From 91b6914bcba82914b68b3c07fdff0a603e89297f Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Tue, 20 Aug 2024 15:32:15 -0400 Subject: [PATCH] data/reports: unexclude 20 reports (25) - data/reports/GO-2022-0857.yaml - data/reports/GO-2022-0859.yaml - data/reports/GO-2022-0861.yaml - data/reports/GO-2022-0862.yaml - data/reports/GO-2022-0863.yaml - data/reports/GO-2022-0865.yaml - data/reports/GO-2022-0866.yaml - data/reports/GO-2022-0867.yaml - data/reports/GO-2022-0869.yaml - data/reports/GO-2022-0871.yaml - data/reports/GO-2022-0873.yaml - data/reports/GO-2022-0874.yaml - data/reports/GO-2022-0875.yaml - data/reports/GO-2022-0876.yaml - data/reports/GO-2022-0878.yaml - data/reports/GO-2022-0879.yaml - data/reports/GO-2022-0882.yaml - data/reports/GO-2022-0883.yaml - data/reports/GO-2022-0885.yaml - data/reports/GO-2022-0886.yaml Updates golang/vulndb#857 Updates golang/vulndb#859 Updates golang/vulndb#861 Updates golang/vulndb#862 Updates golang/vulndb#863 Updates golang/vulndb#865 Updates golang/vulndb#866 Updates golang/vulndb#867 Updates golang/vulndb#869 Updates golang/vulndb#871 Updates golang/vulndb#873 Updates golang/vulndb#874 Updates golang/vulndb#875 Updates golang/vulndb#876 Updates golang/vulndb#878 Updates golang/vulndb#879 Updates golang/vulndb#882 Updates golang/vulndb#883 Updates golang/vulndb#885 Updates golang/vulndb#886 Change-Id: Ic839f581716a2f0c0b465ae6042aead152cf4a33 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607227 Reviewed-by: Damien Neil Auto-Submit: Tatiana Bradley LUCI-TryBot-Result: Go LUCI --- data/excluded/GO-2022-0857.yaml | 8 --- data/excluded/GO-2022-0859.yaml | 8 --- data/excluded/GO-2022-0861.yaml | 8 --- data/excluded/GO-2022-0862.yaml | 8 --- data/excluded/GO-2022-0863.yaml | 8 --- data/excluded/GO-2022-0865.yaml | 8 --- data/excluded/GO-2022-0866.yaml | 8 --- data/excluded/GO-2022-0867.yaml | 8 --- data/excluded/GO-2022-0869.yaml | 8 --- data/excluded/GO-2022-0871.yaml | 8 --- data/excluded/GO-2022-0873.yaml | 8 --- data/excluded/GO-2022-0874.yaml | 8 --- data/excluded/GO-2022-0875.yaml | 8 --- data/excluded/GO-2022-0876.yaml | 9 ---- data/excluded/GO-2022-0878.yaml | 8 --- data/excluded/GO-2022-0879.yaml | 8 --- data/excluded/GO-2022-0882.yaml | 8 --- data/excluded/GO-2022-0883.yaml | 9 ---- data/excluded/GO-2022-0885.yaml | 8 --- data/excluded/GO-2022-0886.yaml | 8 --- data/osv/GO-2022-0857.json | 84 +++++++++++++++++++++++++++++ data/osv/GO-2022-0859.json | 70 ++++++++++++++++++++++++ data/osv/GO-2022-0861.json | 70 ++++++++++++++++++++++++ data/osv/GO-2022-0862.json | 64 ++++++++++++++++++++++ data/osv/GO-2022-0863.json | 66 +++++++++++++++++++++++ data/osv/GO-2022-0865.json | 64 ++++++++++++++++++++++ data/osv/GO-2022-0866.json | 68 +++++++++++++++++++++++ data/osv/GO-2022-0867.json | 84 +++++++++++++++++++++++++++++ data/osv/GO-2022-0869.json | 79 +++++++++++++++++++++++++++ data/osv/GO-2022-0871.json | 52 ++++++++++++++++++ data/osv/GO-2022-0873.json | 56 +++++++++++++++++++ data/osv/GO-2022-0874.json | 56 +++++++++++++++++++ data/osv/GO-2022-0875.json | 72 +++++++++++++++++++++++++ data/osv/GO-2022-0876.json | 67 +++++++++++++++++++++++ data/osv/GO-2022-0878.json | 60 +++++++++++++++++++++ data/osv/GO-2022-0879.json | 70 ++++++++++++++++++++++++ data/osv/GO-2022-0882.json | 56 +++++++++++++++++++ data/osv/GO-2022-0883.json | 67 +++++++++++++++++++++++ data/osv/GO-2022-0885.json | 96 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-0886.json | 76 ++++++++++++++++++++++++++ data/reports/GO-2022-0857.yaml | 28 ++++++++++ data/reports/GO-2022-0859.yaml | 26 +++++++++ data/reports/GO-2022-0861.yaml | 26 +++++++++ data/reports/GO-2022-0862.yaml | 23 ++++++++ data/reports/GO-2022-0863.yaml | 25 +++++++++ data/reports/GO-2022-0865.yaml | 23 ++++++++ data/reports/GO-2022-0866.yaml | 24 +++++++++ data/reports/GO-2022-0867.yaml | 32 +++++++++++ data/reports/GO-2022-0869.yaml | 25 +++++++++ data/reports/GO-2022-0871.yaml | 20 +++++++ data/reports/GO-2022-0873.yaml | 21 ++++++++ data/reports/GO-2022-0874.yaml | 22 ++++++++ data/reports/GO-2022-0875.yaml | 25 +++++++++ data/reports/GO-2022-0876.yaml | 26 +++++++++ data/reports/GO-2022-0878.yaml | 22 ++++++++ data/reports/GO-2022-0879.yaml | 26 +++++++++ data/reports/GO-2022-0882.yaml | 22 ++++++++ data/reports/GO-2022-0883.yaml | 26 +++++++++ data/reports/GO-2022-0885.yaml | 32 +++++++++++ data/reports/GO-2022-0886.yaml | 28 ++++++++++ 60 files changed, 1879 insertions(+), 162 deletions(-) delete mode 100644 data/excluded/GO-2022-0857.yaml delete mode 100644 data/excluded/GO-2022-0859.yaml delete mode 100644 data/excluded/GO-2022-0861.yaml delete mode 100644 data/excluded/GO-2022-0862.yaml delete mode 100644 data/excluded/GO-2022-0863.yaml delete mode 100644 data/excluded/GO-2022-0865.yaml delete mode 100644 data/excluded/GO-2022-0866.yaml delete mode 100644 data/excluded/GO-2022-0867.yaml delete mode 100644 data/excluded/GO-2022-0869.yaml delete mode 100644 data/excluded/GO-2022-0871.yaml delete mode 100644 data/excluded/GO-2022-0873.yaml delete mode 100644 data/excluded/GO-2022-0874.yaml delete mode 100644 data/excluded/GO-2022-0875.yaml delete mode 100644 data/excluded/GO-2022-0876.yaml delete mode 100644 data/excluded/GO-2022-0878.yaml delete mode 100644 data/excluded/GO-2022-0879.yaml delete mode 100644 data/excluded/GO-2022-0882.yaml delete mode 100644 data/excluded/GO-2022-0883.yaml delete mode 100644 data/excluded/GO-2022-0885.yaml delete mode 100644 data/excluded/GO-2022-0886.yaml create mode 100644 data/osv/GO-2022-0857.json create mode 100644 data/osv/GO-2022-0859.json create mode 100644 data/osv/GO-2022-0861.json create mode 100644 data/osv/GO-2022-0862.json create mode 100644 data/osv/GO-2022-0863.json create mode 100644 data/osv/GO-2022-0865.json create mode 100644 data/osv/GO-2022-0866.json create mode 100644 data/osv/GO-2022-0867.json create mode 100644 data/osv/GO-2022-0869.json create mode 100644 data/osv/GO-2022-0871.json create mode 100644 data/osv/GO-2022-0873.json create mode 100644 data/osv/GO-2022-0874.json create mode 100644 data/osv/GO-2022-0875.json create mode 100644 data/osv/GO-2022-0876.json create mode 100644 data/osv/GO-2022-0878.json create mode 100644 data/osv/GO-2022-0879.json create mode 100644 data/osv/GO-2022-0882.json create mode 100644 data/osv/GO-2022-0883.json create mode 100644 data/osv/GO-2022-0885.json create mode 100644 data/osv/GO-2022-0886.json create mode 100644 data/reports/GO-2022-0857.yaml create mode 100644 data/reports/GO-2022-0859.yaml create mode 100644 data/reports/GO-2022-0861.yaml create mode 100644 data/reports/GO-2022-0862.yaml create mode 100644 data/reports/GO-2022-0863.yaml create mode 100644 data/reports/GO-2022-0865.yaml create mode 100644 data/reports/GO-2022-0866.yaml create mode 100644 data/reports/GO-2022-0867.yaml create mode 100644 data/reports/GO-2022-0869.yaml create mode 100644 data/reports/GO-2022-0871.yaml create mode 100644 data/reports/GO-2022-0873.yaml create mode 100644 data/reports/GO-2022-0874.yaml create mode 100644 data/reports/GO-2022-0875.yaml create mode 100644 data/reports/GO-2022-0876.yaml create mode 100644 data/reports/GO-2022-0878.yaml create mode 100644 data/reports/GO-2022-0879.yaml create mode 100644 data/reports/GO-2022-0882.yaml create mode 100644 data/reports/GO-2022-0883.yaml create mode 100644 data/reports/GO-2022-0885.yaml create mode 100644 data/reports/GO-2022-0886.yaml diff --git a/data/excluded/GO-2022-0857.yaml b/data/excluded/GO-2022-0857.yaml deleted file mode 100644 index 86c0c40b5..000000000 --- a/data/excluded/GO-2022-0857.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0857 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/kubernetes/kubernetes -cves: - - CVE-2015-7528 -ghsas: - - GHSA-mqf3-28j7-3mj6 diff --git a/data/excluded/GO-2022-0859.yaml b/data/excluded/GO-2022-0859.yaml deleted file mode 100644 index 5a6d574cb..000000000 --- a/data/excluded/GO-2022-0859.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0859 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/consul -cves: - - CVE-2020-13170 -ghsas: - - GHSA-p2j5-3f4c-224r diff --git a/data/excluded/GO-2022-0861.yaml b/data/excluded/GO-2022-0861.yaml deleted file mode 100644 index 9c9a12c8b..000000000 --- a/data/excluded/GO-2022-0861.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0861 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/consul -cves: - - CVE-2020-12758 -ghsas: - - GHSA-q2qr-3c2p-9235 diff --git a/data/excluded/GO-2022-0862.yaml b/data/excluded/GO-2022-0862.yaml deleted file mode 100644 index 7adaf7c82..000000000 --- a/data/excluded/GO-2022-0862.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0862 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/go-gitea/gitea -cves: - - CVE-2019-11228 -ghsas: - - GHSA-q47x-6mqq-4w92 diff --git a/data/excluded/GO-2022-0863.yaml b/data/excluded/GO-2022-0863.yaml deleted file mode 100644 index 0c15486b0..000000000 --- a/data/excluded/GO-2022-0863.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0863 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/goharbor/harbor -cves: - - CVE-2019-19023 -ghsas: - - GHSA-q6cj-6jvq-jwmh diff --git a/data/excluded/GO-2022-0865.yaml b/data/excluded/GO-2022-0865.yaml deleted file mode 100644 index 55c93072a..000000000 --- a/data/excluded/GO-2022-0865.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0865 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/goharbor/harbor/src -cves: - - CVE-2020-13794 -ghsas: - - GHSA-q9p8-33wc-h432 diff --git a/data/excluded/GO-2022-0866.yaml b/data/excluded/GO-2022-0866.yaml deleted file mode 100644 index 91bef59a7..000000000 --- a/data/excluded/GO-2022-0866.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0866 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/heketi/heketi -cves: - - CVE-2017-15104 -ghsas: - - GHSA-q9vw-wr57-xjv3 diff --git a/data/excluded/GO-2022-0867.yaml b/data/excluded/GO-2022-0867.yaml deleted file mode 100644 index c3c8b71c0..000000000 --- a/data/excluded/GO-2022-0867.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0867 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/kubernetes/kubernetes -cves: - - CVE-2020-8551 -ghsas: - - GHSA-qhm4-jxv7-j9pq diff --git a/data/excluded/GO-2022-0869.yaml b/data/excluded/GO-2022-0869.yaml deleted file mode 100644 index df4089d66..000000000 --- a/data/excluded/GO-2022-0869.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0869 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/argoproj/argo-cd/v2 -cves: - - CVE-2021-23347 -ghsas: - - GHSA-qq5v-f4c3-395c diff --git a/data/excluded/GO-2022-0871.yaml b/data/excluded/GO-2022-0871.yaml deleted file mode 100644 index 48cd2f073..000000000 --- a/data/excluded/GO-2022-0871.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0871 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/ethereum/go-ethereum -cves: - - CVE-2018-16733 -ghsas: - - GHSA-qr2j-wrhx-4829 diff --git a/data/excluded/GO-2022-0873.yaml b/data/excluded/GO-2022-0873.yaml deleted file mode 100644 index fe152a2a1..000000000 --- a/data/excluded/GO-2022-0873.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0873 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/ipfs/go-ipfs -cves: - - CVE-2020-26283 -ghsas: - - GHSA-r4gv-vj59-cccm diff --git a/data/excluded/GO-2022-0874.yaml b/data/excluded/GO-2022-0874.yaml deleted file mode 100644 index ed4a61f14..000000000 --- a/data/excluded/GO-2022-0874.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0874 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/consul -cves: - - CVE-2020-7955 -ghsas: - - GHSA-r9w6-rhh9-7v53 diff --git a/data/excluded/GO-2022-0875.yaml b/data/excluded/GO-2022-0875.yaml deleted file mode 100644 index f37f0ab7c..000000000 --- a/data/excluded/GO-2022-0875.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0875 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/openshift/origin -cves: - - CVE-2015-5250 -ghsas: - - GHSA-rf3m-mhv7-x39f diff --git a/data/excluded/GO-2022-0876.yaml b/data/excluded/GO-2022-0876.yaml deleted file mode 100644 index 18c629c23..000000000 --- a/data/excluded/GO-2022-0876.yaml +++ /dev/null @@ -1,9 +0,0 @@ -id: GO-2022-0876 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/goharbor/harbor -cves: - - CVE-2019-19025 -ghsas: - - GHSA-gcqm-v682-ccw6 - - GHSA-rffr-c932-cpxv diff --git a/data/excluded/GO-2022-0878.yaml b/data/excluded/GO-2022-0878.yaml deleted file mode 100644 index 1a0561629..000000000 --- a/data/excluded/GO-2022-0878.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0878 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/rclone/rclone -cves: - - CVE-2020-28924 -ghsas: - - GHSA-rmw5-xpg9-jr29 diff --git a/data/excluded/GO-2022-0879.yaml b/data/excluded/GO-2022-0879.yaml deleted file mode 100644 index cc39dbf1b..000000000 --- a/data/excluded/GO-2022-0879.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0879 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/consul -cves: - - CVE-2020-13250 -ghsas: - - GHSA-rqjq-mrgx-85hp diff --git a/data/excluded/GO-2022-0882.yaml b/data/excluded/GO-2022-0882.yaml deleted file mode 100644 index 73ad8f7f0..000000000 --- a/data/excluded/GO-2022-0882.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0882 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2020-11576 -ghsas: - - GHSA-vj54-cjrx-x696 diff --git a/data/excluded/GO-2022-0883.yaml b/data/excluded/GO-2022-0883.yaml deleted file mode 100644 index 6d3a0a3be..000000000 --- a/data/excluded/GO-2022-0883.yaml +++ /dev/null @@ -1,9 +0,0 @@ -id: GO-2022-0883 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/goharbor/harbor -cves: - - CVE-2019-19026 -ghsas: - - GHSA-rh89-vvrg-fg64 - - GHSA-w4x5-jqq4-qc8x diff --git a/data/excluded/GO-2022-0885.yaml b/data/excluded/GO-2022-0885.yaml deleted file mode 100644 index c262ace31..000000000 --- a/data/excluded/GO-2022-0885.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0885 -excluded: NOT_IMPORTABLE -modules: - - module: k8s.io/kube-proxy -cves: - - CVE-2020-8558 -ghsas: - - GHSA-wqv3-8cm6-h6wg diff --git a/data/excluded/GO-2022-0886.yaml b/data/excluded/GO-2022-0886.yaml deleted file mode 100644 index d5ff726cd..000000000 --- a/data/excluded/GO-2022-0886.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0886 -excluded: NOT_IMPORTABLE -modules: - - module: k8s.io/kubernetes -cves: - - CVE-2018-1002101 -ghsas: - - GHSA-wqwf-x5cj-rg56 diff --git a/data/osv/GO-2022-0857.json b/data/osv/GO-2022-0857.json new file mode 100644 index 000000000..70fc205fc --- /dev/null +++ b/data/osv/GO-2022-0857.json @@ -0,0 +1,84 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0857", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2015-7528", + "GHSA-mqf3-28j7-3mj6" + ], + "summary": "Information Exposure in Kubernetes in github.com/kubernetes/kubernetes", + "details": "Information Exposure in Kubernetes in github.com/kubernetes/kubernetes", + "affected": [ + { + "package": { + "name": "github.com/kubernetes/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.2.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-mqf3-28j7-3mj6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7528" + }, + { + "type": "FIX", + "url": "https://github.com/kubernetes/kubernetes/commit/afd56495a1052a3387b81df1786a8d0f51bc8671" + }, + { + "type": "FIX", + "url": "https://github.com/kubernetes/kubernetes/pull/17886" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2015:2544" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2015:2615" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2015-7528" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286745" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5" + }, + { + "type": "WEB", + "url": "https://github.com/openshift/origin/pull/6113" + }, + { + "type": "WEB", + "url": "https://rhn.redhat.com/errata/RHSA-2015-2615.html" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0857", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0859.json b/data/osv/GO-2022-0859.json new file mode 100644 index 000000000..017420af4 --- /dev/null +++ b/data/osv/GO-2022-0859.json @@ -0,0 +1,70 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0859", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-13170", + "GHSA-p2j5-3f4c-224r" + ], + "summary": "Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul", + "details": "Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/consul", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.6.0-beta1" + }, + { + "fixed": "1.6.6" + }, + { + "introduced": "1.7.0" + }, + { + "fixed": "1.7.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-p2j5-3f4c-224r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13170" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/pull/8068" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0859", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0861.json b/data/osv/GO-2022-0861.json new file mode 100644 index 000000000..f9eaf5238 --- /dev/null +++ b/data/osv/GO-2022-0861.json @@ -0,0 +1,70 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0861", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-12758", + "GHSA-q2qr-3c2p-9235" + ], + "summary": "Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul", + "details": "Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/consul", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.6.0-beta1" + }, + { + "fixed": "1.6.6" + }, + { + "introduced": "1.7.0" + }, + { + "fixed": "1.7.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-q2qr-3c2p-9235" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12758" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/pull/7783" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0861", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0862.json b/data/osv/GO-2022-0862.json new file mode 100644 index 000000000..9e5420adf --- /dev/null +++ b/data/osv/GO-2022-0862.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0862", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-11228", + "GHSA-q47x-6mqq-4w92" + ], + "summary": "Gitea Improper Input Validation in github.com/go-gitea/gitea", + "details": "Gitea Improper Input Validation in github.com/go-gitea/gitea", + "affected": [ + { + "package": { + "name": "github.com/go-gitea/gitea", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.7.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-q47x-6mqq-4w92" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11228" + }, + { + "type": "FIX", + "url": "https://github.com/go-gitea/gitea/pull/6593" + }, + { + "type": "FIX", + "url": "https://github.com/go-gitea/gitea/pull/6595" + }, + { + "type": "WEB", + "url": "https://github.com/go-gitea/gitea/releases/tag/v1.7.6" + }, + { + "type": "WEB", + "url": "https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc3" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0862", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0863.json b/data/osv/GO-2022-0863.json new file mode 100644 index 000000000..caa407e6c --- /dev/null +++ b/data/osv/GO-2022-0863.json @@ -0,0 +1,66 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0863", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-19023", + "GHSA-q6cj-6jvq-jwmh" + ], + "summary": "Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor", + "details": "Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor", + "affected": [ + { + "package": { + "name": "github.com/goharbor/harbor", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.7.0" + }, + { + "fixed": "1.8.6" + }, + { + "introduced": "1.9.0" + }, + { + "fixed": "1.9.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-q6cj-6jvq-jwmh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19023" + }, + { + "type": "WEB", + "url": "https://github.com/goharbor/harbor/security/advisories" + }, + { + "type": "WEB", + "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-3868-7c5x-4827" + }, + { + "type": "WEB", + "url": "https://tanzu.vmware.com/security/cve-2019-19023" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0863", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0865.json b/data/osv/GO-2022-0865.json new file mode 100644 index 000000000..25ad224b4 --- /dev/null +++ b/data/osv/GO-2022-0865.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0865", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-13794", + "GHSA-q9p8-33wc-h432" + ], + "summary": "Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor", + "details": "Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor", + "affected": [ + { + "package": { + "name": "github.com/goharbor/harbor", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.0.3+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-q9p8-33wc-h432" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13794" + }, + { + "type": "WEB", + "url": "https://github.com/goharbor/harbor/releases" + }, + { + "type": "WEB", + "url": "https://github.com/goharbor/harbor/releases/tag/v2.0.3" + }, + { + "type": "WEB", + "url": "https://github.com/goharbor/harbor/releases/tag/v2.1.0" + }, + { + "type": "WEB", + "url": "https://www.cybereagle.io/blog/cve-2020-13794" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0865", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0866.json b/data/osv/GO-2022-0866.json new file mode 100644 index 000000000..5e40c8a53 --- /dev/null +++ b/data/osv/GO-2022-0866.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0866", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2017-15104", + "GHSA-q9vw-wr57-xjv3" + ], + "summary": "Information Exposure in Heketi in github.com/heketi/heketi", + "details": "Information Exposure in Heketi in github.com/heketi/heketi", + "affected": [ + { + "package": { + "name": "github.com/heketi/heketi", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.0.1+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-q9vw-wr57-xjv3" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15104" + }, + { + "type": "FIX", + "url": "https://github.com/heketi/heketi/commit/787bae461b23003a4daa4d1d639016a754cf6b00" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2017:3481" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2017-15104" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149" + }, + { + "type": "WEB", + "url": "https://github.com/heketi/heketi/releases/tag/v5.0.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0866", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0867.json b/data/osv/GO-2022-0867.json new file mode 100644 index 000000000..387d9f76d --- /dev/null +++ b/data/osv/GO-2022-0867.json @@ -0,0 +1,84 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0867", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-8551", + "GHSA-qhm4-jxv7-j9pq" + ], + "summary": "Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes", + "details": "Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes", + "affected": [ + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.15.0" + }, + { + "fixed": "1.15.10" + }, + { + "introduced": "1.16.0" + }, + { + "fixed": "1.16.6" + }, + { + "introduced": "1.17.0" + }, + { + "fixed": "1.17.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qhm4-jxv7-j9pq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8551" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/commit/9802bfcec0580169cffce2a3d468689a407fa7dc" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/issues/89377" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/pull/87913" + }, + { + "type": "WEB", + "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20200413-0003" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0867", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0869.json b/data/osv/GO-2022-0869.json new file mode 100644 index 000000000..935808e55 --- /dev/null +++ b/data/osv/GO-2022-0869.json @@ -0,0 +1,79 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0869", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-23347", + "GHSA-qq5v-f4c3-395c" + ], + "summary": "Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2", + "details": "Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.7.13" + }, + { + "introduced": "1.8.0" + }, + { + "fixed": "1.8.6" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-qq5v-f4c3-395c" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23347" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/pull/5563" + }, + { + "type": "WEB", + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDCMD-1078291" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0869", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0871.json b/data/osv/GO-2022-0871.json new file mode 100644 index 000000000..406565872 --- /dev/null +++ b/data/osv/GO-2022-0871.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0871", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2018-16733", + "GHSA-qr2j-wrhx-4829" + ], + "summary": "Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum", + "details": "Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum", + "affected": [ + { + "package": { + "name": "github.com/ethereum/go-ethereum", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.8.14" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qr2j-wrhx-4829" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16733" + }, + { + "type": "FIX", + "url": "https://github.com/ethereum/go-ethereum/commit/106d196ec4a6451efedc60ab15957f231fa85639" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0871", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0873.json b/data/osv/GO-2022-0873.json new file mode 100644 index 000000000..7c1f25e81 --- /dev/null +++ b/data/osv/GO-2022-0873.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0873", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-26283", + "GHSA-r4gv-vj59-cccm" + ], + "summary": "Control character injection in console output in github.com/ipfs/go-ipfs", + "details": "Control character injection in console output in github.com/ipfs/go-ipfs", + "affected": [ + { + "package": { + "name": "github.com/ipfs/go-ipfs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.8.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26283" + }, + { + "type": "FIX", + "url": "https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a" + }, + { + "type": "FIX", + "url": "https://github.com/ipfs/go-ipfs/pull/7831" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0873", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0874.json b/data/osv/GO-2022-0874.json new file mode 100644 index 000000000..cb4095f19 --- /dev/null +++ b/data/osv/GO-2022-0874.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0874", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-7955", + "GHSA-r9w6-rhh9-7v53" + ], + "summary": "Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul", + "details": "Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/consul", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.4.1" + }, + { + "fixed": "1.6.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-r9w6-rhh9-7v53" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7955" + }, + { + "type": "REPORT", + "url": "https://github.com/hashicorp/consul/issues/7160" + }, + { + "type": "WEB", + "url": "https://www.hashicorp.com/blog/category/consul" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0874", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0875.json b/data/osv/GO-2022-0875.json new file mode 100644 index 000000000..feddb0ad6 --- /dev/null +++ b/data/osv/GO-2022-0875.json @@ -0,0 +1,72 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0875", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2015-5250", + "GHSA-rf3m-mhv7-x39f" + ], + "summary": "Denial of Service in OpenShift Origin in github.com/openshift/origin", + "details": "Denial of Service in OpenShift Origin in github.com/openshift/origin", + "affected": [ + { + "package": { + "name": "github.com/openshift/origin", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rf3m-mhv7-x39f" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5250" + }, + { + "type": "FIX", + "url": "https://github.com/openshift/origin/commit/dace5075e31b74703e944b6b3ebe8836be8d1b9a" + }, + { + "type": "REPORT", + "url": "https://github.com/openshift/origin/issues/4374" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2015:1736" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2015-5250" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867" + }, + { + "type": "WEB", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5250" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0875", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0876.json b/data/osv/GO-2022-0876.json new file mode 100644 index 000000000..274746e11 --- /dev/null +++ b/data/osv/GO-2022-0876.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0876", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-19025", + "GHSA-gcqm-v682-ccw6", + "GHSA-rffr-c932-cpxv" + ], + "summary": "Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor", + "details": "Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor", + "affected": [ + { + "package": { + "name": "github.com/goharbor/harbor", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.7.0" + }, + { + "fixed": "1.8.6" + }, + { + "introduced": "1.9.0" + }, + { + "fixed": "1.9.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rffr-c932-cpxv" + }, + { + "type": "ADVISORY", + "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-gcqm-v682-ccw6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19025" + }, + { + "type": "WEB", + "url": "https://github.com/goharbor/harbor/security/advisories" + }, + { + "type": "WEB", + "url": "https://tanzu.vmware.com/security/cve-2019-19025" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0876", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0878.json b/data/osv/GO-2022-0878.json new file mode 100644 index 000000000..e36aa346b --- /dev/null +++ b/data/osv/GO-2022-0878.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0878", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-28924", + "GHSA-rmw5-xpg9-jr29" + ], + "summary": "Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone in github.com/rclone/rclone", + "details": "Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone in github.com/rclone/rclone", + "affected": [ + { + "package": { + "name": "github.com/rclone/rclone", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.53.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rmw5-xpg9-jr29" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28924" + }, + { + "type": "REPORT", + "url": "https://github.com/rclone/rclone/issues/4783" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD" + }, + { + "type": "WEB", + "url": "https://security.gentoo.org/glsa/202107-14" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0878", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0879.json b/data/osv/GO-2022-0879.json new file mode 100644 index 000000000..16ec3813f --- /dev/null +++ b/data/osv/GO-2022-0879.json @@ -0,0 +1,70 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0879", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-13250", + "GHSA-rqjq-mrgx-85hp" + ], + "summary": "Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul", + "details": "Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/consul", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.2.0" + }, + { + "fixed": "1.6.6" + }, + { + "introduced": "1.7.0" + }, + { + "fixed": "1.7.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rqjq-mrgx-85hp" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13250" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/pull/8023" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0879", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0882.json b/data/osv/GO-2022-0882.json new file mode 100644 index 000000000..32417f28c --- /dev/null +++ b/data/osv/GO-2022-0882.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0882", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-11576", + "GHSA-vj54-cjrx-x696" + ], + "summary": "Observable Discrepancy in Argo in github.com/argoproj/argo-cd", + "details": "Observable Discrepancy in Argo in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.5.0" + }, + { + "fixed": "1.5.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-vj54-cjrx-x696" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11576" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/commit/35a7350b7444bcaf53ee0bb11b9d8e3ae4b717a1" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/pull/3215" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0882", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0883.json b/data/osv/GO-2022-0883.json new file mode 100644 index 000000000..12130ef13 --- /dev/null +++ b/data/osv/GO-2022-0883.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0883", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2019-19026", + "GHSA-rh89-vvrg-fg64", + "GHSA-w4x5-jqq4-qc8x" + ], + "summary": "SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor", + "details": "SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor", + "affected": [ + { + "package": { + "name": "github.com/goharbor/harbor", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.7.0" + }, + { + "fixed": "1.8.6" + }, + { + "introduced": "1.9.0" + }, + { + "fixed": "1.9.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-w4x5-jqq4-qc8x" + }, + { + "type": "ADVISORY", + "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19026" + }, + { + "type": "WEB", + "url": "https://github.com/goharbor/harbor/security/advisories" + }, + { + "type": "WEB", + "url": "https://tanzu.vmware.com/security/cve-2019-19026" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0883", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0885.json b/data/osv/GO-2022-0885.json new file mode 100644 index 000000000..117356174 --- /dev/null +++ b/data/osv/GO-2022-0885.json @@ -0,0 +1,96 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0885", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-8558", + "GHSA-wqv3-8cm6-h6wg" + ], + "summary": "Improper Authentication in Kubernetes in k8s.io/kubernetes", + "details": "Improper Authentication in Kubernetes in k8s.io/kubernetes", + "affected": [ + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.16.11" + }, + { + "introduced": "1.17.0" + }, + { + "fixed": "1.17.7" + }, + { + "introduced": "1.18.0" + }, + { + "fixed": "1.18.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558" + }, + { + "type": "ADVISORY", + "url": "https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8558" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843358" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/issues/92315" + }, + { + "type": "WEB", + "url": "https://github.com/tabbysable/POC-2020-8558" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE" + }, + { + "type": "WEB", + "url": "https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20200821-0001" + }, + { + "type": "WEB", + "url": "https://www.openwall.com/lists/oss-security/2020/07/08/1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0885", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0886.json b/data/osv/GO-2022-0886.json new file mode 100644 index 000000000..1a4c182b7 --- /dev/null +++ b/data/osv/GO-2022-0886.json @@ -0,0 +1,76 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0886", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2018-1002101", + "GHSA-wqwf-x5cj-rg56" + ], + "summary": "Kubernetes Arbitrary Command Injection in k8s.io/kubernetes", + "details": "Kubernetes Arbitrary Command Injection in k8s.io/kubernetes", + "affected": [ + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.9.0" + }, + { + "fixed": "1.9.10" + }, + { + "introduced": "1.10.0" + }, + { + "fixed": "1.10.6" + }, + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wqwf-x5cj-rg56" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002101" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/commit/d65039c56ce4de5f2efdc38aa1284eeb95f89169" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/issues/65750" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/pull/65751" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20190416-0008" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0886", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2022-0857.yaml b/data/reports/GO-2022-0857.yaml new file mode 100644 index 000000000..b6ef175da --- /dev/null +++ b/data/reports/GO-2022-0857.yaml @@ -0,0 +1,28 @@ +id: GO-2022-0857 +modules: + - module: github.com/kubernetes/kubernetes + versions: + - fixed: 1.2.0 + vulnerable_at: 1.2.0-beta.1 +summary: Information Exposure in Kubernetes in github.com/kubernetes/kubernetes +cves: + - CVE-2015-7528 +ghsas: + - GHSA-mqf3-28j7-3mj6 +references: + - advisory: https://github.com/advisories/GHSA-mqf3-28j7-3mj6 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2015-7528 + - fix: https://github.com/kubernetes/kubernetes/commit/afd56495a1052a3387b81df1786a8d0f51bc8671 + - fix: https://github.com/kubernetes/kubernetes/pull/17886 + - web: https://access.redhat.com/errata/RHSA-2015:2544 + - web: https://access.redhat.com/errata/RHSA-2015:2615 + - web: https://access.redhat.com/security/cve/CVE-2015-7528 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=1286745 + - web: https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5 + - web: https://github.com/openshift/origin/pull/6113 + - web: https://rhn.redhat.com/errata/RHSA-2015-2615.html +source: + id: GHSA-mqf3-28j7-3mj6 + created: 2024-08-20T14:23:15.504133-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0859.yaml b/data/reports/GO-2022-0859.yaml new file mode 100644 index 000000000..56d0f111a --- /dev/null +++ b/data/reports/GO-2022-0859.yaml @@ -0,0 +1,26 @@ +id: GO-2022-0859 +modules: + - module: github.com/hashicorp/consul + versions: + - introduced: 1.6.0-beta1 + - fixed: 1.6.6 + - introduced: 1.7.0 + - fixed: 1.7.4 + vulnerable_at: 1.7.3 +summary: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul +cves: + - CVE-2020-13170 +ghsas: + - GHSA-p2j5-3f4c-224r +references: + - advisory: https://github.com/advisories/GHSA-p2j5-3f4c-224r + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-13170 + - fix: https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216 + - fix: https://github.com/hashicorp/consul/pull/8068 + - web: https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md + - web: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md +source: + id: GHSA-p2j5-3f4c-224r + created: 2024-08-20T14:23:29.505839-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0861.yaml b/data/reports/GO-2022-0861.yaml new file mode 100644 index 000000000..69266b805 --- /dev/null +++ b/data/reports/GO-2022-0861.yaml @@ -0,0 +1,26 @@ +id: GO-2022-0861 +modules: + - module: github.com/hashicorp/consul + versions: + - introduced: 1.6.0-beta1 + - fixed: 1.6.6 + - introduced: 1.7.0 + - fixed: 1.7.4 + vulnerable_at: 1.7.3 +summary: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul +cves: + - CVE-2020-12758 +ghsas: + - GHSA-q2qr-3c2p-9235 +references: + - advisory: https://github.com/advisories/GHSA-q2qr-3c2p-9235 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-12758 + - fix: https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc + - fix: https://github.com/hashicorp/consul/pull/7783 + - web: https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md + - web: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md +source: + id: GHSA-q2qr-3c2p-9235 + created: 2024-08-20T14:24:54.694794-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0862.yaml b/data/reports/GO-2022-0862.yaml new file mode 100644 index 000000000..ad32d59f6 --- /dev/null +++ b/data/reports/GO-2022-0862.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0862 +modules: + - module: github.com/go-gitea/gitea + versions: + - fixed: 1.7.6 + vulnerable_at: 1.7.5 +summary: Gitea Improper Input Validation in github.com/go-gitea/gitea +cves: + - CVE-2019-11228 +ghsas: + - GHSA-q47x-6mqq-4w92 +references: + - advisory: https://github.com/advisories/GHSA-q47x-6mqq-4w92 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-11228 + - fix: https://github.com/go-gitea/gitea/pull/6593 + - fix: https://github.com/go-gitea/gitea/pull/6595 + - web: https://github.com/go-gitea/gitea/releases/tag/v1.7.6 + - web: https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc3 +source: + id: GHSA-q47x-6mqq-4w92 + created: 2024-08-20T14:24:59.991994-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0863.yaml b/data/reports/GO-2022-0863.yaml new file mode 100644 index 000000000..8c187bd93 --- /dev/null +++ b/data/reports/GO-2022-0863.yaml @@ -0,0 +1,25 @@ +id: GO-2022-0863 +modules: + - module: github.com/goharbor/harbor + versions: + - introduced: 1.7.0 + - fixed: 1.8.6 + - introduced: 1.9.0 + - fixed: 1.9.3 + vulnerable_at: 1.9.3-rc1 +summary: Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor +cves: + - CVE-2019-19023 +ghsas: + - GHSA-q6cj-6jvq-jwmh +references: + - advisory: https://github.com/advisories/GHSA-q6cj-6jvq-jwmh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-19023 + - web: https://github.com/goharbor/harbor/security/advisories + - web: https://github.com/goharbor/harbor/security/advisories/GHSA-3868-7c5x-4827 + - web: https://tanzu.vmware.com/security/cve-2019-19023 +source: + id: GHSA-q6cj-6jvq-jwmh + created: 2024-08-20T14:25:04.59252-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0865.yaml b/data/reports/GO-2022-0865.yaml new file mode 100644 index 000000000..2417a1b63 --- /dev/null +++ b/data/reports/GO-2022-0865.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0865 +modules: + - module: github.com/goharbor/harbor + versions: + - fixed: 2.0.3+incompatible + vulnerable_at: 2.0.3-rc1+incompatible +summary: Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor +cves: + - CVE-2020-13794 +ghsas: + - GHSA-q9p8-33wc-h432 +references: + - advisory: https://github.com/goharbor/harbor/security/advisories/GHSA-q9p8-33wc-h432 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-13794 + - web: https://github.com/goharbor/harbor/releases + - web: https://github.com/goharbor/harbor/releases/tag/v2.0.3 + - web: https://github.com/goharbor/harbor/releases/tag/v2.1.0 + - web: https://www.cybereagle.io/blog/cve-2020-13794 +source: + id: GHSA-q9p8-33wc-h432 + created: 2024-08-20T14:25:11.211281-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0866.yaml b/data/reports/GO-2022-0866.yaml new file mode 100644 index 000000000..ab7e0fce6 --- /dev/null +++ b/data/reports/GO-2022-0866.yaml @@ -0,0 +1,24 @@ +id: GO-2022-0866 +modules: + - module: github.com/heketi/heketi + versions: + - fixed: 5.0.1+incompatible + vulnerable_at: 5.0.0+incompatible +summary: Information Exposure in Heketi in github.com/heketi/heketi +cves: + - CVE-2017-15104 +ghsas: + - GHSA-q9vw-wr57-xjv3 +references: + - advisory: https://github.com/advisories/GHSA-q9vw-wr57-xjv3 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2017-15104 + - fix: https://github.com/heketi/heketi/commit/787bae461b23003a4daa4d1d639016a754cf6b00 + - web: https://access.redhat.com/errata/RHSA-2017:3481 + - web: https://access.redhat.com/security/cve/CVE-2017-15104 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=1510149 + - web: https://github.com/heketi/heketi/releases/tag/v5.0.1 +source: + id: GHSA-q9vw-wr57-xjv3 + created: 2024-08-20T14:25:16.845974-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0867.yaml b/data/reports/GO-2022-0867.yaml new file mode 100644 index 000000000..4e8a09d96 --- /dev/null +++ b/data/reports/GO-2022-0867.yaml @@ -0,0 +1,32 @@ +id: GO-2022-0867 +modules: + - module: k8s.io/kubernetes + versions: + - introduced: 1.15.0 + - fixed: 1.15.10 + - introduced: 1.16.0 + - fixed: 1.16.6 + - introduced: 1.17.0 + - fixed: 1.17.2 + vulnerable_at: 1.17.2-beta.0 +summary: |- + Allocation of Resources Without Limits or Throttling and Uncontrolled Memory + Allocation in Kubernetes in k8s.io/kubernetes +cves: + - CVE-2020-8551 +ghsas: + - GHSA-qhm4-jxv7-j9pq +references: + - advisory: https://github.com/advisories/GHSA-qhm4-jxv7-j9pq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-8551 + - web: https://github.com/kubernetes/kubernetes/commit/9802bfcec0580169cffce2a3d468689a407fa7dc + - web: https://github.com/kubernetes/kubernetes/issues/89377 + - web: https://github.com/kubernetes/kubernetes/pull/87913 + - web: https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX + - web: https://security.netapp.com/advisory/ntap-20200413-0003 +source: + id: GHSA-qhm4-jxv7-j9pq + created: 2024-08-20T14:25:29.262133-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0869.yaml b/data/reports/GO-2022-0869.yaml new file mode 100644 index 000000000..5f685e75f --- /dev/null +++ b/data/reports/GO-2022-0869.yaml @@ -0,0 +1,25 @@ +id: GO-2022-0869 +modules: + - module: github.com/argoproj/argo-cd + versions: + - fixed: 1.7.13 + - introduced: 1.8.0 + - fixed: 1.8.6 + vulnerable_at: 1.8.5 + - module: github.com/argoproj/argo-cd/v2 + vulnerable_at: 2.12.1 +summary: Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2 +cves: + - CVE-2021-23347 +ghsas: + - GHSA-qq5v-f4c3-395c +references: + - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-qq5v-f4c3-395c + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-23347 + - fix: https://github.com/argoproj/argo-cd/pull/5563 + - web: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDCMD-1078291 +source: + id: GHSA-qq5v-f4c3-395c + created: 2024-08-20T14:25:38.44588-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0871.yaml b/data/reports/GO-2022-0871.yaml new file mode 100644 index 000000000..899e4c12a --- /dev/null +++ b/data/reports/GO-2022-0871.yaml @@ -0,0 +1,20 @@ +id: GO-2022-0871 +modules: + - module: github.com/ethereum/go-ethereum + versions: + - fixed: 1.8.14 + vulnerable_at: 1.8.13 +summary: Go Ethereum Improper Input Validation in github.com/ethereum/go-ethereum +cves: + - CVE-2018-16733 +ghsas: + - GHSA-qr2j-wrhx-4829 +references: + - advisory: https://github.com/advisories/GHSA-qr2j-wrhx-4829 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-16733 + - fix: https://github.com/ethereum/go-ethereum/commit/106d196ec4a6451efedc60ab15957f231fa85639 +source: + id: GHSA-qr2j-wrhx-4829 + created: 2024-08-20T14:25:49.190485-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0873.yaml b/data/reports/GO-2022-0873.yaml new file mode 100644 index 000000000..89017f6e7 --- /dev/null +++ b/data/reports/GO-2022-0873.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0873 +modules: + - module: github.com/ipfs/go-ipfs + versions: + - fixed: 0.8.0 + vulnerable_at: 0.8.0-rc2 +summary: Control character injection in console output in github.com/ipfs/go-ipfs +cves: + - CVE-2020-26283 +ghsas: + - GHSA-r4gv-vj59-cccm +references: + - advisory: https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-26283 + - fix: https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a + - fix: https://github.com/ipfs/go-ipfs/pull/7831 +source: + id: GHSA-r4gv-vj59-cccm + created: 2024-08-20T14:26:00.60014-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0874.yaml b/data/reports/GO-2022-0874.yaml new file mode 100644 index 000000000..67b0c0fe8 --- /dev/null +++ b/data/reports/GO-2022-0874.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0874 +modules: + - module: github.com/hashicorp/consul + versions: + - introduced: 1.4.1 + - fixed: 1.6.3 + vulnerable_at: 1.6.2 +summary: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul +cves: + - CVE-2020-7955 +ghsas: + - GHSA-r9w6-rhh9-7v53 +references: + - advisory: https://github.com/advisories/GHSA-r9w6-rhh9-7v53 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-7955 + - report: https://github.com/hashicorp/consul/issues/7160 + - web: https://www.hashicorp.com/blog/category/consul +source: + id: GHSA-r9w6-rhh9-7v53 + created: 2024-08-20T14:26:05.095011-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0875.yaml b/data/reports/GO-2022-0875.yaml new file mode 100644 index 000000000..2d96edd65 --- /dev/null +++ b/data/reports/GO-2022-0875.yaml @@ -0,0 +1,25 @@ +id: GO-2022-0875 +modules: + - module: github.com/openshift/origin + versions: + - fixed: 1.0.6 + vulnerable_at: 1.0.5 +summary: Denial of Service in OpenShift Origin in github.com/openshift/origin +cves: + - CVE-2015-5250 +ghsas: + - GHSA-rf3m-mhv7-x39f +references: + - advisory: https://github.com/advisories/GHSA-rf3m-mhv7-x39f + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2015-5250 + - fix: https://github.com/openshift/origin/commit/dace5075e31b74703e944b6b3ebe8836be8d1b9a + - report: https://github.com/openshift/origin/issues/4374 + - web: https://access.redhat.com/errata/RHSA-2015:1736 + - web: https://access.redhat.com/security/cve/CVE-2015-5250 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=1259867 + - web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5250 +source: + id: GHSA-rf3m-mhv7-x39f + created: 2024-08-20T14:26:09.776371-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0876.yaml b/data/reports/GO-2022-0876.yaml new file mode 100644 index 000000000..781e99aa8 --- /dev/null +++ b/data/reports/GO-2022-0876.yaml @@ -0,0 +1,26 @@ +id: GO-2022-0876 +modules: + - module: github.com/goharbor/harbor + versions: + - introduced: 1.7.0 + - fixed: 1.8.6 + - introduced: 1.9.0 + - fixed: 1.9.3 + vulnerable_at: 1.9.3-rc1 +summary: Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor +cves: + - CVE-2019-19025 +ghsas: + - GHSA-gcqm-v682-ccw6 + - GHSA-rffr-c932-cpxv +references: + - advisory: https://github.com/advisories/GHSA-rffr-c932-cpxv + - advisory: https://github.com/goharbor/harbor/security/advisories/GHSA-gcqm-v682-ccw6 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-19025 + - web: https://github.com/goharbor/harbor/security/advisories + - web: https://tanzu.vmware.com/security/cve-2019-19025 +source: + id: GHSA-rffr-c932-cpxv + created: 2024-08-20T14:26:16.700379-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0878.yaml b/data/reports/GO-2022-0878.yaml new file mode 100644 index 000000000..37af9ae24 --- /dev/null +++ b/data/reports/GO-2022-0878.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0878 +modules: + - module: github.com/rclone/rclone + versions: + - fixed: 1.53.3 + vulnerable_at: 1.53.2 +summary: Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone in github.com/rclone/rclone +cves: + - CVE-2020-28924 +ghsas: + - GHSA-rmw5-xpg9-jr29 +references: + - advisory: https://github.com/advisories/GHSA-rmw5-xpg9-jr29 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-28924 + - report: https://github.com/rclone/rclone/issues/4783 + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD + - web: https://security.gentoo.org/glsa/202107-14 +source: + id: GHSA-rmw5-xpg9-jr29 + created: 2024-08-20T14:26:23.049648-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0879.yaml b/data/reports/GO-2022-0879.yaml new file mode 100644 index 000000000..c94d30907 --- /dev/null +++ b/data/reports/GO-2022-0879.yaml @@ -0,0 +1,26 @@ +id: GO-2022-0879 +modules: + - module: github.com/hashicorp/consul + versions: + - introduced: 1.2.0 + - fixed: 1.6.6 + - introduced: 1.7.0 + - fixed: 1.7.4 + vulnerable_at: 1.7.3 +summary: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul +cves: + - CVE-2020-13250 +ghsas: + - GHSA-rqjq-mrgx-85hp +references: + - advisory: https://github.com/advisories/GHSA-rqjq-mrgx-85hp + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-13250 + - fix: https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432 + - fix: https://github.com/hashicorp/consul/pull/8023 + - web: https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md + - web: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md +source: + id: GHSA-rqjq-mrgx-85hp + created: 2024-08-20T14:26:27.927375-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0882.yaml b/data/reports/GO-2022-0882.yaml new file mode 100644 index 000000000..9a19fa268 --- /dev/null +++ b/data/reports/GO-2022-0882.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0882 +modules: + - module: github.com/argoproj/argo-cd + versions: + - introduced: 1.5.0 + - fixed: 1.5.1 + vulnerable_at: 1.5.0 +summary: Observable Discrepancy in Argo in github.com/argoproj/argo-cd +cves: + - CVE-2020-11576 +ghsas: + - GHSA-vj54-cjrx-x696 +references: + - advisory: https://github.com/advisories/GHSA-vj54-cjrx-x696 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-11576 + - fix: https://github.com/argoproj/argo-cd/commit/35a7350b7444bcaf53ee0bb11b9d8e3ae4b717a1 + - fix: https://github.com/argoproj/argo-cd/pull/3215 +source: + id: GHSA-vj54-cjrx-x696 + created: 2024-08-20T14:26:40.646303-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0883.yaml b/data/reports/GO-2022-0883.yaml new file mode 100644 index 000000000..5cddbc96f --- /dev/null +++ b/data/reports/GO-2022-0883.yaml @@ -0,0 +1,26 @@ +id: GO-2022-0883 +modules: + - module: github.com/goharbor/harbor + versions: + - introduced: 1.7.0 + - fixed: 1.8.6 + - introduced: 1.9.0 + - fixed: 1.9.3 + vulnerable_at: 1.9.3-rc1 +summary: SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor +cves: + - CVE-2019-19026 +ghsas: + - GHSA-rh89-vvrg-fg64 + - GHSA-w4x5-jqq4-qc8x +references: + - advisory: https://github.com/advisories/GHSA-w4x5-jqq4-qc8x + - advisory: https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-19026 + - web: https://github.com/goharbor/harbor/security/advisories + - web: https://tanzu.vmware.com/security/cve-2019-19026 +source: + id: GHSA-w4x5-jqq4-qc8x + created: 2024-08-20T14:26:47.18078-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0885.yaml b/data/reports/GO-2022-0885.yaml new file mode 100644 index 000000000..3271ca365 --- /dev/null +++ b/data/reports/GO-2022-0885.yaml @@ -0,0 +1,32 @@ +id: GO-2022-0885 +modules: + - module: k8s.io/kubernetes + versions: + - fixed: 1.16.11 + - introduced: 1.17.0 + - fixed: 1.17.7 + - introduced: 1.18.0 + - fixed: 1.18.4 + vulnerable_at: 1.18.4-rc.0 +summary: Improper Authentication in Kubernetes in k8s.io/kubernetes +cves: + - CVE-2020-8558 +ghsas: + - GHSA-wqv3-8cm6-h6wg +references: + - advisory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558 + - advisory: https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-8558 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=1843358 + - web: https://github.com/kubernetes/kubernetes/issues/92315 + - web: https://github.com/tabbysable/POC-2020-8558 + - web: https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ + - web: https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE + - web: https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation + - web: https://security.netapp.com/advisory/ntap-20200821-0001 + - web: https://www.openwall.com/lists/oss-security/2020/07/08/1 +source: + id: GHSA-wqv3-8cm6-h6wg + created: 2024-08-20T14:27:02.374776-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0886.yaml b/data/reports/GO-2022-0886.yaml new file mode 100644 index 000000000..58578ec64 --- /dev/null +++ b/data/reports/GO-2022-0886.yaml @@ -0,0 +1,28 @@ +id: GO-2022-0886 +modules: + - module: k8s.io/kubernetes + versions: + - introduced: 1.9.0 + - fixed: 1.9.10 + - introduced: 1.10.0 + - fixed: 1.10.6 + - introduced: 1.11.0 + - fixed: 1.11.2 + vulnerable_at: 1.11.2-beta.0 +summary: Kubernetes Arbitrary Command Injection in k8s.io/kubernetes +cves: + - CVE-2018-1002101 +ghsas: + - GHSA-wqwf-x5cj-rg56 +references: + - advisory: https://github.com/advisories/GHSA-wqwf-x5cj-rg56 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-1002101 + - web: https://github.com/kubernetes/kubernetes/commit/d65039c56ce4de5f2efdc38aa1284eeb95f89169 + - web: https://github.com/kubernetes/kubernetes/issues/65750 + - web: https://github.com/kubernetes/kubernetes/pull/65751 + - web: https://security.netapp.com/advisory/ntap-20190416-0008 +source: + id: GHSA-wqwf-x5cj-rg56 + created: 2024-08-20T14:27:11.817514-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE