Skip to content

Commit

Permalink
data/reports: add 51 unreviewed reports
Browse files Browse the repository at this point in the history 
Add 51 completely auto-generated reports.

  - data/reports/GO-2024-2647.yaml
  - data/reports/GO-2024-2728.yaml
  - data/reports/GO-2024-2568.yaml
  - data/reports/GO-2024-2569.yaml
  - data/reports/GO-2024-2597.yaml
  - data/reports/GO-2024-2756.yaml
  - data/reports/GO-2024-2765.yaml
  - data/reports/GO-2024-2853.yaml
  - data/reports/GO-2024-2860.yaml
  - data/reports/GO-2024-2785.yaml
  - data/reports/GO-2024-2579.yaml
  - data/reports/GO-2024-2747.yaml
  - data/reports/GO-2024-2645.yaml
  - data/reports/GO-2024-2723.yaml
  - data/reports/GO-2024-2690.yaml
  - data/reports/GO-2024-2766.yaml
  - data/reports/GO-2024-2863.yaml
  - data/reports/GO-2024-2641.yaml
  - data/reports/GO-2024-2754.yaml
  - data/reports/GO-2024-2846.yaml
  - data/reports/GO-2024-2580.yaml
  - data/reports/GO-2024-2791.yaml
  - data/reports/GO-2024-2859.yaml
  - data/reports/GO-2024-2752.yaml
  - data/reports/GO-2024-2779.yaml
  - data/reports/GO-2024-2636.yaml
  - data/reports/GO-2024-2675.yaml
  - data/reports/GO-2024-2727.yaml
  - data/reports/GO-2024-2689.yaml
  - data/reports/GO-2024-2803.yaml
  - data/reports/GO-2024-2648.yaml
  - data/reports/GO-2024-2792.yaml
  - data/reports/GO-2024-2861.yaml
  - data/reports/GO-2024-2644.yaml
  - data/reports/GO-2024-2741.yaml
  - data/reports/GO-2024-2692.yaml
  - data/reports/GO-2024-2575.yaml
  - data/reports/GO-2024-2729.yaml
  - data/reports/GO-2024-2757.yaml
  - data/reports/GO-2024-2649.yaml
  - data/reports/GO-2024-2763.yaml
  - data/reports/GO-2024-2703.yaml
  - data/reports/GO-2024-2716.yaml
  - data/reports/GO-2024-2642.yaml
  - data/reports/GO-2024-2704.yaml
  - data/reports/GO-2024-2578.yaml
  - data/reports/GO-2024-2814.yaml
  - data/reports/GO-2024-2581.yaml
  - data/reports/GO-2024-2836.yaml
  - data/reports/GO-2024-2701.yaml
  - data/reports/GO-2024-2746.yaml

Fixes #2647
Fixes #2728
Fixes #2568
Fixes #2569
Fixes #2597
Fixes #2756
Fixes #2765
Fixes #2853
Fixes #2860
Fixes #2785
Fixes #2579
Fixes #2747
Fixes #2645
Fixes #2723
Fixes #2690
Fixes #2766
Fixes #2863
Fixes #2641
Fixes #2754
Fixes #2846
Fixes #2580
Fixes #2791
Fixes #2859
Fixes #2752
Fixes #2779
Fixes #2636
Fixes #2675
Fixes #2727
Fixes #2689
Fixes #2803
Fixes #2648
Fixes #2792
Fixes #2861
Fixes #2644
Fixes #2741
Fixes #2692
Fixes #2575
Fixes #2729
Fixes #2757
Fixes #2649
Fixes #2763
Fixes #2703
Fixes #2716
Fixes #2642
Fixes #2704
Fixes #2578
Fixes #2814
Fixes #2581
Fixes #2836
Fixes #2701
Fixes #2746

Change-Id: I0a5da056b5ccdc1125855a24e7fd6228a2f6d326
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/590039
Commit-Queue: Tatiana Bradley <tatianabradley@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Jun 4, 2024
1 parent c3c93c0 commit 96f0f48
Show file tree
Hide file tree
Showing 102 changed files with 4,139 additions and 0 deletions.
56 changes: 56 additions & 0 deletions data/osv/GO-2024-2568.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2568",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-25630",
"GHSA-7496-fgv9-xw82"
],
"summary": "Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium",
"details": "Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium",
"affected": [
{
"package": {
"name": "github.com/cilium/cilium",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.7"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-7496-fgv9-xw82"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25630"
},
{
"type": "WEB",
"url": "https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/releases/tag/v1.14.7"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2568",
"review_status": "UNREVIEWED"
}
}
60 changes: 60 additions & 0 deletions data/osv/GO-2024-2569.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2569",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-25631",
"GHSA-x989-52fc-4vr4"
],
"summary": "Unencrypted traffic between pods when using Wireguard and an external kvstore in github.com/cilium/cilium",
"details": "Unencrypted traffic between pods when using Wireguard and an external kvstore in github.com/cilium/cilium",
"affected": [
{
"package": {
"name": "github.com/cilium/cilium",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.7"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25631"
},
{
"type": "WEB",
"url": "https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore"
},
{
"type": "WEB",
"url": "https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/releases/tag/v1.14.7"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2569",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2024-2575.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2575",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-26147",
"GHSA-r53h-jv2g-vpx6"
],
"summary": "Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3",
"details": "Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3",
"affected": [
{
"package": {
"name": "helm.sh/helm/v3",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "3.14.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147"
},
{
"type": "WEB",
"url": "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2575",
"review_status": "UNREVIEWED"
}
}
56 changes: 56 additions & 0 deletions data/osv/GO-2024-2578.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2578",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-23349",
"GHSA-8pf2-qj4v-fj64"
],
"summary": "Apache Answer Cross-site Scripting vulnerability in github.com/apache/incubator-answer",
"details": "Apache Answer Cross-site Scripting vulnerability in github.com/apache/incubator-answer",
"affected": [
{
"package": {
"name": "github.com/apache/incubator-answer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.5"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-8pf2-qj4v-fj64"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23349"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/22/2"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2578",
"review_status": "UNREVIEWED"
}
}
56 changes: 56 additions & 0 deletions data/osv/GO-2024-2579.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2579",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-22393",
"GHSA-rmqp-mvv2-54c6"
],
"summary": "Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability in github.com/apache/incubator-answer",
"details": "Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability in github.com/apache/incubator-answer",
"affected": [
{
"package": {
"name": "github.com/apache/incubator-answer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.5"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rmqp-mvv2-54c6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22393"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/22/1"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2579",
"review_status": "UNREVIEWED"
}
}
56 changes: 56 additions & 0 deletions data/osv/GO-2024-2580.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2580",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-26578",
"GHSA-9q24-hwmc-797x"
],
"summary": "Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer",
"details": "Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer",
"affected": [
{
"package": {
"name": "github.com/apache/incubator-answer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.5"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9q24-hwmc-797x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26578"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/22/3"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2580",
"review_status": "UNREVIEWED"
}
}
47 changes: 47 additions & 0 deletions data/osv/GO-2024-2581.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2581",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-fvv5-h29g-f6w5"
],
"summary": "User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs",
"details": "User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs",
"affected": [
{
"package": {
"name": "github.com/treeverse/lakefs",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.90.0"
},
{
"fixed": "1.12.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/treeverse/lakeFS/security/advisories/GHSA-fvv5-h29g-f6w5"
},
{
"type": "WEB",
"url": "https://github.com/treeverse/lakeFS/commit/56556ee5406fc5425b9302cd08a8d412635fdcd7"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2581",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit 96f0f48

Please sign in to comment.