Skip to content

Commit

Permalink
data/reports: add 10 unreviewed reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-3355.yaml
  - data/reports/GO-2024-3356.yaml
  - data/reports/GO-2024-3357.yaml
  - data/reports/GO-2024-3358.yaml
  - data/reports/GO-2024-3359.yaml
  - data/reports/GO-2024-3360.yaml
  - data/reports/GO-2025-3361.yaml
  - data/reports/GO-2025-3362.yaml
  - data/reports/GO-2025-3363.yaml
  - data/reports/GO-2025-3364.yaml

Fixes #3355
Fixes #3356
Fixes #3357
Fixes #3358
Fixes #3359
Fixes #3360
Fixes #3361
Fixes #3362
Fixes #3363
Fixes #3364

Change-Id: Iac7e4b46ef09ae6a2274d806baa2e47eeb08523b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/640916
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Jan 7, 2025
1 parent 728aa21 commit 4ab2b0a
Show file tree
Hide file tree
Showing 20 changed files with 798 additions and 0 deletions.
60 changes: 60 additions & 0 deletions data/osv/GO-2024-3355.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3355",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-54148",
"GHSA-r7j8-5h9c-f6fx"
],
"summary": "Remote Command Execution in file editing in gogs in gogs.io/gogs",
"details": "Remote Command Execution in file editing in gogs in gogs.io/gogs",
"affected": [
{
"package": {
"name": "gogs.io/gogs",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.13.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54148"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/commit/c94baec9ca923f38c19f0c7c5af722b9ec04022a"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/issues/7582"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/pull/7857"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3355",
"review_status": "UNREVIEWED"
}
}
60 changes: 60 additions & 0 deletions data/osv/GO-2024-3356.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3356",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-55947",
"GHSA-qf5v-rp47-55gg"
],
"summary": "Path Traversal in file update API in gogs in gogs.io/gogs",
"details": "Path Traversal in file update API in gogs in gogs.io/gogs",
"affected": [
{
"package": {
"name": "gogs.io/gogs",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.13.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55gg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55947"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/commit/9a9388ace25bd646f5098cb9193d983332c34e41"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/issues/7582"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/pull/7859"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3356",
"review_status": "UNREVIEWED"
}
}
60 changes: 60 additions & 0 deletions data/osv/GO-2024-3357.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3357",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-56362",
"GHSA-xwx7-p63r-2rj8"
],
"summary": "Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome",
"details": "Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome",
"affected": [
{
"package": {
"name": "github.com/navidrome/navidrome",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.54.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-xwx7-p63r-2rj8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56362"
},
{
"type": "FIX",
"url": "https://github.com/navidrome/navidrome/commit/7f030b0859653593fd2ac0df69f4a313f9caf9ff"
},
{
"type": "FIX",
"url": "https://github.com/navidrome/navidrome/commit/9cbdb20a318a49daf95888b1fd207d4d729b55f1"
},
{
"type": "WEB",
"url": "https://github.com/navidrome/navidrome/releases/tag/v0.54.1"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3357",
"review_status": "UNREVIEWED"
}
}
77 changes: 77 additions & 0 deletions data/osv/GO-2024-3358.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3358",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-45387",
"GHSA-vq94-9pfv-ccqr"
],
"summary": "SQL injection in Apache Traffic Control in github.com/apache/trafficcontrol",
"details": "SQL injection in Apache Traffic Control in github.com/apache/trafficcontrol",
"affected": [
{
"package": {
"name": "github.com/apache/trafficcontrol",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/apache/trafficcontrol/v8",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vq94-9pfv-ccqr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45387"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/12/23/3"
},
{
"type": "WEB",
"url": "https://github.com/apache/trafficcontrol/releases/tag/v8.0.2"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3358",
"review_status": "UNREVIEWED"
}
}
53 changes: 53 additions & 0 deletions data/osv/GO-2024-3359.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3359",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-28892",
"GHSA-5qww-56gc-f66c"
],
"summary": "GoCast OS Command Injection vulnerability in github.com/mayuresh82/gocast",
"details": "GoCast OS Command Injection vulnerability in github.com/mayuresh82/gocast",
"affected": [
{
"package": {
"name": "github.com/mayuresh82/gocast",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5qww-56gc-f66c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28892"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1960"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1960"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3359",
"review_status": "UNREVIEWED"
}
}
57 changes: 57 additions & 0 deletions data/osv/GO-2024-3360.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3360",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-25133",
"GHSA-wgqq-9qh8-wvqv"
],
"summary": "OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation in github.com/openshift/hive",
"details": "OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation in github.com/openshift/hive",
"affected": [
{
"package": {
"name": "github.com/openshift/hive",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-wgqq-9qh8-wvqv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25133"
},
{
"type": "FIX",
"url": "https://github.com/openshift/hive/commit/5ba846620f9dbf49301dabb0d40cc980aabef4e0"
},
{
"type": "FIX",
"url": "https://github.com/openshift/hive/pull/2306"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260372"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3360",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit 4ab2b0a

Please sign in to comment.