diff --git a/index.json b/index.json index 2322511..4ab61ae 100644 --- a/index.json +++ b/index.json @@ -2,120 +2,120 @@ "version": 1, "packages": [ { - "id": "pkg:golang/github.com/k3s-io/k3s", - "location": "pkg/golang/github.com/k3s-io/k3s/scan.openvex.json" - }, - { - "id": "pkg:golang/github.com/containerd/containerd", - "location": "pkg/golang/github.com/containerd/containerd/scan.openvex.json" + "id": "pkg:golang/github.com/opencontainers/runc", + "location": "pkg/golang/github.com/opencontainers/runc/scan.openvex.json" }, { "id": "pkg:golang/github.com/longhorn/longhorn-share-manager", "location": "pkg/golang/github.com/longhorn/longhorn-share-manager/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", - "location": "pkg/golang/github.com/rancher/image-build-rke2-cloud-provider/scan.openvex.json" + "id": "pkg:golang/github.com/harvester/vm-import-controller", + "location": "pkg/golang/github.com/harvester/vm-import-controller/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/webhook", - "location": "pkg/golang/github.com/rancher/webhook/scan.openvex.json" + "id": "pkg:golang/github.com/harvester/seeder", + "location": "pkg/golang/github.com/harvester/seeder/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/support-bundle-kit", - "location": "pkg/golang/github.com/rancher/support-bundle-kit/scan.openvex.json" + "id": "pkg:golang/github.com/harvester/harvester", + "location": "pkg/golang/github.com/harvester/harvester/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/machine", - "location": "pkg/golang/github.com/rancher/machine/scan.openvex.json" + "id": "pkg:golang/github.com/harvester/pcidevices", + "location": "pkg/golang/github.com/harvester/pcidevices/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/fleet", - "location": "pkg/golang/github.com/rancher/fleet/scan.openvex.json" + "id": "pkg:golang/github.com/harvester/harvester-installer", + "location": "pkg/golang/github.com/harvester/harvester-installer/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/rke2", - "location": "pkg/golang/github.com/rancher/rke2/scan.openvex.json" + "id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "location": "pkg/golang/github.com/harvester/harvester-cloud-provider/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/system-agent", - "location": "pkg/golang/github.com/rancher/system-agent/scan.openvex.json" + "id": "pkg:golang/github.com/harvester/harvester-load-balancer", + "location": "pkg/golang/github.com/harvester/harvester-load-balancer/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/rancher", - "location": "pkg/golang/github.com/rancher/rancher/scan.openvex.json" + "id": "pkg:golang/github.com/harvester/node-manager", + "location": "pkg/golang/github.com/harvester/node-manager/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/confd", - "location": "pkg/golang/github.com/rancher/confd/scan.openvex.json" + "id": "pkg:golang/github.com/harvester/harvester-network-controller", + "location": "pkg/golang/github.com/harvester/harvester-network-controller/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/kube-api-auth", - "location": "pkg/golang/github.com/rancher/kube-api-auth/scan.openvex.json" + "id": "pkg:golang/github.com/harvester/webhook", + "location": "pkg/golang/github.com/harvester/webhook/scan.openvex.json" }, { - "id": "pkg:golang/github.com/rancher/wharfie", - "location": "pkg/golang/github.com/rancher/wharfie/scan.openvex.json" + "id": "pkg:golang/github.com/kubernetes-sigs/cri-tools", + "location": "pkg/golang/github.com/kubernetes-sigs/cri-tools/scan.openvex.json" }, { - "id": "pkg:golang/github.com/heptiolabs/eventrouter", - "location": "pkg/golang/github.com/heptiolabs/eventrouter/scan.openvex.json" + "id": "pkg:golang/github.com/containerd/containerd", + "location": "pkg/golang/github.com/containerd/containerd/scan.openvex.json" }, { - "id": "pkg:golang/github.com/opencontainers/runc", - "location": "pkg/golang/github.com/opencontainers/runc/scan.openvex.json" + "id": "pkg:golang/github.com/k3s-io/k3s", + "location": "pkg/golang/github.com/k3s-io/k3s/scan.openvex.json" }, { - "id": "pkg:golang/github.com/kubernetes-sigs/cri-tools", - "location": "pkg/golang/github.com/kubernetes-sigs/cri-tools/scan.openvex.json" + "id": "pkg:golang/github.com/heptiolabs/eventrouter", + "location": "pkg/golang/github.com/heptiolabs/eventrouter/scan.openvex.json" }, { - "id": "pkg:golang/github.com/harvester/seeder", - "location": "pkg/golang/github.com/harvester/seeder/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/system-agent", + "location": "pkg/golang/github.com/rancher/system-agent/scan.openvex.json" }, { - "id": "pkg:golang/github.com/harvester/harvester-cloud-provider", - "location": "pkg/golang/github.com/harvester/harvester-cloud-provider/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/rke2", + "location": "pkg/golang/github.com/rancher/rke2/scan.openvex.json" }, { - "id": "pkg:golang/github.com/harvester/webhook", - "location": "pkg/golang/github.com/harvester/webhook/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "location": "pkg/golang/github.com/rancher/image-build-rke2-cloud-provider/scan.openvex.json" }, { - "id": "pkg:golang/github.com/harvester/harvester-installer", - "location": "pkg/golang/github.com/harvester/harvester-installer/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/support-bundle-kit", + "location": "pkg/golang/github.com/rancher/support-bundle-kit/scan.openvex.json" }, { - "id": "pkg:golang/github.com/harvester/vm-import-controller", - "location": "pkg/golang/github.com/harvester/vm-import-controller/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/wharfie", + "location": "pkg/golang/github.com/rancher/wharfie/scan.openvex.json" }, { - "id": "pkg:golang/github.com/harvester/harvester-load-balancer", - "location": "pkg/golang/github.com/harvester/harvester-load-balancer/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/kube-api-auth", + "location": "pkg/golang/github.com/rancher/kube-api-auth/scan.openvex.json" }, { - "id": "pkg:golang/github.com/harvester/pcidevices", - "location": "pkg/golang/github.com/harvester/pcidevices/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/machine", + "location": "pkg/golang/github.com/rancher/machine/scan.openvex.json" }, { - "id": "pkg:golang/github.com/harvester/harvester-network-controller", - "location": "pkg/golang/github.com/harvester/harvester-network-controller/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/fleet", + "location": "pkg/golang/github.com/rancher/fleet/scan.openvex.json" }, { - "id": "pkg:golang/github.com/harvester/node-manager", - "location": "pkg/golang/github.com/harvester/node-manager/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/rancher", + "location": "pkg/golang/github.com/rancher/rancher/scan.openvex.json" }, { - "id": "pkg:golang/github.com/harvester/harvester", - "location": "pkg/golang/github.com/harvester/harvester/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/confd", + "location": "pkg/golang/github.com/rancher/confd/scan.openvex.json" }, { - "id": "pkg:golang/k8s.io/kubernetes", - "location": "pkg/golang/k8s.io/kubernetes/scan.openvex.json" + "id": "pkg:golang/github.com/rancher/webhook", + "location": "pkg/golang/github.com/rancher/webhook/scan.openvex.json" }, { "id": "pkg:golang/helm.sh/helm/v3", "location": "pkg/golang/helm.sh/helm/v3/scan.openvex.json" + }, + { + "id": "pkg:golang/k8s.io/kubernetes", + "location": "pkg/golang/k8s.io/kubernetes/scan.openvex.json" } ] } diff --git a/pkg/golang/github.com/rancher/kube-api-auth/scan.openvex.json b/pkg/golang/github.com/rancher/kube-api-auth/scan.openvex.json index f8cc8bc..aa2517e 100644 --- a/pkg/golang/github.com/rancher/kube-api-auth/scan.openvex.json +++ b/pkg/golang/github.com/rancher/kube-api-auth/scan.openvex.json @@ -3,8 +3,8 @@ "@id": "https://openvex.dev/docs/public/vex-448cca1c5fcf94ecb7030d60b08ef39b387f34f5faaa2be0e8e1f61f31124f1b", "author": "Rancher Security team", "timestamp": "2024-07-12T17:54:37.399069972-03:00", - "last_updated": "2024-09-19T10:47:28.51640301Z", - "version": 20, + "last_updated": "2024-10-07T11:21:22.213296608Z", + "version": 148, "statements": [ { "vulnerability": { @@ -14,7 +14,7 @@ "GO-2023-1991" ] }, - "timestamp": "2024-09-19T10:47:10.737141827Z", + "timestamp": "2024-10-07T11:20:59.161469368Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -37,7 +37,7 @@ "GO-2024-2760" ] }, - "timestamp": "2024-09-19T10:47:10.781339997Z", + "timestamp": "2024-10-07T11:20:59.203091671Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -52,21 +52,2781 @@ "justification": "inline_mitigations_already_exist", "impact_statement": "The vulnerability is already patched since version v0.2.0 of kube-api-auth." }, + { + "vulnerability": { + "name": "GO-2021-0113", + "aliases": [ + "CVE-2021-38561", + "GHSA-ppp9-7jff-5vj2" + ] + }, + "timestamp": "2024-10-07T11:21:00.521923898Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/text@v0.3.5" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2021-0238", + "aliases": [ + "CVE-2021-33194", + "GHSA-83g2-8m93-v3w7" + ] + }, + "timestamp": "2024-10-07T11:21:00.646140654Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2021-0356", + "aliases": [ + "CVE-2022-27191", + "GHSA-8c26-wmh5-6g9v" + ] + }, + "timestamp": "2024-10-07T11:21:00.814602587Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0278", + "aliases": [ + "CVE-2021-43816", + "GHSA-mvff-h3cj-wj9c" + ] + }, + "timestamp": "2024-10-07T11:21:00.909356013Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.4.4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0288", + "aliases": [ + "CVE-2021-44716", + "GHSA-vc3p-29h2-gpcp" + ] + }, + "timestamp": "2024-10-07T11:21:00.951096774Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0288", + "aliases": [ + "CVE-2021-44716", + "GHSA-vc3p-29h2-gpcp" + ] + }, + "timestamp": "2024-10-07T11:21:00.992657675Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0322", + "aliases": [ + "CVE-2022-21698", + "GHSA-cg3q-j54f-5p7p" + ] + }, + "timestamp": "2024-10-07T11:21:01.076806793Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/prometheus/client_golang@v1.11.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0322", + "aliases": [ + "CVE-2022-21698", + "GHSA-cg3q-j54f-5p7p" + ] + }, + "timestamp": "2024-10-07T11:21:01.118334128Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/prometheus/client_golang@v1.9.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0379", + "aliases": [ + "GHSA-qq97-vm5h-rrhg" + ] + }, + "timestamp": "2024-10-07T11:21:01.181298944Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/distribution@v2.7.1+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0493", + "aliases": [ + "CVE-2022-29526", + "GHSA-p782-xgp4-8hr8" + ] + }, + "timestamp": "2024-10-07T11:21:01.524741395Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/sys@v0.0.0-20210615035016-665e8c7367d1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0493", + "aliases": [ + "CVE-2022-29526", + "GHSA-p782-xgp4-8hr8" + ] + }, + "timestamp": "2024-10-07T11:21:01.565480756Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/sys@v0.0.0-20211013075003-97ac67df715c" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0603", + "aliases": [ + "CVE-2022-28948", + "GHSA-hp87-p4gw-j4gq" + ] + }, + "timestamp": "2024-10-07T11:21:01.774701899Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0617", + "aliases": [ + "CVE-2020-8562", + "GHSA-qh36-44jv-c8xj" + ] + }, + "timestamp": "2024-10-07T11:21:02.284069129Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.21.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0617", + "aliases": [ + "CVE-2020-8562", + "GHSA-qh36-44jv-c8xj" + ] + }, + "timestamp": "2024-10-07T11:21:02.325678458Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.22.3" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2022-0617", "aliases": [ - "CVE-2020-8562", - "GHSA-qh36-44jv-c8xj" + "CVE-2020-8562", + "GHSA-qh36-44jv-c8xj" + ] + }, + "timestamp": "2024-10-07T11:21:02.367315288Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0617", + "aliases": [ + "CVE-2020-8562", + "GHSA-qh36-44jv-c8xj" + ] + }, + "timestamp": "2024-10-07T11:21:02.409352138Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.10" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0617", + "aliases": [ + "CVE-2020-8562", + "GHSA-qh36-44jv-c8xj" + ] + }, + "timestamp": "2024-10-07T11:21:02.451040008Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.30.3" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0644", + "aliases": [ + "CVE-2018-20321", + "GHSA-9qq2-xhmc-h9qr" + ] + }, + "timestamp": "2024-10-07T11:21:03.081066637Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0644", + "aliases": [ + "CVE-2018-20321", + "GHSA-9qq2-xhmc-h9qr" + ] + }, + "timestamp": "2024-10-07T11:21:03.123427353Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0644", + "aliases": [ + "CVE-2018-20321", + "GHSA-9qq2-xhmc-h9qr" + ] + }, + "timestamp": "2024-10-07T11:21:03.165397682Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0644", + "aliases": [ + "CVE-2018-20321", + "GHSA-9qq2-xhmc-h9qr" + ] + }, + "timestamp": "2024-10-07T11:21:03.207157682Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0644", + "aliases": [ + "CVE-2018-20321", + "GHSA-9qq2-xhmc-h9qr" + ] + }, + "timestamp": "2024-10-07T11:21:03.249135295Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0646", + "aliases": [ + "CVE-2020-8911", + "CVE-2020-8912", + "GHSA-7f33-f4f5-xwgw", + "GHSA-f5pg-7wfw-84q9" + ] + }, + "timestamp": "2024-10-07T11:21:03.474297055Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/aws/aws-sdk-go@v1.38.65" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0646", + "aliases": [ + "CVE-2020-8911", + "CVE-2020-8912", + "GHSA-7f33-f4f5-xwgw", + "GHSA-f5pg-7wfw-84q9" + ] + }, + "timestamp": "2024-10-07T11:21:03.516195545Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/aws/aws-sdk-go@v1.44.294" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0646", + "aliases": [ + "CVE-2020-8911", + "CVE-2020-8912", + "GHSA-7f33-f4f5-xwgw", + "GHSA-f5pg-7wfw-84q9" + ] + }, + "timestamp": "2024-10-07T11:21:03.557074985Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/aws/aws-sdk-go@v1.44.322" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0646", + "aliases": [ + "CVE-2020-8911", + "CVE-2020-8912", + "GHSA-7f33-f4f5-xwgw", + "GHSA-f5pg-7wfw-84q9" + ] + }, + "timestamp": "2024-10-07T11:21:03.600216323Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/aws/aws-sdk-go@v1.50.38" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0755", + "aliases": [ + "CVE-2019-13209", + "GHSA-xhg2-rvm8-w2jh" + ] + }, + "timestamp": "2024-10-07T11:21:04.204948709Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0755", + "aliases": [ + "CVE-2019-13209", + "GHSA-xhg2-rvm8-w2jh" + ] + }, + "timestamp": "2024-10-07T11:21:04.245921199Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0755", + "aliases": [ + "CVE-2019-13209", + "GHSA-xhg2-rvm8-w2jh" + ] + }, + "timestamp": "2024-10-07T11:21:04.286544164Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0755", + "aliases": [ + "CVE-2019-13209", + "GHSA-xhg2-rvm8-w2jh" + ] + }, + "timestamp": "2024-10-07T11:21:04.327988489Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0755", + "aliases": [ + "CVE-2019-13209", + "GHSA-xhg2-rvm8-w2jh" + ] + }, + "timestamp": "2024-10-07T11:21:04.370405755Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0968", + "aliases": [ + "CVE-2021-43565", + "GHSA-gwc9-m7rh-j2ww" + ] + }, + "timestamp": "2024-10-07T11:21:04.588806459Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0969", + "aliases": [ + "CVE-2022-27664", + "GHSA-69cg-p879-7622" + ] + }, + "timestamp": "2024-10-07T11:21:04.670770736Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0969", + "aliases": [ + "CVE-2022-27664", + "GHSA-69cg-p879-7622" + ] + }, + "timestamp": "2024-10-07T11:21:04.712971104Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-1059", + "aliases": [ + "CVE-2022-32149", + "GHSA-69ch-w2m2-3vjp" + ] + }, + "timestamp": "2024-10-07T11:21:04.931111873Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/text@v0.3.5" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-1059", + "aliases": [ + "CVE-2022-32149", + "GHSA-69ch-w2m2-3vjp" + ] + }, + "timestamp": "2024-10-07T11:21:04.973314828Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/text@v0.3.7" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-1144", + "aliases": [ + "CVE-2022-41717", + "GHSA-xrjj-mj9h-534m" + ] + }, + "timestamp": "2024-10-07T11:21:05.220781224Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-1144", + "aliases": [ + "CVE-2022-41717", + "GHSA-xrjj-mj9h-534m" + ] + }, + "timestamp": "2024-10-07T11:21:05.262197522Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1495", + "aliases": [ + "CVE-2022-41721", + "GHSA-fxg5-wq6x-vr4w" + ] + }, + "timestamp": "2024-10-07T11:21:05.651077733Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1495", + "aliases": [ + "CVE-2022-41721", + "GHSA-fxg5-wq6x-vr4w" + ] + }, + "timestamp": "2024-10-07T11:21:05.69407781Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1515", + "aliases": [ + "CVE-2022-43756", + "GHSA-8fcj-gf77-47mg" + ] + }, + "timestamp": "2024-10-07T11:21:06.062320741Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/wrangler@v0.8.11-0.20220217210408-3ecd23dfea3b" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1515", + "aliases": [ + "CVE-2022-43756", + "GHSA-8fcj-gf77-47mg" + ] + }, + "timestamp": "2024-10-07T11:21:06.103922191Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/wrangler@v0.8.7" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1519", + "aliases": [ + "CVE-2022-31249", + "GHSA-qrg7-hfx7-95c5" + ] + }, + "timestamp": "2024-10-07T11:21:06.440631213Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/wrangler@v0.8.11-0.20220217210408-3ecd23dfea3b" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1519", + "aliases": [ + "CVE-2022-31249", + "GHSA-qrg7-hfx7-95c5" + ] + }, + "timestamp": "2024-10-07T11:21:06.483277723Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/wrangler@v0.8.7" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1546", + "aliases": [ + "CVE-2023-25151", + "GHSA-5r5m-65gx-7vrh" + ] + }, + "timestamp": "2024-10-07T11:21:06.820496807Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1573", + "aliases": [ + "CVE-2023-25153", + "GHSA-259w-8hf6-59c2" + ] + }, + "timestamp": "2024-10-07T11:21:07.082341796Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.4.4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1574", + "aliases": [ + "CVE-2023-25173", + "GHSA-hmfx-3pcx-653p" + ] + }, + "timestamp": "2024-10-07T11:21:07.13450601Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.4.4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1628", + "aliases": [ + "CVE-2022-3162", + "GHSA-2394-5535-8j88" + ] + }, + "timestamp": "2024-10-07T11:21:07.259506425Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.21.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1629", + "aliases": [ + "CVE-2022-3294", + "GHSA-jh36-q97c-9928" + ] + }, + "timestamp": "2024-10-07T11:21:07.385408184Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.21.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1631", + "aliases": [ + "CVE-2023-24535", + "GHSA-hw7c-3rfg-p46j" + ] + }, + "timestamp": "2024-10-07T11:21:07.760512285Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/protobuf@v1.26.0-rc.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1631", + "aliases": [ + "CVE-2023-24535", + "GHSA-hw7c-3rfg-p46j" + ] + }, + "timestamp": "2024-10-07T11:21:07.802393592Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1699", + "aliases": [ + "CVE-2023-28840", + "GHSA-232p-vwff-86mp" + ] + }, + "timestamp": "2024-10-07T11:21:07.928242914Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1699", + "aliases": [ + "CVE-2023-28840", + "GHSA-232p-vwff-86mp" + ] + }, + "timestamp": "2024-10-07T11:21:07.970576711Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1700", + "aliases": [ + "CVE-2023-28841", + "GHSA-33pg-m6jh-5237" + ] + }, + "timestamp": "2024-10-07T11:21:08.219773301Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1700", + "aliases": [ + "CVE-2023-28841", + "GHSA-33pg-m6jh-5237" + ] + }, + "timestamp": "2024-10-07T11:21:08.261355247Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1701", + "aliases": [ + "CVE-2023-28842", + "GHSA-6wrf-mxfj-pf5p" + ] + }, + "timestamp": "2024-10-07T11:21:08.509267084Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1701", + "aliases": [ + "CVE-2023-28842", + "GHSA-6wrf-mxfj-pf5p" + ] + }, + "timestamp": "2024-10-07T11:21:08.551670562Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1864", + "aliases": [ + "CVE-2023-2431", + "GHSA-xc8m-28vv-4pjc" + ] + }, + "timestamp": "2024-10-07T11:21:08.841032389Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1891", + "aliases": [ + "CVE-2023-2727", + "GHSA-qc2g-gmh6-95p4" + ] + }, + "timestamp": "2024-10-07T11:21:08.965615138Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1892", + "aliases": [ + "CVE-2023-2728", + "GHSA-cgcv-5272-97pr" + ] + }, + "timestamp": "2024-10-07T11:21:09.101422797Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1973", + "aliases": [ + "CVE-2017-7297", + "GHSA-w3x4-9854-95x8" + ] + }, + "timestamp": "2024-10-07T11:21:09.346715724Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1973", + "aliases": [ + "CVE-2017-7297", + "GHSA-w3x4-9854-95x8" + ] + }, + "timestamp": "2024-10-07T11:21:09.389227817Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1973", + "aliases": [ + "CVE-2017-7297", + "GHSA-w3x4-9854-95x8" + ] + }, + "timestamp": "2024-10-07T11:21:09.43232075Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1973", + "aliases": [ + "CVE-2017-7297", + "GHSA-w3x4-9854-95x8" + ] + }, + "timestamp": "2024-10-07T11:21:09.475193022Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1973", + "aliases": [ + "CVE-2017-7297", + "GHSA-w3x4-9854-95x8" + ] + }, + "timestamp": "2024-10-07T11:21:09.517677649Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1988", + "aliases": [ + "CVE-2023-3978", + "GHSA-2wrh-6pvc-2jm9" + ] + }, + "timestamp": "2024-10-07T11:21:09.986249914Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1988", + "aliases": [ + "CVE-2023-3978", + "GHSA-2wrh-6pvc-2jm9" + ] + }, + "timestamp": "2024-10-07T11:21:10.028542301Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1988", + "aliases": [ + "CVE-2023-3978", + "GHSA-2wrh-6pvc-2jm9" + ] + }, + "timestamp": "2024-10-07T11:21:10.070005846Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.12.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2048", + "aliases": [ + "GHSA-6xv5-86q9-7xr8" + ] + }, + "timestamp": "2024-10-07T11:21:10.205281527Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.2.2" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2048", + "aliases": [ + "GHSA-6xv5-86q9-7xr8" + ] + }, + "timestamp": "2024-10-07T11:21:10.248010862Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.2.3" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2102", + "aliases": [ + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" + ] + }, + "timestamp": "2024-10-07T11:21:10.583452578Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2102", + "aliases": [ + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" + ] + }, + "timestamp": "2024-10-07T11:21:10.625247003Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2102", + "aliases": [ + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" + ] + }, + "timestamp": "2024-10-07T11:21:10.666323793Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.12.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2113", + "aliases": [ + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" + ] + }, + "timestamp": "2024-10-07T11:21:11.119511888Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2153", + "aliases": [ + "GHSA-m425-mq94-257g" + ] + }, + "timestamp": "2024-10-07T11:21:11.53331024Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.34.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2153", + "aliases": [ + "GHSA-m425-mq94-257g" + ] + }, + "timestamp": "2024-10-07T11:21:11.574518832Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.40.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2153", + "aliases": [ + "GHSA-m425-mq94-257g" + ] + }, + "timestamp": "2024-10-07T11:21:11.616660769Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.56.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2170", + "aliases": [ + "CVE-2023-3955", + "GHSA-q78c-gwqw-jcmc" + ] + }, + "timestamp": "2024-10-07T11:21:11.831522097Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.10" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2330", + "aliases": [ + "CVE-2023-3676", + "GHSA-7fxm-f474-hf8w" + ] + }, + "timestamp": "2024-10-07T11:21:12.049647853Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.10" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2341", + "aliases": [ + "CVE-2023-5528", + "GHSA-hq6q-c2x6-hmch" + ] + }, + "timestamp": "2024-10-07T11:21:12.435989363Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.10" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:13.130453959Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:13.169453043Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.11.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2412", + "aliases": [ + "GHSA-7ww5-4wqc-m92c" + ] + }, + "timestamp": "2024-10-07T11:21:13.37022908Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.4.4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2412", + "aliases": [ + "GHSA-7ww5-4wqc-m92c" + ] + }, + "timestamp": "2024-10-07T11:21:13.409954807Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.6.18" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2500", + "aliases": [ + "CVE-2021-41091", + "GHSA-3fwx-pjgw-3558" + ] + }, + "timestamp": "2024-10-07T11:21:13.523949475Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2512", + "aliases": [ + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" + ] + }, + "timestamp": "2024-10-07T11:21:13.867000499Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2512", + "aliases": [ + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" + ] + }, + "timestamp": "2024-10-07T11:21:13.906054529Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2512", + "aliases": [ + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" + ] + }, + "timestamp": "2024-10-07T11:21:13.945888096Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2534", + "aliases": [ + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" + ] + }, + "timestamp": "2024-10-07T11:21:14.532036354Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20210922180056-297b6df8d714" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2534", + "aliases": [ + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" + ] + }, + "timestamp": "2024-10-07T11:21:14.570579954Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20220125032650-a2ef3682eca9" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2534", + "aliases": [ + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" + ] + }, + "timestamp": "2024-10-07T11:21:14.60947433Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20230515173455-c3b182bdbf7d" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2534", + "aliases": [ + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" + ] + }, + "timestamp": "2024-10-07T11:21:14.64857176Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20240205154815-a3b9e3721c1b" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2536", + "aliases": [ + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" + ] + }, + "timestamp": "2024-10-07T11:21:14.893353621Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20210608202517-59b3523c3133" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2536", + "aliases": [ + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" + ] + }, + "timestamp": "2024-10-07T11:21:14.937546335Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20220107203912-4feb41eafabd" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2536", + "aliases": [ + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" + ] + }, + "timestamp": "2024-10-07T11:21:14.980409842Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20230426211126-d3552b018687" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2536", + "aliases": [ + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" + ] + }, + "timestamp": "2024-10-07T11:21:15.020678878Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20240205154641-a6a6cf569608" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2611", + "aliases": [ + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" + ] + }, + "timestamp": "2024-10-07T11:21:15.952411706Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/protobuf@v1.26.0-rc.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2611", + "aliases": [ + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" + ] + }, + "timestamp": "2024-10-07T11:21:15.997827356Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2611", + "aliases": [ + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" + ] + }, + "timestamp": "2024-10-07T11:21:16.042942517Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2611", + "aliases": [ + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" + ] + }, + "timestamp": "2024-10-07T11:21:16.087189104Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/protobuf@v1.32.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2659", + "aliases": [ + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" + ] + }, + "timestamp": "2024-10-07T11:21:16.674067333Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2659", + "aliases": [ + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" + ] + }, + "timestamp": "2024-10-07T11:21:16.717802979Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2659", + "aliases": [ + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" + ] + }, + "timestamp": "2024-10-07T11:21:16.761447909Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2737", + "aliases": [ + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" + ] + }, + "timestamp": "2024-10-07T11:21:17.560814931Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2737", + "aliases": [ + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" + ] + }, + "timestamp": "2024-10-07T11:21:17.60515592Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2737", + "aliases": [ + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" + ] + }, + "timestamp": "2024-10-07T11:21:17.647826374Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2746", + "aliases": [ + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" + ] + }, + "timestamp": "2024-10-07T11:21:18.441152288Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.21.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2746", + "aliases": [ + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" + ] + }, + "timestamp": "2024-10-07T11:21:18.483669831Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.22.3" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2746", + "aliases": [ + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" + ] + }, + "timestamp": "2024-10-07T11:21:18.52462133Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2746", + "aliases": [ + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" + ] + }, + "timestamp": "2024-10-07T11:21:18.567839421Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.10" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2762", + "aliases": [ + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" + ] + }, + "timestamp": "2024-10-07T11:21:19.004860901Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2762", + "aliases": [ + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" + ] + }, + "timestamp": "2024-10-07T11:21:19.048662051Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2762", + "aliases": [ + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" + ] + }, + "timestamp": "2024-10-07T11:21:19.092067346Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2762", + "aliases": [ + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" + ] + }, + "timestamp": "2024-10-07T11:21:19.134993446Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2762", + "aliases": [ + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" + ] + }, + "timestamp": "2024-10-07T11:21:19.178513258Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2764", + "aliases": [ + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" + ] + }, + "timestamp": "2024-10-07T11:21:19.440652715Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2764", + "aliases": [ + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" + ] + }, + "timestamp": "2024-10-07T11:21:19.487631494Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2764", + "aliases": [ + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" + ] + }, + "timestamp": "2024-10-07T11:21:19.531738598Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2764", + "aliases": [ + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" + ] + }, + "timestamp": "2024-10-07T11:21:19.575624463Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2764", + "aliases": [ + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" + ] + }, + "timestamp": "2024-10-07T11:21:19.619191356Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2768", + "aliases": [ + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-09-19T10:47:12.991539361Z", + "timestamp": "2024-10-07T11:21:19.87866845Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.30.3" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" } ] } @@ -77,19 +2837,19 @@ }, { "vulnerability": { - "name": "GO-2022-0644", + "name": "GO-2024-2768", "aliases": [ - "CVE-2018-20321", - "GHSA-9qq2-xhmc-h9qr" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-09-19T10:47:13.687484459Z", + "timestamp": "2024-10-07T11:21:19.92087625Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" } ] } @@ -100,21 +2860,19 @@ }, { "vulnerability": { - "name": "GO-2022-0646", + "name": "GO-2024-2768", "aliases": [ - "CVE-2020-8911", - "CVE-2020-8912", - "GHSA-7f33-f4f5-xwgw", - "GHSA-f5pg-7wfw-84q9" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-09-19T10:47:13.928450046Z", + "timestamp": "2024-10-07T11:21:19.965426116Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/aws/aws-sdk-go@v1.50.38" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" } ] } @@ -125,13 +2883,36 @@ }, { "vulnerability": { - "name": "GO-2022-0755", + "name": "GO-2024-2768", "aliases": [ - "CVE-2019-13209", - "GHSA-xhg2-rvm8-w2jh" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" + ] + }, + "timestamp": "2024-10-07T11:21:20.009529604Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2768", + "aliases": [ + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-09-19T10:47:14.524734148Z", + "timestamp": "2024-10-07T11:21:20.05411312Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -148,19 +2929,19 @@ }, { "vulnerability": { - "name": "GO-2023-1699", + "name": "GO-2024-2778", "aliases": [ - "CVE-2023-28840", - "GHSA-232p-vwff-86mp" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-09-19T10:47:17.051487309Z", + "timestamp": "2024-10-07T11:21:20.328549399Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" } ] } @@ -171,19 +2952,19 @@ }, { "vulnerability": { - "name": "GO-2023-1700", + "name": "GO-2024-2778", "aliases": [ - "CVE-2023-28841", - "GHSA-33pg-m6jh-5237" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-09-19T10:47:17.353538287Z", + "timestamp": "2024-10-07T11:21:20.373801285Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" } ] } @@ -194,19 +2975,19 @@ }, { "vulnerability": { - "name": "GO-2023-1701", + "name": "GO-2024-2778", "aliases": [ - "CVE-2023-28842", - "GHSA-6wrf-mxfj-pf5p" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-09-19T10:47:17.625986539Z", + "timestamp": "2024-10-07T11:21:20.416754165Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" } ] } @@ -217,13 +2998,36 @@ }, { "vulnerability": { - "name": "GO-2023-1973", + "name": "GO-2024-2778", "aliases": [ - "CVE-2017-7297", - "GHSA-w3x4-9854-95x8" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" + ] + }, + "timestamp": "2024-10-07T11:21:20.460819032Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2778", + "aliases": [ + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-09-19T10:47:18.403521881Z", + "timestamp": "2024-10-07T11:21:20.50566002Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -240,19 +3044,19 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2784", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-09-19T10:47:22.10106252Z", + "timestamp": "2024-10-07T11:21:20.767394871Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" } ] } @@ -263,19 +3067,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2784", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-09-19T10:47:24.39943713Z", + "timestamp": "2024-10-07T11:21:20.81099598Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" } ] } @@ -286,19 +3090,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2784", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-09-19T10:47:25.265290037Z", + "timestamp": "2024-10-07T11:21:20.854462612Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" } ] } @@ -309,19 +3113,19 @@ }, { "vulnerability": { - "name": "GO-2024-2762", + "name": "GO-2024-2784", "aliases": [ - "CVE-2019-12303", - "GHSA-53pj-67m4-9w98" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-09-19T10:47:26.315883374Z", + "timestamp": "2024-10-07T11:21:20.897695495Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" } ] } @@ -332,13 +3136,13 @@ }, { "vulnerability": { - "name": "GO-2024-2764", + "name": "GO-2024-2784", "aliases": [ - "CVE-2019-6287", - "GHSA-6r7x-4q7g-h83j" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-09-19T10:47:26.603407308Z", + "timestamp": "2024-10-07T11:21:20.940762833Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -355,19 +3159,18 @@ }, { "vulnerability": { - "name": "GO-2024-2768", + "name": "GO-2024-2846", "aliases": [ - "CVE-2021-25318", - "GHSA-f9xf-jq4j-vqw4" + "GHSA-c9cp-9c75-9v8c" ] }, - "timestamp": "2024-09-19T10:47:26.894516594Z", + "timestamp": "2024-10-07T11:21:21.004785105Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/containerd/containerd@v1.4.4" } ] } @@ -378,19 +3181,19 @@ }, { "vulnerability": { - "name": "GO-2024-2778", + "name": "GO-2024-2912", "aliases": [ - "CVE-2021-31999", - "GHSA-pvxj-25m6-7vqr" + "CVE-2021-41092", + "GHSA-99pg-grm5-qq3v" ] }, - "timestamp": "2024-09-19T10:47:27.187283403Z", + "timestamp": "2024-10-07T11:21:21.048591913Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/docker/cli@v20.10.3+incompatible" } ] } @@ -401,19 +3204,129 @@ }, { "vulnerability": { - "name": "GO-2024-2784", + "name": "GO-2024-2913", "aliases": [ - "CVE-2019-11202", - "GHSA-xh8x-j8h3-m5ph" + "CVE-2021-41089", + "GHSA-v994-f8vw-g7j4" ] }, - "timestamp": "2024-09-19T10:47:27.517226135Z", + "timestamp": "2024-10-07T11:21:21.091897085Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2961", + "aliases": [ + "CVE-2022-30636" + ] + }, + "timestamp": "2024-10-07T11:21:21.376427727Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2978", + "aliases": [ + "GHSA-xr7q-jx4m-x55m" + ] + }, + "timestamp": "2024-10-07T11:21:21.548186235Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.34.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2978", + "aliases": [ + "GHSA-xr7q-jx4m-x55m" + ] + }, + "timestamp": "2024-10-07T11:21:21.591623675Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.40.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2978", + "aliases": [ + "GHSA-xr7q-jx4m-x55m" + ] + }, + "timestamp": "2024-10-07T11:21:21.635429126Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.56.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-3005", + "aliases": [ + "CVE-2024-41110" + ] + }, + "timestamp": "2024-10-07T11:21:22.127061835Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" } ] } @@ -429,7 +3342,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-09-19T10:47:28.516403663Z", + "timestamp": "2024-10-07T11:21:22.17004009Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -443,6 +3356,28 @@ "status": "not_affected", "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-3005", + "aliases": [ + "CVE-2024-41110" + ] + }, + "timestamp": "2024-10-07T11:21:22.213297279Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" } ] } diff --git a/reports/rancher.openvex.json b/reports/rancher.openvex.json index d55527c..b013349 100644 --- a/reports/rancher.openvex.json +++ b/reports/rancher.openvex.json @@ -2,7 +2,7 @@ "@context": "https://openvex.dev/ns/v0.2.0", "@id": "merged-vex-d227f62006c34753554f89a6fe094199f431d8d8bc563672aa44fb4f4198f528", "author": "Rancher Security team", - "timestamp": "2024-10-03T18:31:21.590724028Z", + "timestamp": "2024-10-07T11:21:23.486235653Z", "version": 1, "statements": [ { @@ -13,7 +13,7 @@ "GO-2023-1991" ] }, - "timestamp": "2024-10-03T18:31:02.536455965Z", + "timestamp": "2024-10-07T11:20:59.161469368Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -36,7 +36,7 @@ "GO-2024-2760" ] }, - "timestamp": "2024-10-03T18:31:02.576732645Z", + "timestamp": "2024-10-07T11:20:59.203091671Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -55,7 +55,7 @@ "vulnerability": { "name": "CVE-2023-2253" }, - "timestamp": "2024-10-03T18:31:02.618439566Z", + "timestamp": "2024-10-07T11:20:59.246035581Z", "products": [ { "@id": "pkg:golang/k8s.io/kubernetes", @@ -74,7 +74,7 @@ "vulnerability": { "name": "CVE-2023-39325" }, - "timestamp": "2024-10-03T18:31:02.660406553Z", + "timestamp": "2024-10-07T11:20:59.289240954Z", "products": [ { "@id": "pkg:golang/github.com/kubernetes-sigs/cri-tools", @@ -93,7 +93,7 @@ "vulnerability": { "name": "CVE-2023-39325" }, - "timestamp": "2024-10-03T18:31:02.701756562Z", + "timestamp": "2024-10-07T11:20:59.330894535Z", "products": [ { "@id": "pkg:golang/github.com/kubernetes-sigs/cri-tools", @@ -112,7 +112,7 @@ "vulnerability": { "name": "CVE-2023-39325" }, - "timestamp": "2024-10-03T18:31:02.743854127Z", + "timestamp": "2024-10-07T11:20:59.373195914Z", "products": [ { "@id": "pkg:golang/github.com/opencontainers/runc", @@ -131,7 +131,7 @@ "vulnerability": { "name": "CVE-2023-45142" }, - "timestamp": "2024-10-03T18:31:02.785505942Z", + "timestamp": "2024-10-07T11:20:59.415293572Z", "products": [ { "@id": "pkg:golang/github.com/kubernetes-sigs/cri-tools", @@ -150,7 +150,7 @@ "vulnerability": { "name": "CVE-2023-45142" }, - "timestamp": "2024-10-03T18:31:02.825529151Z", + "timestamp": "2024-10-07T11:20:59.456194161Z", "products": [ { "@id": "pkg:golang/k8s.io/kubernetes", @@ -169,7 +169,7 @@ "vulnerability": { "name": "CVE-2023-45142" }, - "timestamp": "2024-10-03T18:31:02.867382132Z", + "timestamp": "2024-10-07T11:20:59.497792498Z", "products": [ { "@id": "pkg:golang/k8s.io/kubernetes", @@ -188,7 +188,7 @@ "vulnerability": { "name": "CVE-2023-45142" }, - "timestamp": "2024-10-03T18:31:02.910861029Z", + "timestamp": "2024-10-07T11:20:59.539438445Z", "products": [ { "@id": "pkg:golang/k8s.io/kubernetes", @@ -207,7 +207,7 @@ "vulnerability": { "name": "CVE-2023-47108" }, - "timestamp": "2024-10-03T18:31:02.952523399Z", + "timestamp": "2024-10-07T11:20:59.58280665Z", "products": [ { "@id": "pkg:golang/github.com/containerd/containerd", @@ -226,7 +226,7 @@ "vulnerability": { "name": "CVE-2023-47108" }, - "timestamp": "2024-10-03T18:31:02.994109347Z", + "timestamp": "2024-10-07T11:20:59.631461952Z", "products": [ { "@id": "pkg:golang/github.com/kubernetes-sigs/cri-tools", @@ -245,7 +245,7 @@ "vulnerability": { "name": "CVE-2023-47108" }, - "timestamp": "2024-10-03T18:31:03.035289355Z", + "timestamp": "2024-10-07T11:20:59.674074795Z", "products": [ { "@id": "pkg:golang/github.com/kubernetes-sigs/cri-tools", @@ -264,7 +264,7 @@ "vulnerability": { "name": "CVE-2023-47108" }, - "timestamp": "2024-10-03T18:31:03.076441254Z", + "timestamp": "2024-10-07T11:20:59.716187078Z", "products": [ { "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", @@ -283,7 +283,7 @@ "vulnerability": { "name": "CVE-2023-47108" }, - "timestamp": "2024-10-03T18:31:03.1219287Z", + "timestamp": "2024-10-07T11:20:59.758636563Z", "products": [ { "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", @@ -302,7 +302,7 @@ "vulnerability": { "name": "CVE-2023-47108" }, - "timestamp": "2024-10-03T18:31:03.170267275Z", + "timestamp": "2024-10-07T11:20:59.801033571Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rke2", @@ -321,7 +321,7 @@ "vulnerability": { "name": "CVE-2023-47108" }, - "timestamp": "2024-10-03T18:31:03.21159913Z", + "timestamp": "2024-10-07T11:20:59.842110197Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rke2", @@ -340,7 +340,7 @@ "vulnerability": { "name": "CVE-2023-47108" }, - "timestamp": "2024-10-03T18:31:03.255744557Z", + "timestamp": "2024-10-07T11:20:59.883953933Z", "products": [ { "@id": "pkg:golang/github.com/rancher/webhook", @@ -359,7 +359,7 @@ "vulnerability": { "name": "CVE-2023-47108" }, - "timestamp": "2024-10-03T18:31:03.29755769Z", + "timestamp": "2024-10-07T11:20:59.928180374Z", "products": [ { "@id": "pkg:golang/k8s.io/kubernetes", @@ -378,7 +378,7 @@ "vulnerability": { "name": "CVE-2023-47108" }, - "timestamp": "2024-10-03T18:31:03.339753615Z", + "timestamp": "2024-10-07T11:20:59.969064375Z", "products": [ { "@id": "pkg:golang/k8s.io/kubernetes", @@ -397,7 +397,7 @@ "vulnerability": { "name": "CVE-2024-21626" }, - "timestamp": "2024-10-03T18:31:03.382905931Z", + "timestamp": "2024-10-07T11:21:00.010470745Z", "products": [ { "@id": "pkg:golang/k8s.io/kubernetes", @@ -416,7 +416,7 @@ "vulnerability": { "name": "CVE-2024-21626" }, - "timestamp": "2024-10-03T18:31:03.436983661Z", + "timestamp": "2024-10-07T11:21:00.053984339Z", "products": [ { "@id": "pkg:golang/k8s.io/kubernetes", @@ -435,7 +435,7 @@ "vulnerability": { "name": "CVE-2024-21626" }, - "timestamp": "2024-10-03T18:31:03.478798128Z", + "timestamp": "2024-10-07T11:21:00.095640743Z", "products": [ { "@id": "pkg:golang/k8s.io/kubernetes", @@ -454,7 +454,7 @@ "vulnerability": { "name": "CVE-2024-41110" }, - "timestamp": "2024-10-03T18:31:03.521572529Z", + "timestamp": "2024-10-07T11:21:00.137200455Z", "products": [ { "@id": "pkg:golang/github.com/kubernetes-sigs/cri-tools", @@ -473,7 +473,7 @@ "vulnerability": { "name": "CVE-2024-41110" }, - "timestamp": "2024-10-03T18:31:03.565123552Z", + "timestamp": "2024-10-07T11:21:00.17975168Z", "products": [ { "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", @@ -492,7 +492,7 @@ "vulnerability": { "name": "CVE-2024-41110" }, - "timestamp": "2024-10-03T18:31:03.607024547Z", + "timestamp": "2024-10-07T11:21:00.221806973Z", "products": [ { "@id": "pkg:golang/helm.sh/helm/v3", @@ -511,7 +511,7 @@ "vulnerability": { "name": "GHSA-m425-mq94-257g" }, - "timestamp": "2024-10-03T18:31:03.648322018Z", + "timestamp": "2024-10-07T11:21:00.263610171Z", "products": [ { "@id": "pkg:golang/github.com/kubernetes-sigs/cri-tools", @@ -530,7 +530,7 @@ "vulnerability": { "name": "GHSA-m425-mq94-257g" }, - "timestamp": "2024-10-03T18:31:03.689044236Z", + "timestamp": "2024-10-07T11:21:00.305629693Z", "products": [ { "@id": "pkg:golang/github.com/kubernetes-sigs/cri-tools", @@ -549,7 +549,7 @@ "vulnerability": { "name": "GHSA-m425-mq94-257g" }, - "timestamp": "2024-10-03T18:31:03.732630639Z", + "timestamp": "2024-10-07T11:21:00.348866436Z", "products": [ { "@id": "pkg:golang/github.com/rancher/confd", @@ -572,7 +572,7 @@ "GHSA-8mjg-8c8g-6h85" ] }, - "timestamp": "2024-10-03T18:31:03.776410731Z", + "timestamp": "2024-10-07T11:21:00.39211388Z", "products": [ { "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", @@ -595,7 +595,7 @@ "GHSA-h62f-wm92-2cmw" ] }, - "timestamp": "2024-10-03T18:31:03.818432528Z", + "timestamp": "2024-10-07T11:21:00.43486274Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -618,7 +618,7 @@ "GHSA-ppp9-7jff-5vj2" ] }, - "timestamp": "2024-10-03T18:31:03.860258253Z", + "timestamp": "2024-10-07T11:21:00.477778373Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -641,7 +641,30 @@ "GHSA-ppp9-7jff-5vj2" ] }, - "timestamp": "2024-10-03T18:31:03.90581359Z", + "timestamp": "2024-10-07T11:21:00.521923898Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/text@v0.3.5" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2021-0113", + "aliases": [ + "CVE-2021-38561", + "GHSA-ppp9-7jff-5vj2" + ] + }, + "timestamp": "2024-10-07T11:21:00.564065803Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -664,7 +687,7 @@ "GHSA-83g2-8m93-v3w7" ] }, - "timestamp": "2024-10-03T18:31:03.949326983Z", + "timestamp": "2024-10-07T11:21:00.605807661Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -679,6 +702,29 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2021-0238", + "aliases": [ + "CVE-2021-33194", + "GHSA-83g2-8m93-v3w7" + ] + }, + "timestamp": "2024-10-07T11:21:00.646140654Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2021-0356", @@ -687,7 +733,7 @@ "GHSA-8c26-wmh5-6g9v" ] }, - "timestamp": "2024-10-03T18:31:03.998534112Z", + "timestamp": "2024-10-07T11:21:00.688822708Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -710,7 +756,7 @@ "GHSA-8c26-wmh5-6g9v" ] }, - "timestamp": "2024-10-03T18:31:04.040223123Z", + "timestamp": "2024-10-07T11:21:00.730322401Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -733,7 +779,7 @@ "GHSA-8c26-wmh5-6g9v" ] }, - "timestamp": "2024-10-03T18:31:04.083110765Z", + "timestamp": "2024-10-07T11:21:00.772683554Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -748,6 +794,29 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2021-0356", + "aliases": [ + "CVE-2022-27191", + "GHSA-8c26-wmh5-6g9v" + ] + }, + "timestamp": "2024-10-07T11:21:00.814602587Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2022-0274", @@ -756,7 +825,7 @@ "GHSA-v95c-p5hm-xq8f" ] }, - "timestamp": "2024-10-03T18:31:04.125107611Z", + "timestamp": "2024-10-07T11:21:00.856420459Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -771,6 +840,75 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2022-0278", + "aliases": [ + "CVE-2021-43816", + "GHSA-mvff-h3cj-wj9c" + ] + }, + "timestamp": "2024-10-07T11:21:00.909356013Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.4.4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0288", + "aliases": [ + "CVE-2021-44716", + "GHSA-vc3p-29h2-gpcp" + ] + }, + "timestamp": "2024-10-07T11:21:00.951096774Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0288", + "aliases": [ + "CVE-2021-44716", + "GHSA-vc3p-29h2-gpcp" + ] + }, + "timestamp": "2024-10-07T11:21:00.992657675Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2022-0288", @@ -779,7 +917,7 @@ "GHSA-vc3p-29h2-gpcp" ] }, - "timestamp": "2024-10-03T18:31:04.178598598Z", + "timestamp": "2024-10-07T11:21:01.034307227Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -794,6 +932,74 @@ "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2022-0322", + "aliases": [ + "CVE-2022-21698", + "GHSA-cg3q-j54f-5p7p" + ] + }, + "timestamp": "2024-10-07T11:21:01.076806793Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/prometheus/client_golang@v1.11.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0322", + "aliases": [ + "CVE-2022-21698", + "GHSA-cg3q-j54f-5p7p" + ] + }, + "timestamp": "2024-10-07T11:21:01.118334128Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/prometheus/client_golang@v1.9.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0379", + "aliases": [ + "GHSA-qq97-vm5h-rrhg" + ] + }, + "timestamp": "2024-10-07T11:21:01.181298944Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/distribution@v2.7.1+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2022-0379", @@ -801,7 +1007,7 @@ "GHSA-qq97-vm5h-rrhg" ] }, - "timestamp": "2024-10-03T18:31:04.242370929Z", + "timestamp": "2024-10-07T11:21:01.223777686Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -823,7 +1029,7 @@ "GHSA-qq97-vm5h-rrhg" ] }, - "timestamp": "2024-10-03T18:31:04.285900294Z", + "timestamp": "2024-10-07T11:21:01.266020073Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -846,7 +1052,7 @@ "GHSA-p782-xgp4-8hr8" ] }, - "timestamp": "2024-10-03T18:31:04.339446783Z", + "timestamp": "2024-10-07T11:21:01.319545544Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -869,7 +1075,7 @@ "GHSA-p782-xgp4-8hr8" ] }, - "timestamp": "2024-10-03T18:31:04.38119586Z", + "timestamp": "2024-10-07T11:21:01.360501904Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -892,7 +1098,7 @@ "GHSA-p782-xgp4-8hr8" ] }, - "timestamp": "2024-10-03T18:31:04.422816776Z", + "timestamp": "2024-10-07T11:21:01.401865526Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -915,7 +1121,7 @@ "GHSA-p782-xgp4-8hr8" ] }, - "timestamp": "2024-10-03T18:31:04.463341283Z", + "timestamp": "2024-10-07T11:21:01.442422233Z", "products": [ { "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", @@ -938,7 +1144,7 @@ "GHSA-p782-xgp4-8hr8" ] }, - "timestamp": "2024-10-03T18:31:04.504430813Z", + "timestamp": "2024-10-07T11:21:01.483289293Z", "products": [ { "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", @@ -961,7 +1167,53 @@ "GHSA-p782-xgp4-8hr8" ] }, - "timestamp": "2024-10-03T18:31:04.545587036Z", + "timestamp": "2024-10-07T11:21:01.524741395Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/sys@v0.0.0-20210615035016-665e8c7367d1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0493", + "aliases": [ + "CVE-2022-29526", + "GHSA-p782-xgp4-8hr8" + ] + }, + "timestamp": "2024-10-07T11:21:01.565480756Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/sys@v0.0.0-20211013075003-97ac67df715c" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0493", + "aliases": [ + "CVE-2022-29526", + "GHSA-p782-xgp4-8hr8" + ] + }, + "timestamp": "2024-10-07T11:21:01.606768052Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -984,7 +1236,7 @@ "GHSA-hp87-p4gw-j4gq" ] }, - "timestamp": "2024-10-03T18:31:04.588036451Z", + "timestamp": "2024-10-07T11:21:01.647713512Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -1007,7 +1259,7 @@ "GHSA-hp87-p4gw-j4gq" ] }, - "timestamp": "2024-10-03T18:31:04.631010936Z", + "timestamp": "2024-10-07T11:21:01.690864558Z", "products": [ { "@id": "pkg:golang/github.com/harvester/vm-import-controller", @@ -1030,7 +1282,7 @@ "GHSA-hp87-p4gw-j4gq" ] }, - "timestamp": "2024-10-03T18:31:04.672693204Z", + "timestamp": "2024-10-07T11:21:01.732702689Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -1053,7 +1305,30 @@ "GHSA-hp87-p4gw-j4gq" ] }, - "timestamp": "2024-10-03T18:31:04.714320817Z", + "timestamp": "2024-10-07T11:21:01.774701899Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0603", + "aliases": [ + "CVE-2022-28948", + "GHSA-hp87-p4gw-j4gq" + ] + }, + "timestamp": "2024-10-07T11:21:01.817401124Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -1076,7 +1351,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:04.757354002Z", + "timestamp": "2024-10-07T11:21:01.860172525Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -1099,7 +1374,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:04.798897041Z", + "timestamp": "2024-10-07T11:21:01.901284188Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -1122,7 +1397,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:04.8411772Z", + "timestamp": "2024-10-07T11:21:01.943997173Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -1145,7 +1420,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:04.882299084Z", + "timestamp": "2024-10-07T11:21:01.985915145Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -1168,7 +1443,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:04.922707401Z", + "timestamp": "2024-10-07T11:21:02.027630983Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -1191,7 +1466,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:04.962965228Z", + "timestamp": "2024-10-07T11:21:02.068801728Z", "products": [ { "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", @@ -1214,7 +1489,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.003425409Z", + "timestamp": "2024-10-07T11:21:02.109812444Z", "products": [ { "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", @@ -1237,7 +1512,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.045062373Z", + "timestamp": "2024-10-07T11:21:02.152936741Z", "products": [ { "@id": "pkg:golang/github.com/rancher/fleet", @@ -1260,7 +1535,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.086365002Z", + "timestamp": "2024-10-07T11:21:02.195905289Z", "products": [ { "@id": "pkg:golang/github.com/rancher/fleet", @@ -1283,7 +1558,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.127669824Z", + "timestamp": "2024-10-07T11:21:02.239552909Z", "products": [ { "@id": "pkg:golang/github.com/rancher/fleet", @@ -1306,13 +1581,13 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.169455473Z", + "timestamp": "2024-10-07T11:21:02.284069129Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.30.3" + "@id": "pkg:golang/k8s.io/kubernetes@v1.21.0" } ] } @@ -1329,13 +1604,13 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.211597418Z", + "timestamp": "2024-10-07T11:21:02.325678458Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.27.4" + "@id": "pkg:golang/k8s.io/kubernetes@v1.22.3" } ] } @@ -1352,13 +1627,13 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.254602401Z", + "timestamp": "2024-10-07T11:21:02.367315288Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.28.6" + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.11" } ] } @@ -1375,13 +1650,13 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.296845575Z", + "timestamp": "2024-10-07T11:21:02.409352138Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.30.1" + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.10" } ] } @@ -1398,10 +1673,102 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.339589445Z", + "timestamp": "2024-10-07T11:21:02.451040008Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.30.3" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0617", + "aliases": [ + "CVE-2020-8562", + "GHSA-qh36-44jv-c8xj" + ] + }, + "timestamp": "2024-10-07T11:21:02.493089634Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rancher", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0617", + "aliases": [ + "CVE-2020-8562", + "GHSA-qh36-44jv-c8xj" + ] + }, + "timestamp": "2024-10-07T11:21:02.533280149Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rancher", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.28.6" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0617", + "aliases": [ + "CVE-2020-8562", + "GHSA-qh36-44jv-c8xj" + ] + }, + "timestamp": "2024-10-07T11:21:02.573978719Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rancher", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.30.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0617", + "aliases": [ + "CVE-2020-8562", + "GHSA-qh36-44jv-c8xj" + ] + }, + "timestamp": "2024-10-07T11:21:02.61564052Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", "subcomponents": [ { "@id": "pkg:golang/k8s.io/kubernetes@v1.27.11" @@ -1421,7 +1788,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.381587115Z", + "timestamp": "2024-10-07T11:21:02.657362955Z", "products": [ { "@id": "pkg:golang/github.com/rancher/system-agent", @@ -1444,7 +1811,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.422836498Z", + "timestamp": "2024-10-07T11:21:02.699206535Z", "products": [ { "@id": "pkg:golang/github.com/rancher/webhook", @@ -1467,7 +1834,7 @@ "GHSA-qh36-44jv-c8xj" ] }, - "timestamp": "2024-10-03T18:31:05.463553275Z", + "timestamp": "2024-10-07T11:21:02.739934858Z", "products": [ { "@id": "pkg:golang/github.com/rancher/webhook", @@ -1490,7 +1857,7 @@ "GHSA-r48q-9g5r-8q2h" ] }, - "timestamp": "2024-10-03T18:31:05.505907124Z", + "timestamp": "2024-10-07T11:21:02.781060247Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -1513,7 +1880,7 @@ "GHSA-r48q-9g5r-8q2h" ] }, - "timestamp": "2024-10-03T18:31:05.548147428Z", + "timestamp": "2024-10-07T11:21:02.823113131Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -1536,7 +1903,7 @@ "GHSA-9qq2-xhmc-h9qr" ] }, - "timestamp": "2024-10-03T18:31:05.590317517Z", + "timestamp": "2024-10-07T11:21:02.865749214Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -1559,7 +1926,7 @@ "GHSA-9qq2-xhmc-h9qr" ] }, - "timestamp": "2024-10-03T18:31:05.631924915Z", + "timestamp": "2024-10-07T11:21:02.907765435Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -1582,7 +1949,7 @@ "GHSA-9qq2-xhmc-h9qr" ] }, - "timestamp": "2024-10-03T18:31:05.674143393Z", + "timestamp": "2024-10-07T11:21:02.950927875Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -1605,7 +1972,7 @@ "GHSA-9qq2-xhmc-h9qr" ] }, - "timestamp": "2024-10-03T18:31:05.717576779Z", + "timestamp": "2024-10-07T11:21:02.994707461Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", @@ -1628,7 +1995,7 @@ "GHSA-9qq2-xhmc-h9qr" ] }, - "timestamp": "2024-10-03T18:31:05.763254781Z", + "timestamp": "2024-10-07T11:21:03.038822047Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-network-controller", @@ -1651,7 +2018,99 @@ "GHSA-9qq2-xhmc-h9qr" ] }, - "timestamp": "2024-10-03T18:31:05.8058179Z", + "timestamp": "2024-10-07T11:21:03.081066637Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0644", + "aliases": [ + "CVE-2018-20321", + "GHSA-9qq2-xhmc-h9qr" + ] + }, + "timestamp": "2024-10-07T11:21:03.123427353Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0644", + "aliases": [ + "CVE-2018-20321", + "GHSA-9qq2-xhmc-h9qr" + ] + }, + "timestamp": "2024-10-07T11:21:03.165397682Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0644", + "aliases": [ + "CVE-2018-20321", + "GHSA-9qq2-xhmc-h9qr" + ] + }, + "timestamp": "2024-10-07T11:21:03.207157682Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0644", + "aliases": [ + "CVE-2018-20321", + "GHSA-9qq2-xhmc-h9qr" + ] + }, + "timestamp": "2024-10-07T11:21:03.249135295Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -1676,7 +2135,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:05.857700503Z", + "timestamp": "2024-10-07T11:21:03.303633998Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -1701,7 +2160,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:05.899086379Z", + "timestamp": "2024-10-07T11:21:03.346152772Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -1726,7 +2185,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:05.942040575Z", + "timestamp": "2024-10-07T11:21:03.389321978Z", "products": [ { "@id": "pkg:golang/github.com/heptiolabs/eventrouter", @@ -1751,7 +2210,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:05.982641476Z", + "timestamp": "2024-10-07T11:21:03.432396487Z", "products": [ { "@id": "pkg:golang/github.com/rancher/fleet", @@ -1776,7 +2235,82 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:06.023514405Z", + "timestamp": "2024-10-07T11:21:03.474297055Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/aws/aws-sdk-go@v1.38.65" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0646", + "aliases": [ + "CVE-2020-8911", + "CVE-2020-8912", + "GHSA-7f33-f4f5-xwgw", + "GHSA-f5pg-7wfw-84q9" + ] + }, + "timestamp": "2024-10-07T11:21:03.516195545Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/aws/aws-sdk-go@v1.44.294" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0646", + "aliases": [ + "CVE-2020-8911", + "CVE-2020-8912", + "GHSA-7f33-f4f5-xwgw", + "GHSA-f5pg-7wfw-84q9" + ] + }, + "timestamp": "2024-10-07T11:21:03.557074985Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/aws/aws-sdk-go@v1.44.322" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0646", + "aliases": [ + "CVE-2020-8911", + "CVE-2020-8912", + "GHSA-7f33-f4f5-xwgw", + "GHSA-f5pg-7wfw-84q9" + ] + }, + "timestamp": "2024-10-07T11:21:03.600216323Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -1801,7 +2335,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:06.066711778Z", + "timestamp": "2024-10-07T11:21:03.642366538Z", "products": [ { "@id": "pkg:golang/github.com/rancher/machine", @@ -1826,7 +2360,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:06.107699543Z", + "timestamp": "2024-10-07T11:21:03.68510633Z", "products": [ { "@id": "pkg:golang/github.com/rancher/machine", @@ -1851,7 +2385,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:06.148915936Z", + "timestamp": "2024-10-07T11:21:03.727230433Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rancher", @@ -1876,7 +2410,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:06.190412445Z", + "timestamp": "2024-10-07T11:21:03.769139733Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rancher", @@ -1901,7 +2435,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:06.234901814Z", + "timestamp": "2024-10-07T11:21:03.810030285Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rancher", @@ -1926,7 +2460,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:06.277514614Z", + "timestamp": "2024-10-07T11:21:03.863350371Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rke2", @@ -1951,7 +2485,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:06.321397283Z", + "timestamp": "2024-10-07T11:21:03.909581487Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rke2", @@ -1976,7 +2510,7 @@ "GHSA-f5pg-7wfw-84q9" ] }, - "timestamp": "2024-10-03T18:31:06.36360645Z", + "timestamp": "2024-10-07T11:21:03.951622802Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -1999,7 +2533,7 @@ "GHSA-xhg2-rvm8-w2jh" ] }, - "timestamp": "2024-10-03T18:31:06.405429951Z", + "timestamp": "2024-10-07T11:21:03.992850354Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -2022,7 +2556,7 @@ "GHSA-xhg2-rvm8-w2jh" ] }, - "timestamp": "2024-10-03T18:31:06.446347889Z", + "timestamp": "2024-10-07T11:21:04.035259622Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -2045,7 +2579,7 @@ "GHSA-xhg2-rvm8-w2jh" ] }, - "timestamp": "2024-10-03T18:31:06.48722007Z", + "timestamp": "2024-10-07T11:21:04.080745977Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2068,7 +2602,7 @@ "GHSA-xhg2-rvm8-w2jh" ] }, - "timestamp": "2024-10-03T18:31:06.529025838Z", + "timestamp": "2024-10-07T11:21:04.121665499Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", @@ -2091,7 +2625,7 @@ "GHSA-xhg2-rvm8-w2jh" ] }, - "timestamp": "2024-10-03T18:31:06.571079333Z", + "timestamp": "2024-10-07T11:21:04.163261124Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-network-controller", @@ -2114,13 +2648,13 @@ "GHSA-xhg2-rvm8-w2jh" ] }, - "timestamp": "2024-10-03T18:31:06.612736399Z", + "timestamp": "2024-10-07T11:21:04.204948709Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" } ] } @@ -2131,19 +2665,19 @@ }, { "vulnerability": { - "name": "GO-2022-0907", + "name": "GO-2022-0755", "aliases": [ - "CVE-2021-25735", - "GHSA-g42g-737j-qx6j" + "CVE-2019-13209", + "GHSA-xhg2-rvm8-w2jh" ] }, - "timestamp": "2024-10-03T18:31:06.686033825Z", + "timestamp": "2024-10-07T11:21:04.245921199Z", "products": [ { - "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.18.19" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" } ] } @@ -2154,13 +2688,105 @@ }, { "vulnerability": { - "name": "GO-2022-0908", + "name": "GO-2022-0755", + "aliases": [ + "CVE-2019-13209", + "GHSA-xhg2-rvm8-w2jh" + ] + }, + "timestamp": "2024-10-07T11:21:04.286544164Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0755", + "aliases": [ + "CVE-2019-13209", + "GHSA-xhg2-rvm8-w2jh" + ] + }, + "timestamp": "2024-10-07T11:21:04.327988489Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0755", + "aliases": [ + "CVE-2019-13209", + "GHSA-xhg2-rvm8-w2jh" + ] + }, + "timestamp": "2024-10-07T11:21:04.370405755Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0907", + "aliases": [ + "CVE-2021-25735", + "GHSA-g42g-737j-qx6j" + ] + }, + "timestamp": "2024-10-07T11:21:04.443814645Z", + "products": [ + { + "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.18.19" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0908", "aliases": [ "CVE-2021-25737", "GHSA-mfv7-gq43-w965" ] }, - "timestamp": "2024-10-03T18:31:06.727915645Z", + "timestamp": "2024-10-07T11:21:04.484623307Z", "products": [ { "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", @@ -2183,7 +2809,7 @@ "GHSA-gwc9-m7rh-j2ww" ] }, - "timestamp": "2024-10-03T18:31:06.790548993Z", + "timestamp": "2024-10-07T11:21:04.54694658Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2198,6 +2824,29 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2022-0968", + "aliases": [ + "CVE-2021-43565", + "GHSA-gwc9-m7rh-j2ww" + ] + }, + "timestamp": "2024-10-07T11:21:04.588806459Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2022-0969", @@ -2206,7 +2855,7 @@ "GHSA-69cg-p879-7622" ] }, - "timestamp": "2024-10-03T18:31:06.831073014Z", + "timestamp": "2024-10-07T11:21:04.628931036Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -2229,7 +2878,53 @@ "GHSA-69cg-p879-7622" ] }, - "timestamp": "2024-10-03T18:31:06.873324681Z", + "timestamp": "2024-10-07T11:21:04.670770736Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0969", + "aliases": [ + "CVE-2022-27664", + "GHSA-69cg-p879-7622" + ] + }, + "timestamp": "2024-10-07T11:21:04.712971104Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-0969", + "aliases": [ + "CVE-2022-27664", + "GHSA-69cg-p879-7622" + ] + }, + "timestamp": "2024-10-07T11:21:04.754807555Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -2252,7 +2947,7 @@ "GHSA-69ch-w2m2-3vjp" ] }, - "timestamp": "2024-10-03T18:31:06.915884498Z", + "timestamp": "2024-10-07T11:21:04.797463445Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2275,7 +2970,7 @@ "GHSA-69ch-w2m2-3vjp" ] }, - "timestamp": "2024-10-03T18:31:06.957788754Z", + "timestamp": "2024-10-07T11:21:04.84577063Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2298,7 +2993,7 @@ "GHSA-69ch-w2m2-3vjp" ] }, - "timestamp": "2024-10-03T18:31:07.005720611Z", + "timestamp": "2024-10-07T11:21:04.888299403Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -2321,7 +3016,53 @@ "GHSA-69ch-w2m2-3vjp" ] }, - "timestamp": "2024-10-03T18:31:07.046222193Z", + "timestamp": "2024-10-07T11:21:04.931111873Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/text@v0.3.5" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-1059", + "aliases": [ + "CVE-2022-32149", + "GHSA-69ch-w2m2-3vjp" + ] + }, + "timestamp": "2024-10-07T11:21:04.973314828Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/text@v0.3.7" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-1059", + "aliases": [ + "CVE-2022-32149", + "GHSA-69ch-w2m2-3vjp" + ] + }, + "timestamp": "2024-10-07T11:21:05.014654446Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -2344,7 +3085,7 @@ "GHSA-xrjj-mj9h-534m" ] }, - "timestamp": "2024-10-03T18:31:07.088327196Z", + "timestamp": "2024-10-07T11:21:05.056376856Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -2367,7 +3108,7 @@ "GHSA-xrjj-mj9h-534m" ] }, - "timestamp": "2024-10-03T18:31:07.131370484Z", + "timestamp": "2024-10-07T11:21:05.097963731Z", "products": [ { "@id": "pkg:golang/github.com/harvester/vm-import-controller", @@ -2390,7 +3131,7 @@ "GHSA-xrjj-mj9h-534m" ] }, - "timestamp": "2024-10-03T18:31:07.172886339Z", + "timestamp": "2024-10-07T11:21:05.138452929Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -2413,7 +3154,7 @@ "GHSA-xrjj-mj9h-534m" ] }, - "timestamp": "2024-10-03T18:31:07.21291689Z", + "timestamp": "2024-10-07T11:21:05.180006274Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -2436,7 +3177,53 @@ "GHSA-xrjj-mj9h-534m" ] }, - "timestamp": "2024-10-03T18:31:07.253656487Z", + "timestamp": "2024-10-07T11:21:05.220781224Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-1144", + "aliases": [ + "CVE-2022-41717", + "GHSA-xrjj-mj9h-534m" + ] + }, + "timestamp": "2024-10-07T11:21:05.262197522Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2022-1144", + "aliases": [ + "CVE-2022-41717", + "GHSA-xrjj-mj9h-534m" + ] + }, + "timestamp": "2024-10-07T11:21:05.305970622Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -2459,7 +3246,7 @@ "GHSA-xrjj-mj9h-534m" ] }, - "timestamp": "2024-10-03T18:31:07.294038098Z", + "timestamp": "2024-10-07T11:21:05.348484387Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -2482,7 +3269,7 @@ "GHSA-fxg5-wq6x-vr4w" ] }, - "timestamp": "2024-10-03T18:31:07.345713652Z", + "timestamp": "2024-10-07T11:21:05.401048449Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2505,7 +3292,7 @@ "GHSA-fxg5-wq6x-vr4w" ] }, - "timestamp": "2024-10-03T18:31:07.38679157Z", + "timestamp": "2024-10-07T11:21:05.442739864Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2528,7 +3315,7 @@ "GHSA-fxg5-wq6x-vr4w" ] }, - "timestamp": "2024-10-03T18:31:07.429188083Z", + "timestamp": "2024-10-07T11:21:05.484373239Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -2551,7 +3338,7 @@ "GHSA-fxg5-wq6x-vr4w" ] }, - "timestamp": "2024-10-03T18:31:07.471321941Z", + "timestamp": "2024-10-07T11:21:05.526116461Z", "products": [ { "@id": "pkg:golang/github.com/harvester/vm-import-controller", @@ -2574,7 +3361,7 @@ "GHSA-fxg5-wq6x-vr4w" ] }, - "timestamp": "2024-10-03T18:31:07.513204351Z", + "timestamp": "2024-10-07T11:21:05.56758536Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -2597,7 +3384,7 @@ "GHSA-fxg5-wq6x-vr4w" ] }, - "timestamp": "2024-10-03T18:31:07.555119894Z", + "timestamp": "2024-10-07T11:21:05.608946549Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -2620,13 +3407,13 @@ "GHSA-fxg5-wq6x-vr4w" ] }, - "timestamp": "2024-10-03T18:31:07.596629769Z", + "timestamp": "2024-10-07T11:21:05.651077733Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" } ] } @@ -2643,13 +3430,13 @@ "GHSA-fxg5-wq6x-vr4w" ] }, - "timestamp": "2024-10-03T18:31:07.638328168Z", + "timestamp": "2024-10-07T11:21:05.69407781Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.1.0" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" } ] } @@ -2660,19 +3447,19 @@ }, { "vulnerability": { - "name": "GO-2023-1515", + "name": "GO-2023-1495", "aliases": [ - "CVE-2022-43756", - "GHSA-8fcj-gf77-47mg" + "CVE-2022-41721", + "GHSA-fxg5-wq6x-vr4w" ] }, - "timestamp": "2024-10-03T18:31:07.680513896Z", + "timestamp": "2024-10-07T11:21:05.734838815Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/wrangler@v0.8.0" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a" } ] } @@ -2683,13 +3470,59 @@ }, { "vulnerability": { - "name": "GO-2023-1515", + "name": "GO-2023-1495", "aliases": [ - "CVE-2022-43756", - "GHSA-8fcj-gf77-47mg" + "CVE-2022-41721", + "GHSA-fxg5-wq6x-vr4w" ] }, - "timestamp": "2024-10-03T18:31:07.7220801Z", + "timestamp": "2024-10-07T11:21:05.775395526Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/wharfie", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/net@v0.1.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1515", + "aliases": [ + "CVE-2022-43756", + "GHSA-8fcj-gf77-47mg" + ] + }, + "timestamp": "2024-10-07T11:21:05.81665016Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/wrangler@v0.8.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1515", + "aliases": [ + "CVE-2022-43756", + "GHSA-8fcj-gf77-47mg" + ] + }, + "timestamp": "2024-10-07T11:21:05.856733404Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2712,7 +3545,7 @@ "GHSA-8fcj-gf77-47mg" ] }, - "timestamp": "2024-10-03T18:31:07.763991874Z", + "timestamp": "2024-10-07T11:21:05.897391659Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2735,7 +3568,7 @@ "GHSA-8fcj-gf77-47mg" ] }, - "timestamp": "2024-10-03T18:31:07.805947337Z", + "timestamp": "2024-10-07T11:21:05.938733739Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -2758,7 +3591,7 @@ "GHSA-8fcj-gf77-47mg" ] }, - "timestamp": "2024-10-03T18:31:07.846878744Z", + "timestamp": "2024-10-07T11:21:05.979091343Z", "products": [ { "@id": "pkg:golang/github.com/harvester/vm-import-controller", @@ -2781,7 +3614,7 @@ "GHSA-8fcj-gf77-47mg" ] }, - "timestamp": "2024-10-03T18:31:07.887561956Z", + "timestamp": "2024-10-07T11:21:06.020169511Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -2804,7 +3637,53 @@ "GHSA-8fcj-gf77-47mg" ] }, - "timestamp": "2024-10-03T18:31:07.928291877Z", + "timestamp": "2024-10-07T11:21:06.062320741Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/wrangler@v0.8.11-0.20220217210408-3ecd23dfea3b" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1515", + "aliases": [ + "CVE-2022-43756", + "GHSA-8fcj-gf77-47mg" + ] + }, + "timestamp": "2024-10-07T11:21:06.103922191Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/wrangler@v0.8.7" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1515", + "aliases": [ + "CVE-2022-43756", + "GHSA-8fcj-gf77-47mg" + ] + }, + "timestamp": "2024-10-07T11:21:06.146374172Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -2827,7 +3706,7 @@ "GHSA-qrg7-hfx7-95c5" ] }, - "timestamp": "2024-10-03T18:31:07.968749795Z", + "timestamp": "2024-10-07T11:21:06.189187492Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2850,7 +3729,7 @@ "GHSA-qrg7-hfx7-95c5" ] }, - "timestamp": "2024-10-03T18:31:08.009742177Z", + "timestamp": "2024-10-07T11:21:06.231160506Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2873,7 +3752,7 @@ "GHSA-qrg7-hfx7-95c5" ] }, - "timestamp": "2024-10-03T18:31:08.050353294Z", + "timestamp": "2024-10-07T11:21:06.273004955Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -2896,7 +3775,7 @@ "GHSA-qrg7-hfx7-95c5" ] }, - "timestamp": "2024-10-03T18:31:08.09217472Z", + "timestamp": "2024-10-07T11:21:06.314387901Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -2919,7 +3798,7 @@ "GHSA-qrg7-hfx7-95c5" ] }, - "timestamp": "2024-10-03T18:31:08.134635658Z", + "timestamp": "2024-10-07T11:21:06.356053505Z", "products": [ { "@id": "pkg:golang/github.com/harvester/vm-import-controller", @@ -2942,7 +3821,7 @@ "GHSA-qrg7-hfx7-95c5" ] }, - "timestamp": "2024-10-03T18:31:08.176552101Z", + "timestamp": "2024-10-07T11:21:06.397986241Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -2965,7 +3844,53 @@ "GHSA-qrg7-hfx7-95c5" ] }, - "timestamp": "2024-10-03T18:31:08.219134749Z", + "timestamp": "2024-10-07T11:21:06.440631213Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/wrangler@v0.8.11-0.20220217210408-3ecd23dfea3b" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1519", + "aliases": [ + "CVE-2022-31249", + "GHSA-qrg7-hfx7-95c5" + ] + }, + "timestamp": "2024-10-07T11:21:06.483277723Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/wrangler@v0.8.7" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1519", + "aliases": [ + "CVE-2022-31249", + "GHSA-qrg7-hfx7-95c5" + ] + }, + "timestamp": "2024-10-07T11:21:06.525781548Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -2988,7 +3913,7 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.260948438Z", + "timestamp": "2024-10-07T11:21:06.568070294Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -3011,7 +3936,7 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.302778117Z", + "timestamp": "2024-10-07T11:21:06.609955446Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -3034,7 +3959,7 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.343378912Z", + "timestamp": "2024-10-07T11:21:06.652173066Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", @@ -3057,7 +3982,7 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.383913311Z", + "timestamp": "2024-10-07T11:21:06.694419785Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-network-controller", @@ -3080,7 +4005,7 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.426549034Z", + "timestamp": "2024-10-07T11:21:06.735958359Z", "products": [ { "@id": "pkg:golang/github.com/k3s-io/k3s", @@ -3103,7 +4028,7 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.469265998Z", + "timestamp": "2024-10-07T11:21:06.777416947Z", "products": [ { "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", @@ -3126,7 +4051,30 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.510863365Z", + "timestamp": "2024-10-07T11:21:06.820496807Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1546", + "aliases": [ + "CVE-2023-25151", + "GHSA-5r5m-65gx-7vrh" + ] + }, + "timestamp": "2024-10-07T11:21:06.862514337Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rancher", @@ -3149,7 +4097,7 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.551546611Z", + "timestamp": "2024-10-07T11:21:06.903834983Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rke2", @@ -3172,7 +4120,7 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.59712084Z", + "timestamp": "2024-10-07T11:21:06.946451893Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -3195,7 +4143,7 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.638514306Z", + "timestamp": "2024-10-07T11:21:06.988306666Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -3218,7 +4166,7 @@ "GHSA-5r5m-65gx-7vrh" ] }, - "timestamp": "2024-10-03T18:31:08.682544231Z", + "timestamp": "2024-10-07T11:21:07.030382533Z", "products": [ { "@id": "pkg:golang/github.com/rancher/webhook", @@ -3233,6 +4181,52 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2023-1573", + "aliases": [ + "CVE-2023-25153", + "GHSA-259w-8hf6-59c2" + ] + }, + "timestamp": "2024-10-07T11:21:07.082341796Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.4.4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1574", + "aliases": [ + "CVE-2023-25173", + "GHSA-hmfx-3pcx-653p" + ] + }, + "timestamp": "2024-10-07T11:21:07.13450601Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.4.4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2023-1628", @@ -3241,7 +4235,7 @@ "GHSA-2394-5535-8j88" ] }, - "timestamp": "2024-10-03T18:31:08.745583959Z", + "timestamp": "2024-10-07T11:21:07.175717909Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -3264,7 +4258,7 @@ "GHSA-2394-5535-8j88" ] }, - "timestamp": "2024-10-03T18:31:08.788119856Z", + "timestamp": "2024-10-07T11:21:07.21740679Z", "products": [ { "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", @@ -3279,6 +4273,29 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2023-1628", + "aliases": [ + "CVE-2022-3162", + "GHSA-2394-5535-8j88" + ] + }, + "timestamp": "2024-10-07T11:21:07.259506425Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.21.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2023-1629", @@ -3287,7 +4304,7 @@ "GHSA-jh36-q97c-9928" ] }, - "timestamp": "2024-10-03T18:31:08.829138551Z", + "timestamp": "2024-10-07T11:21:07.30188734Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -3310,7 +4327,7 @@ "GHSA-jh36-q97c-9928" ] }, - "timestamp": "2024-10-03T18:31:08.870087443Z", + "timestamp": "2024-10-07T11:21:07.343535849Z", "products": [ { "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", @@ -3325,6 +4342,29 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2023-1629", + "aliases": [ + "CVE-2022-3294", + "GHSA-jh36-q97c-9928" + ] + }, + "timestamp": "2024-10-07T11:21:07.385408184Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.21.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2023-1631", @@ -3333,7 +4373,7 @@ "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:08.912562484Z", + "timestamp": "2024-10-07T11:21:07.427905916Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -3356,7 +4396,7 @@ "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:08.954094954Z", + "timestamp": "2024-10-07T11:21:07.470109199Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -3379,7 +4419,7 @@ "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:08.994754325Z", + "timestamp": "2024-10-07T11:21:07.511349338Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -3402,7 +4442,7 @@ "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:09.035876788Z", + "timestamp": "2024-10-07T11:21:07.553414298Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -3425,7 +4465,7 @@ "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:09.077772389Z", + "timestamp": "2024-10-07T11:21:07.594618758Z", "products": [ { "@id": "pkg:golang/github.com/harvester/vm-import-controller", @@ -3448,7 +4488,7 @@ "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:09.119170891Z", + "timestamp": "2024-10-07T11:21:07.635278249Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -3471,7 +4511,7 @@ "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:09.161199649Z", + "timestamp": "2024-10-07T11:21:07.677367323Z", "products": [ { "@id": "pkg:golang/github.com/harvester/webhook", @@ -3494,7 +4534,7 @@ "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:09.204054817Z", + "timestamp": "2024-10-07T11:21:07.719348746Z", "products": [ { "@id": "pkg:golang/github.com/heptiolabs/eventrouter", @@ -3517,13 +4557,13 @@ "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:09.245065627Z", + "timestamp": "2024-10-07T11:21:07.760512285Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" + "@id": "pkg:golang/google.golang.org/protobuf@v1.26.0-rc.1" } ] } @@ -3534,19 +4574,19 @@ }, { "vulnerability": { - "name": "GO-2023-1699", + "name": "GO-2023-1631", "aliases": [ - "CVE-2023-28840", - "GHSA-232p-vwff-86mp" + "CVE-2023-24535", + "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:09.287298947Z", + "timestamp": "2024-10-07T11:21:07.802393592Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-installer", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" } ] } @@ -3557,19 +4597,19 @@ }, { "vulnerability": { - "name": "GO-2023-1699", + "name": "GO-2023-1631", "aliases": [ - "CVE-2023-28840", - "GHSA-232p-vwff-86mp" + "CVE-2023-24535", + "GHSA-hw7c-3rfg-p46j" ] }, - "timestamp": "2024-10-03T18:31:09.329097489Z", + "timestamp": "2024-10-07T11:21:07.844776476Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" } ] } @@ -3586,13 +4626,13 @@ "GHSA-232p-vwff-86mp" ] }, - "timestamp": "2024-10-03T18:31:09.370920199Z", + "timestamp": "2024-10-07T11:21:07.886374589Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/harvester/harvester-installer", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.25+incompatible" + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" } ] } @@ -3609,10 +4649,79 @@ "GHSA-232p-vwff-86mp" ] }, - "timestamp": "2024-10-03T18:31:09.412528674Z", + "timestamp": "2024-10-07T11:21:07.928242914Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1699", + "aliases": [ + "CVE-2023-28840", + "GHSA-232p-vwff-86mp" + ] + }, + "timestamp": "2024-10-07T11:21:07.970576711Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1699", + "aliases": [ + "CVE-2023-28840", + "GHSA-232p-vwff-86mp" + ] + }, + "timestamp": "2024-10-07T11:21:08.011519124Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rancher", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.25+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1699", + "aliases": [ + "CVE-2023-28840", + "GHSA-232p-vwff-86mp" + ] + }, + "timestamp": "2024-10-07T11:21:08.053186622Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" @@ -3632,7 +4741,7 @@ "GHSA-232p-vwff-86mp" ] }, - "timestamp": "2024-10-03T18:31:09.455933624Z", + "timestamp": "2024-10-07T11:21:08.094340368Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -3655,7 +4764,7 @@ "GHSA-232p-vwff-86mp" ] }, - "timestamp": "2024-10-03T18:31:09.498450819Z", + "timestamp": "2024-10-07T11:21:08.135614891Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -3678,7 +4787,7 @@ "GHSA-33pg-m6jh-5237" ] }, - "timestamp": "2024-10-03T18:31:09.541155786Z", + "timestamp": "2024-10-07T11:21:08.176793583Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-installer", @@ -3701,7 +4810,30 @@ "GHSA-33pg-m6jh-5237" ] }, - "timestamp": "2024-10-03T18:31:09.583096183Z", + "timestamp": "2024-10-07T11:21:08.219773301Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1700", + "aliases": [ + "CVE-2023-28841", + "GHSA-33pg-m6jh-5237" + ] + }, + "timestamp": "2024-10-07T11:21:08.261355247Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -3724,7 +4856,7 @@ "GHSA-33pg-m6jh-5237" ] }, - "timestamp": "2024-10-03T18:31:09.625176616Z", + "timestamp": "2024-10-07T11:21:08.302905354Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rancher", @@ -3747,7 +4879,7 @@ "GHSA-33pg-m6jh-5237" ] }, - "timestamp": "2024-10-03T18:31:09.666986671Z", + "timestamp": "2024-10-07T11:21:08.343442169Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rancher", @@ -3770,7 +4902,7 @@ "GHSA-33pg-m6jh-5237" ] }, - "timestamp": "2024-10-03T18:31:09.708818932Z", + "timestamp": "2024-10-07T11:21:08.384814719Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -3793,7 +4925,7 @@ "GHSA-33pg-m6jh-5237" ] }, - "timestamp": "2024-10-03T18:31:09.749796654Z", + "timestamp": "2024-10-07T11:21:08.426613775Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -3816,7 +4948,7 @@ "GHSA-6wrf-mxfj-pf5p" ] }, - "timestamp": "2024-10-03T18:31:09.791625778Z", + "timestamp": "2024-10-07T11:21:08.468591572Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-installer", @@ -3839,7 +4971,30 @@ "GHSA-6wrf-mxfj-pf5p" ] }, - "timestamp": "2024-10-03T18:31:09.834761644Z", + "timestamp": "2024-10-07T11:21:08.509267084Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-1701", + "aliases": [ + "CVE-2023-28842", + "GHSA-6wrf-mxfj-pf5p" + ] + }, + "timestamp": "2024-10-07T11:21:08.551670562Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -3862,7 +5017,7 @@ "GHSA-6wrf-mxfj-pf5p" ] }, - "timestamp": "2024-10-03T18:31:09.876592239Z", + "timestamp": "2024-10-07T11:21:08.592875847Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rancher", @@ -3885,7 +5040,7 @@ "GHSA-6wrf-mxfj-pf5p" ] }, - "timestamp": "2024-10-03T18:31:09.918335041Z", + "timestamp": "2024-10-07T11:21:08.633332872Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rancher", @@ -3908,7 +5063,7 @@ "GHSA-6wrf-mxfj-pf5p" ] }, - "timestamp": "2024-10-03T18:31:09.960433769Z", + "timestamp": "2024-10-07T11:21:08.674344466Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -3931,7 +5086,7 @@ "GHSA-6wrf-mxfj-pf5p" ] }, - "timestamp": "2024-10-03T18:31:10.002515696Z", + "timestamp": "2024-10-07T11:21:08.714947485Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -3954,7 +5109,7 @@ "GHSA-xc8m-28vv-4pjc" ] }, - "timestamp": "2024-10-03T18:31:10.044944737Z", + "timestamp": "2024-10-07T11:21:08.756088527Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -3977,7 +5132,7 @@ "GHSA-xc8m-28vv-4pjc" ] }, - "timestamp": "2024-10-03T18:31:10.08756152Z", + "timestamp": "2024-10-07T11:21:08.798722152Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -3992,6 +5147,29 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2023-1864", + "aliases": [ + "CVE-2023-2431", + "GHSA-xc8m-28vv-4pjc" + ] + }, + "timestamp": "2024-10-07T11:21:08.841032389Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2023-1891", @@ -4000,7 +5178,7 @@ "GHSA-qc2g-gmh6-95p4" ] }, - "timestamp": "2024-10-03T18:31:10.129536432Z", + "timestamp": "2024-10-07T11:21:08.883255992Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -4023,7 +5201,7 @@ "GHSA-qc2g-gmh6-95p4" ] }, - "timestamp": "2024-10-03T18:31:10.171554653Z", + "timestamp": "2024-10-07T11:21:08.924210534Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -4038,6 +5216,29 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2023-1891", + "aliases": [ + "CVE-2023-2727", + "GHSA-qc2g-gmh6-95p4" + ] + }, + "timestamp": "2024-10-07T11:21:08.965615138Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2023-1892", @@ -4046,7 +5247,7 @@ "GHSA-cgcv-5272-97pr" ] }, - "timestamp": "2024-10-03T18:31:10.214580242Z", + "timestamp": "2024-10-07T11:21:09.008152361Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -4069,7 +5270,7 @@ "GHSA-cgcv-5272-97pr" ] }, - "timestamp": "2024-10-03T18:31:10.256565151Z", + "timestamp": "2024-10-07T11:21:09.059211881Z", "products": [ { "@id": "pkg:golang/github.com/harvester/pcidevices", @@ -4084,6 +5285,29 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2023-1892", + "aliases": [ + "CVE-2023-2728", + "GHSA-cgcv-5272-97pr" + ] + }, + "timestamp": "2024-10-07T11:21:09.101422797Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2023-1973", @@ -4092,7 +5316,7 @@ "GHSA-w3x4-9854-95x8" ] }, - "timestamp": "2024-10-03T18:31:10.299408382Z", + "timestamp": "2024-10-07T11:21:09.140608857Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -4115,7 +5339,7 @@ "GHSA-w3x4-9854-95x8" ] }, - "timestamp": "2024-10-03T18:31:10.341902496Z", + "timestamp": "2024-10-07T11:21:09.181828984Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -4138,7 +5362,7 @@ "GHSA-w3x4-9854-95x8" ] }, - "timestamp": "2024-10-03T18:31:10.385539428Z", + "timestamp": "2024-10-07T11:21:09.223909327Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -4161,7 +5385,7 @@ "GHSA-w3x4-9854-95x8" ] }, - "timestamp": "2024-10-03T18:31:10.428096843Z", + "timestamp": "2024-10-07T11:21:09.264450025Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", @@ -4184,7 +5408,7 @@ "GHSA-w3x4-9854-95x8" ] }, - "timestamp": "2024-10-03T18:31:10.469611636Z", + "timestamp": "2024-10-07T11:21:09.304968522Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-network-controller", @@ -4207,13 +5431,13 @@ "GHSA-w3x4-9854-95x8" ] }, - "timestamp": "2024-10-03T18:31:10.512165145Z", + "timestamp": "2024-10-07T11:21:09.346715724Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" } ] } @@ -4224,19 +5448,19 @@ }, { "vulnerability": { - "name": "GO-2023-1988", + "name": "GO-2023-1973", "aliases": [ - "CVE-2023-3978", - "GHSA-2wrh-6pvc-2jm9" + "CVE-2017-7297", + "GHSA-w3x4-9854-95x8" ] }, - "timestamp": "2024-10-03T18:31:10.565823515Z", + "timestamp": "2024-10-07T11:21:09.389227817Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210405180319-a5a99cb37ef4" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" } ] } @@ -4247,19 +5471,19 @@ }, { "vulnerability": { - "name": "GO-2023-1988", + "name": "GO-2023-1973", "aliases": [ - "CVE-2023-3978", - "GHSA-2wrh-6pvc-2jm9" + "CVE-2017-7297", + "GHSA-w3x4-9854-95x8" ] }, - "timestamp": "2024-10-03T18:31:10.609727617Z", + "timestamp": "2024-10-07T11:21:09.43232075Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211123203042-d83791d6bcd9" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" } ] } @@ -4270,19 +5494,19 @@ }, { "vulnerability": { - "name": "GO-2023-1988", + "name": "GO-2023-1973", "aliases": [ - "CVE-2023-3978", - "GHSA-2wrh-6pvc-2jm9" + "CVE-2017-7297", + "GHSA-w3x4-9854-95x8" ] }, - "timestamp": "2024-10-03T18:31:10.653545084Z", + "timestamp": "2024-10-07T11:21:09.475193022Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.5.0" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" } ] } @@ -4293,25 +5517,25 @@ }, { "vulnerability": { - "name": "GO-2023-1988", + "name": "GO-2023-1973", "aliases": [ - "CVE-2023-3978", - "GHSA-2wrh-6pvc-2jm9" + "CVE-2017-7297", + "GHSA-w3x4-9854-95x8" ] }, - "timestamp": "2024-10-03T18:31:10.697750587Z", + "timestamp": "2024-10-07T11:21:09.517677649Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.7.0" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { @@ -4322,13 +5546,13 @@ "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:10.739978362Z", + "timestamp": "2024-10-07T11:21:09.570304186Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210405180319-a5a99cb37ef4" } ] } @@ -4345,19 +5569,19 @@ "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:10.783364882Z", + "timestamp": "2024-10-07T11:21:09.611492481Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/vm-import-controller", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211123203042-d83791d6bcd9" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { @@ -4368,13 +5592,13 @@ "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:10.826185058Z", + "timestamp": "2024-10-07T11:21:09.652119452Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/webhook", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211209124913-491a49abca63" + "@id": "pkg:golang/golang.org/x/net@v0.5.0" } ] } @@ -4391,19 +5615,19 @@ "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:10.867702243Z", + "timestamp": "2024-10-07T11:21:09.694101114Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/webhook", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20221004154528-8021a29435af" + "@id": "pkg:golang/golang.org/x/net@v0.7.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { @@ -4414,13 +5638,13 @@ "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:10.908898827Z", + "timestamp": "2024-10-07T11:21:09.735553459Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/webhook", + "@id": "pkg:golang/github.com/harvester/pcidevices", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.6.0" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c" } ] } @@ -4437,19 +5661,19 @@ "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:10.950174998Z", + "timestamp": "2024-10-07T11:21:09.780504754Z", "products": [ { - "@id": "pkg:golang/github.com/heptiolabs/eventrouter", + "@id": "pkg:golang/github.com/harvester/vm-import-controller", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.8.0" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { @@ -4460,13 +5684,13 @@ "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:10.991636942Z", + "timestamp": "2024-10-07T11:21:09.821488519Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/harvester/webhook", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211209124913-491a49abca63" } ] } @@ -4483,13 +5707,13 @@ "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:11.033159489Z", + "timestamp": "2024-10-07T11:21:09.862424309Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/harvester/webhook", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.1.0" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20221004154528-8021a29435af" } ] } @@ -4500,64 +5724,65 @@ }, { "vulnerability": { - "name": "GO-2023-2048", + "name": "GO-2023-1988", "aliases": [ - "GHSA-6xv5-86q9-7xr8" + "CVE-2023-3978", + "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:11.085579004Z", + "timestamp": "2024-10-07T11:21:09.903020335Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/harvester/webhook", "subcomponents": [ { - "@id": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.2.3" + "@id": "pkg:golang/golang.org/x/net@v0.6.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2102", + "name": "GO-2023-1988", "aliases": [ - "CVE-2023-39325", - "GHSA-4374-p667-p6c8" + "CVE-2023-3978", + "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:11.128208655Z", + "timestamp": "2024-10-07T11:21:09.945014043Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/heptiolabs/eventrouter", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c" + "@id": "pkg:golang/golang.org/x/net@v0.8.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2102", + "name": "GO-2023-1988", "aliases": [ - "CVE-2023-39325", - "GHSA-4374-p667-p6c8" + "CVE-2023-3978", + "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:11.16891489Z", + "timestamp": "2024-10-07T11:21:09.986249914Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/vm-import-controller", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" } ] } @@ -4568,19 +5793,19 @@ }, { "vulnerability": { - "name": "GO-2023-2102", + "name": "GO-2023-1988", "aliases": [ - "CVE-2023-39325", - "GHSA-4374-p667-p6c8" + "CVE-2023-3978", + "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:11.211537815Z", + "timestamp": "2024-10-07T11:21:10.028542301Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/webhook", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211209124913-491a49abca63" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" } ] } @@ -4591,19 +5816,19 @@ }, { "vulnerability": { - "name": "GO-2023-2102", + "name": "GO-2023-1988", "aliases": [ - "CVE-2023-39325", - "GHSA-4374-p667-p6c8" + "CVE-2023-3978", + "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:11.254573641Z", + "timestamp": "2024-10-07T11:21:10.070005846Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/webhook", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20221004154528-8021a29435af" + "@id": "pkg:golang/golang.org/x/net@v0.12.0" } ] } @@ -4614,65 +5839,64 @@ }, { "vulnerability": { - "name": "GO-2023-2102", + "name": "GO-2023-1988", "aliases": [ - "CVE-2023-39325", - "GHSA-4374-p667-p6c8" + "CVE-2023-3978", + "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:11.297150101Z", + "timestamp": "2024-10-07T11:21:10.112008645Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/webhook", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.6.0" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2102", + "name": "GO-2023-1988", "aliases": [ - "CVE-2023-39325", - "GHSA-4374-p667-p6c8" + "CVE-2023-3978", + "GHSA-2wrh-6pvc-2jm9" ] }, - "timestamp": "2024-10-03T18:31:11.339019436Z", + "timestamp": "2024-10-07T11:21:10.153598861Z", "products": [ { - "@id": "pkg:golang/github.com/heptiolabs/eventrouter", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.8.0" + "@id": "pkg:golang/golang.org/x/net@v0.1.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2102", + "name": "GO-2023-2048", "aliases": [ - "CVE-2023-39325", - "GHSA-4374-p667-p6c8" + "GHSA-6xv5-86q9-7xr8" ] }, - "timestamp": "2024-10-03T18:31:11.382458936Z", + "timestamp": "2024-10-07T11:21:10.205281527Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a" + "@id": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.2.2" } ] } @@ -4683,19 +5907,18 @@ }, { "vulnerability": { - "name": "GO-2023-2102", + "name": "GO-2023-2048", "aliases": [ - "CVE-2023-39325", - "GHSA-4374-p667-p6c8" + "GHSA-6xv5-86q9-7xr8" ] }, - "timestamp": "2024-10-03T18:31:11.42414039Z", + "timestamp": "2024-10-07T11:21:10.248010862Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.1.0" + "@id": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.2.3" } ] } @@ -4706,19 +5929,18 @@ }, { "vulnerability": { - "name": "GO-2023-2102", + "name": "GO-2023-2048", "aliases": [ - "CVE-2023-39325", - "GHSA-4374-p667-p6c8" + "GHSA-6xv5-86q9-7xr8" ] }, - "timestamp": "2024-10-03T18:31:11.465489173Z", + "timestamp": "2024-10-07T11:21:10.29104202Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/net@v0.15.0" + "@id": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.2.3" } ] } @@ -4729,19 +5951,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.506892251Z", + "timestamp": "2024-10-07T11:21:10.332867244Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/harvester/pcidevices", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c" } ] } @@ -4752,19 +5974,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.548535874Z", + "timestamp": "2024-10-07T11:21:10.375773831Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/harvester/vm-import-controller", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c" } ] } @@ -4775,19 +5997,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.589619663Z", + "timestamp": "2024-10-07T11:21:10.418704781Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", + "@id": "pkg:golang/github.com/harvester/webhook", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211209124913-491a49abca63" } ] } @@ -4798,19 +6020,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.631246619Z", + "timestamp": "2024-10-07T11:21:10.460882787Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-network-controller", + "@id": "pkg:golang/github.com/harvester/webhook", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20221004154528-8021a29435af" } ] } @@ -4821,19 +6043,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.671665557Z", + "timestamp": "2024-10-07T11:21:10.501843612Z", "products": [ { - "@id": "pkg:golang/github.com/k3s-io/k3s", + "@id": "pkg:golang/github.com/harvester/webhook", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful@v0.35.0" + "@id": "pkg:golang/golang.org/x/net@v0.6.0" } ] } @@ -4844,19 +6066,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.712859516Z", + "timestamp": "2024-10-07T11:21:10.541833349Z", "products": [ { - "@id": "pkg:golang/github.com/k3s-io/k3s", + "@id": "pkg:golang/github.com/heptiolabs/eventrouter", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + "@id": "pkg:golang/golang.org/x/net@v0.8.0" } ] } @@ -4867,19 +6089,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.755373302Z", + "timestamp": "2024-10-07T11:21:10.583452578Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000" } ] } @@ -4890,19 +6112,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.798290854Z", + "timestamp": "2024-10-07T11:21:10.625247003Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d" } ] } @@ -4913,19 +6135,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.846118478Z", + "timestamp": "2024-10-07T11:21:10.666323793Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful@v0.35.0" + "@id": "pkg:golang/golang.org/x/net@v0.12.0" } ] } @@ -4936,19 +6158,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.887858381Z", + "timestamp": "2024-10-07T11:21:10.708485915Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + "@id": "pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a" } ] } @@ -4959,19 +6181,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.928833354Z", + "timestamp": "2024-10-07T11:21:10.749197077Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0" + "@id": "pkg:golang/golang.org/x/net@v0.1.0" } ] } @@ -4982,19 +6204,19 @@ }, { "vulnerability": { - "name": "GO-2023-2113", + "name": "GO-2023-2102", "aliases": [ - "CVE-2023-45142", - "GHSA-rcjv-mgp8-qvmr" + "CVE-2023-39325", + "GHSA-4374-p667-p6c8" ] }, - "timestamp": "2024-10-03T18:31:11.971399331Z", + "timestamp": "2024-10-07T11:21:10.789983902Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + "@id": "pkg:golang/golang.org/x/net@v0.15.0" } ] } @@ -5011,10 +6233,10 @@ "GHSA-rcjv-mgp8-qvmr" ] }, - "timestamp": "2024-10-03T18:31:12.013177302Z", + "timestamp": "2024-10-07T11:21:10.830304825Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/webhook", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" @@ -5028,18 +6250,19 @@ }, { "vulnerability": { - "name": "GO-2023-2153", + "name": "GO-2023-2113", "aliases": [ - "GHSA-m425-mq94-257g" + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" ] }, - "timestamp": "2024-10-03T18:31:12.054929798Z", + "timestamp": "2024-10-07T11:21:10.872269219Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/grpc@v1.29.1" + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0" } ] } @@ -5050,18 +6273,19 @@ }, { "vulnerability": { - "name": "GO-2023-2153", + "name": "GO-2023-2113", "aliases": [ - "GHSA-m425-mq94-257g" + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" ] }, - "timestamp": "2024-10-03T18:31:12.097129013Z", + "timestamp": "2024-10-07T11:21:10.913152412Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/grpc@v1.43.0" + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" } ] } @@ -5072,18 +6296,19 @@ }, { "vulnerability": { - "name": "GO-2023-2153", + "name": "GO-2023-2113", "aliases": [ - "GHSA-m425-mq94-257g" + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" ] }, - "timestamp": "2024-10-03T18:31:12.139327294Z", + "timestamp": "2024-10-07T11:21:10.954342403Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/harvester/harvester-network-controller", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/grpc@v1.53.0" + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0" } ] } @@ -5094,19 +6319,19 @@ }, { "vulnerability": { - "name": "GO-2023-2163", + "name": "GO-2023-2113", "aliases": [ - "CVE-2023-46129", - "GHSA-mr45-rx8q-wcm9" + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" ] }, - "timestamp": "2024-10-03T18:31:12.180314769Z", + "timestamp": "2024-10-07T11:21:10.995577787Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "@id": "pkg:golang/github.com/k3s-io/k3s", "subcomponents": [ { - "@id": "pkg:golang/github.com/nats-io/nkeys@v0.4.4" + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful@v0.35.0" } ] } @@ -5117,19 +6342,1549 @@ }, { "vulnerability": { - "name": "GO-2023-2170", + "name": "GO-2023-2113", "aliases": [ - "CVE-2023-3955", - "GHSA-q78c-gwqw-jcmc" + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" ] }, - "timestamp": "2024-10-03T18:31:12.220165895Z", + "timestamp": "2024-10-07T11:21:11.036740745Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/k3s-io/k3s", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2113", + "aliases": [ + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" + ] + }, + "timestamp": "2024-10-07T11:21:11.07781687Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2113", + "aliases": [ + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" + ] + }, + "timestamp": "2024-10-07T11:21:11.119511888Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2113", + "aliases": [ + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" + ] + }, + "timestamp": "2024-10-07T11:21:11.16284225Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rancher", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2113", + "aliases": [ + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" + ] + }, + "timestamp": "2024-10-07T11:21:11.204313985Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rke2", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful@v0.35.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2113", + "aliases": [ + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" + ] + }, + "timestamp": "2024-10-07T11:21:11.244448437Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rke2", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2113", + "aliases": [ + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" + ] + }, + "timestamp": "2024-10-07T11:21:11.285633547Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2113", + "aliases": [ + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" + ] + }, + "timestamp": "2024-10-07T11:21:11.326311789Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2113", + "aliases": [ + "CVE-2023-45142", + "GHSA-rcjv-mgp8-qvmr" + ] + }, + "timestamp": "2024-10-07T11:21:11.367389385Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/webhook", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2153", + "aliases": [ + "GHSA-m425-mq94-257g" + ] + }, + "timestamp": "2024-10-07T11:21:11.408625898Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.29.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2153", + "aliases": [ + "GHSA-m425-mq94-257g" + ] + }, + "timestamp": "2024-10-07T11:21:11.449017891Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.43.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2153", + "aliases": [ + "GHSA-m425-mq94-257g" + ] + }, + "timestamp": "2024-10-07T11:21:11.491671648Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.53.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2153", + "aliases": [ + "GHSA-m425-mq94-257g" + ] + }, + "timestamp": "2024-10-07T11:21:11.53331024Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.34.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2153", + "aliases": [ + "GHSA-m425-mq94-257g" + ] + }, + "timestamp": "2024-10-07T11:21:11.574518832Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.40.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2153", + "aliases": [ + "GHSA-m425-mq94-257g" + ] + }, + "timestamp": "2024-10-07T11:21:11.616660769Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.56.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2163", + "aliases": [ + "CVE-2023-46129", + "GHSA-mr45-rx8q-wcm9" + ] + }, + "timestamp": "2024-10-07T11:21:11.65882809Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/nats-io/nkeys@v0.4.4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2170", + "aliases": [ + "CVE-2023-3955", + "GHSA-q78c-gwqw-jcmc" + ] + }, + "timestamp": "2024-10-07T11:21:11.700143795Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2170", + "aliases": [ + "CVE-2023-3955", + "GHSA-q78c-gwqw-jcmc" + ] + }, + "timestamp": "2024-10-07T11:21:11.741147651Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/pcidevices", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2170", + "aliases": [ + "CVE-2023-3955", + "GHSA-q78c-gwqw-jcmc" + ] + }, + "timestamp": "2024-10-07T11:21:11.786703051Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/fleet", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.9" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2170", + "aliases": [ + "CVE-2023-3955", + "GHSA-q78c-gwqw-jcmc" + ] + }, + "timestamp": "2024-10-07T11:21:11.831522097Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.10" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2170", + "aliases": [ + "CVE-2023-3955", + "GHSA-q78c-gwqw-jcmc" + ] + }, + "timestamp": "2024-10-07T11:21:11.875608594Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2330", + "aliases": [ + "CVE-2023-3676", + "GHSA-7fxm-f474-hf8w" + ] + }, + "timestamp": "2024-10-07T11:21:11.919232195Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2330", + "aliases": [ + "CVE-2023-3676", + "GHSA-7fxm-f474-hf8w" + ] + }, + "timestamp": "2024-10-07T11:21:11.962006774Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/pcidevices", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2330", + "aliases": [ + "CVE-2023-3676", + "GHSA-7fxm-f474-hf8w" + ] + }, + "timestamp": "2024-10-07T11:21:12.007830904Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/fleet", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.9" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2330", + "aliases": [ + "CVE-2023-3676", + "GHSA-7fxm-f474-hf8w" + ] + }, + "timestamp": "2024-10-07T11:21:12.049647853Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.10" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2330", + "aliases": [ + "CVE-2023-3676", + "GHSA-7fxm-f474-hf8w" + ] + }, + "timestamp": "2024-10-07T11:21:12.092310205Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2331", + "aliases": [ + "CVE-2023-47108", + "GHSA-8pgv-569h-w5rw" + ] + }, + "timestamp": "2024-10-07T11:21:12.133943539Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.20.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2331", + "aliases": [ + "CVE-2023-47108", + "GHSA-8pgv-569h-w5rw" + ] + }, + "timestamp": "2024-10-07T11:21:12.176805153Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.35.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2331", + "aliases": [ + "CVE-2023-47108", + "GHSA-8pgv-569h-w5rw" + ] + }, + "timestamp": "2024-10-07T11:21:12.220636554Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/wharfie", + "subcomponents": [ + { + "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.42.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2334", + "aliases": [ + "GHSA-2c7c-3mj9-8fqh" + ] + }, + "timestamp": "2024-10-07T11:21:12.263500241Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rancher", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2341", + "aliases": [ + "CVE-2023-5528", + "GHSA-hq6q-c2x6-hmch" + ] + }, + "timestamp": "2024-10-07T11:21:12.307096216Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2341", + "aliases": [ + "CVE-2023-5528", + "GHSA-hq6q-c2x6-hmch" + ] + }, + "timestamp": "2024-10-07T11:21:12.349171488Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/pcidevices", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2341", + "aliases": [ + "CVE-2023-5528", + "GHSA-hq6q-c2x6-hmch" + ] + }, + "timestamp": "2024-10-07T11:21:12.392259244Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/fleet", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.9" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2341", + "aliases": [ + "CVE-2023-5528", + "GHSA-hq6q-c2x6-hmch" + ] + }, + "timestamp": "2024-10-07T11:21:12.435989363Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.10" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2341", + "aliases": [ + "CVE-2023-5528", + "GHSA-hq6q-c2x6-hmch" + ] + }, + "timestamp": "2024-10-07T11:21:12.480482476Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "subcomponents": [ + { + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.11" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.523950363Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20210322153248-0c34fe9e7dc2" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.5674436Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20211202192323-5770296d904e" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.610387861Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20220321153916-2c7772ba3064" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.652848837Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.1.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.695619446Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.16.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.737488247Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-network-controller", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.779718735Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/pcidevices", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20220321153916-2c7772ba3064" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.82181297Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/pcidevices", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.8630715Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/seeder", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.899901764Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/webhook", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20220214200702-86341886e292" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.938260943Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/webhook", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20220315160706-3147a52a75dd" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:12.975115775Z", + "products": [ + { + "@id": "pkg:golang/github.com/heptiolabs/eventrouter", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20220314234659-1baeb1ce4c0b" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:13.012970719Z", + "products": [ + { + "@id": "pkg:golang/github.com/heptiolabs/eventrouter", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:13.052667484Z", + "products": [ + { + "@id": "pkg:golang/github.com/k3s-io/k3s", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:13.091367216Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:13.130453959Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:13.169453043Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.11.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:13.207869597Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rke2", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:13.245463292Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2402", + "aliases": [ + "CVE-2023-48795", + "GHSA-45x7-px36-x8w8" + ] + }, + "timestamp": "2024-10-07T11:21:13.283410732Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.16.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2412", + "aliases": [ + "GHSA-7ww5-4wqc-m92c" + ] + }, + "timestamp": "2024-10-07T11:21:13.331418175Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.6.18" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2412", + "aliases": [ + "GHSA-7ww5-4wqc-m92c" + ] + }, + "timestamp": "2024-10-07T11:21:13.37022908Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.4.4" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2412", + "aliases": [ + "GHSA-7ww5-4wqc-m92c" + ] + }, + "timestamp": "2024-10-07T11:21:13.409954807Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.6.18" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2023-2412", + "aliases": [ + "GHSA-7ww5-4wqc-m92c" + ] + }, + "timestamp": "2024-10-07T11:21:13.447548057Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/rancher", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/containerd/containerd@v1.6.22" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2491", + "aliases": [ + "CVE-2024-21626", + "GHSA-xr7r-f8xq-vfvv" + ] + }, + "timestamp": "2024-10-07T11:21:13.486056828Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/opencontainers/runc@v1.0.3" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2500", + "aliases": [ + "CVE-2021-41091", + "GHSA-3fwx-pjgw-3558" + ] + }, + "timestamp": "2024-10-07T11:21:13.523949475Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2500", + "aliases": [ + "CVE-2021-41091", + "GHSA-3fwx-pjgw-3558" + ] + }, + "timestamp": "2024-10-07T11:21:13.563357817Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/machine", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/moby/moby@v1.4.2-0.20170731201646-1009e6a40b29" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2512", + "aliases": [ + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" + ] + }, + "timestamp": "2024-10-07T11:21:13.600683475Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.9+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2512", + "aliases": [ + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" + ] + }, + "timestamp": "2024-10-07T11:21:13.640037254Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v24.0.6+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2512", + "aliases": [ + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" + ] + }, + "timestamp": "2024-10-07T11:21:13.678034295Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester-installer", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2512", + "aliases": [ + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" + ] + }, + "timestamp": "2024-10-07T11:21:13.716513531Z", + "products": [ + { + "@id": "pkg:golang/github.com/k3s-io/k3s", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2512", + "aliases": [ + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" + ] + }, + "timestamp": "2024-10-07T11:21:13.752680153Z", + "products": [ + { + "@id": "pkg:golang/github.com/k3s-io/k3s", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2512", + "aliases": [ + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" + ] + }, + "timestamp": "2024-10-07T11:21:13.791488271Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/fleet", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + "@id": "pkg:golang/github.com/docker/docker@v23.0.13+incompatible" } ] } @@ -5140,19 +7895,19 @@ }, { "vulnerability": { - "name": "GO-2023-2170", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-3955", - "GHSA-q78c-gwqw-jcmc" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.260281911Z", + "timestamp": "2024-10-07T11:21:13.829836523Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/rancher/fleet", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + "@id": "pkg:golang/github.com/docker/docker@v23.0.14+incompatible" } ] } @@ -5163,19 +7918,19 @@ }, { "vulnerability": { - "name": "GO-2023-2170", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-3955", - "GHSA-q78c-gwqw-jcmc" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.299837771Z", + "timestamp": "2024-10-07T11:21:13.867000499Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.27.9" + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" } ] } @@ -5186,19 +7941,19 @@ }, { "vulnerability": { - "name": "GO-2023-2170", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-3955", - "GHSA-q78c-gwqw-jcmc" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.34049631Z", + "timestamp": "2024-10-07T11:21:13.906054529Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.27.11" + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" } ] } @@ -5209,19 +7964,19 @@ }, { "vulnerability": { - "name": "GO-2023-2330", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-3676", - "GHSA-7fxm-f474-hf8w" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.382213377Z", + "timestamp": "2024-10-07T11:21:13.945888096Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" } ] } @@ -5232,19 +7987,19 @@ }, { "vulnerability": { - "name": "GO-2023-2330", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-3676", - "GHSA-7fxm-f474-hf8w" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.422644566Z", + "timestamp": "2024-10-07T11:21:13.986960004Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/rancher/machine", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + "@id": "pkg:golang/github.com/moby/moby@v1.4.2-0.20170731201646-1009e6a40b29" } ] } @@ -5255,19 +8010,19 @@ }, { "vulnerability": { - "name": "GO-2023-2330", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-3676", - "GHSA-7fxm-f474-hf8w" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.463224092Z", + "timestamp": "2024-10-07T11:21:14.0329721Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.27.9" + "@id": "pkg:golang/github.com/docker/docker@v20.10.25+incompatible" } ] } @@ -5278,19 +8033,19 @@ }, { "vulnerability": { - "name": "GO-2023-2330", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-3676", - "GHSA-7fxm-f474-hf8w" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.503421839Z", + "timestamp": "2024-10-07T11:21:14.07426734Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.27.11" + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" } ] } @@ -5301,110 +8056,111 @@ }, { "vulnerability": { - "name": "GO-2023-2331", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-47108", - "GHSA-8pgv-569h-w5rw" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.548314902Z", + "timestamp": "2024-10-07T11:21:14.111723511Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/rke2", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.20.0" + "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2331", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-47108", - "GHSA-8pgv-569h-w5rw" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.591552674Z", + "timestamp": "2024-10-07T11:21:14.149191831Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "@id": "pkg:golang/github.com/rancher/rke2", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.35.0" + "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2331", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-47108", - "GHSA-8pgv-569h-w5rw" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.632808559Z", + "timestamp": "2024-10-07T11:21:14.185870007Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.42.0" + "@id": "pkg:golang/github.com/docker/docker@v20.10.10+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2334", + "name": "GO-2024-2512", "aliases": [ - "GHSA-2c7c-3mj9-8fqh" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.673924004Z", + "timestamp": "2024-10-07T11:21:14.226268545Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.0" + "@id": "pkg:golang/github.com/docker/docker@v20.10.20+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2341", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-5528", - "GHSA-hq6q-c2x6-hmch" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.715531642Z", + "timestamp": "2024-10-07T11:21:14.265641955Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + "@id": "pkg:golang/github.com/docker/docker@v20.10.26+incompatible" } ] } @@ -5415,19 +8171,19 @@ }, { "vulnerability": { - "name": "GO-2023-2341", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-5528", - "GHSA-hq6q-c2x6-hmch" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.756540684Z", + "timestamp": "2024-10-07T11:21:14.304225828Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" } ] } @@ -5438,19 +8194,19 @@ }, { "vulnerability": { - "name": "GO-2023-2341", + "name": "GO-2024-2512", "aliases": [ - "CVE-2023-5528", - "GHSA-hq6q-c2x6-hmch" + "CVE-2024-24557", + "GHSA-xw73-rw38-6vjc" ] }, - "timestamp": "2024-10-03T18:31:12.797280151Z", + "timestamp": "2024-10-07T11:21:14.341589779Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.27.9" + "@id": "pkg:golang/github.com/docker/docker@v24.0.0+incompatible" } ] } @@ -5461,19 +8217,19 @@ }, { "vulnerability": { - "name": "GO-2023-2341", + "name": "GO-2024-2521", "aliases": [ - "CVE-2023-5528", - "GHSA-hq6q-c2x6-hmch" + "CVE-2019-14271", + "GHSA-v2cv-wwxq-qq97" ] }, - "timestamp": "2024-10-03T18:31:12.836913795Z", + "timestamp": "2024-10-07T11:21:14.379819216Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/rancher/machine", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.27.11" + "@id": "pkg:golang/github.com/moby/moby@v1.4.2-0.20170731201646-1009e6a40b29" } ] } @@ -5484,88 +8240,88 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2534", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" ] }, - "timestamp": "2024-10-03T18:31:12.878045554Z", + "timestamp": "2024-10-07T11:21:14.417303554Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20210322153248-0c34fe9e7dc2" + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20230120214941-e88c32739dc7" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2534", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" ] }, - "timestamp": "2024-10-03T18:31:12.920835274Z", + "timestamp": "2024-10-07T11:21:14.455679576Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20211202192323-5770296d904e" + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20230120214941-e88c32739dc7" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2534", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" ] }, - "timestamp": "2024-10-03T18:31:12.961049325Z", + "timestamp": "2024-10-07T11:21:14.494189562Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/harvester/harvester-network-controller", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20220321153916-2c7772ba3064" + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20230120214941-e88c32739dc7" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2534", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" ] }, - "timestamp": "2024-10-03T18:31:13.003599173Z", + "timestamp": "2024-10-07T11:21:14.532036354Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.1.0" + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20210922180056-297b6df8d714" } ] } @@ -5576,19 +8332,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2534", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" ] }, - "timestamp": "2024-10-03T18:31:13.046667345Z", + "timestamp": "2024-10-07T11:21:14.570579954Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.16.0" + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20220125032650-a2ef3682eca9" } ] } @@ -5599,19 +8355,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2534", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" ] }, - "timestamp": "2024-10-03T18:31:13.090175923Z", + "timestamp": "2024-10-07T11:21:14.60947433Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-network-controller", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20230515173455-c3b182bdbf7d" } ] } @@ -5622,19 +8378,42 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2534", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32192", + "GHSA-833m-37f7-jq55" ] }, - "timestamp": "2024-10-03T18:31:13.132384967Z", + "timestamp": "2024-10-07T11:21:14.64857176Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20220321153916-2c7772ba3064" + "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20240205154815-a3b9e3721c1b" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2536", + "aliases": [ + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" + ] + }, + "timestamp": "2024-10-07T11:21:14.69622395Z", + "products": [ + { + "@id": "pkg:golang/github.com/harvester/harvester", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99" } ] } @@ -5645,19 +8424,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2536", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" ] }, - "timestamp": "2024-10-03T18:31:13.1742233Z", + "timestamp": "2024-10-07T11:21:14.733953708Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99" } ] } @@ -5668,19 +8447,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2536", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" ] }, - "timestamp": "2024-10-03T18:31:13.216577493Z", + "timestamp": "2024-10-07T11:21:14.773333783Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/seeder", + "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99" } ] } @@ -5691,19 +8470,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2536", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" ] }, - "timestamp": "2024-10-03T18:31:13.258953873Z", + "timestamp": "2024-10-07T11:21:14.811754409Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/webhook", + "@id": "pkg:golang/github.com/harvester/harvester-network-controller", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20220214200702-86341886e292" + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99" } ] } @@ -5714,19 +8493,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2536", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" ] }, - "timestamp": "2024-10-03T18:31:13.299614115Z", + "timestamp": "2024-10-07T11:21:14.850937829Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/webhook", + "@id": "pkg:golang/github.com/harvester/pcidevices", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20220315160706-3147a52a75dd" + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99" } ] } @@ -5737,19 +8516,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2536", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" ] }, - "timestamp": "2024-10-03T18:31:13.341862384Z", + "timestamp": "2024-10-07T11:21:14.893353621Z", "products": [ { - "@id": "pkg:golang/github.com/heptiolabs/eventrouter", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20220314234659-1baeb1ce4c0b" + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20210608202517-59b3523c3133" } ] } @@ -5760,19 +8539,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2536", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" ] }, - "timestamp": "2024-10-03T18:31:13.38339905Z", + "timestamp": "2024-10-07T11:21:14.937546335Z", "products": [ { - "@id": "pkg:golang/github.com/heptiolabs/eventrouter", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20220107203912-4feb41eafabd" } ] } @@ -5783,19 +8562,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2536", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" ] }, - "timestamp": "2024-10-03T18:31:13.42439822Z", + "timestamp": "2024-10-07T11:21:14.980409842Z", "products": [ { - "@id": "pkg:golang/github.com/k3s-io/k3s", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20230426211126-d3552b018687" } ] } @@ -5806,19 +8585,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2536", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" ] }, - "timestamp": "2024-10-03T18:31:13.46622518Z", + "timestamp": "2024-10-07T11:21:15.020678878Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20240205154641-a6a6cf569608" } ] } @@ -5829,19 +8608,19 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2536", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2023-32193", + "GHSA-r8f4-hv23-6qp6" ] }, - "timestamp": "2024-10-03T18:31:13.507520729Z", + "timestamp": "2024-10-07T11:21:15.063013931Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/rancher/webhook", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20240206180703-6eda4bc94b4c" } ] } @@ -5852,42 +8631,41 @@ }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2567", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "GHSA-fqpg-rq76-99pq" ] }, - "timestamp": "2024-10-03T18:31:13.549054684Z", + "timestamp": "2024-10-07T11:21:15.118837029Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.14.0" + "@id": "pkg:golang/github.com/jackc/pgx/v5@v5.4.2" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2402", + "name": "GO-2024-2611", "aliases": [ - "CVE-2023-48795", - "GHSA-45x7-px36-x8w8" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:13.592229636Z", + "timestamp": "2024-10-07T11:21:15.165739414Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/golang.org/x/crypto@v0.16.0" + "@id": "pkg:golang/google.golang.org/protobuf@v1.25.0" } ] } @@ -5898,40 +8676,42 @@ }, { "vulnerability": { - "name": "GO-2023-2412", + "name": "GO-2024-2611", "aliases": [ - "GHSA-7ww5-4wqc-m92c" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:13.645521238Z", + "timestamp": "2024-10-07T11:21:15.212746668Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/github.com/containerd/containerd@v1.6.18" + "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2023-2412", + "name": "GO-2024-2611", "aliases": [ - "GHSA-7ww5-4wqc-m92c" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:13.686981758Z", + "timestamp": "2024-10-07T11:21:15.255853887Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/github.com/containerd/containerd@v1.6.22" + "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" } ] } @@ -5942,19 +8722,19 @@ }, { "vulnerability": { - "name": "GO-2024-2491", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-21626", - "GHSA-xr7r-f8xq-vfvv" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:13.728198839Z", + "timestamp": "2024-10-07T11:21:15.300038135Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/github.com/opencontainers/runc@v1.0.3" + "@id": "pkg:golang/google.golang.org/protobuf@v1.28.1" } ] } @@ -5965,88 +8745,88 @@ }, { "vulnerability": { - "name": "GO-2024-2500", + "name": "GO-2024-2611", "aliases": [ - "CVE-2021-41091", - "GHSA-3fwx-pjgw-3558" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:13.769598818Z", + "timestamp": "2024-10-07T11:21:15.344831808Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/machine", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/github.com/moby/moby@v1.4.2-0.20170731201646-1009e6a40b29" + "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:13.811451046Z", + "timestamp": "2024-10-07T11:21:15.388211914Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.9+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.32.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:13.855487805Z", + "timestamp": "2024-10-07T11:21:15.43112961Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/harvester/harvester-network-controller", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.6+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.30.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:13.896658504Z", + "timestamp": "2024-10-07T11:21:15.474764832Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-installer", + "@id": "pkg:golang/github.com/harvester/node-manager", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" } ] } @@ -6057,19 +8837,19 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:13.938906384Z", + "timestamp": "2024-10-07T11:21:15.516106869Z", "products": [ { - "@id": "pkg:golang/github.com/k3s-io/k3s", + "@id": "pkg:golang/github.com/harvester/pcidevices", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.28.1" } ] } @@ -6080,65 +8860,65 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:13.982205969Z", + "timestamp": "2024-10-07T11:21:15.558805892Z", "products": [ { - "@id": "pkg:golang/github.com/k3s-io/k3s", + "@id": "pkg:golang/github.com/harvester/pcidevices", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.023064042Z", + "timestamp": "2024-10-07T11:21:15.602822768Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/harvester/pcidevices", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v23.0.13+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.32.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.064812687Z", + "timestamp": "2024-10-07T11:21:15.64454995Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/harvester/seeder", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v23.0.14+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" } ] } @@ -6149,19 +8929,19 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.106491511Z", + "timestamp": "2024-10-07T11:21:15.687130062Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "@id": "pkg:golang/github.com/harvester/vm-import-controller", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" } ] } @@ -6172,19 +8952,19 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.147368242Z", + "timestamp": "2024-10-07T11:21:15.730515466Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/machine", + "@id": "pkg:golang/github.com/harvester/vm-import-controller", "subcomponents": [ { - "@id": "pkg:golang/github.com/moby/moby@v1.4.2-0.20170731201646-1009e6a40b29" + "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" } ] } @@ -6195,19 +8975,19 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.187741952Z", + "timestamp": "2024-10-07T11:21:15.773537635Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/harvester/webhook", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.25+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" } ] } @@ -6218,19 +8998,19 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.230687116Z", + "timestamp": "2024-10-07T11:21:15.817960136Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/harvester/webhook", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.28.0" } ] } @@ -6241,19 +9021,19 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.272347903Z", + "timestamp": "2024-10-07T11:21:15.860156374Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/heptiolabs/eventrouter", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" } ] } @@ -6264,19 +9044,19 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.31344986Z", + "timestamp": "2024-10-07T11:21:15.903226634Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/heptiolabs/eventrouter", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" } ] } @@ -6287,19 +9067,19 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.355250591Z", + "timestamp": "2024-10-07T11:21:15.952411706Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.10+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.26.0-rc.1" } ] } @@ -6310,134 +9090,134 @@ }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.39672597Z", + "timestamp": "2024-10-07T11:21:15.997827356Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.20+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.43761946Z", + "timestamp": "2024-10-07T11:21:16.042942517Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.26+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2611", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-24786", + "GHSA-8r3f-844c-mc37" ] }, - "timestamp": "2024-10-03T18:31:14.478510264Z", + "timestamp": "2024-10-07T11:21:16.087189104Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/google.golang.org/protobuf@v1.32.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2512", + "name": "GO-2024-2631", "aliases": [ - "CVE-2024-24557", - "GHSA-xw73-rw38-6vjc" + "CVE-2024-28180", + "GHSA-c5q2-7r4c-mv6g" ] }, - "timestamp": "2024-10-03T18:31:14.51969193Z", + "timestamp": "2024-10-07T11:21:16.13093557Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/k3s-io/k3s", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.0+incompatible" + "@id": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2521", + "name": "GO-2024-2631", "aliases": [ - "CVE-2019-14271", - "GHSA-v2cv-wwxq-qq97" + "CVE-2024-28180", + "GHSA-c5q2-7r4c-mv6g" ] }, - "timestamp": "2024-10-03T18:31:14.560768621Z", + "timestamp": "2024-10-07T11:21:16.172616293Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/machine", + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { - "@id": "pkg:golang/github.com/moby/moby@v1.4.2-0.20170731201646-1009e6a40b29" + "@id": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2534", + "name": "GO-2024-2631", "aliases": [ - "CVE-2023-32192", - "GHSA-833m-37f7-jq55" + "CVE-2024-28180", + "GHSA-c5q2-7r4c-mv6g" ] }, - "timestamp": "2024-10-03T18:31:14.602739972Z", + "timestamp": "2024-10-07T11:21:16.215218399Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20230120214941-e88c32739dc7" + "@id": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.1" } ] } @@ -6448,19 +9228,19 @@ }, { "vulnerability": { - "name": "GO-2024-2534", + "name": "GO-2024-2631", "aliases": [ - "CVE-2023-32192", - "GHSA-833m-37f7-jq55" + "CVE-2024-28180", + "GHSA-c5q2-7r4c-mv6g" ] }, - "timestamp": "2024-10-03T18:31:14.645019155Z", + "timestamp": "2024-10-07T11:21:16.259330423Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", + "@id": "pkg:golang/github.com/rancher/rke2", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20230120214941-e88c32739dc7" + "@id": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0" } ] } @@ -6471,19 +9251,19 @@ }, { "vulnerability": { - "name": "GO-2024-2534", + "name": "GO-2024-2631", "aliases": [ - "CVE-2023-32192", - "GHSA-833m-37f7-jq55" + "CVE-2024-28180", + "GHSA-c5q2-7r4c-mv6g" ] }, - "timestamp": "2024-10-03T18:31:14.686438689Z", + "timestamp": "2024-10-07T11:21:16.302293926Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-network-controller", + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/apiserver@v0.0.0-20230120214941-e88c32739dc7" + "@id": "pkg:golang/gopkg.in/square/go-jose.v2@v2.2.2" } ] } @@ -6494,42 +9274,42 @@ }, { "vulnerability": { - "name": "GO-2024-2536", + "name": "GO-2024-2631", "aliases": [ - "CVE-2023-32193", - "GHSA-r8f4-hv23-6qp6" + "CVE-2024-28180", + "GHSA-c5q2-7r4c-mv6g" ] }, - "timestamp": "2024-10-03T18:31:14.739963868Z", + "timestamp": "2024-10-07T11:21:16.343776352Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/support-bundle-kit", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99" + "@id": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_present", + "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2536", + "name": "GO-2024-2659", "aliases": [ - "CVE-2023-32193", - "GHSA-r8f4-hv23-6qp6" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:14.783581753Z", + "timestamp": "2024-10-07T11:21:16.384726225Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99" + "@id": "pkg:golang/github.com/docker/docker@v20.10.9+incompatible" } ] } @@ -6540,19 +9320,19 @@ }, { "vulnerability": { - "name": "GO-2024-2536", + "name": "GO-2024-2659", "aliases": [ - "CVE-2023-32193", - "GHSA-r8f4-hv23-6qp6" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:14.826375667Z", + "timestamp": "2024-10-07T11:21:16.426932199Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99" + "@id": "pkg:golang/github.com/docker/docker@v24.0.6+incompatible" } ] } @@ -6563,19 +9343,19 @@ }, { "vulnerability": { - "name": "GO-2024-2536", + "name": "GO-2024-2659", "aliases": [ - "CVE-2023-32193", - "GHSA-r8f4-hv23-6qp6" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:14.86767814Z", + "timestamp": "2024-10-07T11:21:16.468526508Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-network-controller", + "@id": "pkg:golang/github.com/harvester/harvester-installer", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99" + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" } ] } @@ -6586,19 +9366,19 @@ }, { "vulnerability": { - "name": "GO-2024-2536", + "name": "GO-2024-2659", "aliases": [ - "CVE-2023-32193", - "GHSA-r8f4-hv23-6qp6" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:14.910351506Z", + "timestamp": "2024-10-07T11:21:16.510172575Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/k3s-io/k3s", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99" + "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" } ] } @@ -6609,19 +9389,19 @@ }, { "vulnerability": { - "name": "GO-2024-2536", + "name": "GO-2024-2659", "aliases": [ - "CVE-2023-32193", - "GHSA-r8f4-hv23-6qp6" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:14.952787214Z", + "timestamp": "2024-10-07T11:21:16.550598949Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/webhook", + "@id": "pkg:golang/github.com/k3s-io/k3s", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/norman@v0.0.0-20240206180703-6eda4bc94b4c" + "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" } ] } @@ -6632,41 +9412,42 @@ }, { "vulnerability": { - "name": "GO-2024-2567", + "name": "GO-2024-2659", "aliases": [ - "GHSA-fqpg-rq76-99pq" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.005365908Z", + "timestamp": "2024-10-07T11:21:16.591413024Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "@id": "pkg:golang/github.com/rancher/fleet", "subcomponents": [ { - "@id": "pkg:golang/github.com/jackc/pgx/v5@v5.4.2" + "@id": "pkg:golang/github.com/docker/docker@v23.0.13+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.045592801Z", + "timestamp": "2024-10-07T11:21:16.632106597Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/fleet", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.25.0" + "@id": "pkg:golang/github.com/docker/docker@v23.0.14+incompatible" } ] } @@ -6677,42 +9458,42 @@ }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.086941048Z", + "timestamp": "2024-10-07T11:21:16.674067333Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.129339898Z", + "timestamp": "2024-10-07T11:21:16.717802979Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" } ] } @@ -6723,111 +9504,111 @@ }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.171933793Z", + "timestamp": "2024-10-07T11:21:16.761447909Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.28.1" + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.214597793Z", + "timestamp": "2024-10-07T11:21:16.803879212Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" + "@id": "pkg:golang/github.com/docker/docker@v20.10.25+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.256203304Z", + "timestamp": "2024-10-07T11:21:16.845718716Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.32.0" + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.299192702Z", + "timestamp": "2024-10-07T11:21:16.887507979Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-network-controller", + "@id": "pkg:golang/github.com/rancher/rke2", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.30.0" + "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.343802505Z", + "timestamp": "2024-10-07T11:21:16.928242397Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/node-manager", + "@id": "pkg:golang/github.com/rancher/rke2", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" + "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" } ] } @@ -6838,19 +9619,19 @@ }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.385987355Z", + "timestamp": "2024-10-07T11:21:16.970018897Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.28.1" + "@id": "pkg:golang/github.com/docker/docker@v20.10.10+incompatible" } ] } @@ -6861,65 +9642,65 @@ }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.427557862Z", + "timestamp": "2024-10-07T11:21:17.012086737Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" + "@id": "pkg:golang/github.com/docker/docker@v20.10.20+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.468828029Z", + "timestamp": "2024-10-07T11:21:17.054093066Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.32.0" + "@id": "pkg:golang/github.com/docker/docker@v20.10.26+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.510942535Z", + "timestamp": "2024-10-07T11:21:17.096072983Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/seeder", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" } ] } @@ -6930,19 +9711,19 @@ }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2659", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-29018", + "GHSA-mq39-4gv4-mvpx" ] }, - "timestamp": "2024-10-03T18:31:15.552610402Z", + "timestamp": "2024-10-07T11:21:17.137483371Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/vm-import-controller", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" + "@id": "pkg:golang/github.com/docker/docker@v24.0.0+incompatible" } ] } @@ -6953,19 +9734,19 @@ }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:15.594318676Z", + "timestamp": "2024-10-07T11:21:17.178981458Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/vm-import-controller", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" + "@id": "pkg:golang/github.com/docker/docker@v20.10.9+incompatible" } ] } @@ -6976,19 +9757,19 @@ }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:15.636118067Z", + "timestamp": "2024-10-07T11:21:17.221609574Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/webhook", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" + "@id": "pkg:golang/github.com/docker/docker@v24.0.6+incompatible" } ] } @@ -6999,19 +9780,19 @@ }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:15.67835329Z", + "timestamp": "2024-10-07T11:21:17.263147483Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/webhook", + "@id": "pkg:golang/github.com/harvester/harvester-installer", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.28.0" + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" } ] } @@ -7022,19 +9803,19 @@ }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:15.722951687Z", + "timestamp": "2024-10-07T11:21:17.30512726Z", "products": [ { - "@id": "pkg:golang/github.com/heptiolabs/eventrouter", + "@id": "pkg:golang/github.com/k3s-io/k3s", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.27.1" + "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" } ] } @@ -7045,19 +9826,19 @@ }, { "vulnerability": { - "name": "GO-2024-2611", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-24786", - "GHSA-8r3f-844c-mc37" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:15.767462733Z", + "timestamp": "2024-10-07T11:21:17.345610476Z", "products": [ { - "@id": "pkg:golang/github.com/heptiolabs/eventrouter", + "@id": "pkg:golang/github.com/k3s-io/k3s", "subcomponents": [ { - "@id": "pkg:golang/google.golang.org/protobuf@v1.31.0" + "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" } ] } @@ -7068,157 +9849,157 @@ }, { "vulnerability": { - "name": "GO-2024-2631", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-28180", - "GHSA-c5q2-7r4c-mv6g" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:15.80842366Z", + "timestamp": "2024-10-07T11:21:17.387073366Z", "products": [ { "@id": "pkg:golang/github.com/k3s-io/k3s", "subcomponents": [ { - "@id": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0" + "@id": "pkg:golang/github.com/docker/docker@v25.0.4+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2631", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-28180", - "GHSA-c5q2-7r4c-mv6g" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:15.851414123Z", + "timestamp": "2024-10-07T11:21:17.434943351Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/fleet", "subcomponents": [ { - "@id": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.0" + "@id": "pkg:golang/github.com/docker/docker@v23.0.13+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2631", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-28180", - "GHSA-c5q2-7r4c-mv6g" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:15.913952593Z", + "timestamp": "2024-10-07T11:21:17.47762888Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/fleet", "subcomponents": [ { - "@id": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.1" + "@id": "pkg:golang/github.com/docker/docker@v23.0.14+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2631", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-28180", - "GHSA-c5q2-7r4c-mv6g" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:15.963571839Z", + "timestamp": "2024-10-07T11:21:17.51866627Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0" + "@id": "pkg:golang/github.com/docker/docker@v25.0.4+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2631", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-28180", - "GHSA-c5q2-7r4c-mv6g" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.006289565Z", + "timestamp": "2024-10-07T11:21:17.560814931Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/gopkg.in/square/go-jose.v2@v2.2.2" + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2631", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-28180", - "GHSA-c5q2-7r4c-mv6g" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.04843659Z", + "timestamp": "2024-10-07T11:21:17.60515592Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/support-bundle-kit", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0" + "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" } ] } ], "status": "not_affected", - "justification": "vulnerable_code_not_in_execute_path", + "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.091131305Z", + "timestamp": "2024-10-07T11:21:17.647826374Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.9+incompatible" + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" } ] } @@ -7229,19 +10010,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.136875Z", + "timestamp": "2024-10-07T11:21:17.690129276Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.6+incompatible" + "@id": "pkg:golang/github.com/docker/docker@v20.10.25+incompatible" } ] } @@ -7252,16 +10033,16 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.17840369Z", + "timestamp": "2024-10-07T11:21:17.732292524Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-installer", + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" @@ -7275,16 +10056,16 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.219725607Z", + "timestamp": "2024-10-07T11:21:17.774137269Z", "products": [ { - "@id": "pkg:golang/github.com/k3s-io/k3s", + "@id": "pkg:golang/github.com/rancher/rke2", "subcomponents": [ { "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" @@ -7298,16 +10079,16 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.263122539Z", + "timestamp": "2024-10-07T11:21:17.815690816Z", "products": [ { - "@id": "pkg:golang/github.com/k3s-io/k3s", + "@id": "pkg:golang/github.com/rancher/rke2", "subcomponents": [ { "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" @@ -7321,19 +10102,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.304654677Z", + "timestamp": "2024-10-07T11:21:17.856737512Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/rancher/rke2", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v23.0.13+incompatible" + "@id": "pkg:golang/github.com/docker/docker@v25.0.4+incompatible" } ] } @@ -7344,19 +10125,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.346904049Z", + "timestamp": "2024-10-07T11:21:17.89814332Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v23.0.14+incompatible" + "@id": "pkg:golang/github.com/docker/docker@v20.10.10+incompatible" } ] } @@ -7367,19 +10148,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.387368527Z", + "timestamp": "2024-10-07T11:21:17.940418578Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/github.com/docker/docker@v20.10.20+incompatible" } ] } @@ -7390,19 +10171,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.428355616Z", + "timestamp": "2024-10-07T11:21:17.983290714Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.25+incompatible" + "@id": "pkg:golang/github.com/docker/docker@v20.10.26+incompatible" } ] } @@ -7413,16 +10194,16 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.469665572Z", + "timestamp": "2024-10-07T11:21:18.024476701Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" @@ -7436,19 +10217,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2737", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-32473", + "GHSA-x84c-p2g9-rqv9" ] }, - "timestamp": "2024-10-03T18:31:16.511038202Z", + "timestamp": "2024-10-07T11:21:18.066022458Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/rancher/wharfie", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" + "@id": "pkg:golang/github.com/docker/docker@v24.0.0+incompatible" } ] } @@ -7459,19 +10240,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.551577809Z", + "timestamp": "2024-10-07T11:21:18.108700137Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" } ] } @@ -7482,19 +10263,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.591492905Z", + "timestamp": "2024-10-07T11:21:18.149731493Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/harvester/pcidevices", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.10+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.23.14" } ] } @@ -7505,19 +10286,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.632601695Z", + "timestamp": "2024-10-07T11:21:18.19045565Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/harvester/pcidevices", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.20+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.1" } ] } @@ -7528,19 +10309,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.67469096Z", + "timestamp": "2024-10-07T11:21:18.232642726Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/harvester/pcidevices", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.26+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" } ] } @@ -7551,19 +10332,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.717882359Z", + "timestamp": "2024-10-07T11:21:18.274070826Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.18.19" } ] } @@ -7574,19 +10355,19 @@ }, { "vulnerability": { - "name": "GO-2024-2659", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-29018", - "GHSA-mq39-4gv4-mvpx" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.762629136Z", + "timestamp": "2024-10-07T11:21:18.316302831Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.0+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.23.6" } ] } @@ -7597,19 +10378,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.809516281Z", + "timestamp": "2024-10-07T11:21:18.358034567Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/fleet", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.9+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.9" } ] } @@ -7620,19 +10401,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.852998972Z", + "timestamp": "2024-10-07T11:21:18.40011037Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/fleet", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.6+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.28.8" } ] } @@ -7643,19 +10424,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.894433189Z", + "timestamp": "2024-10-07T11:21:18.441152288Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-installer", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.21.0" } ] } @@ -7666,19 +10447,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.936468119Z", + "timestamp": "2024-10-07T11:21:18.483669831Z", "products": [ { - "@id": "pkg:golang/github.com/k3s-io/k3s", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.22.3" } ] } @@ -7689,19 +10470,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:16.977960548Z", + "timestamp": "2024-10-07T11:21:18.52462133Z", "products": [ { - "@id": "pkg:golang/github.com/k3s-io/k3s", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.25.11" } ] } @@ -7712,19 +10493,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:17.019543242Z", + "timestamp": "2024-10-07T11:21:18.567839421Z", "products": [ { - "@id": "pkg:golang/github.com/k3s-io/k3s", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v25.0.4+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.10" } ] } @@ -7735,19 +10516,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:17.061512938Z", + "timestamp": "2024-10-07T11:21:18.610612356Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v23.0.13+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.27.4" } ] } @@ -7758,19 +10539,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:17.102101163Z", + "timestamp": "2024-10-07T11:21:18.650835006Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/rancher/rancher", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v23.0.14+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.28.6" } ] } @@ -7781,19 +10562,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2746", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2024-3177", + "GHSA-pxhw-596r-rwq5" ] }, - "timestamp": "2024-10-03T18:31:17.143351319Z", + "timestamp": "2024-10-07T11:21:18.690686249Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", + "@id": "pkg:golang/github.com/rancher/webhook", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v25.0.4+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.28.6" } ] } @@ -7804,19 +10585,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2754", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2020-8566", + "GHSA-5x96-j797-5qqw" ] }, - "timestamp": "2024-10-03T18:31:17.184712318Z", + "timestamp": "2024-10-07T11:21:18.731879782Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/k8s.io/kubernetes@v1.18.19" } ] } @@ -7827,19 +10608,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2762", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" ] }, - "timestamp": "2024-10-03T18:31:17.226949097Z", + "timestamp": "2024-10-07T11:21:18.794332004Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.25+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -7850,19 +10631,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2762", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" ] }, - "timestamp": "2024-10-03T18:31:17.269233413Z", + "timestamp": "2024-10-07T11:21:18.835669376Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240710123941-93e332156bbe" } ] } @@ -7873,19 +10654,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2762", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" ] }, - "timestamp": "2024-10-03T18:31:17.311504361Z", + "timestamp": "2024-10-07T11:21:18.878254141Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -7896,19 +10677,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2762", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" ] }, - "timestamp": "2024-10-03T18:31:17.354210717Z", + "timestamp": "2024-10-07T11:21:18.920547011Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.8+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -7919,19 +10700,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2762", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" ] }, - "timestamp": "2024-10-03T18:31:17.394445407Z", + "timestamp": "2024-10-07T11:21:18.961867441Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rke2", + "@id": "pkg:golang/github.com/harvester/harvester-network-controller", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v25.0.4+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -7942,19 +10723,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2762", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" ] }, - "timestamp": "2024-10-03T18:31:17.435046764Z", + "timestamp": "2024-10-07T11:21:19.004860901Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.10+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" } ] } @@ -7965,19 +10746,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2762", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" ] }, - "timestamp": "2024-10-03T18:31:17.482544663Z", + "timestamp": "2024-10-07T11:21:19.048662051Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.20+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" } ] } @@ -7988,19 +10769,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2762", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" ] }, - "timestamp": "2024-10-03T18:31:17.529237171Z", + "timestamp": "2024-10-07T11:21:19.092067346Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.26+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" } ] } @@ -8011,19 +10792,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2762", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" ] }, - "timestamp": "2024-10-03T18:31:17.572588752Z", + "timestamp": "2024-10-07T11:21:19.134993446Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v20.10.27+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" } ] } @@ -8034,19 +10815,19 @@ }, { "vulnerability": { - "name": "GO-2024-2737", + "name": "GO-2024-2762", "aliases": [ - "CVE-2024-32473", - "GHSA-x84c-p2g9-rqv9" + "CVE-2019-12303", + "GHSA-53pj-67m4-9w98" ] }, - "timestamp": "2024-10-03T18:31:17.613389304Z", + "timestamp": "2024-10-07T11:21:19.178513258Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/wharfie", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/docker/docker@v24.0.0+incompatible" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" } ] } @@ -8057,19 +10838,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2764", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" ] }, - "timestamp": "2024-10-03T18:31:17.654368846Z", + "timestamp": "2024-10-07T11:21:19.231176575Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -8080,19 +10861,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2764", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" ] }, - "timestamp": "2024-10-03T18:31:17.696089551Z", + "timestamp": "2024-10-07T11:21:19.27231786Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.23.14" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240710123941-93e332156bbe" } ] } @@ -8103,19 +10884,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2764", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" ] }, - "timestamp": "2024-10-03T18:31:17.736813907Z", + "timestamp": "2024-10-07T11:21:19.314945502Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.25.1" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -8126,19 +10907,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2764", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" ] }, - "timestamp": "2024-10-03T18:31:17.78265732Z", + "timestamp": "2024-10-07T11:21:19.357078363Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/pcidevices", + "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.26.13" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -8149,19 +10930,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2764", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" ] }, - "timestamp": "2024-10-03T18:31:17.824029362Z", + "timestamp": "2024-10-07T11:21:19.398217525Z", "products": [ { - "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", + "@id": "pkg:golang/github.com/harvester/harvester-network-controller", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.18.19" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -8172,19 +10953,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2764", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" ] }, - "timestamp": "2024-10-03T18:31:17.863435386Z", + "timestamp": "2024-10-07T11:21:19.440652715Z", "products": [ { - "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.23.6" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" } ] } @@ -8195,19 +10976,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2764", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" ] }, - "timestamp": "2024-10-03T18:31:17.903920562Z", + "timestamp": "2024-10-07T11:21:19.487631494Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.27.9" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" } ] } @@ -8218,19 +10999,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2764", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" ] }, - "timestamp": "2024-10-03T18:31:17.943749702Z", + "timestamp": "2024-10-07T11:21:19.531738598Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/fleet", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.28.8" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" } ] } @@ -8241,19 +11022,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2764", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" ] }, - "timestamp": "2024-10-03T18:31:17.985201909Z", + "timestamp": "2024-10-07T11:21:19.575624463Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.27.4" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" } ] } @@ -8264,19 +11045,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2764", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2019-6287", + "GHSA-6r7x-4q7g-h83j" ] }, - "timestamp": "2024-10-03T18:31:18.026689237Z", + "timestamp": "2024-10-07T11:21:19.619191356Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/rancher", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.28.6" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" } ] } @@ -8287,19 +11068,19 @@ }, { "vulnerability": { - "name": "GO-2024-2746", + "name": "GO-2024-2768", "aliases": [ - "CVE-2024-3177", - "GHSA-pxhw-596r-rwq5" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-10-03T18:31:18.068962805Z", + "timestamp": "2024-10-07T11:21:19.671329058Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/webhook", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.28.6" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -8310,19 +11091,19 @@ }, { "vulnerability": { - "name": "GO-2024-2754", + "name": "GO-2024-2768", "aliases": [ - "CVE-2020-8566", - "GHSA-5x96-j797-5qqw" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-10-03T18:31:18.110698643Z", + "timestamp": "2024-10-07T11:21:19.71242807Z", "products": [ { - "@id": "pkg:golang/github.com/longhorn/longhorn-share-manager", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/k8s.io/kubernetes@v1.18.19" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240710123941-93e332156bbe" } ] } @@ -8333,16 +11114,16 @@ }, { "vulnerability": { - "name": "GO-2024-2762", + "name": "GO-2024-2768", "aliases": [ - "CVE-2019-12303", - "GHSA-53pj-67m4-9w98" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-10-03T18:31:18.174473432Z", + "timestamp": "2024-10-07T11:21:19.754739703Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" @@ -8356,19 +11137,19 @@ }, { "vulnerability": { - "name": "GO-2024-2762", + "name": "GO-2024-2768", "aliases": [ - "CVE-2019-12303", - "GHSA-53pj-67m4-9w98" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-10-03T18:31:18.21608053Z", + "timestamp": "2024-10-07T11:21:19.79669811Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240710123941-93e332156bbe" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -8379,16 +11160,16 @@ }, { "vulnerability": { - "name": "GO-2024-2762", + "name": "GO-2024-2768", "aliases": [ - "CVE-2019-12303", - "GHSA-53pj-67m4-9w98" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-10-03T18:31:18.259109464Z", + "timestamp": "2024-10-07T11:21:19.837749254Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/harvester/harvester-network-controller", "subcomponents": [ { "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" @@ -8402,19 +11183,19 @@ }, { "vulnerability": { - "name": "GO-2024-2762", + "name": "GO-2024-2768", "aliases": [ - "CVE-2019-12303", - "GHSA-53pj-67m4-9w98" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-10-03T18:31:18.303033281Z", + "timestamp": "2024-10-07T11:21:19.87866845Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" } ] } @@ -8425,19 +11206,19 @@ }, { "vulnerability": { - "name": "GO-2024-2762", + "name": "GO-2024-2768", "aliases": [ - "CVE-2019-12303", - "GHSA-53pj-67m4-9w98" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-10-03T18:31:18.345304304Z", + "timestamp": "2024-10-07T11:21:19.92087625Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-network-controller", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" } ] } @@ -8448,19 +11229,19 @@ }, { "vulnerability": { - "name": "GO-2024-2762", + "name": "GO-2024-2768", "aliases": [ - "CVE-2019-12303", - "GHSA-53pj-67m4-9w98" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-10-03T18:31:18.386034692Z", + "timestamp": "2024-10-07T11:21:19.965426116Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" } ] } @@ -8471,19 +11252,19 @@ }, { "vulnerability": { - "name": "GO-2024-2764", + "name": "GO-2024-2768", "aliases": [ - "CVE-2019-6287", - "GHSA-6r7x-4q7g-h83j" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-10-03T18:31:18.437905376Z", + "timestamp": "2024-10-07T11:21:20.009529604Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" } ] } @@ -8494,19 +11275,19 @@ }, { "vulnerability": { - "name": "GO-2024-2764", + "name": "GO-2024-2768", "aliases": [ - "CVE-2019-6287", - "GHSA-6r7x-4q7g-h83j" + "CVE-2021-25318", + "GHSA-f9xf-jq4j-vqw4" ] }, - "timestamp": "2024-10-03T18:31:18.480066246Z", + "timestamp": "2024-10-07T11:21:20.05411312Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240710123941-93e332156bbe" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" } ] } @@ -8517,16 +11298,16 @@ }, { "vulnerability": { - "name": "GO-2024-2764", + "name": "GO-2024-2778", "aliases": [ - "CVE-2019-6287", - "GHSA-6r7x-4q7g-h83j" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-10-03T18:31:18.522993802Z", + "timestamp": "2024-10-07T11:21:20.118317193Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" @@ -8540,19 +11321,19 @@ }, { "vulnerability": { - "name": "GO-2024-2764", + "name": "GO-2024-2778", "aliases": [ - "CVE-2019-6287", - "GHSA-6r7x-4q7g-h83j" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-10-03T18:31:18.565273491Z", + "timestamp": "2024-10-07T11:21:20.160176935Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", + "@id": "pkg:golang/github.com/harvester/harvester", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240710123941-93e332156bbe" } ] } @@ -8563,16 +11344,16 @@ }, { "vulnerability": { - "name": "GO-2024-2764", + "name": "GO-2024-2778", "aliases": [ - "CVE-2019-6287", - "GHSA-6r7x-4q7g-h83j" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-10-03T18:31:18.610587108Z", + "timestamp": "2024-10-07T11:21:20.201854346Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-network-controller", + "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", "subcomponents": [ { "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" @@ -8586,19 +11367,19 @@ }, { "vulnerability": { - "name": "GO-2024-2764", + "name": "GO-2024-2778", "aliases": [ - "CVE-2019-6287", - "GHSA-6r7x-4q7g-h83j" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-10-03T18:31:18.652609783Z", + "timestamp": "2024-10-07T11:21:20.243826367Z", "products": [ { - "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" } ] } @@ -8609,16 +11390,16 @@ }, { "vulnerability": { - "name": "GO-2024-2768", + "name": "GO-2024-2778", "aliases": [ - "CVE-2021-25318", - "GHSA-f9xf-jq4j-vqw4" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-10-03T18:31:18.704364983Z", + "timestamp": "2024-10-07T11:21:20.285855327Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/harvester/harvester-network-controller", "subcomponents": [ { "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" @@ -8632,19 +11413,19 @@ }, { "vulnerability": { - "name": "GO-2024-2768", + "name": "GO-2024-2778", "aliases": [ - "CVE-2021-25318", - "GHSA-f9xf-jq4j-vqw4" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-10-03T18:31:18.746384023Z", + "timestamp": "2024-10-07T11:21:20.328549399Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240710123941-93e332156bbe" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" } ] } @@ -8655,19 +11436,19 @@ }, { "vulnerability": { - "name": "GO-2024-2768", + "name": "GO-2024-2778", "aliases": [ - "CVE-2021-25318", - "GHSA-f9xf-jq4j-vqw4" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-10-03T18:31:18.78797616Z", + "timestamp": "2024-10-07T11:21:20.373801285Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" } ] } @@ -8678,19 +11459,19 @@ }, { "vulnerability": { - "name": "GO-2024-2768", + "name": "GO-2024-2778", "aliases": [ - "CVE-2021-25318", - "GHSA-f9xf-jq4j-vqw4" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-10-03T18:31:18.830004422Z", + "timestamp": "2024-10-07T11:21:20.416754165Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" } ] } @@ -8701,19 +11482,19 @@ }, { "vulnerability": { - "name": "GO-2024-2768", + "name": "GO-2024-2778", "aliases": [ - "CVE-2021-25318", - "GHSA-f9xf-jq4j-vqw4" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-10-03T18:31:18.870289477Z", + "timestamp": "2024-10-07T11:21:20.460819032Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-network-controller", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" } ] } @@ -8724,13 +11505,13 @@ }, { "vulnerability": { - "name": "GO-2024-2768", + "name": "GO-2024-2778", "aliases": [ - "CVE-2021-25318", - "GHSA-f9xf-jq4j-vqw4" + "CVE-2021-31999", + "GHSA-pvxj-25m6-7vqr" ] }, - "timestamp": "2024-10-03T18:31:18.910160356Z", + "timestamp": "2024-10-07T11:21:20.50566002Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -8747,13 +11528,13 @@ }, { "vulnerability": { - "name": "GO-2024-2778", + "name": "GO-2024-2784", "aliases": [ - "CVE-2021-31999", - "GHSA-pvxj-25m6-7vqr" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-10-03T18:31:18.971704083Z", + "timestamp": "2024-10-07T11:21:20.558859498Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -8770,13 +11551,13 @@ }, { "vulnerability": { - "name": "GO-2024-2778", + "name": "GO-2024-2784", "aliases": [ - "CVE-2021-31999", - "GHSA-pvxj-25m6-7vqr" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-10-03T18:31:19.013334108Z", + "timestamp": "2024-10-07T11:21:20.60104159Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -8793,13 +11574,13 @@ }, { "vulnerability": { - "name": "GO-2024-2778", + "name": "GO-2024-2784", "aliases": [ - "CVE-2021-31999", - "GHSA-pvxj-25m6-7vqr" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-10-03T18:31:19.056067602Z", + "timestamp": "2024-10-07T11:21:20.6422168Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -8816,13 +11597,13 @@ }, { "vulnerability": { - "name": "GO-2024-2778", + "name": "GO-2024-2784", "aliases": [ - "CVE-2021-31999", - "GHSA-pvxj-25m6-7vqr" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-10-03T18:31:19.09954942Z", + "timestamp": "2024-10-07T11:21:20.683371167Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", @@ -8839,13 +11620,13 @@ }, { "vulnerability": { - "name": "GO-2024-2778", + "name": "GO-2024-2784", "aliases": [ - "CVE-2021-31999", - "GHSA-pvxj-25m6-7vqr" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-10-03T18:31:19.14245407Z", + "timestamp": "2024-10-07T11:21:20.725212854Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-network-controller", @@ -8862,19 +11643,19 @@ }, { "vulnerability": { - "name": "GO-2024-2778", + "name": "GO-2024-2784", "aliases": [ - "CVE-2021-31999", - "GHSA-pvxj-25m6-7vqr" + "CVE-2019-11202", + "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-10-03T18:31:19.184038245Z", + "timestamp": "2024-10-07T11:21:20.767394871Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9" } ] } @@ -8891,13 +11672,13 @@ "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-10-03T18:31:19.235958728Z", + "timestamp": "2024-10-07T11:21:20.81099598Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41" } ] } @@ -8914,13 +11695,13 @@ "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-10-03T18:31:19.277502117Z", + "timestamp": "2024-10-07T11:21:20.854462612Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240710123941-93e332156bbe" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2" } ] } @@ -8937,13 +11718,13 @@ "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-10-03T18:31:19.318279727Z", + "timestamp": "2024-10-07T11:21:20.897695495Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4" } ] } @@ -8960,13 +11741,13 @@ "GHSA-xh8x-j8h3-m5ph" ] }, - "timestamp": "2024-10-03T18:31:19.359320682Z", + "timestamp": "2024-10-07T11:21:20.940762833Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-load-balancer", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" } ] } @@ -8977,19 +11758,18 @@ }, { "vulnerability": { - "name": "GO-2024-2784", + "name": "GO-2024-2846", "aliases": [ - "CVE-2019-11202", - "GHSA-xh8x-j8h3-m5ph" + "GHSA-c9cp-9c75-9v8c" ] }, - "timestamp": "2024-10-03T18:31:19.400338527Z", + "timestamp": "2024-10-07T11:21:21.004785105Z", "products": [ { - "@id": "pkg:golang/github.com/harvester/harvester-network-controller", + "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803" + "@id": "pkg:golang/github.com/containerd/containerd@v1.4.4" } ] } @@ -9000,19 +11780,42 @@ }, { "vulnerability": { - "name": "GO-2024-2784", + "name": "GO-2024-2912", "aliases": [ - "CVE-2019-11202", - "GHSA-xh8x-j8h3-m5ph" + "CVE-2021-41092", + "GHSA-99pg-grm5-qq3v" ] }, - "timestamp": "2024-10-03T18:31:19.440926455Z", + "timestamp": "2024-10-07T11:21:21.048591913Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", "subcomponents": [ { - "@id": "pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a" + "@id": "pkg:golang/github.com/docker/cli@v20.10.3+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2913", + "aliases": [ + "CVE-2021-41089", + "GHSA-v994-f8vw-g7j4" + ] + }, + "timestamp": "2024-10-07T11:21:21.091897085Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" } ] } @@ -9029,7 +11832,7 @@ "GHSA-v994-f8vw-g7j4" ] }, - "timestamp": "2024-10-03T18:31:19.50273626Z", + "timestamp": "2024-10-07T11:21:21.134821042Z", "products": [ { "@id": "pkg:golang/github.com/rancher/machine", @@ -9051,7 +11854,7 @@ "CVE-2022-30636" ] }, - "timestamp": "2024-10-03T18:31:19.574947246Z", + "timestamp": "2024-10-07T11:21:21.208543597Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -9073,7 +11876,7 @@ "CVE-2022-30636" ] }, - "timestamp": "2024-10-03T18:31:19.616086539Z", + "timestamp": "2024-10-07T11:21:21.250982487Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -9095,7 +11898,7 @@ "CVE-2022-30636" ] }, - "timestamp": "2024-10-03T18:31:19.657891682Z", + "timestamp": "2024-10-07T11:21:21.293469708Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -9117,7 +11920,7 @@ "CVE-2022-30636" ] }, - "timestamp": "2024-10-03T18:31:19.698065178Z", + "timestamp": "2024-10-07T11:21:21.334030371Z", "products": [ { "@id": "pkg:golang/github.com/heptiolabs/eventrouter", @@ -9132,6 +11935,28 @@ "justification": "vulnerable_code_not_present", "impact_statement": "Govulncheck determined that the vulnerable code isn't called" }, + { + "vulnerability": { + "name": "GO-2024-2961", + "aliases": [ + "CVE-2022-30636" + ] + }, + "timestamp": "2024-10-07T11:21:21.376427727Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_in_execute_path", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, { "vulnerability": { "name": "GO-2024-2978", @@ -9139,7 +11964,7 @@ "GHSA-xr7q-jx4m-x55m" ] }, - "timestamp": "2024-10-03T18:31:19.738037761Z", + "timestamp": "2024-10-07T11:21:21.419004145Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -9161,7 +11986,7 @@ "GHSA-xr7q-jx4m-x55m" ] }, - "timestamp": "2024-10-03T18:31:19.779399579Z", + "timestamp": "2024-10-07T11:21:21.461509006Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -9183,7 +12008,7 @@ "GHSA-xr7q-jx4m-x55m" ] }, - "timestamp": "2024-10-03T18:31:19.820876674Z", + "timestamp": "2024-10-07T11:21:21.505038752Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-cloud-provider", @@ -9205,7 +12030,73 @@ "GHSA-xr7q-jx4m-x55m" ] }, - "timestamp": "2024-10-03T18:31:19.861614153Z", + "timestamp": "2024-10-07T11:21:21.548186235Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.34.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2978", + "aliases": [ + "GHSA-xr7q-jx4m-x55m" + ] + }, + "timestamp": "2024-10-07T11:21:21.591623675Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.40.0" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2978", + "aliases": [ + "GHSA-xr7q-jx4m-x55m" + ] + }, + "timestamp": "2024-10-07T11:21:21.635429126Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/google.golang.org/grpc@v1.56.1" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-2978", + "aliases": [ + "GHSA-xr7q-jx4m-x55m" + ] + }, + "timestamp": "2024-10-07T11:21:21.678103943Z", "products": [ { "@id": "pkg:golang/github.com/rancher/support-bundle-kit", @@ -9228,7 +12119,7 @@ "GHSA-82m2-cv7p-4m75" ] }, - "timestamp": "2024-10-03T18:31:19.902606465Z", + "timestamp": "2024-10-07T11:21:21.719507317Z", "products": [ { "@id": "pkg:golang/github.com/rancher/system-agent", @@ -9250,7 +12141,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:19.943487701Z", + "timestamp": "2024-10-07T11:21:21.760392055Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -9272,7 +12163,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:19.98478716Z", + "timestamp": "2024-10-07T11:21:21.80260137Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester", @@ -9294,7 +12185,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.025952994Z", + "timestamp": "2024-10-07T11:21:21.843115802Z", "products": [ { "@id": "pkg:golang/github.com/harvester/harvester-installer", @@ -9316,7 +12207,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.06805113Z", + "timestamp": "2024-10-07T11:21:21.883106219Z", "products": [ { "@id": "pkg:golang/github.com/k3s-io/k3s", @@ -9338,7 +12229,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.108949343Z", + "timestamp": "2024-10-07T11:21:21.922927634Z", "products": [ { "@id": "pkg:golang/github.com/k3s-io/k3s", @@ -9360,7 +12251,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.151490183Z", + "timestamp": "2024-10-07T11:21:21.963342394Z", "products": [ { "@id": "pkg:golang/github.com/k3s-io/k3s", @@ -9382,7 +12273,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.192508055Z", + "timestamp": "2024-10-07T11:21:22.00435665Z", "products": [ { "@id": "pkg:golang/github.com/rancher/fleet", @@ -9404,7 +12295,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.234332785Z", + "timestamp": "2024-10-07T11:21:22.045119073Z", "products": [ { "@id": "pkg:golang/github.com/rancher/fleet", @@ -9426,7 +12317,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.275897083Z", + "timestamp": "2024-10-07T11:21:22.085297919Z", "products": [ { "@id": "pkg:golang/github.com/rancher/image-build-rke2-cloud-provider", @@ -9448,7 +12339,29 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.316735062Z", + "timestamp": "2024-10-07T11:21:22.127061835Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.24+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-3005", + "aliases": [ + "CVE-2024-41110" + ] + }, + "timestamp": "2024-10-07T11:21:22.17004009Z", "products": [ { "@id": "pkg:golang/github.com/rancher/kube-api-auth", @@ -9470,7 +12383,29 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.356683607Z", + "timestamp": "2024-10-07T11:21:22.213297279Z", + "products": [ + { + "@id": "pkg:golang/github.com/rancher/kube-api-auth", + "subcomponents": [ + { + "@id": "pkg:golang/github.com/docker/docker@v20.10.6+incompatible" + } + ] + } + ], + "status": "not_affected", + "justification": "vulnerable_code_not_present", + "impact_statement": "Govulncheck determined that the vulnerable code isn't called" + }, + { + "vulnerability": { + "name": "GO-2024-3005", + "aliases": [ + "CVE-2024-41110" + ] + }, + "timestamp": "2024-10-07T11:21:22.255553711Z", "products": [ { "@id": "pkg:golang/github.com/rancher/machine", @@ -9492,7 +12427,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.397662687Z", + "timestamp": "2024-10-07T11:21:22.296593194Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rancher", @@ -9514,7 +12449,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.440228389Z", + "timestamp": "2024-10-07T11:21:22.338371608Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rancher", @@ -9536,7 +12471,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.482206879Z", + "timestamp": "2024-10-07T11:21:22.379498617Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rke2", @@ -9558,7 +12493,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.523324073Z", + "timestamp": "2024-10-07T11:21:22.420874258Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rke2", @@ -9580,7 +12515,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.565161713Z", + "timestamp": "2024-10-07T11:21:22.461421976Z", "products": [ { "@id": "pkg:golang/github.com/rancher/rke2", @@ -9602,7 +12537,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.608183883Z", + "timestamp": "2024-10-07T11:21:22.502935534Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -9624,7 +12559,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.648903599Z", + "timestamp": "2024-10-07T11:21:22.545250398Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -9646,7 +12581,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.691013231Z", + "timestamp": "2024-10-07T11:21:22.585593225Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -9668,7 +12603,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.732209306Z", + "timestamp": "2024-10-07T11:21:22.626272693Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", @@ -9690,7 +12625,7 @@ "CVE-2024-41110" ] }, - "timestamp": "2024-10-03T18:31:20.77303027Z", + "timestamp": "2024-10-07T11:21:22.666148969Z", "products": [ { "@id": "pkg:golang/github.com/rancher/wharfie", diff --git a/reports/vex_cves.csv b/reports/vex_cves.csv index e4e999e..d6fa492 100644 --- a/reports/vex_cves.csv +++ b/reports/vex_cves.csv @@ -31,16 +31,25 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2021-0066","CVE-2020-8564,GHSA-8mjg-8c8g-6h85","pkg:golang/github.com/longhorn/longhorn-share-manager","pkg:golang/k8s.io/kubernetes@v1.18.19","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2021-0072","CVE-2017-11468,GHSA-h62f-wm92-2cmw","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/github.com/docker/distribution@v0.0.0-20191216044856-a8371794149d","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2021-0113","CVE-2021-38561,GHSA-ppp9-7jff-5vj2","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/text@v0.3.4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2021-0113","CVE-2021-38561,GHSA-ppp9-7jff-5vj2","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/text@v0.3.5","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2021-0113","CVE-2021-38561,GHSA-ppp9-7jff-5vj2","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/text@v0.3.6","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2021-0238","CVE-2021-33194,GHSA-83g2-8m93-v3w7","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/net@v0.0.0-20210405180319-a5a99cb37ef4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2021-0238","CVE-2021-33194,GHSA-83g2-8m93-v3w7","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2021-0356","CVE-2022-27191,GHSA-8c26-wmh5-6g9v","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/crypto@v0.0.0-20210322153248-0c34fe9e7dc2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2021-0356","CVE-2022-27191,GHSA-8c26-wmh5-6g9v","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/crypto@v0.0.0-20211202192323-5770296d904e","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2021-0356","CVE-2022-27191,GHSA-8c26-wmh5-6g9v","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/crypto@v0.0.0-20220214200702-86341886e292","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2021-0356","CVE-2022-27191,GHSA-8c26-wmh5-6g9v","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0274","CVE-2021-43784,GHSA-v95c-p5hm-xq8f","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/github.com/opencontainers/runc@v1.0.3","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0278","CVE-2021-43816,GHSA-mvff-h3cj-wj9c","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0278","CVE-2021-43816,GHSA-mvff-h3cj-wj9c","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/containerd/containerd@v1.4.4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0288","CVE-2021-44716,GHSA-vc3p-29h2-gpcp","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0288","CVE-2021-44716,GHSA-vc3p-29h2-gpcp","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0288","CVE-2021-44716,GHSA-vc3p-29h2-gpcp","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0322","CVE-2022-21698,GHSA-cg3q-j54f-5p7p","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/prometheus/client_golang@v1.11.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0322","CVE-2022-21698,GHSA-cg3q-j54f-5p7p","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/prometheus/client_golang@v1.9.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0344","CVE-2022-23648,GHSA-crp2-qrr5-8pq7","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0360","GHSA-5j5w-g665-5m35","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0379","GHSA-qq97-vm5h-rrhg","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/distribution@v2.7.1+incompatible","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0379","GHSA-qq97-vm5h-rrhg","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/github.com/docker/distribution@v0.0.0-20191216044856-a8371794149d","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0379","GHSA-qq97-vm5h-rrhg","pkg:golang/github.com/rancher/wharfie","pkg:golang/github.com/docker/distribution@v2.7.1+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0482","CVE-2022-31030,GHSA-5ffw-gxpp-mxpf","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -49,10 +58,13 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2022-0493","CVE-2022-29526,GHSA-p782-xgp4-8hr8","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/sys@v0.0.0-20210831042530-f4d43177bf5e","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0493","CVE-2022-29526,GHSA-p782-xgp4-8hr8","pkg:golang/github.com/longhorn/longhorn-share-manager","pkg:golang/golang.org/x/sys@v0.0.0-20201112073958-5cba982894dd","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0493","CVE-2022-29526,GHSA-p782-xgp4-8hr8","pkg:golang/github.com/longhorn/longhorn-share-manager","pkg:golang/golang.org/x/sys@v0.0.0-20210831042530-f4d43177bf5e","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0493","CVE-2022-29526,GHSA-p782-xgp4-8hr8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/sys@v0.0.0-20210615035016-665e8c7367d1","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0493","CVE-2022-29526,GHSA-p782-xgp4-8hr8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/sys@v0.0.0-20211013075003-97ac67df715c","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0493","CVE-2022-29526,GHSA-p782-xgp4-8hr8","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/sys@v0.0.0-20211110154304-99a53858aa08","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0603","CVE-2022-28948,GHSA-hp87-p4gw-j4gq","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0603","CVE-2022-28948,GHSA-hp87-p4gw-j4gq","pkg:golang/github.com/harvester/vm-import-controller","pkg:golang/gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0603","CVE-2022-28948,GHSA-hp87-p4gw-j4gq","pkg:golang/github.com/harvester/webhook","pkg:golang/gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0603","CVE-2022-28948,GHSA-hp87-p4gw-j4gq","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0603","CVE-2022-28948,GHSA-hp87-p4gw-j4gq","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/harvester/harvester","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/harvester/harvester","pkg:golang/k8s.io/kubernetes@v1.30.3","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -64,6 +76,10 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/rancher/fleet","pkg:golang/k8s.io/kubernetes@v1.27.9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/rancher/fleet","pkg:golang/k8s.io/kubernetes@v1.28.8","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/rancher/fleet","pkg:golang/k8s.io/kubernetes@v1.30.3","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.21.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.22.3","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.25.11","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.27.10","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.30.3","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/rancher/rancher","pkg:golang/k8s.io/kubernetes@v1.27.4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0617","CVE-2020-8562,GHSA-qh36-44jv-c8xj","pkg:golang/github.com/rancher/rancher","pkg:golang/k8s.io/kubernetes@v1.28.6","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -79,12 +95,19 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2022-0644","CVE-2018-20321,GHSA-9qq2-xhmc-h9qr","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0644","CVE-2018-20321,GHSA-9qq2-xhmc-h9qr","pkg:golang/github.com/harvester/harvester-load-balancer","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0644","CVE-2018-20321,GHSA-9qq2-xhmc-h9qr","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0644","CVE-2018-20321,GHSA-9qq2-xhmc-h9qr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0644","CVE-2018-20321,GHSA-9qq2-xhmc-h9qr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0644","CVE-2018-20321,GHSA-9qq2-xhmc-h9qr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0644","CVE-2018-20321,GHSA-9qq2-xhmc-h9qr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0644","CVE-2018-20321,GHSA-9qq2-xhmc-h9qr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0644","CVE-2018-20321,GHSA-9qq2-xhmc-h9qr","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0646","CVE-2020-8911,CVE-2020-8912,GHSA-7f33-f4f5-xwgw,GHSA-f5pg-7wfw-84q9","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/aws/aws-sdk-go@v1.46.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0646","CVE-2020-8911,CVE-2020-8912,GHSA-7f33-f4f5-xwgw,GHSA-f5pg-7wfw-84q9","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/aws/aws-sdk-go@v1.55.5","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0646","CVE-2020-8911,CVE-2020-8912,GHSA-7f33-f4f5-xwgw,GHSA-f5pg-7wfw-84q9","pkg:golang/github.com/heptiolabs/eventrouter","pkg:golang/github.com/aws/aws-sdk-go@v1.34.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0646","CVE-2020-8911,CVE-2020-8912,GHSA-7f33-f4f5-xwgw,GHSA-f5pg-7wfw-84q9","pkg:golang/github.com/rancher/fleet","pkg:golang/github.com/aws/aws-sdk-go@v1.44.122","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0646","CVE-2020-8911,CVE-2020-8912,GHSA-7f33-f4f5-xwgw,GHSA-f5pg-7wfw-84q9","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/aws/aws-sdk-go@v1.38.65","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0646","CVE-2020-8911,CVE-2020-8912,GHSA-7f33-f4f5-xwgw,GHSA-f5pg-7wfw-84q9","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/aws/aws-sdk-go@v1.44.294","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0646","CVE-2020-8911,CVE-2020-8912,GHSA-7f33-f4f5-xwgw,GHSA-f5pg-7wfw-84q9","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/aws/aws-sdk-go@v1.44.322","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0646","CVE-2020-8911,CVE-2020-8912,GHSA-7f33-f4f5-xwgw,GHSA-f5pg-7wfw-84q9","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/aws/aws-sdk-go@v1.50.38","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0646","CVE-2020-8911,CVE-2020-8912,GHSA-7f33-f4f5-xwgw,GHSA-f5pg-7wfw-84q9","pkg:golang/github.com/rancher/machine","pkg:golang/github.com/aws/aws-sdk-go@v1.34.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0646","CVE-2020-8911,CVE-2020-8912,GHSA-7f33-f4f5-xwgw,GHSA-f5pg-7wfw-84q9","pkg:golang/github.com/rancher/machine","pkg:golang/github.com/aws/aws-sdk-go@v1.55.5","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -99,6 +122,10 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2022-0755","CVE-2019-13209,GHSA-xhg2-rvm8-w2jh","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0755","CVE-2019-13209,GHSA-xhg2-rvm8-w2jh","pkg:golang/github.com/harvester/harvester-load-balancer","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0755","CVE-2019-13209,GHSA-xhg2-rvm8-w2jh","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0755","CVE-2019-13209,GHSA-xhg2-rvm8-w2jh","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0755","CVE-2019-13209,GHSA-xhg2-rvm8-w2jh","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0755","CVE-2019-13209,GHSA-xhg2-rvm8-w2jh","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0755","CVE-2019-13209,GHSA-xhg2-rvm8-w2jh","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0755","CVE-2019-13209,GHSA-xhg2-rvm8-w2jh","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0755","CVE-2019-13209,GHSA-xhg2-rvm8-w2jh","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0784","CVE-2020-15257,GHSA-36xw-fx78-c5r4","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -108,16 +135,23 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2022-0921","CVE-2021-32760,GHSA-c72p-9xmj-rx3w","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0938","CVE-2021-41103,GHSA-c2h3-6mxw-7mvq","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0968","CVE-2021-43565,GHSA-gwc9-m7rh-j2ww","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/crypto@v0.0.0-20210322153248-0c34fe9e7dc2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0968","CVE-2021-43565,GHSA-gwc9-m7rh-j2ww","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0969","CVE-2022-27664,GHSA-69cg-p879-7622","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/net@v0.0.0-20211209124913-491a49abca63","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0969","CVE-2022-27664,GHSA-69cg-p879-7622","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-0969","CVE-2022-27664,GHSA-69cg-p879-7622","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-0969","CVE-2022-27664,GHSA-69cg-p879-7622","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1059","CVE-2022-32149,GHSA-69ch-w2m2-3vjp","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/text@v0.3.4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1059","CVE-2022-32149,GHSA-69ch-w2m2-3vjp","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/text@v0.3.7","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1059","CVE-2022-32149,GHSA-69ch-w2m2-3vjp","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/text@v0.3.7","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-1059","CVE-2022-32149,GHSA-69ch-w2m2-3vjp","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/text@v0.3.5","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-1059","CVE-2022-32149,GHSA-69ch-w2m2-3vjp","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/text@v0.3.7","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1059","CVE-2022-32149,GHSA-69ch-w2m2-3vjp","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/text@v0.3.6","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1144","CVE-2022-41717,GHSA-xrjj-mj9h-534m","pkg:golang/github.com/harvester/pcidevices","pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1144","CVE-2022-41717,GHSA-xrjj-mj9h-534m","pkg:golang/github.com/harvester/vm-import-controller","pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1144","CVE-2022-41717,GHSA-xrjj-mj9h-534m","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/net@v0.0.0-20211209124913-491a49abca63","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1144","CVE-2022-41717,GHSA-xrjj-mj9h-534m","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/net@v0.0.0-20221004154528-8021a29435af","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-1144","CVE-2022-41717,GHSA-xrjj-mj9h-534m","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2022-1144","CVE-2022-41717,GHSA-xrjj-mj9h-534m","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1144","CVE-2022-41717,GHSA-xrjj-mj9h-534m","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1144","CVE-2022-41717,GHSA-xrjj-mj9h-534m","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.1.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2022-1147","CVE-2022-23471,GHSA-2qjp-425j-52j9","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -127,6 +161,8 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-1495","CVE-2022-41721,GHSA-fxg5-wq6x-vr4w","pkg:golang/github.com/harvester/vm-import-controller","pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1495","CVE-2022-41721,GHSA-fxg5-wq6x-vr4w","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/net@v0.0.0-20211209124913-491a49abca63","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1495","CVE-2022-41721,GHSA-fxg5-wq6x-vr4w","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/net@v0.0.0-20221004154528-8021a29435af","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1495","CVE-2022-41721,GHSA-fxg5-wq6x-vr4w","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1495","CVE-2022-41721,GHSA-fxg5-wq6x-vr4w","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1495","CVE-2022-41721,GHSA-fxg5-wq6x-vr4w","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1495","CVE-2022-41721,GHSA-fxg5-wq6x-vr4w","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.1.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1515","CVE-2022-43756,GHSA-8fcj-gf77-47mg","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/wrangler@v0.8.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -135,6 +171,8 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-1515","CVE-2022-43756,GHSA-8fcj-gf77-47mg","pkg:golang/github.com/harvester/pcidevices","pkg:golang/github.com/rancher/wrangler@v1.0.1-0.20220520195731-8eeded9bae2a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1515","CVE-2022-43756,GHSA-8fcj-gf77-47mg","pkg:golang/github.com/harvester/vm-import-controller","pkg:golang/github.com/rancher/wrangler@v1.0.1-0.20220520195731-8eeded9bae2a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1515","CVE-2022-43756,GHSA-8fcj-gf77-47mg","pkg:golang/github.com/harvester/webhook","pkg:golang/github.com/rancher/wrangler@v1.0.1-0.20220520195731-8eeded9bae2a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1515","CVE-2022-43756,GHSA-8fcj-gf77-47mg","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/wrangler@v0.8.11-0.20220217210408-3ecd23dfea3b","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1515","CVE-2022-43756,GHSA-8fcj-gf77-47mg","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/wrangler@v0.8.7","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1515","CVE-2022-43756,GHSA-8fcj-gf77-47mg","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/github.com/rancher/wrangler@v1.0.1-0.20220520195731-8eeded9bae2a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1519","CVE-2022-31249,GHSA-qrg7-hfx7-95c5","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/wrangler@v0.8.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1519","CVE-2022-31249,GHSA-qrg7-hfx7-95c5","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/wrangler@v0.8.11-0.20211214201934-f5aa5d9f2e81","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -142,6 +180,8 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-1519","CVE-2022-31249,GHSA-qrg7-hfx7-95c5","pkg:golang/github.com/harvester/pcidevices","pkg:golang/github.com/rancher/wrangler@v1.0.1-0.20220520195731-8eeded9bae2a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1519","CVE-2022-31249,GHSA-qrg7-hfx7-95c5","pkg:golang/github.com/harvester/vm-import-controller","pkg:golang/github.com/rancher/wrangler@v1.0.1-0.20220520195731-8eeded9bae2a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1519","CVE-2022-31249,GHSA-qrg7-hfx7-95c5","pkg:golang/github.com/harvester/webhook","pkg:golang/github.com/rancher/wrangler@v1.0.1-0.20220520195731-8eeded9bae2a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1519","CVE-2022-31249,GHSA-qrg7-hfx7-95c5","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/wrangler@v0.8.11-0.20220217210408-3ecd23dfea3b","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1519","CVE-2022-31249,GHSA-qrg7-hfx7-95c5","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/wrangler@v0.8.7","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1519","CVE-2022-31249,GHSA-qrg7-hfx7-95c5","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/github.com/rancher/wrangler@v1.0.1-0.20220520195731-8eeded9bae2a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/harvester/harvester","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -149,17 +189,22 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/k3s-io/k3s","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/rancher/image-build-rke2-cloud-provider","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/rancher/rancher","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/rancher/rke2","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1546","CVE-2023-25151,GHSA-5r5m-65gx-7vrh","pkg:golang/github.com/rancher/webhook","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1573","CVE-2023-25153,GHSA-259w-8hf6-59c2","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1573","CVE-2023-25153,GHSA-259w-8hf6-59c2","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/containerd/containerd@v1.4.4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1574","CVE-2023-25173,GHSA-hmfx-3pcx-653p","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1574","CVE-2023-25173,GHSA-hmfx-3pcx-653p","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/containerd/containerd@v1.4.4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1628","CVE-2022-3162,GHSA-2394-5535-8j88","pkg:golang/github.com/harvester/pcidevices","pkg:golang/k8s.io/kubernetes@v1.23.14","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1628","CVE-2022-3162,GHSA-2394-5535-8j88","pkg:golang/github.com/longhorn/longhorn-share-manager","pkg:golang/k8s.io/kubernetes@v1.18.19","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1628","CVE-2022-3162,GHSA-2394-5535-8j88","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.21.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1629","CVE-2022-3294,GHSA-jh36-q97c-9928","pkg:golang/github.com/harvester/pcidevices","pkg:golang/k8s.io/kubernetes@v1.23.14","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1629","CVE-2022-3294,GHSA-jh36-q97c-9928","pkg:golang/github.com/longhorn/longhorn-share-manager","pkg:golang/k8s.io/kubernetes@v1.18.19","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1629","CVE-2022-3294,GHSA-jh36-q97c-9928","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.21.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1631","CVE-2023-24535,GHSA-hw7c-3rfg-p46j","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/google.golang.org/protobuf@v1.25.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1631","CVE-2023-24535,GHSA-hw7c-3rfg-p46j","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/google.golang.org/protobuf@v1.27.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1631","CVE-2023-24535,GHSA-hw7c-3rfg-p46j","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/google.golang.org/protobuf@v1.28.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -168,20 +213,25 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-1631","CVE-2023-24535,GHSA-hw7c-3rfg-p46j","pkg:golang/github.com/harvester/webhook","pkg:golang/google.golang.org/protobuf@v1.27.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1631","CVE-2023-24535,GHSA-hw7c-3rfg-p46j","pkg:golang/github.com/harvester/webhook","pkg:golang/google.golang.org/protobuf@v1.28.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1631","CVE-2023-24535,GHSA-hw7c-3rfg-p46j","pkg:golang/github.com/heptiolabs/eventrouter","pkg:golang/google.golang.org/protobuf@v1.27.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1631","CVE-2023-24535,GHSA-hw7c-3rfg-p46j","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/protobuf@v1.26.0-rc.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1631","CVE-2023-24535,GHSA-hw7c-3rfg-p46j","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/protobuf@v1.27.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1631","CVE-2023-24535,GHSA-hw7c-3rfg-p46j","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/google.golang.org/protobuf@v1.27.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1699","CVE-2023-28840,GHSA-232p-vwff-86mp","pkg:golang/github.com/harvester/harvester-installer","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1699","CVE-2023-28840,GHSA-232p-vwff-86mp","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.24+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1699","CVE-2023-28840,GHSA-232p-vwff-86mp","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1699","CVE-2023-28840,GHSA-232p-vwff-86mp","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.25+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1699","CVE-2023-28840,GHSA-232p-vwff-86mp","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1699","CVE-2023-28840,GHSA-232p-vwff-86mp","pkg:golang/github.com/rancher/wharfie","pkg:golang/github.com/docker/docker@v20.10.26+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1699","CVE-2023-28840,GHSA-232p-vwff-86mp","pkg:golang/github.com/rancher/wharfie","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1700","CVE-2023-28841,GHSA-33pg-m6jh-5237","pkg:golang/github.com/harvester/harvester-installer","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1700","CVE-2023-28841,GHSA-33pg-m6jh-5237","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.24+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1700","CVE-2023-28841,GHSA-33pg-m6jh-5237","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1700","CVE-2023-28841,GHSA-33pg-m6jh-5237","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.25+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1700","CVE-2023-28841,GHSA-33pg-m6jh-5237","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1700","CVE-2023-28841,GHSA-33pg-m6jh-5237","pkg:golang/github.com/rancher/wharfie","pkg:golang/github.com/docker/docker@v20.10.26+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1700","CVE-2023-28841,GHSA-33pg-m6jh-5237","pkg:golang/github.com/rancher/wharfie","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1701","CVE-2023-28842,GHSA-6wrf-mxfj-pf5p","pkg:golang/github.com/harvester/harvester-installer","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1701","CVE-2023-28842,GHSA-6wrf-mxfj-pf5p","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.24+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1701","CVE-2023-28842,GHSA-6wrf-mxfj-pf5p","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1701","CVE-2023-28842,GHSA-6wrf-mxfj-pf5p","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.25+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1701","CVE-2023-28842,GHSA-6wrf-mxfj-pf5p","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -189,15 +239,22 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-1701","CVE-2023-28842,GHSA-6wrf-mxfj-pf5p","pkg:golang/github.com/rancher/wharfie","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1864","CVE-2023-2431,GHSA-xc8m-28vv-4pjc","pkg:golang/github.com/harvester/harvester","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1864","CVE-2023-2431,GHSA-xc8m-28vv-4pjc","pkg:golang/github.com/harvester/pcidevices","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1864","CVE-2023-2431,GHSA-xc8m-28vv-4pjc","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.25.11","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1891","CVE-2023-2727,GHSA-qc2g-gmh6-95p4","pkg:golang/github.com/harvester/harvester","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1891","CVE-2023-2727,GHSA-qc2g-gmh6-95p4","pkg:golang/github.com/harvester/pcidevices","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1891","CVE-2023-2727,GHSA-qc2g-gmh6-95p4","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.25.11","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1892","CVE-2023-2728,GHSA-cgcv-5272-97pr","pkg:golang/github.com/harvester/harvester","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1892","CVE-2023-2728,GHSA-cgcv-5272-97pr","pkg:golang/github.com/harvester/pcidevices","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1892","CVE-2023-2728,GHSA-cgcv-5272-97pr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.25.11","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/rancher/rancher@v0.0.0-20240710123941-93e332156bbe","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/harvester/harvester-load-balancer","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1973","CVE-2017-7297,GHSA-w3x4-9854-95x8","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1988","CVE-2023-3978,GHSA-2wrh-6pvc-2jm9","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/net@v0.0.0-20210405180319-a5a99cb37ef4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -210,9 +267,14 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-1988","CVE-2023-3978,GHSA-2wrh-6pvc-2jm9","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/net@v0.0.0-20221004154528-8021a29435af","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1988","CVE-2023-3978,GHSA-2wrh-6pvc-2jm9","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/net@v0.6.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1988","CVE-2023-3978,GHSA-2wrh-6pvc-2jm9","pkg:golang/github.com/heptiolabs/eventrouter","pkg:golang/golang.org/x/net@v0.8.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1988","CVE-2023-3978,GHSA-2wrh-6pvc-2jm9","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1988","CVE-2023-3978,GHSA-2wrh-6pvc-2jm9","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-1988","CVE-2023-3978,GHSA-2wrh-6pvc-2jm9","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.12.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1988","CVE-2023-3978,GHSA-2wrh-6pvc-2jm9","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1988","CVE-2023-3978,GHSA-2wrh-6pvc-2jm9","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.1.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-1991","CVE-2019-12274,GHSA-gc62-j469-9gjm","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2048","GHSA-6xv5-86q9-7xr8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/cyphar/filepath-securejoin@v0.2.2","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2048","GHSA-6xv5-86q9-7xr8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/cyphar/filepath-securejoin@v0.2.3","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2048","GHSA-6xv5-86q9-7xr8","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/github.com/cyphar/filepath-securejoin@v0.2.3","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/harvester/pcidevices","pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/harvester/vm-import-controller","pkg:golang/golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" @@ -220,6 +282,9 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/net@v0.0.0-20221004154528-8021a29435af","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/harvester/webhook","pkg:golang/golang.org/x/net@v0.6.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/heptiolabs/eventrouter","pkg:golang/golang.org/x/net@v0.8.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210315170653-34ac3e1c2000","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.0.0-20210805182204-aaa1db679c0d","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/net@v0.12.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.0.0-20211111160137-58aab5ef257a","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.1.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2102","CVE-2023-39325,GHSA-4374-p667-p6c8","pkg:golang/github.com/rancher/wharfie","pkg:golang/golang.org/x/net@v0.15.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" @@ -230,6 +295,7 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-2113","CVE-2023-45142,GHSA-rcjv-mgp8-qvmr","pkg:golang/github.com/k3s-io/k3s","pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful@v0.35.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2113","CVE-2023-45142,GHSA-rcjv-mgp8-qvmr","pkg:golang/github.com/k3s-io/k3s","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2113","CVE-2023-45142,GHSA-rcjv-mgp8-qvmr","pkg:golang/github.com/rancher/image-build-rke2-cloud-provider","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2113","CVE-2023-45142,GHSA-rcjv-mgp8-qvmr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.20.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2113","CVE-2023-45142,GHSA-rcjv-mgp8-qvmr","pkg:golang/github.com/rancher/rancher","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2113","CVE-2023-45142,GHSA-rcjv-mgp8-qvmr","pkg:golang/github.com/rancher/rke2","pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful@v0.35.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2113","CVE-2023-45142,GHSA-rcjv-mgp8-qvmr","pkg:golang/github.com/rancher/rke2","pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" @@ -239,14 +305,19 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-2153","GHSA-m425-mq94-257g","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/google.golang.org/grpc@v1.29.1","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2153","GHSA-m425-mq94-257g","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/google.golang.org/grpc@v1.43.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2153","GHSA-m425-mq94-257g","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/google.golang.org/grpc@v1.53.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2153","GHSA-m425-mq94-257g","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/grpc@v1.34.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2153","GHSA-m425-mq94-257g","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/grpc@v1.40.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2153","GHSA-m425-mq94-257g","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/grpc@v1.56.1","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2163","CVE-2023-46129,GHSA-mr45-rx8q-wcm9","pkg:golang/github.com/rancher/image-build-rke2-cloud-provider","pkg:golang/github.com/nats-io/nkeys@v0.4.4","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2170","CVE-2023-3955,GHSA-q78c-gwqw-jcmc","pkg:golang/github.com/harvester/harvester","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2170","CVE-2023-3955,GHSA-q78c-gwqw-jcmc","pkg:golang/github.com/harvester/pcidevices","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2170","CVE-2023-3955,GHSA-q78c-gwqw-jcmc","pkg:golang/github.com/rancher/fleet","pkg:golang/k8s.io/kubernetes@v1.27.9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2170","CVE-2023-3955,GHSA-q78c-gwqw-jcmc","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.27.10","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2170","CVE-2023-3955,GHSA-q78c-gwqw-jcmc","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/k8s.io/kubernetes@v1.27.11","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2330","CVE-2023-3676,GHSA-7fxm-f474-hf8w","pkg:golang/github.com/harvester/harvester","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2330","CVE-2023-3676,GHSA-7fxm-f474-hf8w","pkg:golang/github.com/harvester/pcidevices","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2330","CVE-2023-3676,GHSA-7fxm-f474-hf8w","pkg:golang/github.com/rancher/fleet","pkg:golang/k8s.io/kubernetes@v1.27.9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2330","CVE-2023-3676,GHSA-7fxm-f474-hf8w","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.27.10","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2330","CVE-2023-3676,GHSA-7fxm-f474-hf8w","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/k8s.io/kubernetes@v1.27.11","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2331","CVE-2023-47108,GHSA-8pgv-569h-w5rw","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.20.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2331","CVE-2023-47108,GHSA-8pgv-569h-w5rw","pkg:golang/github.com/rancher/image-build-rke2-cloud-provider","pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.35.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" @@ -255,6 +326,7 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-2341","CVE-2023-5528,GHSA-hq6q-c2x6-hmch","pkg:golang/github.com/harvester/harvester","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2341","CVE-2023-5528,GHSA-hq6q-c2x6-hmch","pkg:golang/github.com/harvester/pcidevices","pkg:golang/k8s.io/kubernetes@v1.26.13","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2341","CVE-2023-5528,GHSA-hq6q-c2x6-hmch","pkg:golang/github.com/rancher/fleet","pkg:golang/k8s.io/kubernetes@v1.27.9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2341","CVE-2023-5528,GHSA-hq6q-c2x6-hmch","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.27.10","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2341","CVE-2023-5528,GHSA-hq6q-c2x6-hmch","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/k8s.io/kubernetes@v1.27.11","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2402","CVE-2023-48795,GHSA-45x7-px36-x8w8","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/crypto@v0.0.0-20210322153248-0c34fe9e7dc2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2402","CVE-2023-48795,GHSA-45x7-px36-x8w8","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/crypto@v0.0.0-20211202192323-5770296d904e","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -271,13 +343,18 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2023-2402","CVE-2023-48795,GHSA-45x7-px36-x8w8","pkg:golang/github.com/heptiolabs/eventrouter","pkg:golang/golang.org/x/crypto@v0.14.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2402","CVE-2023-48795,GHSA-45x7-px36-x8w8","pkg:golang/github.com/k3s-io/k3s","pkg:golang/golang.org/x/crypto@v0.14.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2402","CVE-2023-48795,GHSA-45x7-px36-x8w8","pkg:golang/github.com/rancher/image-build-rke2-cloud-provider","pkg:golang/golang.org/x/crypto@v0.14.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2402","CVE-2023-48795,GHSA-45x7-px36-x8w8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2402","CVE-2023-48795,GHSA-45x7-px36-x8w8","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/crypto@v0.11.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2402","CVE-2023-48795,GHSA-45x7-px36-x8w8","pkg:golang/github.com/rancher/rke2","pkg:golang/golang.org/x/crypto@v0.14.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2402","CVE-2023-48795,GHSA-45x7-px36-x8w8","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/golang.org/x/crypto@v0.14.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2402","CVE-2023-48795,GHSA-45x7-px36-x8w8","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/golang.org/x/crypto@v0.16.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2412","GHSA-7ww5-4wqc-m92c","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2412","GHSA-7ww5-4wqc-m92c","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/containerd/containerd@v1.6.18","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2412","GHSA-7ww5-4wqc-m92c","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/containerd/containerd@v1.4.4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2023-2412","GHSA-7ww5-4wqc-m92c","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/containerd/containerd@v1.6.18","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2023-2412","GHSA-7ww5-4wqc-m92c","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/containerd/containerd@v1.6.22","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2491","CVE-2024-21626,GHSA-xr7r-f8xq-vfvv","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/github.com/opencontainers/runc@v1.0.3","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2500","CVE-2021-41091,GHSA-3fwx-pjgw-3558","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.6+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2500","CVE-2021-41091,GHSA-3fwx-pjgw-3558","pkg:golang/github.com/rancher/machine","pkg:golang/github.com/moby/moby@v1.4.2-0.20170731201646-1009e6a40b29","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/docker/docker@v20.10.9+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/docker/docker@v24.0.6+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -286,7 +363,9 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/k3s-io/k3s","pkg:golang/github.com/docker/docker@v24.0.8+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/rancher/fleet","pkg:golang/github.com/docker/docker@v23.0.13+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/rancher/fleet","pkg:golang/github.com/docker/docker@v23.0.14+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.24+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.6+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/rancher/machine","pkg:golang/github.com/moby/moby@v1.4.2-0.20170731201646-1009e6a40b29","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.25+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2512","CVE-2024-24557,GHSA-xw73-rw38-6vjc","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -301,12 +380,20 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2534","CVE-2023-32192,GHSA-833m-37f7-jq55","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/apiserver@v0.0.0-20230120214941-e88c32739dc7","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2534","CVE-2023-32192,GHSA-833m-37f7-jq55","pkg:golang/github.com/harvester/harvester-load-balancer","pkg:golang/github.com/rancher/apiserver@v0.0.0-20230120214941-e88c32739dc7","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2534","CVE-2023-32192,GHSA-833m-37f7-jq55","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/github.com/rancher/apiserver@v0.0.0-20230120214941-e88c32739dc7","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2534","CVE-2023-32192,GHSA-833m-37f7-jq55","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/apiserver@v0.0.0-20210922180056-297b6df8d714","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2534","CVE-2023-32192,GHSA-833m-37f7-jq55","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/apiserver@v0.0.0-20220125032650-a2ef3682eca9","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2534","CVE-2023-32192,GHSA-833m-37f7-jq55","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/apiserver@v0.0.0-20230515173455-c3b182bdbf7d","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2534","CVE-2023-32192,GHSA-833m-37f7-jq55","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/apiserver@v0.0.0-20240205154815-a3b9e3721c1b","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2535","CVE-2023-32194,GHSA-c85r-fwc7-45vc","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2536","CVE-2023-32193,GHSA-r8f4-hv23-6qp6","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2536","CVE-2023-32193,GHSA-r8f4-hv23-6qp6","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2536","CVE-2023-32193,GHSA-r8f4-hv23-6qp6","pkg:golang/github.com/harvester/harvester-load-balancer","pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2536","CVE-2023-32193,GHSA-r8f4-hv23-6qp6","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2536","CVE-2023-32193,GHSA-r8f4-hv23-6qp6","pkg:golang/github.com/harvester/pcidevices","pkg:golang/github.com/rancher/norman@v0.0.0-20221205184727-32ef2e185b99","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2536","CVE-2023-32193,GHSA-r8f4-hv23-6qp6","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/norman@v0.0.0-20210608202517-59b3523c3133","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2536","CVE-2023-32193,GHSA-r8f4-hv23-6qp6","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/norman@v0.0.0-20220107203912-4feb41eafabd","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2536","CVE-2023-32193,GHSA-r8f4-hv23-6qp6","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/norman@v0.0.0-20230426211126-d3552b018687","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2536","CVE-2023-32193,GHSA-r8f4-hv23-6qp6","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/norman@v0.0.0-20240205154641-a6a6cf569608","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2536","CVE-2023-32193,GHSA-r8f4-hv23-6qp6","pkg:golang/github.com/rancher/webhook","pkg:golang/github.com/rancher/norman@v0.0.0-20240206180703-6eda4bc94b4c","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2537","CVE-2023-22649,GHSA-xfj7-qf8w-2gcr","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2567","GHSA-fqpg-rq76-99pq","pkg:golang/github.com/rancher/image-build-rke2-cloud-provider","pkg:golang/github.com/jackc/pgx/v5@v5.4.2","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" @@ -328,6 +415,10 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2611","CVE-2024-24786,GHSA-8r3f-844c-mc37","pkg:golang/github.com/harvester/webhook","pkg:golang/google.golang.org/protobuf@v1.28.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2611","CVE-2024-24786,GHSA-8r3f-844c-mc37","pkg:golang/github.com/heptiolabs/eventrouter","pkg:golang/google.golang.org/protobuf@v1.27.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2611","CVE-2024-24786,GHSA-8r3f-844c-mc37","pkg:golang/github.com/heptiolabs/eventrouter","pkg:golang/google.golang.org/protobuf@v1.31.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2611","CVE-2024-24786,GHSA-8r3f-844c-mc37","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/protobuf@v1.26.0-rc.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2611","CVE-2024-24786,GHSA-8r3f-844c-mc37","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/protobuf@v1.27.1","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2611","CVE-2024-24786,GHSA-8r3f-844c-mc37","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/protobuf@v1.31.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2611","CVE-2024-24786,GHSA-8r3f-844c-mc37","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/protobuf@v1.32.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2631","CVE-2024-28180,GHSA-c5q2-7r4c-mv6g","pkg:golang/github.com/k3s-io/k3s","pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2631","CVE-2024-28180,GHSA-c5q2-7r4c-mv6g","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/go-jose/go-jose/v3@v3.0.0","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2631","CVE-2024-28180,GHSA-c5q2-7r4c-mv6g","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/go-jose/go-jose/v3@v3.0.1","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" @@ -341,7 +432,9 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2659","CVE-2024-29018,GHSA-mq39-4gv4-mvpx","pkg:golang/github.com/k3s-io/k3s","pkg:golang/github.com/docker/docker@v24.0.8+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2659","CVE-2024-29018,GHSA-mq39-4gv4-mvpx","pkg:golang/github.com/rancher/fleet","pkg:golang/github.com/docker/docker@v23.0.13+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2659","CVE-2024-29018,GHSA-mq39-4gv4-mvpx","pkg:golang/github.com/rancher/fleet","pkg:golang/github.com/docker/docker@v23.0.14+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2659","CVE-2024-29018,GHSA-mq39-4gv4-mvpx","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.24+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2659","CVE-2024-29018,GHSA-mq39-4gv4-mvpx","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2659","CVE-2024-29018,GHSA-mq39-4gv4-mvpx","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.6+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2659","CVE-2024-29018,GHSA-mq39-4gv4-mvpx","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.25+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2659","CVE-2024-29018,GHSA-mq39-4gv4-mvpx","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2659","CVE-2024-29018,GHSA-mq39-4gv4-mvpx","pkg:golang/github.com/rancher/rke2","pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -360,7 +453,9 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2737","CVE-2024-32473,GHSA-x84c-p2g9-rqv9","pkg:golang/github.com/rancher/fleet","pkg:golang/github.com/docker/docker@v23.0.13+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2737","CVE-2024-32473,GHSA-x84c-p2g9-rqv9","pkg:golang/github.com/rancher/fleet","pkg:golang/github.com/docker/docker@v23.0.14+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2737","CVE-2024-32473,GHSA-x84c-p2g9-rqv9","pkg:golang/github.com/rancher/image-build-rke2-cloud-provider","pkg:golang/github.com/docker/docker@v25.0.4+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2737","CVE-2024-32473,GHSA-x84c-p2g9-rqv9","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.24+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2737","CVE-2024-32473,GHSA-x84c-p2g9-rqv9","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2737","CVE-2024-32473,GHSA-x84c-p2g9-rqv9","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.6+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2737","CVE-2024-32473,GHSA-x84c-p2g9-rqv9","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.25+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2737","CVE-2024-32473,GHSA-x84c-p2g9-rqv9","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2737","CVE-2024-32473,GHSA-x84c-p2g9-rqv9","pkg:golang/github.com/rancher/rke2","pkg:golang/github.com/docker/docker@v24.0.10-0.20240723193628-852759a7df45+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -379,6 +474,10 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2746","CVE-2024-3177,GHSA-pxhw-596r-rwq5","pkg:golang/github.com/longhorn/longhorn-share-manager","pkg:golang/k8s.io/kubernetes@v1.23.6","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2746","CVE-2024-3177,GHSA-pxhw-596r-rwq5","pkg:golang/github.com/rancher/fleet","pkg:golang/k8s.io/kubernetes@v1.27.9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2746","CVE-2024-3177,GHSA-pxhw-596r-rwq5","pkg:golang/github.com/rancher/fleet","pkg:golang/k8s.io/kubernetes@v1.28.8","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2746","CVE-2024-3177,GHSA-pxhw-596r-rwq5","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.21.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2746","CVE-2024-3177,GHSA-pxhw-596r-rwq5","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.22.3","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2746","CVE-2024-3177,GHSA-pxhw-596r-rwq5","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.25.11","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2746","CVE-2024-3177,GHSA-pxhw-596r-rwq5","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/k8s.io/kubernetes@v1.27.10","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2746","CVE-2024-3177,GHSA-pxhw-596r-rwq5","pkg:golang/github.com/rancher/rancher","pkg:golang/k8s.io/kubernetes@v1.27.4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2746","CVE-2024-3177,GHSA-pxhw-596r-rwq5","pkg:golang/github.com/rancher/rancher","pkg:golang/k8s.io/kubernetes@v1.28.6","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2746","CVE-2024-3177,GHSA-pxhw-596r-rwq5","pkg:golang/github.com/rancher/webhook","pkg:golang/k8s.io/kubernetes@v1.28.6","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -390,6 +489,10 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2762","CVE-2019-12303,GHSA-53pj-67m4-9w98","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2762","CVE-2019-12303,GHSA-53pj-67m4-9w98","pkg:golang/github.com/harvester/harvester-load-balancer","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2762","CVE-2019-12303,GHSA-53pj-67m4-9w98","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2762","CVE-2019-12303,GHSA-53pj-67m4-9w98","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2762","CVE-2019-12303,GHSA-53pj-67m4-9w98","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2762","CVE-2019-12303,GHSA-53pj-67m4-9w98","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2762","CVE-2019-12303,GHSA-53pj-67m4-9w98","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2762","CVE-2019-12303,GHSA-53pj-67m4-9w98","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2762","CVE-2019-12303,GHSA-53pj-67m4-9w98","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2764","CVE-2019-6287,GHSA-6r7x-4q7g-h83j","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -397,6 +500,10 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2764","CVE-2019-6287,GHSA-6r7x-4q7g-h83j","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2764","CVE-2019-6287,GHSA-6r7x-4q7g-h83j","pkg:golang/github.com/harvester/harvester-load-balancer","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2764","CVE-2019-6287,GHSA-6r7x-4q7g-h83j","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2764","CVE-2019-6287,GHSA-6r7x-4q7g-h83j","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2764","CVE-2019-6287,GHSA-6r7x-4q7g-h83j","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2764","CVE-2019-6287,GHSA-6r7x-4q7g-h83j","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2764","CVE-2019-6287,GHSA-6r7x-4q7g-h83j","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2764","CVE-2019-6287,GHSA-6r7x-4q7g-h83j","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2764","CVE-2019-6287,GHSA-6r7x-4q7g-h83j","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2768","CVE-2021-25318,GHSA-f9xf-jq4j-vqw4","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -404,6 +511,10 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2768","CVE-2021-25318,GHSA-f9xf-jq4j-vqw4","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2768","CVE-2021-25318,GHSA-f9xf-jq4j-vqw4","pkg:golang/github.com/harvester/harvester-load-balancer","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2768","CVE-2021-25318,GHSA-f9xf-jq4j-vqw4","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2768","CVE-2021-25318,GHSA-f9xf-jq4j-vqw4","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2768","CVE-2021-25318,GHSA-f9xf-jq4j-vqw4","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2768","CVE-2021-25318,GHSA-f9xf-jq4j-vqw4","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2768","CVE-2021-25318,GHSA-f9xf-jq4j-vqw4","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2768","CVE-2021-25318,GHSA-f9xf-jq4j-vqw4","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2768","CVE-2021-25318,GHSA-f9xf-jq4j-vqw4","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2771","CVE-2021-36776,GHSA-gvh9-xgrq-r8hw","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -412,6 +523,10 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2778","CVE-2021-31999,GHSA-pvxj-25m6-7vqr","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2778","CVE-2021-31999,GHSA-pvxj-25m6-7vqr","pkg:golang/github.com/harvester/harvester-load-balancer","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2778","CVE-2021-31999,GHSA-pvxj-25m6-7vqr","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2778","CVE-2021-31999,GHSA-pvxj-25m6-7vqr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2778","CVE-2021-31999,GHSA-pvxj-25m6-7vqr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2778","CVE-2021-31999,GHSA-pvxj-25m6-7vqr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2778","CVE-2021-31999,GHSA-pvxj-25m6-7vqr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2778","CVE-2021-31999,GHSA-pvxj-25m6-7vqr","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2778","CVE-2021-31999,GHSA-pvxj-25m6-7vqr","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2784","CVE-2019-11202,GHSA-xh8x-j8h3-m5ph","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -419,9 +534,16 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2784","CVE-2019-11202,GHSA-xh8x-j8h3-m5ph","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2784","CVE-2019-11202,GHSA-xh8x-j8h3-m5ph","pkg:golang/github.com/harvester/harvester-load-balancer","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2784","CVE-2019-11202,GHSA-xh8x-j8h3-m5ph","pkg:golang/github.com/harvester/harvester-network-controller","pkg:golang/github.com/rancher/rancher@v0.0.0-20230124173128-2207cfed1803","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2784","CVE-2019-11202,GHSA-xh8x-j8h3-m5ph","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20211025214238-44fbb84703e9","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2784","CVE-2019-11202,GHSA-xh8x-j8h3-m5ph","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20220225023242-635286172d41","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2784","CVE-2019-11202,GHSA-xh8x-j8h3-m5ph","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20230712102934-01a8529371b2","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2784","CVE-2019-11202,GHSA-xh8x-j8h3-m5ph","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240205190724-2f7113dc32d4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2784","CVE-2019-11202,GHSA-xh8x-j8h3-m5ph","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/rancher/rancher@v0.0.0-20240730202829-9e0cc54e7e3a","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2784","CVE-2019-11202,GHSA-xh8x-j8h3-m5ph","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2846","GHSA-c9cp-9c75-9v8c","pkg:golang/github.com/containerd/containerd","pkg:golang/github.com/containerd/containerd@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2846","GHSA-c9cp-9c75-9v8c","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/containerd/containerd@v1.4.4","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2912","CVE-2021-41092,GHSA-99pg-grm5-qq3v","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/cli@v20.10.3+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2913","CVE-2021-41089,GHSA-v994-f8vw-g7j4","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.6+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2913","CVE-2021-41089,GHSA-v994-f8vw-g7j4","pkg:golang/github.com/rancher/machine","pkg:golang/github.com/moby/moby@v1.4.2-0.20170731201646-1009e6a40b29","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2929","CVE-2023-32196,GHSA-64jq-m7rq-768h","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2931","CVE-2023-22650,GHSA-9ghh-mmcq-8phc","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/rancher/rancher@","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -430,9 +552,13 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-2961","CVE-2022-30636","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/crypto@v0.0.0-20211202192323-5770296d904e","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2961","CVE-2022-30636","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/golang.org/x/crypto@v0.0.0-20220321153916-2c7772ba3064","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2961","CVE-2022-30636","pkg:golang/github.com/heptiolabs/eventrouter","pkg:golang/golang.org/x/crypto@v0.0.0-20220314234659-1baeb1ce4c0b","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2961","CVE-2022-30636","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519","not_affected","","vulnerable_code_not_in_execute_path","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2978","GHSA-xr7q-jx4m-x55m","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/google.golang.org/grpc@v1.29.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2978","GHSA-xr7q-jx4m-x55m","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/google.golang.org/grpc@v1.43.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2978","GHSA-xr7q-jx4m-x55m","pkg:golang/github.com/harvester/harvester-cloud-provider","pkg:golang/google.golang.org/grpc@v1.53.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2978","GHSA-xr7q-jx4m-x55m","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/grpc@v1.34.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2978","GHSA-xr7q-jx4m-x55m","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/grpc@v1.40.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-2978","GHSA-xr7q-jx4m-x55m","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/google.golang.org/grpc@v1.56.1","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2978","GHSA-xr7q-jx4m-x55m","pkg:golang/github.com/rancher/support-bundle-kit","pkg:golang/google.golang.org/grpc@v1.40.0","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-2994","CVE-2024-5321,GHSA-82m2-cv7p-4m75","pkg:golang/github.com/rancher/system-agent","pkg:golang/k8s.io/kubernetes@v1.29.7","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-3005","CVE-2024-41110","pkg:golang/github.com/harvester/harvester","pkg:golang/github.com/docker/docker@v20.10.9+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" @@ -444,7 +570,9 @@ vulnerability_id,vulnerability_aliases,affected_product,affected_subcomponent,st "GO-2024-3005","CVE-2024-41110","pkg:golang/github.com/rancher/fleet","pkg:golang/github.com/docker/docker@v23.0.13+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-3005","CVE-2024-41110","pkg:golang/github.com/rancher/fleet","pkg:golang/github.com/docker/docker@v23.0.14+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-3005","CVE-2024-41110","pkg:golang/github.com/rancher/image-build-rke2-cloud-provider","pkg:golang/github.com/docker/docker@v25.0.4+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-3005","CVE-2024-41110","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.24+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-3005","CVE-2024-41110","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" +"GO-2024-3005","CVE-2024-41110","pkg:golang/github.com/rancher/kube-api-auth","pkg:golang/github.com/docker/docker@v20.10.6+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-3005","CVE-2024-41110","pkg:golang/github.com/rancher/machine","pkg:golang/github.com/moby/moby@v1.4.2-0.20170731201646-1009e6a40b29","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-3005","CVE-2024-41110","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.25+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called","" "GO-2024-3005","CVE-2024-41110","pkg:golang/github.com/rancher/rancher","pkg:golang/github.com/docker/docker@v20.10.27+incompatible","not_affected","","vulnerable_code_not_present","Govulncheck determined that the vulnerable code isn't called",""