Skip to content

Commit

Permalink
data/reports: add 16 unreviewed reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-3207.yaml
  - data/reports/GO-2024-3208.yaml
  - data/reports/GO-2024-3210.yaml
  - data/reports/GO-2024-3211.yaml
  - data/reports/GO-2024-3212.yaml
  - data/reports/GO-2024-3213.yaml
  - data/reports/GO-2024-3214.yaml
  - data/reports/GO-2024-3215.yaml
  - data/reports/GO-2024-3216.yaml
  - data/reports/GO-2024-3217.yaml
  - data/reports/GO-2024-3219.yaml
  - data/reports/GO-2024-3220.yaml
  - data/reports/GO-2024-3221.yaml
  - data/reports/GO-2024-3222.yaml
  - data/reports/GO-2024-3223.yaml
  - data/reports/GO-2024-3224.yaml

Fixes #3207
Fixes #3208
Fixes #3210
Fixes #3211
Fixes #3212
Fixes #3213
Fixes #3214
Fixes #3215
Fixes #3216
Fixes #3217
Fixes #3219
Fixes #3220
Fixes #3221
Fixes #3222
Fixes #3223
Fixes #3224

Change-Id: I194a8c99c011c5855a50ecd5069b628a1d36746a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/622835
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Oct 28, 2024
1 parent f0a1e14 commit 2b20095
Show file tree
Hide file tree
Showing 32 changed files with 1,460 additions and 0 deletions.
47 changes: 47 additions & 0 deletions data/osv/GO-2024-3207.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3207",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-p5wf-cmr4-xrwr"
],
"summary": "Permissive Regular Expression in tacquito in github.com/facebookincubator/tacquito",
"details": "Permissive Regular Expression in tacquito in github.com/facebookincubator/tacquito",
"affected": [
{
"package": {
"name": "github.com/facebookincubator/tacquito",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20241011192817-07b49d1358e6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/facebookincubator/tacquito/security/advisories/GHSA-p5wf-cmr4-xrwr"
},
{
"type": "FIX",
"url": "https://github.com/facebookincubator/tacquito/commit/07b49d1358e6ec0b5aa482fcd284f509191119e2"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3207",
"review_status": "UNREVIEWED"
}
}
62 changes: 62 additions & 0 deletions data/osv/GO-2024-3208.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3208",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-47825",
"GHSA-3wwx-63fv-pfq6"
],
"summary": "Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium",
"details": "Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium",
"affected": [
{
"package": {
"name": "github.com/cilium/cilium",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.16"
},
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.10"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-3wwx-63fv-pfq6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47825"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/commit/02d28d9ac9afcaddd301fae6fb4d6cda8c2d0c45"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/commit/9c01afb5646af3f0c696421a410dc66c513b6524"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3208",
"review_status": "UNREVIEWED"
}
}
48 changes: 48 additions & 0 deletions data/osv/GO-2024-3210.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3210",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-8901"
],
"summary": "Lack of JWT issuer and signer validation in github.com/awslabs/aws-alb-route-directive-adapter-for-istio",
"details": "Lack of JWT issuer and signer validation in github.com/awslabs/aws-alb-route-directive-adapter-for-istio",
"affected": [
{
"package": {
"name": "github.com/awslabs/aws-alb-route-directive-adapter-for-istio",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2024-011/"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8901"
},
{
"type": "WEB",
"url": "https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/security/advisories/GHSA-789x-wph8-m68r"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3210",
"review_status": "UNREVIEWED"
}
}
57 changes: 57 additions & 0 deletions data/osv/GO-2024-3211.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3211",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-50312"
],
"summary": "Graphql: information disclosure via graphql introspection in openshift in github.com/openshift/console",
"details": "Graphql: information disclosure via graphql introspection in openshift in github.com/openshift/console",
"affected": [
{
"package": {
"name": "github.com/openshift/console",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50312"
},
{
"type": "FIX",
"url": "https://github.com/openshift/console/pull/14409/files"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319378"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-50312"
}
],
"credits": [
{
"name": "Red Hat would like to thank Maksymilian Kubiak (AFINE), Paweł Zdunek (AFINE), and Sławomir Zakrzewski (AFINE) for reporting this issue."
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3211",
"review_status": "UNREVIEWED"
}
}
66 changes: 66 additions & 0 deletions data/osv/GO-2024-3212.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3212",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-rjfv-pjvx-mjgv"
],
"summary": "AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller",
"details": "AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: sigs.k8s.io/aws-load-balancer-controller from v2.0.0 before v2.8.2.",
"affected": [
{
"package": {
"name": "sigs.k8s.io/aws-load-balancer-controller",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.8.2"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/kubernetes-sigs/aws-load-balancer-controller/security/advisories/GHSA-rjfv-pjvx-mjgv"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/vulnerability-reporting"
},
{
"type": "WEB",
"url": "https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/configurations/#waf-addons"
},
{
"type": "WEB",
"url": "https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#addons"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3212",
"review_status": "UNREVIEWED"
}
}
55 changes: 55 additions & 0 deletions data/osv/GO-2024-3213.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3213",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-49380"
],
"summary": "Plenti arbitrary file write vulnerability in github.com/plentico/plenti",
"details": "Plenti arbitrary file write vulnerability in github.com/plentico/plenti",
"affected": [
{
"package": {
"name": "github.com/plentico/plenti",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49380"
},
{
"type": "WEB",
"url": "https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205"
},
{
"type": "WEB",
"url": "https://github.com/plentico/plenti/releases/tag/v0.7.2"
},
{
"type": "WEB",
"url": "https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3213",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit 2b20095

Please sign in to comment.