-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data/reports: add 9 unreviewed reports
- data/reports/GO-2024-3267.yaml - data/reports/GO-2024-3269.yaml - data/reports/GO-2024-3271.yaml - data/reports/GO-2024-3272.yaml - data/reports/GO-2024-3273.yaml - data/reports/GO-2024-3274.yaml - data/reports/GO-2024-3275.yaml - data/reports/GO-2024-3277.yaml - data/reports/GO-2024-3278.yaml Fixes #3267 Fixes #3269 Fixes #3271 Fixes #3272 Fixes #3273 Fixes #3274 Fixes #3275 Fixes #3277 Fixes #3278 Change-Id: Iff40e4830d8ead8505d427db90e38c3e08bc9e38 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/629356 Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
- Loading branch information
Showing
18 changed files
with
683 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3267", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-52010", | ||
| "GHSA-7hpf-g48v-hw3j" | ||
| ], | ||
| "summary": "Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy", | ||
| "details": "Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: .", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/tobychui/zoraxy", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "3.1.3+incompatible" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": { | ||
| "custom_ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "2.6.1" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/tobychui/zoraxy/security/advisories/GHSA-7hpf-g48v-hw3j" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52010" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/tobychui/zoraxy/commit/2e9bc77a5d832bff1093058d42ce7a61382e4bc6" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/tobychui/zoraxy/commit/c07d5f85dfc37bd32819358ed7d4bc32c604e8f0" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3267", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3269", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-52308", | ||
| "GHSA-p2h2-3vg9-4p87" | ||
| ], | ||
| "summary": "Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli", | ||
| "details": "Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/cli/cli", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "github.com/cli/cli/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "2.62.0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52308" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3269", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3271", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-52522" | ||
| ], | ||
| "summary": "Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata in github.com/rclone/rclone", | ||
| "details": "Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata in github.com/rclone/rclone", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/rclone/rclone", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "1.59.0" | ||
| }, | ||
| { | ||
| "fixed": "1.68.2" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52522" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3271", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3272", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-24425" | ||
| ], | ||
| "summary": "CVE-2024-24425 in github.com/magma/magma", | ||
| "details": "CVE-2024-24425 in github.com/magma/magma", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/magma/magma", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24425" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://cellularsecurity.org/ransacked" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/OPENAIRINTERFACE/openair-epc-fed" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/magma/magma" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3272", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3273", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-24426" | ||
| ], | ||
| "summary": "CVE-2024-24426 in github.com/magma/magma", | ||
| "details": "CVE-2024-24426 in github.com/magma/magma", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/magma/magma", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24426" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://cellularsecurity.org/ransacked" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/OPENAIRINTERFACE/openair-epc-fed" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/magma/magma" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3273", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3274", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2023-0109", | ||
| "GHSA-5r2g-59px-3q9w" | ||
| ], | ||
| "summary": "Stored XSS using two files in usememos/memos in github.com/usememos/memos", | ||
| "details": "Stored XSS using two files in usememos/memos in github.com/usememos/memos", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/usememos/memos", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "0.10.0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/advisories/GHSA-5r2g-59px-3q9w" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0109" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3274", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
Oops, something went wrong.