data/reports: update 3 reports

Regenerate three UNREVIEWED reports that now have a GHSA available. - data/reports/GO-2024-2965.yaml - data/reports/GO-2024-2969.yaml - data/reports/GO-2024-2974.yaml Updates #2965 Updates #2969 Updates #2974 Change-Id: I5f5b9fc105520c831e598dc591d04b9e81347d3d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/601375 Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
golang · Jul 29, 2024 · fb09166 · fb09166
1 parent 078e674
commit fb09166
Show file tree

Hide file tree

Showing 6 changed files with 390 additions and 42 deletions.
diff --git a/data/osv/GO-2024-2965.json b/data/osv/GO-2024-2965.json
@@ -4,7 +4,8 @@
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2024-39315"
+    "CVE-2024-39315",
+    "GHSA-rrqr-7w59-637v"
   ],
   "summary": "Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium",
   "details": "Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium",
@@ -31,17 +32,17 @@
     }
   ],
   "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-rrqr-7w59-637v"
+    },
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39315"
     },
     {
       "type": "FIX",
       "url": "https://github.com/pomerium/pomerium/commit/4c7c4320afb2ced70ba19b46de1ac4383f3daa48"
-    },
-    {
-      "type": "WEB",
-      "url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-rrqr-7w59-637v"
     }
   ],
   "database_specific": {

diff --git a/data/osv/GO-2024-2969.json b/data/osv/GO-2024-2969.json
@@ -4,10 +4,11 @@
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2024-39930"
+    "CVE-2024-39930",
+    "GHSA-p69r-v3h4-rj4f"
   ],
-  "summary": "CVE-2024-39930 in github.com/gogs/gogs",
-  "details": "CVE-2024-39930 in github.com/gogs/gogs",
+  "summary": "github.com/gogs/gogs affected by CVE-2024-39930",
+  "details": "github.com/gogs/gogs affected by CVE-2024-39930",
   "affected": [
     {
       "package": {
@@ -28,6 +29,10 @@
     }
   ],
   "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-p69r-v3h4-rj4f"
+    },
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39930"
@@ -38,7 +43,7 @@
     },
     {
       "type": "WEB",
-      "url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/"
+      "url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1"
     }
   ],
   "database_specific": {