diff --git a/data/excluded/GO-2022-0314.yaml b/data/excluded/GO-2022-0314.yaml deleted file mode 100644 index f2b3f50ba..000000000 --- a/data/excluded/GO-2022-0314.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0314 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/go-gitea/gitea -cves: - - CVE-2021-45329 -ghsas: - - GHSA-r3gq-wxqf-q4gh diff --git a/data/excluded/GO-2022-0315.yaml b/data/excluded/GO-2022-0315.yaml deleted file mode 100644 index b91eae08e..000000000 --- a/data/excluded/GO-2022-0315.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0315 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/go-gitea/gitea -cves: - - CVE-2021-45331 -ghsas: - - GHSA-hfmf-q69j-6m5p diff --git a/data/excluded/GO-2022-0325.yaml b/data/excluded/GO-2022-0325.yaml deleted file mode 100644 index 9c850e1dd..000000000 --- a/data/excluded/GO-2022-0325.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0325 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/traefik/traefik -cves: - - CVE-2022-23632 -ghsas: - - GHSA-hrhx-6h34-j5hc diff --git a/data/excluded/GO-2022-0328.yaml b/data/excluded/GO-2022-0328.yaml deleted file mode 100644 index 08d17cbd8..000000000 --- a/data/excluded/GO-2022-0328.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0328 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/gravitl/netmaker -cves: - - CVE-2022-23650 -ghsas: - - GHSA-86f3-hf24-76q4 diff --git a/data/excluded/GO-2022-0329.yaml b/data/excluded/GO-2022-0329.yaml deleted file mode 100644 index ce21c9da3..000000000 --- a/data/excluded/GO-2022-0329.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0329 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/clastix/capsule-proxy -cves: - - CVE-2022-23652 -ghsas: - - GHSA-9cwv-cppx-mqjm diff --git a/data/excluded/GO-2022-0339.yaml b/data/excluded/GO-2022-0339.yaml deleted file mode 100644 index 22dc892c8..000000000 --- a/data/excluded/GO-2022-0339.yaml +++ /dev/null @@ -1,9 +0,0 @@ -id: GO-2022-0339 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/google/fscrypt -cves: - - CVE-2022-25326 -ghsas: - - GHSA-chxf-fjcf-7fwp - - GHSA-mpq4-rjj8-fjph diff --git a/data/excluded/GO-2022-0340.yaml b/data/excluded/GO-2022-0340.yaml deleted file mode 100644 index 30835e850..000000000 --- a/data/excluded/GO-2022-0340.yaml +++ /dev/null @@ -1,9 +0,0 @@ -id: GO-2022-0340 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/google/fscrypt -cves: - - CVE-2022-25327 -ghsas: - - GHSA-8vwm-8vj8-rqjf - - GHSA-p93v-m2r2-4387 diff --git a/data/excluded/GO-2022-0342.yaml b/data/excluded/GO-2022-0342.yaml deleted file mode 100644 index 3038da93c..000000000 --- a/data/excluded/GO-2022-0342.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0342 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/grafana/grafana -cves: - - CVE-2018-18623 -ghsas: - - GHSA-cmq2-j8v8-2q44 diff --git a/data/excluded/GO-2022-0344.yaml b/data/excluded/GO-2022-0344.yaml deleted file mode 100644 index ff2dccb50..000000000 --- a/data/excluded/GO-2022-0344.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0344 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/containerd/containerd -cves: - - CVE-2022-23648 -ghsas: - - GHSA-crp2-qrr5-8pq7 diff --git a/data/excluded/GO-2022-0348.yaml b/data/excluded/GO-2022-0348.yaml deleted file mode 100644 index eb193ee62..000000000 --- a/data/excluded/GO-2022-0348.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0348 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/tharsis/evmos -cves: - - CVE-2022-24738 -ghsas: - - GHSA-5jgq-x857-p8xw diff --git a/data/excluded/GO-2022-0350.yaml b/data/excluded/GO-2022-0350.yaml deleted file mode 100644 index e641f8d86..000000000 --- a/data/excluded/GO-2022-0350.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0350 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/stripe/stripe-cli -cves: - - CVE-2022-24753 -ghsas: - - GHSA-4cx6-fj7j-pjx9 diff --git a/data/excluded/GO-2022-0351.yaml b/data/excluded/GO-2022-0351.yaml deleted file mode 100644 index 1e24c05c4..000000000 --- a/data/excluded/GO-2022-0351.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0351 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/nats-io/nats-server -cves: - - CVE-2022-26652 -ghsas: - - GHSA-6h3m-36w8-hv68 diff --git a/data/excluded/GO-2022-0353.yaml b/data/excluded/GO-2022-0353.yaml deleted file mode 100644 index ccf046895..000000000 --- a/data/excluded/GO-2022-0353.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0353 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/go-gitea/gitea -cves: - - CVE-2021-29134 -ghsas: - - GHSA-h3q4-vmw4-cpr5 diff --git a/data/excluded/GO-2022-0354.yaml b/data/excluded/GO-2022-0354.yaml deleted file mode 100644 index ff41db5b5..000000000 --- a/data/excluded/GO-2022-0354.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0354 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/cri-o/cri-o -cves: - - CVE-2022-0811 -ghsas: - - GHSA-6x2m-w449-qwx7 diff --git a/data/excluded/GO-2022-0357.yaml b/data/excluded/GO-2022-0357.yaml deleted file mode 100644 index de2ee0b4c..000000000 --- a/data/excluded/GO-2022-0357.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0357 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2022-24730 -ghsas: - - GHSA-r9cr-hvjj-496v diff --git a/data/excluded/GO-2022-0358.yaml b/data/excluded/GO-2022-0358.yaml deleted file mode 100644 index 263367346..000000000 --- a/data/excluded/GO-2022-0358.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0358 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2022-24731 -ghsas: - - GHSA-h6h5-6fmq-rh28 diff --git a/data/excluded/GO-2022-0359.yaml b/data/excluded/GO-2022-0359.yaml deleted file mode 100644 index 492064ec2..000000000 --- a/data/excluded/GO-2022-0359.yaml +++ /dev/null @@ -1,11 +0,0 @@ -id: GO-2022-0359 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2022-24768 -ghsas: - - GHSA-2f5v-8r3f-8pww -related: - - CVE-2022-1025 - - GHSA-96jv-vj39-x4j6 diff --git a/data/excluded/GO-2022-0360.yaml b/data/excluded/GO-2022-0360.yaml deleted file mode 100644 index dc8ec6ddf..000000000 --- a/data/excluded/GO-2022-0360.yaml +++ /dev/null @@ -1,6 +0,0 @@ -id: GO-2022-0360 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/containerd/containerd -ghsas: - - GHSA-5j5w-g665-5m35 diff --git a/data/excluded/GO-2022-0363.yaml b/data/excluded/GO-2022-0363.yaml deleted file mode 100644 index 6dfa85939..000000000 --- a/data/excluded/GO-2022-0363.yaml +++ /dev/null @@ -1,6 +0,0 @@ -id: GO-2022-0363 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/cri-o/cri-o -ghsas: - - GHSA-w2j5-3rcx-vx7x diff --git a/data/excluded/GO-2022-0365.yaml b/data/excluded/GO-2022-0365.yaml deleted file mode 100644 index 2e87e8dfd..000000000 --- a/data/excluded/GO-2022-0365.yaml +++ /dev/null @@ -1,6 +0,0 @@ -id: GO-2022-0365 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/netlify/gotrue -ghsas: - - GHSA-wpfr-6297-9v57 diff --git a/data/osv/GO-2022-0314.json b/data/osv/GO-2022-0314.json new file mode 100644 index 000000000..a729751a2 --- /dev/null +++ b/data/osv/GO-2022-0314.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0314", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-45329", + "GHSA-r3gq-wxqf-q4gh" + ], + "summary": "Cross-site Scripting in Gitea in github.com/go-gitea/gitea", + "details": "Cross-site Scripting in Gitea in github.com/go-gitea/gitea", + "affected": [ + { + "package": { + "name": "github.com/go-gitea/gitea", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.5.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-r3gq-wxqf-q4gh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45329" + }, + { + "type": "FIX", + "url": "https://github.com/go-gitea/gitea/pull/4710" + }, + { + "type": "WEB", + "url": "https://blog.gitea.io/2018/09/gitea-1.5.1-is-released" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0314", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0315.json b/data/osv/GO-2022-0315.json new file mode 100644 index 000000000..3fb5ba5f7 --- /dev/null +++ b/data/osv/GO-2022-0315.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0315", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-45331", + "GHSA-hfmf-q69j-6m5p" + ], + "summary": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea", + "details": "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea", + "affected": [ + { + "package": { + "name": "code.gitea.io/gitea", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.5.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hfmf-q69j-6m5p" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45331" + }, + { + "type": "WEB", + "url": "https://blog.gitea.io/2018/08/gitea-1.5.0-is-released" + }, + { + "type": "WEB", + "url": "https://github.com/go-gitea/gitea/pull/3878" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0315", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0325.json b/data/osv/GO-2022-0325.json new file mode 100644 index 000000000..4f8dfdcca --- /dev/null +++ b/data/osv/GO-2022-0325.json @@ -0,0 +1,77 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0325", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-23632", + "GHSA-hrhx-6h34-j5hc" + ], + "summary": "Skip the router TLS configuration when the host header is an FQDN in github.com/traefik/traefik", + "details": "Skip the router TLS configuration when the host header is an FQDN in github.com/traefik/traefik", + "affected": [ + { + "package": { + "name": "github.com/traefik/traefik", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/traefik/traefik/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.6.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23632" + }, + { + "type": "FIX", + "url": "https://github.com/traefik/traefik/pull/8764" + }, + { + "type": "WEB", + "url": "https://github.com/traefik/traefik/releases/tag/v2.6.1" + }, + { + "type": "WEB", + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0325", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0328.json b/data/osv/GO-2022-0328.json new file mode 100644 index 000000000..1107b10f7 --- /dev/null +++ b/data/osv/GO-2022-0328.json @@ -0,0 +1,66 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0328", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-23650", + "GHSA-86f3-hf24-76q4" + ], + "summary": "Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker", + "details": "Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker", + "affected": [ + { + "package": { + "name": "github.com/gravitl/netmaker", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.8.5" + }, + { + "introduced": "0.9.0" + }, + { + "fixed": "0.9.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-86f3-hf24-76q4" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23650" + }, + { + "type": "FIX", + "url": "https://github.com/gravitl/netmaker/commit/3d4f44ecfe8be4ca38920556ba3b90502ffb4fee" + }, + { + "type": "FIX", + "url": "https://github.com/gravitl/netmaker/commit/e9bce264719f88c30e252ecc754d08f422f4c080" + }, + { + "type": "FIX", + "url": "https://github.com/gravitl/netmaker/pull/781/commits/1bec97c662670dfdab804343fc42ae4b1d050a87" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0328", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0329.json b/data/osv/GO-2022-0329.json new file mode 100644 index 000000000..adf56eb2e --- /dev/null +++ b/data/osv/GO-2022-0329.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0329", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-23652", + "GHSA-9cwv-cppx-mqjm" + ], + "summary": "Improper Authentication in Capsule Proxy in github.com/clastix/capsule-proxy", + "details": "Improper Authentication in Capsule Proxy in github.com/clastix/capsule-proxy", + "affected": [ + { + "package": { + "name": "github.com/clastix/capsule-proxy", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.2.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/clastix/capsule-proxy/security/advisories/GHSA-9cwv-cppx-mqjm" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23652" + }, + { + "type": "FIX", + "url": "https://github.com/clastix/capsule-proxy/commit/efe91f68ebf8a9e3d21491dc57da7b8a746415d8" + }, + { + "type": "REPORT", + "url": "https://github.com/clastix/capsule-proxy/issues/188" + }, + { + "type": "WEB", + "url": "https://github.com/clastix/capsule-proxy" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0329", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0339.json b/data/osv/GO-2022-0339.json new file mode 100644 index 000000000..2a9c07fc4 --- /dev/null +++ b/data/osv/GO-2022-0339.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0339", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-25326", + "GHSA-chxf-fjcf-7fwp", + "GHSA-mpq4-rjj8-fjph" + ], + "summary": "Possible filesystem space exhaustion by local users in github.com/google/fscrypt", + "details": "Possible filesystem space exhaustion by local users in github.com/google/fscrypt", + "affected": [ + { + "package": { + "name": "github.com/google/fscrypt", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.3.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/google/fscrypt/security/advisories/GHSA-chxf-fjcf-7fwp" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0339", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0340.json b/data/osv/GO-2022-0340.json new file mode 100644 index 000000000..95db4e2ec --- /dev/null +++ b/data/osv/GO-2022-0340.json @@ -0,0 +1,57 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0340", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-25327", + "GHSA-8vwm-8vj8-rqjf", + "GHSA-p93v-m2r2-4387" + ], + "summary": "User login denial of service in github.com/google/fscrypt", + "details": "User login denial of service in github.com/google/fscrypt", + "affected": [ + { + "package": { + "name": "github.com/google/fscrypt", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.3.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-8vwm-8vj8-rqjf" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25327" + }, + { + "type": "FIX", + "url": "https://github.com/google/fscrypt/commit/91aa3ebf42032ca783c41f9ec25d885875f66ddb" + }, + { + "type": "FIX", + "url": "https://github.com/google/fscrypt/pull/346" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0340", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0342.json b/data/osv/GO-2022-0342.json new file mode 100644 index 000000000..76d3ecd33 --- /dev/null +++ b/data/osv/GO-2022-0342.json @@ -0,0 +1,72 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0342", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2018-18623", + "GHSA-cmq2-j8v8-2q44" + ], + "summary": "Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana", + "details": "Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana", + "affected": [ + { + "package": { + "name": "github.com/grafana/grafana", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "6.0.0-beta1+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-cmq2-j8v8-2q44" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18623" + }, + { + "type": "FIX", + "url": "https://github.com/grafana/grafana/pull/11813" + }, + { + "type": "FIX", + "url": "https://github.com/grafana/grafana/pull/14984" + }, + { + "type": "REPORT", + "url": "https://github.com/grafana/grafana/issues/15293" + }, + { + "type": "REPORT", + "url": "https://github.com/grafana/grafana/issues/4117" + }, + { + "type": "WEB", + "url": "https://github.com/grafana/grafana/releases/tag/v6.0.0" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20200608-0008" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0342", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0344.json b/data/osv/GO-2022-0344.json new file mode 100644 index 000000000..44ed6fdb6 --- /dev/null +++ b/data/osv/GO-2022-0344.json @@ -0,0 +1,112 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0344", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-23648", + "GHSA-crp2-qrr5-8pq7" + ], + "summary": "containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd", + "details": "containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd", + "affected": [ + { + "package": { + "name": "github.com/containerd/containerd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.13" + }, + { + "introduced": "1.5.0" + }, + { + "fixed": "1.5.10" + }, + { + "introduced": "1.6.0" + }, + { + "fixed": "1.6.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23648" + }, + { + "type": "FIX", + "url": "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html" + }, + { + "type": "WEB", + "url": "https://github.com/containerd/containerd/releases/tag/v1.4.13" + }, + { + "type": "WEB", + "url": "https://github.com/containerd/containerd/releases/tag/v1.5.10" + }, + { + "type": "WEB", + "url": "https://github.com/containerd/containerd/releases/tag/v1.6.1" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO" + }, + { + "type": "WEB", + "url": "https://security.gentoo.org/glsa/202401-31" + }, + { + "type": "WEB", + "url": "https://www.debian.org/security/2022/dsa-5091" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0344", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0348.json b/data/osv/GO-2022-0348.json new file mode 100644 index 000000000..8b454c6fd --- /dev/null +++ b/data/osv/GO-2022-0348.json @@ -0,0 +1,73 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0348", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-24738", + "GHSA-5jgq-x857-p8xw" + ], + "summary": "Account compromise in Evmos in github.com/tharsis/evmos", + "details": "Account compromise in Evmos in github.com/tharsis/evmos", + "affected": [ + { + "package": { + "name": "github.com/tharsis/evmos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/tharsis/evmos/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.0.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/tharsis/evmos/security/advisories/GHSA-5jgq-x857-p8xw" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24738" + }, + { + "type": "FIX", + "url": "https://github.com/tharsis/evmos/commit/28870258d4ee9f1b8aeef5eba891681f89348f71" + }, + { + "type": "WEB", + "url": "https://github.com/tharsis/evmos/releases/tag/v2.0.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0348", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0350.json b/data/osv/GO-2022-0350.json new file mode 100644 index 000000000..ca7f8fb7a --- /dev/null +++ b/data/osv/GO-2022-0350.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0350", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-24753", + "GHSA-4cx6-fj7j-pjx9" + ], + "summary": "Code injection in Stripe CLI on windows in github.com/stripe/stripe-cli", + "details": "Code injection in Stripe CLI on windows in github.com/stripe/stripe-cli", + "affected": [ + { + "package": { + "name": "github.com/stripe/stripe-cli", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.7.13" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24753" + }, + { + "type": "FIX", + "url": "https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddf6cd" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0350", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0351.json b/data/osv/GO-2022-0351.json new file mode 100644 index 000000000..f5ae748c4 --- /dev/null +++ b/data/osv/GO-2022-0351.json @@ -0,0 +1,109 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0351", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-26652", + "GHSA-6h3m-36w8-hv68" + ], + "summary": "Arbitrary file write in nats-server in github.com/nats-io/nats-server", + "details": "Arbitrary file write in nats-server in github.com/nats-io/nats-server", + "affected": [ + { + "package": { + "name": "github.com/nats-io/nats-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/nats-io/nats-server/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "2.2.0" + }, + { + "fixed": "2.7.4" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/nats-io/nats-streaming-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.15.0" + }, + { + "fixed": "0.24.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26652" + }, + { + "type": "FIX", + "url": "https://github.com/nats-io/nats-server/pull/2917" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2022/03/10/1" + }, + { + "type": "WEB", + "url": "https://advisories.nats.io/CVE/CVE-2022-26652.txt" + }, + { + "type": "WEB", + "url": "https://github.com/nats-io/nats-server/releases" + }, + { + "type": "WEB", + "url": "https://github.com/nats-io/nats-server/releases/tag/v2.7.4" + }, + { + "type": "WEB", + "url": "https://github.com/nats-io/nats-streaming-server/releases/tag/v0.24.3" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0351", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0353.json b/data/osv/GO-2022-0353.json new file mode 100644 index 000000000..c684d3a44 --- /dev/null +++ b/data/osv/GO-2022-0353.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0353", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-29134", + "GHSA-h3q4-vmw4-cpr5" + ], + "summary": "Path Traversal in Gitea in code.gitea.io/gitea", + "details": "Path Traversal in Gitea in code.gitea.io/gitea", + "affected": [ + { + "package": { + "name": "code.gitea.io/gitea", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.13.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-h3q4-vmw4-cpr5" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29134" + }, + { + "type": "WEB", + "url": "https://github.com/go-gitea/gitea/pull/15125/files" + }, + { + "type": "WEB", + "url": "https://github.com/go-gitea/gitea/releases" + }, + { + "type": "WEB", + "url": "https://github.com/go-gitea/gitea/releases/tag/v1.13.6" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0353", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0354.json b/data/osv/GO-2022-0354.json new file mode 100644 index 000000000..2cdf79eb8 --- /dev/null +++ b/data/osv/GO-2022-0354.json @@ -0,0 +1,88 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0354", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-0811", + "GHSA-6x2m-w449-qwx7" + ], + "summary": "Code Injection in CRI-O in github.com/cri-o/cri-o", + "details": "Code Injection in CRI-O in github.com/cri-o/cri-o", + "affected": [ + { + "package": { + "name": "github.com/cri-o/cri-o", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.6" + }, + { + "introduced": "1.20.0" + }, + { + "fixed": "1.20.7" + }, + { + "introduced": "1.21.0" + }, + { + "fixed": "1.21.6" + }, + { + "introduced": "1.22.0" + }, + { + "fixed": "1.22.3" + }, + { + "introduced": "1.23.0" + }, + { + "fixed": "1.23.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0811" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2022-0811" + }, + { + "type": "WEB", + "url": "https://bugs.gentoo.org/835336" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059475" + }, + { + "type": "WEB", + "url": "https://www.crowdstrike.com/blog/cr8escape-zero-day-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0354", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0357.json b/data/osv/GO-2022-0357.json new file mode 100644 index 000000000..3397af371 --- /dev/null +++ b/data/osv/GO-2022-0357.json @@ -0,0 +1,77 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0357", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-24730", + "GHSA-r9cr-hvjj-496v" + ], + "summary": "Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd", + "details": "Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.3.0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.1.11" + }, + { + "introduced": "2.2.0" + }, + { + "fixed": "2.2.6" + }, + { + "introduced": "2.3.0-rc1" + }, + { + "fixed": "2.3.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-r9cr-hvjj-496v" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24730" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0357", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0358.json b/data/osv/GO-2022-0358.json new file mode 100644 index 000000000..3c5dd3bc6 --- /dev/null +++ b/data/osv/GO-2022-0358.json @@ -0,0 +1,77 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0358", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-24731", + "GHSA-h6h5-6fmq-rh28" + ], + "summary": "Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd", + "details": "Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.5.0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.1.11" + }, + { + "introduced": "2.2.0" + }, + { + "fixed": "2.2.6" + }, + { + "introduced": "2.3.0-rc1" + }, + { + "fixed": "2.3.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h6h5-6fmq-rh28" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24731" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0358", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0359.json b/data/osv/GO-2022-0359.json new file mode 100644 index 000000000..1362ddaed --- /dev/null +++ b/data/osv/GO-2022-0359.json @@ -0,0 +1,93 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0359", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-24768", + "GHSA-2f5v-8r3f-8pww" + ], + "summary": "Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd", + "details": "Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.5.0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.1.14" + }, + { + "introduced": "2.2.0" + }, + { + "fixed": "2.2.8" + }, + { + "introduced": "2.3.0" + }, + { + "fixed": "2.3.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2f5v-8r3f-8pww" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24768" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/commit/af03b291d4b7e9d3ce9a6580ae9c8141af0e05cf" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.1.14" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.2.8" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.3.2" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0359", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0360.json b/data/osv/GO-2022-0360.json new file mode 100644 index 000000000..e38735a56 --- /dev/null +++ b/data/osv/GO-2022-0360.json @@ -0,0 +1,73 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0360", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-5j5w-g665-5m35" + ], + "summary": "Ambiguous OCI manifest parsing in github.com/containerd/containerd", + "details": "Ambiguous OCI manifest parsing in github.com/containerd/containerd", + "affected": [ + { + "package": { + "name": "github.com/containerd/containerd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.12" + }, + { + "introduced": "1.5.0" + }, + { + "fixed": "1.5.8" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35" + }, + { + "type": "FIX", + "url": "https://github.com/containerd/containerd/commit/26c76a3014e71af5ad2f396ec76e0e0ecc8e25a3" + }, + { + "type": "FIX", + "url": "https://github.com/containerd/containerd/commit/db00065a969a983ceb0a409833f93f705f284ea4" + }, + { + "type": "WEB", + "url": "https://github.com/containerd/containerd/releases/tag/v1.4.12" + }, + { + "type": "WEB", + "url": "https://github.com/containerd/containerd/releases/tag/v1.5.8" + }, + { + "type": "WEB", + "url": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m" + }, + { + "type": "WEB", + "url": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0360", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0363.json b/data/osv/GO-2022-0363.json new file mode 100644 index 000000000..e7da4ac68 --- /dev/null +++ b/data/osv/GO-2022-0363.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0363", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-w2j5-3rcx-vx7x" + ], + "summary": "Sysctls applied to containers with host IPC or host network namespaces can affect the host in github.com/cri-o/cri-o", + "details": "Sysctls applied to containers with host IPC or host network namespaces can affect the host in github.com/cri-o/cri-o", + "affected": [ + { + "package": { + "name": "github.com/cri-o/cri-o", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.18.0" + }, + { + "fixed": "1.19.5" + }, + { + "introduced": "1.20.0" + }, + { + "fixed": "1.20.6" + }, + { + "introduced": "1.21.0" + }, + { + "fixed": "1.21.5" + }, + { + "introduced": "1.22.0" + }, + { + "fixed": "1.22.2" + }, + { + "introduced": "1.23.0" + }, + { + "fixed": "1.23.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-w2j5-3rcx-vx7x" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0363", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0365.json b/data/osv/GO-2022-0365.json new file mode 100644 index 000000000..64a9adba2 --- /dev/null +++ b/data/osv/GO-2022-0365.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0365", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-wpfr-6297-9v57" + ], + "summary": "User object created with invalid provider data in GoTrue in github.com/netlify/gotrue", + "details": "User object created with invalid provider data in GoTrue in github.com/netlify/gotrue", + "affected": [ + { + "package": { + "name": "github.com/netlify/gotrue", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/netlify/gotrue/security/advisories/GHSA-wpfr-6297-9v57" + }, + { + "type": "FIX", + "url": "https://github.com/netlify/gotrue/commit/4d8a3b39fe485a5f83c70617d594be01130c5b83" + }, + { + "type": "FIX", + "url": "https://github.com/netlify/gotrue/pull/313" + }, + { + "type": "WEB", + "url": "https://github.com/netlify/gotrue/releases/tag/v1.0.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0365", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2022-0314.yaml b/data/reports/GO-2022-0314.yaml new file mode 100644 index 000000000..a7d3011a7 --- /dev/null +++ b/data/reports/GO-2022-0314.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0314 +modules: + - module: github.com/go-gitea/gitea + versions: + - fixed: 1.5.1 + vulnerable_at: 1.5.0 +summary: Cross-site Scripting in Gitea in github.com/go-gitea/gitea +cves: + - CVE-2021-45329 +ghsas: + - GHSA-r3gq-wxqf-q4gh +references: + - advisory: https://github.com/advisories/GHSA-r3gq-wxqf-q4gh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-45329 + - fix: https://github.com/go-gitea/gitea/pull/4710 + - web: https://blog.gitea.io/2018/09/gitea-1.5.1-is-released +source: + id: GHSA-r3gq-wxqf-q4gh + created: 2024-08-20T13:50:18.630524-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0315.yaml b/data/reports/GO-2022-0315.yaml new file mode 100644 index 000000000..ad4b6b8d3 --- /dev/null +++ b/data/reports/GO-2022-0315.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0315 +modules: + - module: code.gitea.io/gitea + versions: + - fixed: 1.5.0 + vulnerable_at: 1.5.0-rc2 +summary: Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea +cves: + - CVE-2021-45331 +ghsas: + - GHSA-hfmf-q69j-6m5p +references: + - advisory: https://github.com/advisories/GHSA-hfmf-q69j-6m5p + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-45331 + - web: https://blog.gitea.io/2018/08/gitea-1.5.0-is-released + - web: https://github.com/go-gitea/gitea/pull/3878 +source: + id: GHSA-hfmf-q69j-6m5p + created: 2024-08-20T13:50:22.556491-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0325.yaml b/data/reports/GO-2022-0325.yaml new file mode 100644 index 000000000..4aa5214df --- /dev/null +++ b/data/reports/GO-2022-0325.yaml @@ -0,0 +1,24 @@ +id: GO-2022-0325 +modules: + - module: github.com/traefik/traefik + vulnerable_at: 1.7.34 + - module: github.com/traefik/traefik/v2 + versions: + - fixed: 2.6.1 + vulnerable_at: 2.6.0 +summary: Skip the router TLS configuration when the host header is an FQDN in github.com/traefik/traefik +cves: + - CVE-2022-23632 +ghsas: + - GHSA-hrhx-6h34-j5hc +references: + - advisory: https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-23632 + - fix: https://github.com/traefik/traefik/pull/8764 + - web: https://github.com/traefik/traefik/releases/tag/v2.6.1 + - web: https://www.oracle.com/security-alerts/cpujul2022.html +source: + id: GHSA-hrhx-6h34-j5hc + created: 2024-08-20T13:50:40.331286-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0328.yaml b/data/reports/GO-2022-0328.yaml new file mode 100644 index 000000000..40e860918 --- /dev/null +++ b/data/reports/GO-2022-0328.yaml @@ -0,0 +1,24 @@ +id: GO-2022-0328 +modules: + - module: github.com/gravitl/netmaker + versions: + - fixed: 0.8.5 + - introduced: 0.9.0 + - fixed: 0.9.4 + vulnerable_at: 0.9.3 +summary: Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker +cves: + - CVE-2022-23650 +ghsas: + - GHSA-86f3-hf24-76q4 +references: + - advisory: https://github.com/gravitl/netmaker/security/advisories/GHSA-86f3-hf24-76q4 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-23650 + - fix: https://github.com/gravitl/netmaker/commit/3d4f44ecfe8be4ca38920556ba3b90502ffb4fee + - fix: https://github.com/gravitl/netmaker/commit/e9bce264719f88c30e252ecc754d08f422f4c080 + - fix: https://github.com/gravitl/netmaker/pull/781/commits/1bec97c662670dfdab804343fc42ae4b1d050a87 +source: + id: GHSA-86f3-hf24-76q4 + created: 2024-08-20T13:50:48.592886-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0329.yaml b/data/reports/GO-2022-0329.yaml new file mode 100644 index 000000000..6026dd503 --- /dev/null +++ b/data/reports/GO-2022-0329.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0329 +modules: + - module: github.com/clastix/capsule-proxy + versions: + - fixed: 0.2.1 + vulnerable_at: 0.2.0 +summary: Improper Authentication in Capsule Proxy in github.com/clastix/capsule-proxy +cves: + - CVE-2022-23652 +ghsas: + - GHSA-9cwv-cppx-mqjm +references: + - advisory: https://github.com/clastix/capsule-proxy/security/advisories/GHSA-9cwv-cppx-mqjm + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-23652 + - fix: https://github.com/clastix/capsule-proxy/commit/efe91f68ebf8a9e3d21491dc57da7b8a746415d8 + - report: https://github.com/clastix/capsule-proxy/issues/188 + - web: https://github.com/clastix/capsule-proxy +source: + id: GHSA-9cwv-cppx-mqjm + created: 2024-08-20T13:50:53.199233-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0339.yaml b/data/reports/GO-2022-0339.yaml new file mode 100644 index 000000000..accd4edee --- /dev/null +++ b/data/reports/GO-2022-0339.yaml @@ -0,0 +1,19 @@ +id: GO-2022-0339 +modules: + - module: github.com/google/fscrypt + versions: + - fixed: 0.3.3 + vulnerable_at: 0.3.2 +summary: Possible filesystem space exhaustion by local users in github.com/google/fscrypt +cves: + - CVE-2022-25326 +ghsas: + - GHSA-chxf-fjcf-7fwp + - GHSA-mpq4-rjj8-fjph +references: + - advisory: https://github.com/google/fscrypt/security/advisories/GHSA-chxf-fjcf-7fwp +source: + id: GHSA-chxf-fjcf-7fwp + created: 2024-08-20T13:51:12.023343-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0340.yaml b/data/reports/GO-2022-0340.yaml new file mode 100644 index 000000000..afb121aa4 --- /dev/null +++ b/data/reports/GO-2022-0340.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0340 +modules: + - module: github.com/google/fscrypt + versions: + - fixed: 0.3.3 + vulnerable_at: 0.3.2 +summary: User login denial of service in github.com/google/fscrypt +cves: + - CVE-2022-25327 +ghsas: + - GHSA-8vwm-8vj8-rqjf + - GHSA-p93v-m2r2-4387 +references: + - advisory: https://github.com/advisories/GHSA-8vwm-8vj8-rqjf + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-25327 + - fix: https://github.com/google/fscrypt/commit/91aa3ebf42032ca783c41f9ec25d885875f66ddb + - fix: https://github.com/google/fscrypt/pull/346 +source: + id: GHSA-8vwm-8vj8-rqjf + created: 2024-08-20T13:51:15.275593-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0342.yaml b/data/reports/GO-2022-0342.yaml new file mode 100644 index 000000000..c20b9c0c0 --- /dev/null +++ b/data/reports/GO-2022-0342.yaml @@ -0,0 +1,25 @@ +id: GO-2022-0342 +modules: + - module: github.com/grafana/grafana + versions: + - fixed: 6.0.0-beta1+incompatible + vulnerable_at: 5.4.5+incompatible +summary: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana +cves: + - CVE-2018-18623 +ghsas: + - GHSA-cmq2-j8v8-2q44 +references: + - advisory: https://github.com/advisories/GHSA-cmq2-j8v8-2q44 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-18623 + - fix: https://github.com/grafana/grafana/pull/11813 + - fix: https://github.com/grafana/grafana/pull/14984 + - report: https://github.com/grafana/grafana/issues/15293 + - report: https://github.com/grafana/grafana/issues/4117 + - web: https://github.com/grafana/grafana/releases/tag/v6.0.0 + - web: https://security.netapp.com/advisory/ntap-20200608-0008 +source: + id: GHSA-cmq2-j8v8-2q44 + created: 2024-08-20T13:51:20.259382-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0344.yaml b/data/reports/GO-2022-0344.yaml new file mode 100644 index 000000000..aeafa683b --- /dev/null +++ b/data/reports/GO-2022-0344.yaml @@ -0,0 +1,36 @@ +id: GO-2022-0344 +modules: + - module: github.com/containerd/containerd + versions: + - fixed: 1.4.13 + - introduced: 1.5.0 + - fixed: 1.5.10 + - introduced: 1.6.0 + - fixed: 1.6.1 + vulnerable_at: 1.6.0 +summary: 'containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd' +cves: + - CVE-2022-23648 +ghsas: + - GHSA-crp2-qrr5-8pq7 +references: + - advisory: https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-23648 + - fix: https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70 + - web: http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html + - web: https://github.com/containerd/containerd/releases/tag/v1.4.13 + - web: https://github.com/containerd/containerd/releases/tag/v1.5.10 + - web: https://github.com/containerd/containerd/releases/tag/v1.6.1 + - web: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA + - web: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3 + - web: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3 + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO + - web: https://security.gentoo.org/glsa/202401-31 + - web: https://www.debian.org/security/2022/dsa-5091 +source: + id: GHSA-crp2-qrr5-8pq7 + created: 2024-08-20T13:51:31.843059-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0348.yaml b/data/reports/GO-2022-0348.yaml new file mode 100644 index 000000000..35fc27f10 --- /dev/null +++ b/data/reports/GO-2022-0348.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0348 +modules: + - module: github.com/tharsis/evmos + vulnerable_at: 1.1.3 + - module: github.com/tharsis/evmos/v2 + versions: + - fixed: 2.0.1 + vulnerable_at: 2.0.0 +summary: Account compromise in Evmos in github.com/tharsis/evmos +cves: + - CVE-2022-24738 +ghsas: + - GHSA-5jgq-x857-p8xw +references: + - advisory: https://github.com/tharsis/evmos/security/advisories/GHSA-5jgq-x857-p8xw + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-24738 + - fix: https://github.com/tharsis/evmos/commit/28870258d4ee9f1b8aeef5eba891681f89348f71 + - web: https://github.com/tharsis/evmos/releases/tag/v2.0.1 +source: + id: GHSA-5jgq-x857-p8xw + created: 2024-08-20T13:51:41.873564-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0350.yaml b/data/reports/GO-2022-0350.yaml new file mode 100644 index 000000000..16ce0a827 --- /dev/null +++ b/data/reports/GO-2022-0350.yaml @@ -0,0 +1,20 @@ +id: GO-2022-0350 +modules: + - module: github.com/stripe/stripe-cli + versions: + - fixed: 1.7.13 + vulnerable_at: 1.7.12 +summary: Code injection in Stripe CLI on windows in github.com/stripe/stripe-cli +cves: + - CVE-2022-24753 +ghsas: + - GHSA-4cx6-fj7j-pjx9 +references: + - advisory: https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-24753 + - fix: https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddf6cd +source: + id: GHSA-4cx6-fj7j-pjx9 + created: 2024-08-20T13:51:47.023504-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0351.yaml b/data/reports/GO-2022-0351.yaml new file mode 100644 index 000000000..e4580d060 --- /dev/null +++ b/data/reports/GO-2022-0351.yaml @@ -0,0 +1,33 @@ +id: GO-2022-0351 +modules: + - module: github.com/nats-io/nats-server + vulnerable_at: 1.4.1 + - module: github.com/nats-io/nats-server/v2 + versions: + - introduced: 2.2.0 + - fixed: 2.7.4 + vulnerable_at: 2.7.3 + - module: github.com/nats-io/nats-streaming-server + versions: + - introduced: 0.15.0 + - fixed: 0.24.3 + vulnerable_at: 0.24.2 +summary: Arbitrary file write in nats-server in github.com/nats-io/nats-server +cves: + - CVE-2022-26652 +ghsas: + - GHSA-6h3m-36w8-hv68 +references: + - advisory: https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-26652 + - fix: https://github.com/nats-io/nats-server/pull/2917 + - web: http://www.openwall.com/lists/oss-security/2022/03/10/1 + - web: https://advisories.nats.io/CVE/CVE-2022-26652.txt + - web: https://github.com/nats-io/nats-server/releases + - web: https://github.com/nats-io/nats-server/releases/tag/v2.7.4 + - web: https://github.com/nats-io/nats-streaming-server/releases/tag/v0.24.3 +source: + id: GHSA-6h3m-36w8-hv68 + created: 2024-08-20T13:51:51.27187-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0353.yaml b/data/reports/GO-2022-0353.yaml new file mode 100644 index 000000000..15bde331f --- /dev/null +++ b/data/reports/GO-2022-0353.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0353 +modules: + - module: code.gitea.io/gitea + versions: + - fixed: 1.13.6 + vulnerable_at: 1.13.5 +summary: Path Traversal in Gitea in code.gitea.io/gitea +cves: + - CVE-2021-29134 +ghsas: + - GHSA-h3q4-vmw4-cpr5 +references: + - advisory: https://github.com/advisories/GHSA-h3q4-vmw4-cpr5 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-29134 + - web: https://github.com/go-gitea/gitea/pull/15125/files + - web: https://github.com/go-gitea/gitea/releases + - web: https://github.com/go-gitea/gitea/releases/tag/v1.13.6 +source: + id: GHSA-h3q4-vmw4-cpr5 + created: 2024-08-20T13:52:11.109299-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0354.yaml b/data/reports/GO-2022-0354.yaml new file mode 100644 index 000000000..257f3dbcc --- /dev/null +++ b/data/reports/GO-2022-0354.yaml @@ -0,0 +1,32 @@ +id: GO-2022-0354 +modules: + - module: github.com/cri-o/cri-o + versions: + - introduced: 1.19.0 + - fixed: 1.19.6 + - introduced: 1.20.0 + - fixed: 1.20.7 + - introduced: 1.21.0 + - fixed: 1.21.6 + - introduced: 1.22.0 + - fixed: 1.22.3 + - introduced: 1.23.0 + - fixed: 1.23.2 + vulnerable_at: 1.23.1 +summary: Code Injection in CRI-O in github.com/cri-o/cri-o +cves: + - CVE-2022-0811 +ghsas: + - GHSA-6x2m-w449-qwx7 +references: + - advisory: https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-0811 + - web: https://access.redhat.com/security/cve/CVE-2022-0811 + - web: https://bugs.gentoo.org/835336 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=2059475 + - web: https://www.crowdstrike.com/blog/cr8escape-zero-day-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811 +source: + id: GHSA-6x2m-w449-qwx7 + created: 2024-08-20T13:52:15.940799-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0357.yaml b/data/reports/GO-2022-0357.yaml new file mode 100644 index 000000000..84dc5e462 --- /dev/null +++ b/data/reports/GO-2022-0357.yaml @@ -0,0 +1,29 @@ +id: GO-2022-0357 +modules: + - module: github.com/argoproj/argo-cd + versions: + - introduced: 1.3.0 + vulnerable_at: 1.8.6 + - module: github.com/argoproj/argo-cd/v2 + versions: + - fixed: 2.1.11 + - introduced: 2.2.0 + - fixed: 2.2.6 + - introduced: 2.3.0-rc1 + - fixed: 2.3.0 + vulnerable_at: 2.3.0-rc5 +summary: |- + Path traversal and improper access control allows leaking out-of-bound files + from Argo CD repo-server in github.com/argoproj/argo-cd +cves: + - CVE-2022-24730 +ghsas: + - GHSA-r9cr-hvjj-496v +references: + - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-r9cr-hvjj-496v + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-24730 +source: + id: GHSA-r9cr-hvjj-496v + created: 2024-08-20T13:52:25.145535-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0358.yaml b/data/reports/GO-2022-0358.yaml new file mode 100644 index 000000000..00fe1b915 --- /dev/null +++ b/data/reports/GO-2022-0358.yaml @@ -0,0 +1,27 @@ +id: GO-2022-0358 +modules: + - module: github.com/argoproj/argo-cd + versions: + - introduced: 1.5.0 + vulnerable_at: 1.8.6 + - module: github.com/argoproj/argo-cd/v2 + versions: + - fixed: 2.1.11 + - introduced: 2.2.0 + - fixed: 2.2.6 + - introduced: 2.3.0-rc1 + - fixed: 2.3.0 + vulnerable_at: 2.3.0-rc5 +summary: Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd +cves: + - CVE-2022-24731 +ghsas: + - GHSA-h6h5-6fmq-rh28 +references: + - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-h6h5-6fmq-rh28 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-24731 +source: + id: GHSA-h6h5-6fmq-rh28 + created: 2024-08-20T13:52:28.582837-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0359.yaml b/data/reports/GO-2022-0359.yaml new file mode 100644 index 000000000..621d9adf1 --- /dev/null +++ b/data/reports/GO-2022-0359.yaml @@ -0,0 +1,31 @@ +id: GO-2022-0359 +modules: + - module: github.com/argoproj/argo-cd + versions: + - introduced: 0.5.0 + vulnerable_at: 1.8.6 + - module: github.com/argoproj/argo-cd/v2 + versions: + - fixed: 2.1.14 + - introduced: 2.2.0 + - fixed: 2.2.8 + - introduced: 2.3.0 + - fixed: 2.3.2 + vulnerable_at: 2.3.1 +summary: Improper access control allows admin privilege escalation in Argo CD in github.com/argoproj/argo-cd +cves: + - CVE-2022-24768 +ghsas: + - GHSA-2f5v-8r3f-8pww +references: + - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-2f5v-8r3f-8pww + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-24768 + - fix: https://github.com/argoproj/argo-cd/commit/af03b291d4b7e9d3ce9a6580ae9c8141af0e05cf + - web: https://github.com/argoproj/argo-cd/releases/tag/v2.1.14 + - web: https://github.com/argoproj/argo-cd/releases/tag/v2.2.8 + - web: https://github.com/argoproj/argo-cd/releases/tag/v2.3.2 +source: + id: GHSA-2f5v-8r3f-8pww + created: 2024-08-20T13:52:32.111048-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0360.yaml b/data/reports/GO-2022-0360.yaml new file mode 100644 index 000000000..27518cd15 --- /dev/null +++ b/data/reports/GO-2022-0360.yaml @@ -0,0 +1,24 @@ +id: GO-2022-0360 +modules: + - module: github.com/containerd/containerd + versions: + - fixed: 1.4.12 + - introduced: 1.5.0 + - fixed: 1.5.8 + vulnerable_at: 1.5.7 +summary: Ambiguous OCI manifest parsing in github.com/containerd/containerd +ghsas: + - GHSA-5j5w-g665-5m35 +references: + - advisory: https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35 + - fix: https://github.com/containerd/containerd/commit/26c76a3014e71af5ad2f396ec76e0e0ecc8e25a3 + - fix: https://github.com/containerd/containerd/commit/db00065a969a983ceb0a409833f93f705f284ea4 + - web: https://github.com/containerd/containerd/releases/tag/v1.4.12 + - web: https://github.com/containerd/containerd/releases/tag/v1.5.8 + - web: https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m + - web: https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh +source: + id: GHSA-5j5w-g665-5m35 + created: 2024-08-20T13:52:36.418055-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0363.yaml b/data/reports/GO-2022-0363.yaml new file mode 100644 index 000000000..004f47627 --- /dev/null +++ b/data/reports/GO-2022-0363.yaml @@ -0,0 +1,27 @@ +id: GO-2022-0363 +modules: + - module: github.com/cri-o/cri-o + versions: + - introduced: 1.18.0 + - fixed: 1.19.5 + - introduced: 1.20.0 + - fixed: 1.20.6 + - introduced: 1.21.0 + - fixed: 1.21.5 + - introduced: 1.22.0 + - fixed: 1.22.2 + - introduced: 1.23.0 + - fixed: 1.23.1 + vulnerable_at: 1.23.0 +summary: |- + Sysctls applied to containers with host IPC or host network namespaces can + affect the host in github.com/cri-o/cri-o +ghsas: + - GHSA-w2j5-3rcx-vx7x +references: + - advisory: https://github.com/cri-o/cri-o/security/advisories/GHSA-w2j5-3rcx-vx7x +source: + id: GHSA-w2j5-3rcx-vx7x + created: 2024-08-20T13:52:39.376599-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0365.yaml b/data/reports/GO-2022-0365.yaml new file mode 100644 index 000000000..de6e7c262 --- /dev/null +++ b/data/reports/GO-2022-0365.yaml @@ -0,0 +1,19 @@ +id: GO-2022-0365 +modules: + - module: github.com/netlify/gotrue + versions: + - fixed: 1.0.1 + vulnerable_at: 1.0.0 +summary: User object created with invalid provider data in GoTrue in github.com/netlify/gotrue +ghsas: + - GHSA-wpfr-6297-9v57 +references: + - advisory: https://github.com/netlify/gotrue/security/advisories/GHSA-wpfr-6297-9v57 + - fix: https://github.com/netlify/gotrue/commit/4d8a3b39fe485a5f83c70617d594be01130c5b83 + - fix: https://github.com/netlify/gotrue/pull/313 + - web: https://github.com/netlify/gotrue/releases/tag/v1.0.1 +source: + id: GHSA-wpfr-6297-9v57 + created: 2024-08-20T13:52:40.796068-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE