Skip to content

Commit

Permalink
data/reports: add 21 unreviewed reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-3081.yaml
  - data/reports/GO-2024-3082.yaml
  - data/reports/GO-2024-3083.yaml
  - data/reports/GO-2024-3085.yaml
  - data/reports/GO-2024-3086.yaml
  - data/reports/GO-2024-3087.yaml
  - data/reports/GO-2024-3088.yaml
  - data/reports/GO-2024-3089.yaml
  - data/reports/GO-2024-3090.yaml
  - data/reports/GO-2024-3091.yaml
  - data/reports/GO-2024-3092.yaml
  - data/reports/GO-2024-3093.yaml
  - data/reports/GO-2024-3094.yaml
  - data/reports/GO-2024-3095.yaml
  - data/reports/GO-2024-3096.yaml
  - data/reports/GO-2024-3097.yaml
  - data/reports/GO-2024-3099.yaml
  - data/reports/GO-2024-3100.yaml
  - data/reports/GO-2024-3102.yaml
  - data/reports/GO-2024-3103.yaml
  - data/reports/GO-2024-3104.yaml

Fixes #3081
Fixes #3082
Fixes #3083
Fixes #3085
Fixes #3086
Fixes #3087
Fixes #3088
Fixes #3089
Fixes #3090
Fixes #3091
Fixes #3092
Fixes #3093
Fixes #3094
Fixes #3095
Fixes #3096
Fixes #3097
Fixes #3099
Fixes #3100
Fixes #3102
Fixes #3103
Fixes #3104

Change-Id: If55f3ff19b07f49b6477d5c0d3eb5f5b6f3adbd0
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/609141
Auto-Submit: Tatiana Bradley <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Aug 30, 2024
1 parent ed618e2 commit fe86cd7
Show file tree
Hide file tree
Showing 42 changed files with 2,260 additions and 0 deletions.
51 changes: 51 additions & 0 deletions data/osv/GO-2024-3081.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3081",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-fpgj-cr28-fvpx"
],
"summary": "CWA-2024-006: wasmd non-deterministic module_query_safe query in github.com/CosmWasm/wasmd",
"details": "CWA-2024-006: wasmd non-deterministic module_query_safe query in github.com/CosmWasm/wasmd",
"affected": [
{
"package": {
"name": "github.com/CosmWasm/wasmd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.52.0"
},
{
"fixed": "0.53.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/CosmWasm/wasmd/security/advisories/GHSA-fpgj-cr28-fvpx"
},
{
"type": "FIX",
"url": "https://github.com/CosmWasm/wasmd/commit/db8981db8419fc4daa042ce04e279efb53c4ff29"
},
{
"type": "WEB",
"url": "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-006.md"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3081",
"review_status": "UNREVIEWED"
}
}
61 changes: 61 additions & 0 deletions data/osv/GO-2024-3082.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3082",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-g8w7-7vgg-x7xg"
],
"summary": "CWA-2024-005: Stackoverflow in wasmd in github.com/CosmWasm/wasmd",
"details": "CWA-2024-005: Stackoverflow in wasmd in github.com/CosmWasm/wasmd",
"affected": [
{
"package": {
"name": "github.com/CosmWasm/wasmd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.46.0"
},
{
"introduced": "0.50.0"
},
{
"fixed": "0.53.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/CosmWasm/wasmd/security/advisories/GHSA-g8w7-7vgg-x7xg"
},
{
"type": "FIX",
"url": "https://github.com/CosmWasm/wasmd/commit/71cf6a8145426b82ed6249ecc86ddd281af9f97b"
},
{
"type": "FIX",
"url": "https://github.com/CosmWasm/wasmd/commit/db8981db8419fc4daa042ce04e279efb53c4ff29"
},
{
"type": "WEB",
"url": "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-005.md"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3082",
"review_status": "UNREVIEWED"
}
}
53 changes: 53 additions & 0 deletions data/osv/GO-2024-3083.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3083",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-6508",
"GHSA-4crf-28c7-v4gr"
],
"summary": "Openshift Console insufficient entropy vulnerability in github.com/openshift/console",
"details": "Openshift Console insufficient entropy vulnerability in github.com/openshift/console",
"affected": [
{
"package": {
"name": "github.com/openshift/console",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-4crf-28c7-v4gr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6508"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-6508"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295777"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3083",
"review_status": "UNREVIEWED"
}
}
73 changes: 73 additions & 0 deletions data/osv/GO-2024-3085.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3085",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-42490",
"GHSA-qxqc-27pr-wgc8"
],
"summary": "GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io",
"details": "GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: goauthentik.io before v2024.4.4, from v2024.6.0-rc1 before v2024.6.4.",
"affected": [
{
"package": {
"name": "goauthentik.io",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "2024.4.4"
},
{
"introduced": "2024.6.0-rc1"
},
{
"fixed": "2024.6.4"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-qxqc-27pr-wgc8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42490"
},
{
"type": "WEB",
"url": "https://github.com/goauthentik/authentik/commit/19318d4c00bb02c4ec3c4f8f15ac2e1dbe8d846c"
},
{
"type": "WEB",
"url": "https://github.com/goauthentik/authentik/commit/359b343f51524342a5ca03828e7c975a1d654b11"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3085",
"review_status": "UNREVIEWED"
}
}
53 changes: 53 additions & 0 deletions data/osv/GO-2024-3086.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3086",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-41658",
"GHSA-gv2p-4mvg-g32h"
],
"summary": "Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) in github.com/casdoor/casdoor",
"details": "Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) in github.com/casdoor/casdoor",
"affected": [
{
"package": {
"name": "github.com/casdoor/casdoor",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-gv2p-4mvg-g32h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41658"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor"
},
{
"type": "WEB",
"url": "https://github.com/casdoor/casdoor/blob/v1.577.0/web/src/QrCodePage.js"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3086",
"review_status": "UNREVIEWED"
}
}
53 changes: 53 additions & 0 deletions data/osv/GO-2024-3087.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3087",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-41657",
"GHSA-mchx-7j67-8mcf"
],
"summary": "Casdoor CORS misconfiguration (GHSL-2024-035) in github.com/casdoor/casdoor",
"details": "Casdoor CORS misconfiguration (GHSL-2024-035) in github.com/casdoor/casdoor",
"affected": [
{
"package": {
"name": "github.com/casdoor/casdoor",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-mchx-7j67-8mcf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41657"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor"
},
{
"type": "WEB",
"url": "https://github.com/casdoor/casdoor/blob/v1.577.0/routers/cors_filter.go#L45"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3087",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit fe86cd7

Please sign in to comment.