data/reports: unexclude 20 reports (28)

- data/reports/GO-2022-0985.yaml - data/reports/GO-2022-0986.yaml - data/reports/GO-2022-0987.yaml - data/reports/GO-2022-0989.yaml - data/reports/GO-2022-0995.yaml - data/reports/GO-2022-1000.yaml - data/reports/GO-2022-1006.yaml - data/reports/GO-2022-1014.yaml - data/reports/GO-2022-1015.yaml - data/reports/GO-2022-1019.yaml - data/reports/GO-2022-1021.yaml - data/reports/GO-2022-1023.yaml - data/reports/GO-2022-1029.yaml - data/reports/GO-2022-1032.yaml - data/reports/GO-2022-1033.yaml - data/reports/GO-2022-1060.yaml - data/reports/GO-2022-1062.yaml - data/reports/GO-2022-1065.yaml - data/reports/GO-2022-1066.yaml - data/reports/GO-2022-1067.yaml Updates #985 Updates #986 Updates #987 Updates #989 Updates #995 Updates #1000 Updates #1006 Updates #1014 Updates #1015 Updates #1019 Updates #1021 Updates #1023 Updates #1029 Updates #1032 Updates #1033 Updates #1060 Updates #1062 Updates #1065 Updates #1066 Updates #1067 Change-Id: I27b6f79e1898a13040a758a71348464c5e7c72a9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607230 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Commit-Queue: Tatiana Bradley <tatianabradley@google.com>
golang · Aug 21, 2024 · 004e616 · 004e616
1 parent bcdceff
commit 004e616
Show file tree

Hide file tree

Showing 60 changed files with 1,660 additions and 175 deletions.
diff --git a/data/excluded/GO-2022-0985.yaml b/data/excluded/GO-2022-0985.yaml
diff --git a/data/excluded/GO-2022-0986.yaml b/data/excluded/GO-2022-0986.yaml
diff --git a/data/excluded/GO-2022-0987.yaml b/data/excluded/GO-2022-0987.yaml
diff --git a/data/excluded/GO-2022-0989.yaml b/data/excluded/GO-2022-0989.yaml
diff --git a/data/excluded/GO-2022-0995.yaml b/data/excluded/GO-2022-0995.yaml
diff --git a/data/excluded/GO-2022-1000.yaml b/data/excluded/GO-2022-1000.yaml
diff --git a/data/excluded/GO-2022-1006.yaml b/data/excluded/GO-2022-1006.yaml
diff --git a/data/excluded/GO-2022-1014.yaml b/data/excluded/GO-2022-1014.yaml
diff --git a/data/excluded/GO-2022-1015.yaml b/data/excluded/GO-2022-1015.yaml
diff --git a/data/excluded/GO-2022-1019.yaml b/data/excluded/GO-2022-1019.yaml
diff --git a/data/excluded/GO-2022-1021.yaml b/data/excluded/GO-2022-1021.yaml
diff --git a/data/excluded/GO-2022-1023.yaml b/data/excluded/GO-2022-1023.yaml
diff --git a/data/excluded/GO-2022-1029.yaml b/data/excluded/GO-2022-1029.yaml
diff --git a/data/excluded/GO-2022-1032.yaml b/data/excluded/GO-2022-1032.yaml
diff --git a/data/excluded/GO-2022-1033.yaml b/data/excluded/GO-2022-1033.yaml
diff --git a/data/excluded/GO-2022-1060.yaml b/data/excluded/GO-2022-1060.yaml
diff --git a/data/excluded/GO-2022-1062.yaml b/data/excluded/GO-2022-1062.yaml
diff --git a/data/excluded/GO-2022-1065.yaml b/data/excluded/GO-2022-1065.yaml
diff --git a/data/excluded/GO-2022-1066.yaml b/data/excluded/GO-2022-1066.yaml
diff --git a/data/excluded/GO-2022-1067.yaml b/data/excluded/GO-2022-1067.yaml
diff --git a/data/osv/GO-2022-0985.json b/data/osv/GO-2022-0985.json
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0985",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-36109",
+    "GHSA-rc4r-wh2q-q6c4"
+  ],
+  "summary": "Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions in github.com/docker/docker",
+  "details": "Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions in github.com/docker/docker",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/docker/docker",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "20.10.18+incompatible"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36109"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/moby/moby/releases/tag/v20.10.18"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0985",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2022-0986.json b/data/osv/GO-2022-0986.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0986",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-36110",
+    "GHSA-ggf6-638m-vqmg"
+  ],
+  "summary": "Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker",
+  "details": "Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/gravitl/netmaker",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.15.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-ggf6-638m-vqmg"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36110"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/gravitl/netmaker/releases/tag/v0.15.1"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0986",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2022-0987.json b/data/osv/GO-2022-0987.json
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0987",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-25295",
+    "GHSA-hvw3-p9px-gpc9"
+  ],
+  "summary": "Gophish before 0.12.0 vulnerable to Open Redirect in github.com/gophish/gophish",
+  "details": "Gophish before 0.12.0 vulnerable to Open Redirect in github.com/gophish/gophish",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/gophish/gophish",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.12.0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-hvw3-p9px-gpc9"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25295"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/gophish/gophish/commit/2a452bda89ffdb85f929fa78290bce1f456881dc"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/gophish/gophish/pull/2262"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/gophish/gophish/releases/tag/v0.12.0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0987",
+    "review_status": "UNREVIEWED"
+  }
+}