data/reports: unexclude 20 reports (6)

- data/reports/GO-2023-1785.yaml - data/reports/GO-2023-1793.yaml - data/reports/GO-2023-1795.yaml - data/reports/GO-2023-1800.yaml - data/reports/GO-2023-1801.yaml - data/reports/GO-2023-1803.yaml - data/reports/GO-2023-1804.yaml - data/reports/GO-2023-1806.yaml - data/reports/GO-2023-1808.yaml - data/reports/GO-2023-1809.yaml - data/reports/GO-2023-1819.yaml - data/reports/GO-2023-1827.yaml - data/reports/GO-2023-1828.yaml - data/reports/GO-2023-1829.yaml - data/reports/GO-2023-1831.yaml - data/reports/GO-2023-1849.yaml - data/reports/GO-2023-1850.yaml - data/reports/GO-2023-1851.yaml - data/reports/GO-2023-1852.yaml - data/reports/GO-2023-1853.yaml Updates #1785 Updates #1793 Updates #1795 Updates #1800 Updates #1801 Updates #1803 Updates #1804 Updates #1806 Updates #1808 Updates #1809 Updates #1819 Updates #1827 Updates #1828 Updates #1829 Updates #1831 Updates #1849 Updates #1850 Updates #1851 Updates #1852 Updates #1853 Change-Id: Ib6fb15714358b0a9d7644d6ed43de25bdbd8434b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606786 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com>
golang · Aug 20, 2024 · 34d5974 · 34d5974
1 parent 5ea5cbb
commit 34d5974
Show file tree

Hide file tree

Showing 60 changed files with 1,716 additions and 158 deletions.
diff --git a/data/excluded/GO-2023-1785.yaml b/data/excluded/GO-2023-1785.yaml
diff --git a/data/excluded/GO-2023-1793.yaml b/data/excluded/GO-2023-1793.yaml
diff --git a/data/excluded/GO-2023-1795.yaml b/data/excluded/GO-2023-1795.yaml
diff --git a/data/excluded/GO-2023-1800.yaml b/data/excluded/GO-2023-1800.yaml
diff --git a/data/excluded/GO-2023-1801.yaml b/data/excluded/GO-2023-1801.yaml
diff --git a/data/excluded/GO-2023-1803.yaml b/data/excluded/GO-2023-1803.yaml
diff --git a/data/excluded/GO-2023-1804.yaml b/data/excluded/GO-2023-1804.yaml
diff --git a/data/excluded/GO-2023-1806.yaml b/data/excluded/GO-2023-1806.yaml
diff --git a/data/excluded/GO-2023-1808.yaml b/data/excluded/GO-2023-1808.yaml
diff --git a/data/excluded/GO-2023-1809.yaml b/data/excluded/GO-2023-1809.yaml
diff --git a/data/excluded/GO-2023-1819.yaml b/data/excluded/GO-2023-1819.yaml
diff --git a/data/excluded/GO-2023-1827.yaml b/data/excluded/GO-2023-1827.yaml
diff --git a/data/excluded/GO-2023-1828.yaml b/data/excluded/GO-2023-1828.yaml
diff --git a/data/excluded/GO-2023-1829.yaml b/data/excluded/GO-2023-1829.yaml
diff --git a/data/excluded/GO-2023-1831.yaml b/data/excluded/GO-2023-1831.yaml
diff --git a/data/excluded/GO-2023-1849.yaml b/data/excluded/GO-2023-1849.yaml
diff --git a/data/excluded/GO-2023-1850.yaml b/data/excluded/GO-2023-1850.yaml
diff --git a/data/excluded/GO-2023-1851.yaml b/data/excluded/GO-2023-1851.yaml
diff --git a/data/excluded/GO-2023-1852.yaml b/data/excluded/GO-2023-1852.yaml
diff --git a/data/excluded/GO-2023-1853.yaml b/data/excluded/GO-2023-1853.yaml
diff --git a/data/osv/GO-2023-1785.json b/data/osv/GO-2023-1785.json
@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-1785",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-30851",
+    "GHSA-2h44-x2wx-49f4"
+  ],
+  "summary": "Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium",
+  "details": "Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/cilium/cilium",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.11.16"
+            },
+            {
+              "introduced": "1.12.0"
+            },
+            {
+              "fixed": "1.12.9"
+            },
+            {
+              "introduced": "1.13.0"
+            },
+            {
+              "fixed": "1.13.2"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-2h44-x2wx-49f4"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30851"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.11.16"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.12.9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.13.2"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-1785",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2023-1793.json b/data/osv/GO-2023-1793.json
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-1793",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-2878",
+    "GHSA-g82w-58jf-gcxx"
+  ],
+  "summary": "secrets-store-csi-driver discloses service account tokens in logs in sigs.k8s.io/secrets-store-csi-driver",
+  "details": "secrets-store-csi-driver discloses service account tokens in logs in sigs.k8s.io/secrets-store-csi-driver",
+  "affected": [
+    {
+      "package": {
+        "name": "sigs.k8s.io/secrets-store-csi-driver",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.3.3"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/security/advisories/GHSA-g82w-58jf-gcxx"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2878"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v1.3.3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/kubernetes/kubernetes/issues/118419"
+    },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20230814-0003"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-1793",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2023-1795.json b/data/osv/GO-2023-1795.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-1795",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-33199",
+    "GHSA-frqx-jfcm-6jjr"
+  ],
+  "summary": "malformed proposed intoto entries can cause a panic in github.com/sigstore/rekor",
+  "details": "malformed proposed intoto entries can cause a panic in github.com/sigstore/rekor",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/sigstore/rekor",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.2.0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/sigstore/rekor/security/advisories/GHSA-frqx-jfcm-6jjr"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33199"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-1795",
+    "review_status": "UNREVIEWED"
+  }
+}