diff --git a/data/excluded/GO-2023-1512.yaml b/data/excluded/GO-2023-1512.yaml deleted file mode 100644 index 447eccfe7..000000000 --- a/data/excluded/GO-2023-1512.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1512 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2023-22736 -ghsas: - - GHSA-6p4m-hw2h-6gmw diff --git a/data/excluded/GO-2023-1520.yaml b/data/excluded/GO-2023-1520.yaml deleted file mode 100644 index 5a977f14f..000000000 --- a/data/excluded/GO-2023-1520.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1520 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2023-22482 -ghsas: - - GHSA-q9hr-j4rf-8fjc diff --git a/data/excluded/GO-2023-1524.yaml b/data/excluded/GO-2023-1524.yaml deleted file mode 100644 index a5f105cb1..000000000 --- a/data/excluded/GO-2023-1524.yaml +++ /dev/null @@ -1,6 +0,0 @@ -id: GO-2023-1524 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: fortio.org/proxy -ghsas: - - GHSA-x477-fq37-q5wr diff --git a/data/excluded/GO-2023-1527.yaml b/data/excluded/GO-2023-1527.yaml deleted file mode 100644 index 0fd195ef7..000000000 --- a/data/excluded/GO-2023-1527.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1527 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: www.velocidex.com/golang/velociraptor -cves: - - CVE-2023-0242 -ghsas: - - GHSA-g5vm-525q-r66c diff --git a/data/excluded/GO-2023-1533.yaml b/data/excluded/GO-2023-1533.yaml deleted file mode 100644 index 6cceeb894..000000000 --- a/data/excluded/GO-2023-1533.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1533 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/anchore/syft -cves: - - CVE-2023-24827 -ghsas: - - GHSA-jp7v-3587-2956 diff --git a/data/excluded/GO-2023-1541.yaml b/data/excluded/GO-2023-1541.yaml deleted file mode 100644 index 0976d3cb9..000000000 --- a/data/excluded/GO-2023-1541.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1541 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-0740 -ghsas: - - GHSA-65px-4cpf-697r diff --git a/data/excluded/GO-2023-1542.yaml b/data/excluded/GO-2023-1542.yaml deleted file mode 100644 index 5e14de14d..000000000 --- a/data/excluded/GO-2023-1542.yaml +++ /dev/null @@ -1,11 +0,0 @@ -id: GO-2023-1542 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/pterodactyl/wings -cves: - - CVE-2023-25152 -ghsas: - - GHSA-p8r3-83r8-jwj5 -related: - - CVE-2023-25168 - - GHSA-66p8-j459-rq63 diff --git a/data/excluded/GO-2023-1543.yaml b/data/excluded/GO-2023-1543.yaml deleted file mode 100644 index 99d43b3f8..000000000 --- a/data/excluded/GO-2023-1543.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1543 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/nothub/mrpack-install -cves: - - CVE-2023-25307 -ghsas: - - GHSA-r887-gfxh-m9rr diff --git a/data/excluded/GO-2023-1544.yaml b/data/excluded/GO-2023-1544.yaml deleted file mode 100644 index c31cdeebf..000000000 --- a/data/excluded/GO-2023-1544.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1544 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/containers/podman/v2 -cves: - - CVE-2020-1726 -ghsas: - - GHSA-vmhj-p9hw-vgrf diff --git a/data/excluded/GO-2023-1550.yaml b/data/excluded/GO-2023-1550.yaml deleted file mode 100644 index 914e2c075..000000000 --- a/data/excluded/GO-2023-1550.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1550 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-0744 -ghsas: - - GHSA-4cwh-8w4g-jxxh diff --git a/data/excluded/GO-2023-1551.yaml b/data/excluded/GO-2023-1551.yaml deleted file mode 100644 index 9d911851f..000000000 --- a/data/excluded/GO-2023-1551.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1551 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-0743 -ghsas: - - GHSA-hjmr-xm25-36mh diff --git a/data/excluded/GO-2023-1552.yaml b/data/excluded/GO-2023-1552.yaml deleted file mode 100644 index 318d513e4..000000000 --- a/data/excluded/GO-2023-1552.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1552 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-0741 -ghsas: - - GHSA-p7wj-c85f-xq9h diff --git a/data/excluded/GO-2023-1553.yaml b/data/excluded/GO-2023-1553.yaml deleted file mode 100644 index eba8d764c..000000000 --- a/data/excluded/GO-2023-1553.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1553 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-0739 -ghsas: - - GHSA-qx34-47fc-vv79 diff --git a/data/excluded/GO-2023-1554.yaml b/data/excluded/GO-2023-1554.yaml deleted file mode 100644 index f68641ef7..000000000 --- a/data/excluded/GO-2023-1554.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1554 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/answerdev/answer -cves: - - CVE-2023-0742 -ghsas: - - GHSA-rmw8-7823-wp7f diff --git a/data/excluded/GO-2023-1555.yaml b/data/excluded/GO-2023-1555.yaml deleted file mode 100644 index a7ee03fc1..000000000 --- a/data/excluded/GO-2023-1555.yaml +++ /dev/null @@ -1,11 +0,0 @@ -id: GO-2023-1555 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/pterodactyl/wings -cves: - - CVE-2023-25168 -ghsas: - - GHSA-66p8-j459-rq63 -related: - - CVE-2023-25152 - - GHSA-p8r3-83r8-jwj5 diff --git a/data/excluded/GO-2023-1560.yaml b/data/excluded/GO-2023-1560.yaml deleted file mode 100644 index bbeca40bb..000000000 --- a/data/excluded/GO-2023-1560.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1560 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/flipped-aurora/gin-vue-admin -cves: - - CVE-2022-47762 -ghsas: - - GHSA-x623-hr8h-7g5v diff --git a/data/excluded/GO-2023-1577.yaml b/data/excluded/GO-2023-1577.yaml deleted file mode 100644 index 2ba8dcee7..000000000 --- a/data/excluded/GO-2023-1577.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1577 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2023-23947 -ghsas: - - GHSA-3jfq-742w-xg8j diff --git a/data/excluded/GO-2023-1581.yaml b/data/excluded/GO-2023-1581.yaml deleted file mode 100644 index 23a048598..000000000 --- a/data/excluded/GO-2023-1581.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1581 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/nomad -cves: - - CVE-2023-0821 -ghsas: - - GHSA-w479-w22g-cffh diff --git a/data/excluded/GO-2023-1582.yaml b/data/excluded/GO-2023-1582.yaml deleted file mode 100644 index 8e58ef72d..000000000 --- a/data/excluded/GO-2023-1582.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2023-1582 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/mosn/mosn -cves: - - CVE-2021-32163 -ghsas: - - GHSA-5vx9-j5cw-47vq diff --git a/data/excluded/GO-2023-1583.yaml b/data/excluded/GO-2023-1583.yaml deleted file mode 100644 index bee3e65a6..000000000 --- a/data/excluded/GO-2023-1583.yaml +++ /dev/null @@ -1,6 +0,0 @@ -id: GO-2023-1583 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/edgelesssys/constellation/v2 -ghsas: - - GHSA-r2h5-3hgw-8j34 diff --git a/data/osv/GO-2023-1512.json b/data/osv/GO-2023-1512.json new file mode 100644 index 000000000..047f41f4d --- /dev/null +++ b/data/osv/GO-2023-1512.json @@ -0,0 +1,71 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1512", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-22736", + "GHSA-6p4m-hw2h-6gmw" + ], + "summary": "Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd", + "details": "Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "2.5.0-rc1" + }, + { + "fixed": "2.5.8" + }, + { + "introduced": "2.6.0-rc4" + }, + { + "fixed": "2.6.0-rc5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22736" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1512", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1520.json b/data/osv/GO-2023-1520.json new file mode 100644 index 000000000..4dd7923e7 --- /dev/null +++ b/data/osv/GO-2023-1520.json @@ -0,0 +1,83 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1520", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-22482", + "GHSA-q9hr-j4rf-8fjc" + ], + "summary": "JWT audience claim is not verified in github.com/argoproj/argo-cd", + "details": "JWT audience claim is not verified in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.8.2" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.3.14" + }, + { + "introduced": "2.4.0" + }, + { + "fixed": "2.4.20" + }, + { + "introduced": "2.5.0" + }, + { + "fixed": "2.5.8" + }, + { + "introduced": "2.6.0-rc1" + }, + { + "fixed": "2.6.0-rc5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22482" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1520", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1524.json b/data/osv/GO-2023-1524.json new file mode 100644 index 000000000..c66467297 --- /dev/null +++ b/data/osv/GO-2023-1524.json @@ -0,0 +1,47 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1524", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-x477-fq37-q5wr" + ], + "summary": "Initial debug-host handler implementation could leak information and facilitate denial of service in fortio.org/proxy", + "details": "Initial debug-host handler implementation could leak information and facilitate denial of service in fortio.org/proxy", + "affected": [ + { + "package": { + "name": "fortio.org/proxy", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.5.0" + }, + { + "fixed": "1.6.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/fortio/proxy/security/advisories/GHSA-x477-fq37-q5wr" + }, + { + "type": "WEB", + "url": "https://github.com/fortio/proxy/pull/38" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1524", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1527.json b/data/osv/GO-2023-1527.json new file mode 100644 index 000000000..3a6fa301b --- /dev/null +++ b/data/osv/GO-2023-1527.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1527", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0242", + "GHSA-g5vm-525q-r66c" + ], + "summary": "Velociraptor vulnerable to Missing Authorization in www.velocidex.com/golang/velociraptor", + "details": "Velociraptor vulnerable to Missing Authorization in www.velocidex.com/golang/velociraptor", + "affected": [ + { + "package": { + "name": "www.velocidex.com/golang/velociraptor", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.6.7-5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-g5vm-525q-r66c" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0242" + }, + { + "type": "WEB", + "url": "https://docs.velociraptor.app/announcements/2023-cves/#:~:text=to%20upgrade%20clients.-,CVE%2D2023%2D0242,-Insufficient%20Permission%20Check" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1527", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1533.json b/data/osv/GO-2023-1533.json new file mode 100644 index 000000000..4dc503f8f --- /dev/null +++ b/data/osv/GO-2023-1533.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1533", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-24827", + "GHSA-jp7v-3587-2956" + ], + "summary": "Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in github.com/anchore/syft", + "details": "Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in github.com/anchore/syft", + "affected": [ + { + "package": { + "name": "github.com/anchore/syft", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.69.0" + }, + { + "fixed": "0.70.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/anchore/syft/security/advisories/GHSA-jp7v-3587-2956" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24827" + }, + { + "type": "FIX", + "url": "https://github.com/anchore/syft/commit/9995950c70e849f9921919faffbfcf46401f71f3" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1533", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1541.json b/data/osv/GO-2023-1541.json new file mode 100644 index 000000000..60f991e27 --- /dev/null +++ b/data/osv/GO-2023-1541.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1541", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0740", + "GHSA-65px-4cpf-697r" + ], + "summary": "Cross-site scripting vulnerability found in answerdev/answer in github.com/answerdev/answer", + "details": "Cross-site scripting vulnerability found in answerdev/answer in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-65px-4cpf-697r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0740" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/c3001de52af91f09c96e701facbce0b9fa0c98ad" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/802ee76d-fe01-482b-a9a4-34699a7c9110" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1541", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1542.json b/data/osv/GO-2023-1542.json new file mode 100644 index 000000000..a600a0294 --- /dev/null +++ b/data/osv/GO-2023-1542.json @@ -0,0 +1,66 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1542", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-25152", + "GHSA-p8r3-83r8-jwj5" + ], + "summary": "Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following in github.com/pterodactyl/wings", + "details": "Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following in github.com/pterodactyl/wings", + "affected": [ + { + "package": { + "name": "github.com/pterodactyl/wings", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.7.3" + }, + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25152" + }, + { + "type": "FIX", + "url": "https://github.com/pterodactyl/wings/commit/dac9685298c3c1c49b3109fa4241aa88272b9f14" + }, + { + "type": "WEB", + "url": "https://github.com/pterodactyl/wings/releases/tag/v1.11.3" + }, + { + "type": "WEB", + "url": "https://github.com/pterodactyl/wings/releases/tag/v1.7.3" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1542", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1543.json b/data/osv/GO-2023-1543.json new file mode 100644 index 000000000..3e3f2de28 --- /dev/null +++ b/data/osv/GO-2023-1543.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1543", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-25307", + "GHSA-r887-gfxh-m9rr" + ], + "summary": "mrpack-install vulnerable to path traversal with dependency in github.com/nothub/mrpack-install", + "details": "mrpack-install vulnerable to path traversal with dependency in github.com/nothub/mrpack-install", + "affected": [ + { + "package": { + "name": "github.com/nothub/mrpack-install", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.16.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/nothub/mrpack-install/security/advisories/GHSA-r887-gfxh-m9rr" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25307" + }, + { + "type": "FIX", + "url": "https://github.com/nothub/mrpack-install/commit/a1f424b6a616d2de95228781eef3b92b9769f23c" + }, + { + "type": "WEB", + "url": "https://github.com/nothub/mrpack-install/releases/tag/v0.16.3" + }, + { + "type": "WEB", + "url": "https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1543", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1544.json b/data/osv/GO-2023-1544.json new file mode 100644 index 000000000..8cc2d5b97 --- /dev/null +++ b/data/osv/GO-2023-1544.json @@ -0,0 +1,97 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1544", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-1726", + "GHSA-vmhj-p9hw-vgrf" + ], + "summary": "Podman has Files or Directories Accessible to External Parties in github.com/containers/libpod", + "details": "Podman has Files or Directories Accessible to External Parties in github.com/containers/libpod", + "affected": [ + { + "package": { + "name": "github.com/containers/libpod", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.6.0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/containers/libpod/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-vmhj-p9hw-vgrf" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1726" + }, + { + "type": "WEB", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html" + }, + { + "type": "WEB", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2020:0680" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2020:1650" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2020-1726" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801152" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726" + }, + { + "type": "WEB", + "url": "https://github.com/containers/podman/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1544", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1550.json b/data/osv/GO-2023-1550.json new file mode 100644 index 000000000..16b784635 --- /dev/null +++ b/data/osv/GO-2023-1550.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1550", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0744", + "GHSA-4cwh-8w4g-jxxh" + ], + "summary": "Answer contains Improper Access Control vulnerability in github.com/answerdev/answer", + "details": "Answer contains Improper Access Control vulnerability in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-4cwh-8w4g-jxxh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0744" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de542d" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/171733/Answerdev-1.0.3-Account-Takeover.html" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1550", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1551.json b/data/osv/GO-2023-1551.json new file mode 100644 index 000000000..314b99156 --- /dev/null +++ b/data/osv/GO-2023-1551.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1551", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0743", + "GHSA-hjmr-xm25-36mh" + ], + "summary": "Answer subject to Cross-site Scripting vulnerability in github.com/answerdev/answer", + "details": "Answer subject to Cross-site Scripting vulnerability in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hjmr-xm25-36mh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0743" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/860b1a3bd8cfaa8827e6e6f50ab1d98fa4c2c816" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/366cf8bb-19f6-4388-b089-d0a260efd863" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1551", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1552.json b/data/osv/GO-2023-1552.json new file mode 100644 index 000000000..0bd7a264b --- /dev/null +++ b/data/osv/GO-2023-1552.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1552", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0741", + "GHSA-p7wj-c85f-xq9h" + ], + "summary": "Answer has Cross-site Scripting vulnerability in github.com/answerdev/answer", + "details": "Answer has Cross-site Scripting vulnerability in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-p7wj-c85f-xq9h" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0741" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/c3001de52af91f09c96e701facbce0b9fa0c98ad" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/78233bfa-871d-45e1-815f-dee73e397809" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1552", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1553.json b/data/osv/GO-2023-1553.json new file mode 100644 index 000000000..a6e1e8b9f --- /dev/null +++ b/data/osv/GO-2023-1553.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1553", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0739", + "GHSA-qx34-47fc-vv79" + ], + "summary": "Answer vulnerable to Race Condition in github.com/answerdev/answer", + "details": "Answer vulnerable to Race Condition in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qx34-47fc-vv79" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0739" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/1ee34b884b905d14d4db457563176b77a974b992" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/93d7fac9-50be-4624-9096-45b89fbfd4ae" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1553", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1554.json b/data/osv/GO-2023-1554.json new file mode 100644 index 000000000..5de0b2880 --- /dev/null +++ b/data/osv/GO-2023-1554.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1554", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0742", + "GHSA-rmw8-7823-wp7f" + ], + "summary": "Answer contains Cross-site Scripting vulnerability in github.com/answerdev/answer", + "details": "Answer contains Cross-site Scripting vulnerability in github.com/answerdev/answer", + "affected": [ + { + "package": { + "name": "github.com/answerdev/answer", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rmw8-7823-wp7f" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0742" + }, + { + "type": "FIX", + "url": "https://github.com/answerdev/answer/commit/c3001de52af91f09c96e701facbce0b9fa0c98ad" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/d73a2c03-7035-453b-9c04-c733ace65544" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1554", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1555.json b/data/osv/GO-2023-1555.json new file mode 100644 index 000000000..d678919ae --- /dev/null +++ b/data/osv/GO-2023-1555.json @@ -0,0 +1,62 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1555", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-25168", + "GHSA-66p8-j459-rq63" + ], + "summary": "Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system in github.com/pterodactyl/wings", + "details": "Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system in github.com/pterodactyl/wings", + "affected": [ + { + "package": { + "name": "github.com/pterodactyl/wings", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.7.4" + }, + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25168" + }, + { + "type": "FIX", + "url": "https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d" + }, + { + "type": "WEB", + "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1555", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1560.json b/data/osv/GO-2023-1560.json new file mode 100644 index 000000000..ad70f761a --- /dev/null +++ b/data/osv/GO-2023-1560.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1560", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-47762", + "GHSA-x623-hr8h-7g5v" + ], + "summary": "Path Traversal in gin-vue-admin in github.com/flipped-aurora/gin-vue-admin", + "details": "Path Traversal in gin-vue-admin in github.com/flipped-aurora/gin-vue-admin", + "affected": [ + { + "package": { + "name": "github.com/flipped-aurora/gin-vue-admin", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.5.5+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-x623-hr8h-7g5v" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47762" + }, + { + "type": "REPORT", + "url": "https://github.com/flipped-aurora/gin-vue-admin/issues/1309" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1560", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1577.json b/data/osv/GO-2023-1577.json new file mode 100644 index 000000000..90d0e3ff4 --- /dev/null +++ b/data/osv/GO-2023-1577.json @@ -0,0 +1,87 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1577", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-23947", + "GHSA-3jfq-742w-xg8j" + ], + "summary": "Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd", + "details": "Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "2.3.0" + }, + { + "fixed": "2.3.17" + }, + { + "introduced": "2.4.0" + }, + { + "fixed": "2.4.23" + }, + { + "introduced": "2.5.0" + }, + { + "fixed": "2.5.11" + }, + { + "introduced": "2.6.0" + }, + { + "fixed": "2.6.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3jfq-742w-xg8j" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23947" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/commit/fbb0b99b1ac3361b253052bd30259fa43a520945" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1577", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1581.json b/data/osv/GO-2023-1581.json new file mode 100644 index 000000000..c19188555 --- /dev/null +++ b/data/osv/GO-2023-1581.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1581", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2023-0821", + "GHSA-w479-w22g-cffh" + ], + "summary": "Uncontrolled Resource Consumption in Hashicorp Nomad in github.com/hashicorp/nomad", + "details": "Uncontrolled Resource Consumption in Hashicorp Nomad in github.com/hashicorp/nomad", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/nomad", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.2.15" + }, + { + "fixed": "1.2.16" + }, + { + "introduced": "1.3.0" + }, + { + "fixed": "1.3.9" + }, + { + "introduced": "1.4.0" + }, + { + "fixed": "1.4.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-w479-w22g-cffh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0821" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1581", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1582.json b/data/osv/GO-2023-1582.json new file mode 100644 index 000000000..b573a6708 --- /dev/null +++ b/data/osv/GO-2023-1582.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1582", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-32163", + "GHSA-5vx9-j5cw-47vq" + ], + "summary": "Privilege escalation in MOSN in mosn.io/mosn", + "details": "Privilege escalation in MOSN in mosn.io/mosn", + "affected": [ + { + "package": { + "name": "mosn.io/mosn", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.23.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-5vx9-j5cw-47vq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32163" + }, + { + "type": "WEB", + "url": "https://github.com/mosn/mosn/issues/1633" + }, + { + "type": "WEB", + "url": "https://github.com/mosn/mosn/pull/1637" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1582", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2023-1583.json b/data/osv/GO-2023-1583.json new file mode 100644 index 000000000..028a4f207 --- /dev/null +++ b/data/osv/GO-2023-1583.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2023-1583", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-r2h5-3hgw-8j34" + ], + "summary": "User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation", + "details": "User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation", + "affected": [ + { + "package": { + "name": "github.com/edgelesssys/constellation", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/edgelesssys/constellation/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.5.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/edgelesssys/constellation/security/advisories/GHSA-r2h5-3hgw-8j34" + }, + { + "type": "WEB", + "url": "https://github.com/edgelesssys/constellation/releases/tag/v2.5.2" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1583", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2023-1512.yaml b/data/reports/GO-2023-1512.yaml new file mode 100644 index 000000000..471670958 --- /dev/null +++ b/data/reports/GO-2023-1512.yaml @@ -0,0 +1,26 @@ +id: GO-2023-1512 +modules: + - module: github.com/argoproj/argo-cd + vulnerable_at: 1.8.6 + - module: github.com/argoproj/argo-cd/v2 + versions: + - introduced: 2.5.0-rc1 + - fixed: 2.5.8 + - introduced: 2.6.0-rc4 + - fixed: 2.6.0-rc5 + vulnerable_at: 2.6.0-rc4 +summary: |- + Controller reconciles apps outside configured namespaces when sharding is + enabled in github.com/argoproj/argo-cd +cves: + - CVE-2023-22736 +ghsas: + - GHSA-6p4m-hw2h-6gmw +references: + - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-22736 +source: + id: GHSA-6p4m-hw2h-6gmw + created: 2024-08-20T11:30:16.206192-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1520.yaml b/data/reports/GO-2023-1520.yaml new file mode 100644 index 000000000..94e4c3f60 --- /dev/null +++ b/data/reports/GO-2023-1520.yaml @@ -0,0 +1,29 @@ +id: GO-2023-1520 +modules: + - module: github.com/argoproj/argo-cd + versions: + - introduced: 1.8.2 + vulnerable_at: 1.8.6 + - module: github.com/argoproj/argo-cd/v2 + versions: + - fixed: 2.3.14 + - introduced: 2.4.0 + - fixed: 2.4.20 + - introduced: 2.5.0 + - fixed: 2.5.8 + - introduced: 2.6.0-rc1 + - fixed: 2.6.0-rc5 + vulnerable_at: 2.6.0-rc4 +summary: JWT audience claim is not verified in github.com/argoproj/argo-cd +cves: + - CVE-2023-22482 +ghsas: + - GHSA-q9hr-j4rf-8fjc +references: + - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-22482 +source: + id: GHSA-q9hr-j4rf-8fjc + created: 2024-08-20T11:30:39.456082-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1524.yaml b/data/reports/GO-2023-1524.yaml new file mode 100644 index 000000000..99ef80c9e --- /dev/null +++ b/data/reports/GO-2023-1524.yaml @@ -0,0 +1,20 @@ +id: GO-2023-1524 +modules: + - module: fortio.org/proxy + versions: + - introduced: 1.5.0 + - fixed: 1.6.1 + vulnerable_at: 1.6.0 +summary: |- + Initial debug-host handler implementation could leak information and facilitate + denial of service in fortio.org/proxy +ghsas: + - GHSA-x477-fq37-q5wr +references: + - advisory: https://github.com/fortio/proxy/security/advisories/GHSA-x477-fq37-q5wr + - web: https://github.com/fortio/proxy/pull/38 +source: + id: GHSA-x477-fq37-q5wr + created: 2024-08-20T11:30:42.587992-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1527.yaml b/data/reports/GO-2023-1527.yaml new file mode 100644 index 000000000..56ca92799 --- /dev/null +++ b/data/reports/GO-2023-1527.yaml @@ -0,0 +1,20 @@ +id: GO-2023-1527 +modules: + - module: www.velocidex.com/golang/velociraptor + versions: + - fixed: 0.6.7-5 + vulnerable_at: 0.6.7-4 +summary: Velociraptor vulnerable to Missing Authorization in www.velocidex.com/golang/velociraptor +cves: + - CVE-2023-0242 +ghsas: + - GHSA-g5vm-525q-r66c +references: + - advisory: https://github.com/advisories/GHSA-g5vm-525q-r66c + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0242 + - web: https://docs.velociraptor.app/announcements/2023-cves/#:~:text=to%20upgrade%20clients.-,CVE%2D2023%2D0242,-Insufficient%20Permission%20Check +source: + id: GHSA-g5vm-525q-r66c + created: 2024-08-20T11:30:44.889318-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1533.yaml b/data/reports/GO-2023-1533.yaml new file mode 100644 index 000000000..f2bb8c22c --- /dev/null +++ b/data/reports/GO-2023-1533.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1533 +modules: + - module: github.com/anchore/syft + versions: + - introduced: 0.69.0 + - fixed: 0.70.0 + vulnerable_at: 0.69.1 +summary: Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in github.com/anchore/syft +cves: + - CVE-2023-24827 +ghsas: + - GHSA-jp7v-3587-2956 +references: + - advisory: https://github.com/anchore/syft/security/advisories/GHSA-jp7v-3587-2956 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-24827 + - fix: https://github.com/anchore/syft/commit/9995950c70e849f9921919faffbfcf46401f71f3 +source: + id: GHSA-jp7v-3587-2956 + created: 2024-08-20T11:30:48.175309-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1541.yaml b/data/reports/GO-2023-1541.yaml new file mode 100644 index 000000000..eb8030193 --- /dev/null +++ b/data/reports/GO-2023-1541.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1541 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.4 + vulnerable_at: 1.0.3 +summary: Cross-site scripting vulnerability found in answerdev/answer in github.com/answerdev/answer +cves: + - CVE-2023-0740 +ghsas: + - GHSA-65px-4cpf-697r +references: + - advisory: https://github.com/advisories/GHSA-65px-4cpf-697r + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0740 + - fix: https://github.com/answerdev/answer/commit/c3001de52af91f09c96e701facbce0b9fa0c98ad + - web: https://huntr.dev/bounties/802ee76d-fe01-482b-a9a4-34699a7c9110 +source: + id: GHSA-65px-4cpf-697r + created: 2024-08-20T11:30:51.761562-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1542.yaml b/data/reports/GO-2023-1542.yaml new file mode 100644 index 000000000..3a5490e8d --- /dev/null +++ b/data/reports/GO-2023-1542.yaml @@ -0,0 +1,24 @@ +id: GO-2023-1542 +modules: + - module: github.com/pterodactyl/wings + versions: + - fixed: 1.7.3 + - introduced: 1.11.0 + - fixed: 1.11.3 + vulnerable_at: 1.11.2 +summary: Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following in github.com/pterodactyl/wings +cves: + - CVE-2023-25152 +ghsas: + - GHSA-p8r3-83r8-jwj5 +references: + - advisory: https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-25152 + - fix: https://github.com/pterodactyl/wings/commit/dac9685298c3c1c49b3109fa4241aa88272b9f14 + - web: https://github.com/pterodactyl/wings/releases/tag/v1.11.3 + - web: https://github.com/pterodactyl/wings/releases/tag/v1.7.3 +source: + id: GHSA-p8r3-83r8-jwj5 + created: 2024-08-20T11:30:56.039034-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1543.yaml b/data/reports/GO-2023-1543.yaml new file mode 100644 index 000000000..7b231a16d --- /dev/null +++ b/data/reports/GO-2023-1543.yaml @@ -0,0 +1,22 @@ +id: GO-2023-1543 +modules: + - module: github.com/nothub/mrpack-install + versions: + - fixed: 0.16.3 + vulnerable_at: 0.16.2 +summary: mrpack-install vulnerable to path traversal with dependency in github.com/nothub/mrpack-install +cves: + - CVE-2023-25307 +ghsas: + - GHSA-r887-gfxh-m9rr +references: + - advisory: https://github.com/nothub/mrpack-install/security/advisories/GHSA-r887-gfxh-m9rr + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-25307 + - fix: https://github.com/nothub/mrpack-install/commit/a1f424b6a616d2de95228781eef3b92b9769f23c + - web: https://github.com/nothub/mrpack-install/releases/tag/v0.16.3 + - web: https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities +source: + id: GHSA-r887-gfxh-m9rr + created: 2024-08-20T11:31:00.285248-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1544.yaml b/data/reports/GO-2023-1544.yaml new file mode 100644 index 000000000..cdc62b6fa --- /dev/null +++ b/data/reports/GO-2023-1544.yaml @@ -0,0 +1,31 @@ +id: GO-2023-1544 +modules: + - module: github.com/containers/libpod + versions: + - introduced: 1.6.0 + vulnerable_at: 1.9.3 + - module: github.com/containers/libpod/v2 + versions: + - fixed: 2.0.6 + vulnerable_at: 2.0.6-rc1 +summary: Podman has Files or Directories Accessible to External Parties in github.com/containers/libpod +cves: + - CVE-2020-1726 +ghsas: + - GHSA-vmhj-p9hw-vgrf +references: + - advisory: https://github.com/advisories/GHSA-vmhj-p9hw-vgrf + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-1726 + - web: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html + - web: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html + - web: https://access.redhat.com/errata/RHSA-2020:0680 + - web: https://access.redhat.com/errata/RHSA-2020:1650 + - web: https://access.redhat.com/security/cve/CVE-2020-1726 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=1801152 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726 + - web: https://github.com/containers/podman/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42 +source: + id: GHSA-vmhj-p9hw-vgrf + created: 2024-08-20T11:31:04.124668-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1550.yaml b/data/reports/GO-2023-1550.yaml new file mode 100644 index 000000000..f215ebee3 --- /dev/null +++ b/data/reports/GO-2023-1550.yaml @@ -0,0 +1,22 @@ +id: GO-2023-1550 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.4 + vulnerable_at: 1.0.3 +summary: Answer contains Improper Access Control vulnerability in github.com/answerdev/answer +cves: + - CVE-2023-0744 +ghsas: + - GHSA-4cwh-8w4g-jxxh +references: + - advisory: https://github.com/advisories/GHSA-4cwh-8w4g-jxxh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0744 + - fix: https://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de542d + - web: http://packetstormsecurity.com/files/171733/Answerdev-1.0.3-Account-Takeover.html + - web: https://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434 +source: + id: GHSA-4cwh-8w4g-jxxh + created: 2024-08-20T11:31:15.10069-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1551.yaml b/data/reports/GO-2023-1551.yaml new file mode 100644 index 000000000..4b906f0d9 --- /dev/null +++ b/data/reports/GO-2023-1551.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1551 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.4 + vulnerable_at: 1.0.3 +summary: Answer subject to Cross-site Scripting vulnerability in github.com/answerdev/answer +cves: + - CVE-2023-0743 +ghsas: + - GHSA-hjmr-xm25-36mh +references: + - advisory: https://github.com/advisories/GHSA-hjmr-xm25-36mh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0743 + - fix: https://github.com/answerdev/answer/commit/860b1a3bd8cfaa8827e6e6f50ab1d98fa4c2c816 + - web: https://huntr.dev/bounties/366cf8bb-19f6-4388-b089-d0a260efd863 +source: + id: GHSA-hjmr-xm25-36mh + created: 2024-08-20T11:31:19.160562-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1552.yaml b/data/reports/GO-2023-1552.yaml new file mode 100644 index 000000000..e5b122e4b --- /dev/null +++ b/data/reports/GO-2023-1552.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1552 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.4 + vulnerable_at: 1.0.3 +summary: Answer has Cross-site Scripting vulnerability in github.com/answerdev/answer +cves: + - CVE-2023-0741 +ghsas: + - GHSA-p7wj-c85f-xq9h +references: + - advisory: https://github.com/advisories/GHSA-p7wj-c85f-xq9h + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0741 + - fix: https://github.com/answerdev/answer/commit/c3001de52af91f09c96e701facbce0b9fa0c98ad + - web: https://huntr.dev/bounties/78233bfa-871d-45e1-815f-dee73e397809 +source: + id: GHSA-p7wj-c85f-xq9h + created: 2024-08-20T11:31:22.860805-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1553.yaml b/data/reports/GO-2023-1553.yaml new file mode 100644 index 000000000..293a52155 --- /dev/null +++ b/data/reports/GO-2023-1553.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1553 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.4 + vulnerable_at: 1.0.3 +summary: Answer vulnerable to Race Condition in github.com/answerdev/answer +cves: + - CVE-2023-0739 +ghsas: + - GHSA-qx34-47fc-vv79 +references: + - advisory: https://github.com/advisories/GHSA-qx34-47fc-vv79 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0739 + - fix: https://github.com/answerdev/answer/commit/1ee34b884b905d14d4db457563176b77a974b992 + - web: https://huntr.dev/bounties/93d7fac9-50be-4624-9096-45b89fbfd4ae +source: + id: GHSA-qx34-47fc-vv79 + created: 2024-08-20T11:31:26.368766-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2023-1554.yaml b/data/reports/GO-2023-1554.yaml new file mode 100644 index 000000000..ff403dd4c --- /dev/null +++ b/data/reports/GO-2023-1554.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1554 +modules: + - module: github.com/answerdev/answer + versions: + - fixed: 1.0.4 + vulnerable_at: 1.0.3 +summary: Answer contains Cross-site Scripting vulnerability in github.com/answerdev/answer +cves: + - CVE-2023-0742 +ghsas: + - GHSA-rmw8-7823-wp7f +references: + - advisory: https://github.com/advisories/GHSA-rmw8-7823-wp7f + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0742 + - fix: https://github.com/answerdev/answer/commit/c3001de52af91f09c96e701facbce0b9fa0c98ad + - web: https://huntr.dev/bounties/d73a2c03-7035-453b-9c04-c733ace65544 +source: + id: GHSA-rmw8-7823-wp7f + created: 2024-08-20T11:31:30.96196-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1555.yaml b/data/reports/GO-2023-1555.yaml new file mode 100644 index 000000000..f09a3c49b --- /dev/null +++ b/data/reports/GO-2023-1555.yaml @@ -0,0 +1,25 @@ +id: GO-2023-1555 +modules: + - module: github.com/pterodactyl/wings + versions: + - fixed: 1.7.4 + - introduced: 1.11.0 + - fixed: 1.11.4 + vulnerable_at: 1.11.3 +summary: |- + Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in + deletion of files and directories on the host system in github.com/pterodactyl/wings +cves: + - CVE-2023-25168 +ghsas: + - GHSA-66p8-j459-rq63 +references: + - advisory: https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-25168 + - fix: https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d + - web: https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5 +source: + id: GHSA-66p8-j459-rq63 + created: 2024-08-20T11:31:34.299699-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1560.yaml b/data/reports/GO-2023-1560.yaml new file mode 100644 index 000000000..c66111da8 --- /dev/null +++ b/data/reports/GO-2023-1560.yaml @@ -0,0 +1,20 @@ +id: GO-2023-1560 +modules: + - module: github.com/flipped-aurora/gin-vue-admin + versions: + - fixed: 2.5.5+incompatible + vulnerable_at: 2.5.4+incompatible +summary: Path Traversal in gin-vue-admin in github.com/flipped-aurora/gin-vue-admin +cves: + - CVE-2022-47762 +ghsas: + - GHSA-x623-hr8h-7g5v +references: + - advisory: https://github.com/advisories/GHSA-x623-hr8h-7g5v + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-47762 + - report: https://github.com/flipped-aurora/gin-vue-admin/issues/1309 +source: + id: GHSA-x623-hr8h-7g5v + created: 2024-08-20T11:31:37.657316-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1577.yaml b/data/reports/GO-2023-1577.yaml new file mode 100644 index 000000000..dfda5fd42 --- /dev/null +++ b/data/reports/GO-2023-1577.yaml @@ -0,0 +1,31 @@ +id: GO-2023-1577 +modules: + - module: github.com/argoproj/argo-cd + vulnerable_at: 1.8.6 + - module: github.com/argoproj/argo-cd/v2 + versions: + - introduced: 2.3.0 + - fixed: 2.3.17 + - introduced: 2.4.0 + - fixed: 2.4.23 + - introduced: 2.5.0 + - fixed: 2.5.11 + - introduced: 2.6.0 + - fixed: 2.6.2 + vulnerable_at: 2.6.1 +summary: |- + Users with any cluster secret update access may update out-of-bounds cluster + secrets in github.com/argoproj/argo-cd +cves: + - CVE-2023-23947 +ghsas: + - GHSA-3jfq-742w-xg8j +references: + - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-3jfq-742w-xg8j + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-23947 + - fix: https://github.com/argoproj/argo-cd/commit/fbb0b99b1ac3361b253052bd30259fa43a520945 +source: + id: GHSA-3jfq-742w-xg8j + created: 2024-08-20T11:31:44.976314-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1581.yaml b/data/reports/GO-2023-1581.yaml new file mode 100644 index 000000000..4eda6f2ce --- /dev/null +++ b/data/reports/GO-2023-1581.yaml @@ -0,0 +1,25 @@ +id: GO-2023-1581 +modules: + - module: github.com/hashicorp/nomad + versions: + - introduced: 1.2.15 + - fixed: 1.2.16 + - introduced: 1.3.0 + - fixed: 1.3.9 + - introduced: 1.4.0 + - fixed: 1.4.4 + vulnerable_at: 1.4.4-changelog +summary: Uncontrolled Resource Consumption in Hashicorp Nomad in github.com/hashicorp/nomad +cves: + - CVE-2023-0821 +ghsas: + - GHSA-w479-w22g-cffh +references: + - advisory: https://github.com/advisories/GHSA-w479-w22g-cffh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-0821 + - web: https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292 +source: + id: GHSA-w479-w22g-cffh + created: 2024-08-20T11:31:49.087624-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1582.yaml b/data/reports/GO-2023-1582.yaml new file mode 100644 index 000000000..9f60f2c46 --- /dev/null +++ b/data/reports/GO-2023-1582.yaml @@ -0,0 +1,21 @@ +id: GO-2023-1582 +modules: + - module: mosn.io/mosn + versions: + - fixed: 0.23.0 + vulnerable_at: 0.22.0 +summary: Privilege escalation in MOSN in mosn.io/mosn +cves: + - CVE-2021-32163 +ghsas: + - GHSA-5vx9-j5cw-47vq +references: + - advisory: https://github.com/advisories/GHSA-5vx9-j5cw-47vq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-32163 + - web: https://github.com/mosn/mosn/issues/1633 + - web: https://github.com/mosn/mosn/pull/1637 +source: + id: GHSA-5vx9-j5cw-47vq + created: 2024-08-20T11:31:54.636148-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2023-1583.yaml b/data/reports/GO-2023-1583.yaml new file mode 100644 index 000000000..474f65c3d --- /dev/null +++ b/data/reports/GO-2023-1583.yaml @@ -0,0 +1,19 @@ +id: GO-2023-1583 +modules: + - module: github.com/edgelesssys/constellation + vulnerable_at: 0.0.0 + - module: github.com/edgelesssys/constellation/v2 + versions: + - fixed: 2.5.2 + vulnerable_at: 2.5.1 +summary: User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation +ghsas: + - GHSA-r2h5-3hgw-8j34 +references: + - advisory: https://github.com/edgelesssys/constellation/security/advisories/GHSA-r2h5-3hgw-8j34 + - web: https://github.com/edgelesssys/constellation/releases/tag/v2.5.2 +source: + id: GHSA-r2h5-3hgw-8j34 + created: 2024-08-20T11:31:58.407225-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE