data/reports: unexclude 20 reports (11)

- data/reports/GO-2023-2051.yaml - data/reports/GO-2023-2053.yaml - data/reports/GO-2023-2055.yaml - data/reports/GO-2023-2063.yaml - data/reports/GO-2023-2065.yaml - data/reports/GO-2023-2066.yaml - data/reports/GO-2023-2067.yaml - data/reports/GO-2023-2068.yaml - data/reports/GO-2023-2069.yaml - data/reports/GO-2023-2070.yaml - data/reports/GO-2023-2071.yaml - data/reports/GO-2023-2072.yaml - data/reports/GO-2023-2073.yaml - data/reports/GO-2023-2075.yaml - data/reports/GO-2023-2078.yaml - data/reports/GO-2023-2079.yaml - data/reports/GO-2023-2080.yaml - data/reports/GO-2023-2084.yaml - data/reports/GO-2023-2085.yaml - data/reports/GO-2023-2088.yaml Updates #2051 Updates #2053 Updates #2055 Updates #2063 Updates #2065 Updates #2066 Updates #2067 Updates #2068 Updates #2069 Updates #2070 Updates #2071 Updates #2072 Updates #2073 Updates #2075 Updates #2078 Updates #2079 Updates #2080 Updates #2084 Updates #2085 Updates #2088 Change-Id: I0103dfe39411ae2cf3d74933349260db7dc3496b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606791 Commit-Queue: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
golang · Aug 21, 2024 · 36a46d8 · 36a46d8
1 parent 7a0b2bb
commit 36a46d8
Show file tree

Hide file tree

Showing 60 changed files with 2,082 additions and 160 deletions.
diff --git a/data/excluded/GO-2023-2051.yaml b/data/excluded/GO-2023-2051.yaml
diff --git a/data/excluded/GO-2023-2053.yaml b/data/excluded/GO-2023-2053.yaml
diff --git a/data/excluded/GO-2023-2055.yaml b/data/excluded/GO-2023-2055.yaml
diff --git a/data/excluded/GO-2023-2063.yaml b/data/excluded/GO-2023-2063.yaml
diff --git a/data/excluded/GO-2023-2065.yaml b/data/excluded/GO-2023-2065.yaml
diff --git a/data/excluded/GO-2023-2066.yaml b/data/excluded/GO-2023-2066.yaml
diff --git a/data/excluded/GO-2023-2067.yaml b/data/excluded/GO-2023-2067.yaml
diff --git a/data/excluded/GO-2023-2068.yaml b/data/excluded/GO-2023-2068.yaml
diff --git a/data/excluded/GO-2023-2069.yaml b/data/excluded/GO-2023-2069.yaml
diff --git a/data/excluded/GO-2023-2070.yaml b/data/excluded/GO-2023-2070.yaml
diff --git a/data/excluded/GO-2023-2071.yaml b/data/excluded/GO-2023-2071.yaml
diff --git a/data/excluded/GO-2023-2072.yaml b/data/excluded/GO-2023-2072.yaml
diff --git a/data/excluded/GO-2023-2073.yaml b/data/excluded/GO-2023-2073.yaml
diff --git a/data/excluded/GO-2023-2075.yaml b/data/excluded/GO-2023-2075.yaml
diff --git a/data/excluded/GO-2023-2078.yaml b/data/excluded/GO-2023-2078.yaml
diff --git a/data/excluded/GO-2023-2079.yaml b/data/excluded/GO-2023-2079.yaml
diff --git a/data/excluded/GO-2023-2080.yaml b/data/excluded/GO-2023-2080.yaml
diff --git a/data/excluded/GO-2023-2084.yaml b/data/excluded/GO-2023-2084.yaml
diff --git a/data/excluded/GO-2023-2085.yaml b/data/excluded/GO-2023-2085.yaml
diff --git a/data/excluded/GO-2023-2088.yaml b/data/excluded/GO-2023-2088.yaml
diff --git a/data/osv/GO-2023-2051.json b/data/osv/GO-2023-2051.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-2051",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-4815",
+    "GHSA-pj2h-85jq-g5vg"
+  ],
+  "summary": "Answer Missing Authentication for Critical Function in github.com/answerdev/answer",
+  "details": "Answer Missing Authentication for Critical Function in github.com/answerdev/answer",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/answerdev/answer",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.1.3"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-pj2h-85jq-g5vg"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4815"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-2051",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2023-2053.json b/data/osv/GO-2023-2053.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-2053",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-41318",
+    "GHSA-5crw-6j7v-xc72"
+  ],
+  "summary": "matrix-media-repo: Unsafe media served inline on download endpoints in github.com/turt2live/matrix-media-repo",
+  "details": "matrix-media-repo: Unsafe media served inline on download endpoints in github.com/turt2live/matrix-media-repo",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/turt2live/matrix-media-repo",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.3.0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-5crw-6j7v-xc72"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41318"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/turt2live/matrix-media-repo/commit/77ec2354e8f46d5ef149d1dcaf25f51c04149137"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/turt2live/matrix-media-repo/commit/bf8abdd7a5371118e280c65a8e0ec2b2e9bdaf59"
+    },
+    {
+      "type": "WEB",
+      "url": "https://developer.mozilla.org/en-US/docs/Web/SVG/Element/script"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-2053",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2023-2055.json b/data/osv/GO-2023-2055.json
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-2055",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-4782",
+    "GHSA-h626-pv66-hhm7"
+  ],
+  "summary": "Terraform allows arbitrary file write during the `init` operation in github.com/hashicorp/terraform",
+  "details": "Terraform allows arbitrary file write during the `init` operation in github.com/hashicorp/terraform",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/hashicorp/terraform",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "1.0.8"
+            },
+            {
+              "fixed": "1.5.7"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-h626-pv66-hhm7"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4782"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/hashicorp/terraform/commit/0f2314fb62193c4be94328cc026fcb7ec1e9b893"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/hashicorp/terraform/pull/33745"
+    },
+    {
+      "type": "WEB",
+      "url": "https://discuss.hashicorp.com/t/hcsec-2023-27-terraform-allows-arbitrary-file-write-during-init-operation/58082"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/hashicorp/terraform/releases/tag/v1.5.7"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-2055",
+    "review_status": "UNREVIEWED"
+  }
+}