Skip to content

Commit

Permalink
data/reports: add 7 unreviewed reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-3057.yaml
  - data/reports/GO-2024-3059.yaml
  - data/reports/GO-2024-3061.yaml
  - data/reports/GO-2024-3063.yaml
  - data/reports/GO-2024-3064.yaml
  - data/reports/GO-2024-3065.yaml
  - data/reports/GO-2024-3066.yaml

Fixes #3057
Fixes #3059
Fixes #3061
Fixes #3063
Fixes #3064
Fixes #3065
Fixes #3066

Change-Id: I68723f28b953cf3ba7f3777ff51e8fe586fcfdbb
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/605315
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Aug 13, 2024
1 parent 1be2c0b commit e6a6b5e
Show file tree
Hide file tree
Showing 14 changed files with 505 additions and 0 deletions.
53 changes: 53 additions & 0 deletions data/osv/GO-2024-3057.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3057",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-41260",
"GHSA-9v35-4xcr-w9ph"
],
"summary": "NetBird uses a static initialization vector (IV) in github.com/netbirdio/netbird",
"details": "NetBird uses a static initialization vector (IV) in github.com/netbirdio/netbird",
"affected": [
{
"package": {
"name": "github.com/netbirdio/netbird",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9v35-4xcr-w9ph"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41260"
},
{
"type": "REPORT",
"url": "https://github.com/netbirdio/netbird/issues/2246"
},
{
"type": "WEB",
"url": "https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3057",
"review_status": "UNREVIEWED"
}
}
51 changes: 51 additions & 0 deletions data/osv/GO-2024-3059.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3059",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-m3rh-cvr5-x6q4"
],
"summary": "CosmWasm wasmd has large address count in ValidateBasic in github.com/CosmWasm/wasmd",
"details": "CosmWasm wasmd has large address count in ValidateBasic in github.com/CosmWasm/wasmd",
"affected": [
{
"package": {
"name": "github.com/CosmWasm/wasmd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.52.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/CosmWasm/wasmd/security/advisories/GHSA-m3rh-cvr5-x6q4"
},
{
"type": "FIX",
"url": "https://github.com/CosmWasm/wasmd/commit/76c0c061c9cb6b142163883e46c26d99384dc443"
},
{
"type": "WEB",
"url": "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-003.md"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3059",
"review_status": "UNREVIEWED"
}
}
45 changes: 45 additions & 0 deletions data/osv/GO-2024-3061.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3061",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-42473",
"GHSA-3f6g-m4hr-59h8"
],
"summary": "OpenFGA Authorization Bypass in github.com/openfga/openfga",
"details": "OpenFGA Authorization Bypass in github.com/openfga/openfga",
"affected": [
{
"package": {
"name": "github.com/openfga/openfga",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.5.7"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-3f6g-m4hr-59h8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42473"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3061",
"review_status": "UNREVIEWED"
}
}
53 changes: 53 additions & 0 deletions data/osv/GO-2024-3063.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3063",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-42480",
"GHSA-6r4j-4rjc-8vw5"
],
"summary": "RBAC Roles for `etcd` created by Kamaji are not disjunct in github.com/clastix/kamaji",
"details": "RBAC Roles for `etcd` created by Kamaji are not disjunct in github.com/clastix/kamaji",
"affected": [
{
"package": {
"name": "github.com/clastix/kamaji",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/clastix/kamaji/security/advisories/GHSA-6r4j-4rjc-8vw5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42480"
},
{
"type": "FIX",
"url": "https://github.com/clastix/kamaji/commit/1731e8c2ed5148b125ecfbdf091ee177bd44f3db"
},
{
"type": "WEB",
"url": "https://github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.go#L19-L24"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3063",
"review_status": "UNREVIEWED"
}
}
56 changes: 56 additions & 0 deletions data/osv/GO-2024-3064.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3064",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-41890",
"GHSA-gvpv-r32v-9737"
],
"summary": "Apache Answer: The link to reset the user's password will remain valid after sending a new link in github.com/apache/incubator-answer",
"details": "Apache Answer: The link to reset the user's password will remain valid after sending a new link in github.com/apache/incubator-answer",
"affected": [
{
"package": {
"name": "github.com/apache/incubator-answer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-gvpv-r32v-9737"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41890"
},
{
"type": "FIX",
"url": "https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/j7c080xj31x8rvz1pyk2h47rdd9pwbv9"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3064",
"review_status": "UNREVIEWED"
}
}
56 changes: 56 additions & 0 deletions data/osv/GO-2024-3065.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3065",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-41888",
"GHSA-v3x9-wrq5-868j"
],
"summary": "Apache Answer: The link for resetting user password is not Single-Use in github.com/apache/incubator-answer",
"details": "Apache Answer: The link for resetting user password is not Single-Use in github.com/apache/incubator-answer",
"affected": [
{
"package": {
"name": "github.com/apache/incubator-answer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-v3x9-wrq5-868j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41888"
},
{
"type": "FIX",
"url": "https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3065",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2024-3066.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3066",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-42368",
"GHSA-rfxf-mf63-cpqv"
],
"summary": "open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension",
"details": "open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension",
"affected": [
{
"package": {
"name": "github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.80.0"
},
{
"fixed": "0.107.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-rfxf-mf63-cpqv"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-collector-contrib/commit/c9bd3eff0bb357d9c812a0d8defd3b09db95699a"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/34516"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3066",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit e6a6b5e

Please sign in to comment.