Skip to content

Commit

Permalink
data/reports: add 6 reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-3184.yaml
  - data/reports/GO-2024-3185.yaml
  - data/reports/GO-2024-3186.yaml
  - data/reports/GO-2024-3188.yaml
  - data/reports/GO-2024-3190.yaml
  - data/reports/GO-2024-3191.yaml

Fixes #3184
Fixes #3185
Fixes #3186
Fixes #3188
Fixes #3190
Fixes #3191

Change-Id: I5f0ad208f0a7e8bebe71f9b15ff38ebc852b783e
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/619696
Auto-Submit: Maceo Thompson <maceothompson@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
  • Loading branch information
@gopherbot
Maceo Thompson authored and gopherbot committed Oct 11, 2024
1 parent 414fc8f commit 4b21264
Show file tree
Hide file tree
Showing 12 changed files with 468 additions and 0 deletions.
68 changes: 68 additions & 0 deletions data/osv/GO-2024-3184.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3184",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-36814",
"GHSA-9cp9-8gw2-8v7m"
],
"summary": "Adguard Home arbitrary file read vulnerability in github.com/AdguardTeam/AdGuardHome",
"details": "Adguard Home arbitrary file read vulnerability in github.com/AdguardTeam/AdGuardHome",
"affected": [
{
"package": {
"name": "github.com/AdguardTeam/AdGuardHome",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.107.53"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9cp9-8gw2-8v7m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36814"
},
{
"type": "FIX",
"url": "https://github.com/AdguardTeam/AdGuardHome/commit/e8fd4b187287a562cbe9018999e5ea576b4c7d68"
},
{
"type": "WEB",
"url": "https://github.com/AdguardTeam/AdGuardHome/blob/7c002e1a99b9b4e4a40e8c66851eda33e666d52d/internal/filtering/http.go#L23C1-L51C2"
},
{
"type": "WEB",
"url": "https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.53"
},
{
"type": "WEB",
"url": "https://github.com/itz-d0dgy"
},
{
"type": "WEB",
"url": "https://happy-little-accidents.pages.dev/posts/CVE-2024-36814"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3184",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2024-3185.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3185",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-47832"
],
"summary": "XML Signature Bypass via differential XML parsing in ssoready in github.com/ssoready/ssoready",
"details": "XML Signature Bypass via differential XML parsing in ssoready in github.com/ssoready/ssoready",
"affected": [
{
"package": {
"name": "github.com/ssoready/ssoready",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47832"
},
{
"type": "FIX",
"url": "https://github.com/ssoready/ssoready/commit/7f92a0630439972fcbefa8c7eafe8c144bd89915"
},
{
"type": "WEB",
"url": "https://github.com/ssoready/ssoready/security/advisories/GHSA-j2hr-q93x-gxvh"
},
{
"type": "WEB",
"url": "https://ssoready.com/docs/self-hosting/self-hosting-sso-ready"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3185",
"review_status": "UNREVIEWED"
}
}
53 changes: 53 additions & 0 deletions data/osv/GO-2024-3186.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3186",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-9675",
"GHSA-586p-749j-fhwp"
],
"summary": "Buildah allows arbitrary directory mount in github.com/containers/buildah",
"details": "Buildah allows arbitrary directory mount in github.com/containers/buildah",
"affected": [
{
"package": {
"name": "github.com/containers/buildah",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-586p-749j-fhwp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9675"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-9675"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317458"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3186",
"review_status": "UNREVIEWED"
}
}
49 changes: 49 additions & 0 deletions data/osv/GO-2024-3188.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3188",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-9312",
"GHSA-4gfw-wf7c-w6g2"
],
"summary": "Authd allows attacker-controlled usernames to yield controllable UIDs in github.com/ubuntu/authd",
"details": "Authd allows attacker-controlled usernames to yield controllable UIDs in github.com/ubuntu/authd",
"affected": [
{
"package": {
"name": "github.com/ubuntu/authd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9312"
},
{
"type": "ADVISORY",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9312"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3188",
"review_status": "UNREVIEWED"
}
}
73 changes: 73 additions & 0 deletions data/osv/GO-2024-3190.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3190",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-47067",
"GHSA-8pph-gfhp-w226"
],
"summary": "Alist reflected Cross-Site Scripting vulnerability in github.com/alist-org/alist",
"details": "Alist reflected Cross-Site Scripting vulnerability in github.com/alist-org/alist",
"affected": [
{
"package": {
"name": "github.com/alist-org/alist",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/alist-org/alist/v3",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "3.29.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-8pph-gfhp-w226"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47067"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2023-220_Alist"
},
{
"type": "FIX",
"url": "https://github.com/alist-org/alist/commit/6100647310594868e931f3de1188ddd8bde93b78"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3190",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2024-3191.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3191",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-9180",
"GHSA-rr8j-7w34-xp5j"
],
"summary": "Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault",
"details": "Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault",
"affected": [
{
"package": {
"name": "github.com/hashicorp/vault",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rr8j-7w34-xp5j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9180"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3191",
"review_status": "UNREVIEWED"
}
}
23 changes: 23 additions & 0 deletions data/reports/GO-2024-3184.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
id: GO-2024-3184
modules:
- module: github.com/AdguardTeam/AdGuardHome
versions:
- fixed: 0.107.53
vulnerable_at: 0.107.52
summary: Adguard Home arbitrary file read vulnerability in github.com/AdguardTeam/AdGuardHome
cves:
- CVE-2024-36814
ghsas:
- GHSA-9cp9-8gw2-8v7m
references:
- advisory: https://github.com/advisories/GHSA-9cp9-8gw2-8v7m
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-36814
- fix: https://github.com/AdguardTeam/AdGuardHome/commit/e8fd4b187287a562cbe9018999e5ea576b4c7d68
- web: https://github.com/AdguardTeam/AdGuardHome/blob/7c002e1a99b9b4e4a40e8c66851eda33e666d52d/internal/filtering/http.go#L23C1-L51C2
- web: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.53
- web: https://github.com/itz-d0dgy
- web: https://happy-little-accidents.pages.dev/posts/CVE-2024-36814
source:
id: GHSA-9cp9-8gw2-8v7m
created: 2024-10-11T10:16:23.951474-04:00
review_status: UNREVIEWED
Loading

0 comments on commit 4b21264

Please sign in to comment.