-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data/reports: add 7 unreviewed reports
- data/reports/GO-2024-3284.yaml - data/reports/GO-2024-3286.yaml - data/reports/GO-2024-3287.yaml - data/reports/GO-2024-3288.yaml - data/reports/GO-2024-3289.yaml - data/reports/GO-2024-3290.yaml - data/reports/GO-2024-3291.yaml Fixes #3284 Fixes #3286 Fixes #3287 Fixes #3288 Fixes #3289 Fixes #3290 Fixes #3291 Change-Id: I3f9c602c3b0cb612717f991bef1e379b383c19b8 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/632255 Reviewed-by: Zvonimir Pavlinovic <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]>
- Loading branch information
Showing
14 changed files
with
565 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3284", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-37820", | ||
"GHSA-9g6g-xqv5-8g5w" | ||
], | ||
"summary": "PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb", | ||
"details": "PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/pingcap/tidb before v8.2.0.", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/pingcap/tidb", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": { | ||
"custom_ranges": [ | ||
{ | ||
"type": "ECOSYSTEM", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "8.2.0" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-9g6g-xqv5-8g5w" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37820" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/pingcap/tidb/commit/3d68bd21240c610c6307713e2bd54a5e71c32608" | ||
}, | ||
{ | ||
"type": "REPORT", | ||
"url": "https://github.com/pingcap/tidb/issues/53580" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://gist.github.com/ycybfhb/a9c1e14ce281f2f553adca84d384b761" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3284", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3286", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-10220", | ||
"GHSA-27wf-5967-98gx" | ||
], | ||
"summary": "Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes", | ||
"details": "Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "k8s.io/kubernetes", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "1.28.12" | ||
}, | ||
{ | ||
"introduced": "1.29.0" | ||
}, | ||
{ | ||
"fixed": "1.29.7" | ||
}, | ||
{ | ||
"introduced": "1.30.0" | ||
}, | ||
{ | ||
"fixed": "1.30.3" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-27wf-5967-98gx" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10220" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "http://www.openwall.com/lists/oss-security/2024/11/20/1" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/kubernetes/kubernetes/commit/1ab06efe92d8e898ca1931471c9533ce94aba29b" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/kubernetes/kubernetes/issues/128885" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3286", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3287", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-45719", | ||
"GHSA-mr95-vfcf-fx9p" | ||
], | ||
"summary": "Apache Answer: Predictable Authorization Token Using UUIDv1 in github.com/apache/incubator-answer", | ||
"details": "Apache Answer: Predictable Authorization Token Using UUIDv1 in github.com/apache/incubator-answer", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/apache/incubator-answer", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "1.4.1" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-mr95-vfcf-fx9p" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45719" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "http://www.openwall.com/lists/oss-security/2024/11/22/1" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3287", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3288", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"GHSA-7f6p-phw2-8253" | ||
], | ||
"summary": "Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws in github.com/taurusgroup/multi-party-sig", | ||
"details": "Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws in github.com/taurusgroup/multi-party-sig", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/taurusgroup/multi-party-sig", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/taurushq-io/multi-party-sig/security/advisories/GHSA-7f6p-phw2-8253" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://eprint.iacr.org/2018/499.pdf" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/taurushq-io/multi-party-sig/blob/4d84aafb57b437da1b933db9a265fb7ce4e7c138/internal/ot/extended.go#L188" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/taurushq-io/multi-party-sig/blob/9e4400fccee89be6195d0a12dd0ed052288d5040/internal/ot/extended.go#L114" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/taurushq-io/multi-party-sig/tree/otfix" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3288", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3289", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-6538", | ||
"GHSA-v3w7-g6p2-mpx7" | ||
], | ||
"summary": "OpenShift Console Server Side Request Forgery vulnerability in github.com/openshift/console", | ||
"details": "OpenShift Console Server Side Request Forgery vulnerability in github.com/openshift/console", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/openshift/console", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-v3w7-g6p2-mpx7" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6538" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://access.redhat.com/security/cve/CVE-2024-6538" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296057" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3289", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3290", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-52529", | ||
"GHSA-xg58-75qf-9r67" | ||
], | ||
"summary": "Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in github.com/cilium/cilium", | ||
"details": "Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in github.com/cilium/cilium", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/cilium/cilium", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "1.16.0" | ||
}, | ||
{ | ||
"fixed": "1.16.4" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52529" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/cilium/cilium/pull/35150" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3290", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
Oops, something went wrong.