Skip to content

Commit

Permalink
data/reports: add 7 unreviewed reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-3284.yaml
  - data/reports/GO-2024-3286.yaml
  - data/reports/GO-2024-3287.yaml
  - data/reports/GO-2024-3288.yaml
  - data/reports/GO-2024-3289.yaml
  - data/reports/GO-2024-3290.yaml
  - data/reports/GO-2024-3291.yaml

Fixes #3284
Fixes #3286
Fixes #3287
Fixes #3288
Fixes #3289
Fixes #3290
Fixes #3291

Change-Id: I3f9c602c3b0cb612717f991bef1e379b383c19b8
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/632255
Reviewed-by: Zvonimir Pavlinovic <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Tatiana Bradley <[email protected]>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Nov 27, 2024
1 parent 0d6d8f5 commit 0073ceb
Show file tree
Hide file tree
Showing 14 changed files with 565 additions and 0 deletions.
71 changes: 71 additions & 0 deletions data/osv/GO-2024-3284.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3284",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-37820",
"GHSA-9g6g-xqv5-8g5w"
],
"summary": "PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb",
"details": "PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/pingcap/tidb before v8.2.0.",
"affected": [
{
"package": {
"name": "github.com/pingcap/tidb",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "8.2.0"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9g6g-xqv5-8g5w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37820"
},
{
"type": "FIX",
"url": "https://github.com/pingcap/tidb/commit/3d68bd21240c610c6307713e2bd54a5e71c32608"
},
{
"type": "REPORT",
"url": "https://github.com/pingcap/tidb/issues/53580"
},
{
"type": "WEB",
"url": "https://gist.github.com/ycybfhb/a9c1e14ce281f2f553adca84d384b761"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3284",
"review_status": "UNREVIEWED"
}
}
76 changes: 76 additions & 0 deletions data/osv/GO-2024-3286.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3286",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-10220",
"GHSA-27wf-5967-98gx"
],
"summary": "Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes",
"details": "Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.28.12"
},
{
"introduced": "1.29.0"
},
{
"fixed": "1.29.7"
},
{
"introduced": "1.30.0"
},
{
"fixed": "1.30.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-27wf-5967-98gx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10220"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/11/20/1"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/1ab06efe92d8e898ca1931471c9533ce94aba29b"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/128885"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3286",
"review_status": "UNREVIEWED"
}
}
56 changes: 56 additions & 0 deletions data/osv/GO-2024-3287.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3287",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-45719",
"GHSA-mr95-vfcf-fx9p"
],
"summary": "Apache Answer: Predictable Authorization Token Using UUIDv1 in github.com/apache/incubator-answer",
"details": "Apache Answer: Predictable Authorization Token Using UUIDv1 in github.com/apache/incubator-answer",
"affected": [
{
"package": {
"name": "github.com/apache/incubator-answer",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-mr95-vfcf-fx9p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45719"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/11/22/1"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3287",
"review_status": "UNREVIEWED"
}
}
56 changes: 56 additions & 0 deletions data/osv/GO-2024-3288.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3288",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-7f6p-phw2-8253"
],
"summary": "Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws in github.com/taurusgroup/multi-party-sig",
"details": "Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws in github.com/taurusgroup/multi-party-sig",
"affected": [
{
"package": {
"name": "github.com/taurusgroup/multi-party-sig",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/taurushq-io/multi-party-sig/security/advisories/GHSA-7f6p-phw2-8253"
},
{
"type": "WEB",
"url": "https://eprint.iacr.org/2018/499.pdf"
},
{
"type": "WEB",
"url": "https://github.com/taurushq-io/multi-party-sig/blob/4d84aafb57b437da1b933db9a265fb7ce4e7c138/internal/ot/extended.go#L188"
},
{
"type": "WEB",
"url": "https://github.com/taurushq-io/multi-party-sig/blob/9e4400fccee89be6195d0a12dd0ed052288d5040/internal/ot/extended.go#L114"
},
{
"type": "WEB",
"url": "https://github.com/taurushq-io/multi-party-sig/tree/otfix"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3288",
"review_status": "UNREVIEWED"
}
}
53 changes: 53 additions & 0 deletions data/osv/GO-2024-3289.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3289",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-6538",
"GHSA-v3w7-g6p2-mpx7"
],
"summary": "OpenShift Console Server Side Request Forgery vulnerability in github.com/openshift/console",
"details": "OpenShift Console Server Side Request Forgery vulnerability in github.com/openshift/console",
"affected": [
{
"package": {
"name": "github.com/openshift/console",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-v3w7-g6p2-mpx7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6538"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-6538"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296057"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3289",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2024-3290.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3290",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-52529",
"GHSA-xg58-75qf-9r67"
],
"summary": "Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in github.com/cilium/cilium",
"details": "Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in github.com/cilium/cilium",
"affected": [
{
"package": {
"name": "github.com/cilium/cilium",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.16.0"
},
{
"fixed": "1.16.4"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52529"
},
{
"type": "FIX",
"url": "https://github.com/cilium/cilium/pull/35150"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3290",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit 0073ceb

Please sign in to comment.