions.
236 changes: 236 additions & 0 deletions data/osv/GO-2024-2891.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,236 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2891",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-32873",
"GHSA-pxv8-qhrh-jc7v"
],
"summary": "evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos/v10",
"details": "evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos/v10",
"affected": [
{
"package": {
"name": "github.com/evmos/evmos/v10",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v11",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v12",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v13",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v14",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v15",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v16",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v17",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v6",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v7",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v8",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/evmos/evmos/v9",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32873"
},
{
"type": "WEB",
"url": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2891",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2024-2899.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2899",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-36127",
"GHSA-v6mg-7f7p-qmqp"
],
"summary": "apko Exposure of HTTP basic auth credentials in log output in chainguard.dev/apko",
"details": "apko Exposure of HTTP basic auth credentials in log output in chainguard.dev/apko",
"affected": [
{
"package": {
"name": "chainguard.dev/apko",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14.5"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/chainguard-dev/apko/security/advisories/GHSA-v6mg-7f7p-qmqp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36127"
},
{
"type": "WEB",
"url": "https://github.com/chainguard-dev/apko/commit/2c0533e4d52e83031a04f6a83ec63fc2a11eff01"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2899",
"review_status": "UNREVIEWED"
}
}
80 changes: 80 additions & 0 deletions data/osv/GO-2024-2900.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2900",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-36129",
"GHSA-c74f-6mfw-mm4v"
],
"summary": "Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC in go.opentelemetry.io/collector/config/configgrpc",
"details": "Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC in go.opentelemetry.io/collector/config/configgrpc",
"affected": [
{
"package": {
"name": "go.opentelemetry.io/collector/config/configgrpc",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.102.1"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "go.opentelemetry.io/collector/config/confighttp",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.102.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36129"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-collector/pull/10289"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-collector/pull/10323"
},
{
"type": "WEB",
"url": "https://opentelemetry.io/blog/2024/cve-2024-36129"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2900",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit 06cdadd

Please sign in to comment.