data/reports: unexclude 3 reports (32)

  - data/reports/GO-2022-1263.yaml
  - data/reports/GO-2022-1264.yaml
  - data/reports/GO-2022-1266.yaml

Updates #1263
Updates #1264
Updates #1266

Change-Id: Ie46f3a72ff97ef701ba420b2e58954ec7fbf2977
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607234
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Commit-Queue: Tatiana Bradley <tatianabradley@google.com>

data/osv/GO-2022-1263.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-1263",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-4810",
+    "GHSA-qf9q-3wwx-8qjv"
+  ],
+  "summary": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos",
+  "details": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/usememos/memos",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.9.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-qf9q-3wwx-8qjv"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4810"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-1263",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2022-1264.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-1264",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-4847",
+    "GHSA-r7hg-2cpp-8wqq"
+  ],
+  "summary": "usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos",
+  "details": "usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/usememos/memos",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.9.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-r7hg-2cpp-8wqq"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4847"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-1264",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2022-1266.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-1266",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-4848",
+    "GHSA-vh43-cc6x-prpr"
+  ],
+  "summary": "usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos",
+  "details": "usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/usememos/memos",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.9.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-vh43-cc6x-prpr"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4848"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-1266",
+    "review_status": "UNREVIEWED"
+  }
+}

data/reports/GO-2022-1263.yaml

@@ -0,0 +1,21 @@
+id: GO-2022-1263
+modules:
+    - module: github.com/usememos/memos
+      versions:
+        - fixed: 0.9.1
+      vulnerable_at: 0.9.0
+summary: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
+cves:
+    - CVE-2022-4810
+ghsas:
+    - GHSA-qf9q-3wwx-8qjv
+references:
+    - advisory: https://github.com/advisories/GHSA-qf9q-3wwx-8qjv
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4810
+    - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
+    - web: https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e
+source:
+    id: GHSA-qf9q-3wwx-8qjv
+    created: 2024-08-20T14:56:23.524956-04:00
+review_status: UNREVIEWED
+unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2022-1264.yaml

@@ -0,0 +1,21 @@
+id: GO-2022-1264
+modules:
+    - module: github.com/usememos/memos
+      versions:
+        - fixed: 0.9.1
+      vulnerable_at: 0.9.0
+summary: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos
+cves:
+    - CVE-2022-4847
+ghsas:
+    - GHSA-r7hg-2cpp-8wqq
+references:
+    - advisory: https://github.com/advisories/GHSA-r7hg-2cpp-8wqq
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4847
+    - fix: https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948
+    - web: https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73
+source:
+    id: GHSA-r7hg-2cpp-8wqq
+    created: 2024-08-20T14:56:26.859444-04:00
+review_status: UNREVIEWED
+unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2022-1266.yaml

@@ -0,0 +1,23 @@
+id: GO-2022-1266
+modules:
+    - module: github.com/usememos/memos
+      versions:
+        - fixed: 0.9.1
+      vulnerable_at: 0.9.0
+summary: |-
+    usememos/memos vulnerable to Improper Verification of Source of a Communication
+    Channel in github.com/usememos/memos
+cves:
+    - CVE-2022-4848
+ghsas:
+    - GHSA-vh43-cc6x-prpr
+references:
+    - advisory: https://github.com/advisories/GHSA-vh43-cc6x-prpr
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4848
+    - fix: https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948
+    - web: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc
+source:
+    id: GHSA-vh43-cc6x-prpr
+    created: 2024-08-20T14:56:30.374308-04:00
+review_status: UNREVIEWED
+unexcluded: EFFECTIVELY_PRIVATE