-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- data/reports/GO-2024-3016.yaml - data/reports/GO-2024-3058.yaml - data/reports/GO-2024-3068.yaml - data/reports/GO-2024-3073.yaml Fixes #3016 Fixes #3058 Fixes #3068 Fixes #3073 Change-Id: I9ba34b3e2fc2a8610552f25eb53248715625d3b8 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606775 LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]>
- Loading branch information
Showing
8 changed files
with
532 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3016", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-40464", | ||
"GHSA-r6qh-j42j-pw64" | ||
], | ||
"summary": "Beego privilege escalation vulnerability via sendMail in github.com/beego/beego/v2", | ||
"details": "Beego privilege escalation vulnerability via sendMail in github.com/beego/beego/v2", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/beego/beego/v2", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "2.2.1" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": { | ||
"imports": [ | ||
{ | ||
"path": "github.com/beego/beego/v2/core/logs", | ||
"symbols": [ | ||
"AccessLog", | ||
"Alert", | ||
"Async", | ||
"BeeLogger.Alert", | ||
"BeeLogger.Async", | ||
"BeeLogger.Close", | ||
"BeeLogger.Critical", | ||
"BeeLogger.Debug", | ||
"BeeLogger.DelLogger", | ||
"BeeLogger.Emergency", | ||
"BeeLogger.Error", | ||
"BeeLogger.Flush", | ||
"BeeLogger.Info", | ||
"BeeLogger.Informational", | ||
"BeeLogger.Notice", | ||
"BeeLogger.Reset", | ||
"BeeLogger.SetLogger", | ||
"BeeLogger.Trace", | ||
"BeeLogger.Warn", | ||
"BeeLogger.Warning", | ||
"BeeLogger.Write", | ||
"ColorByMethod", | ||
"ColorByStatus", | ||
"Critical", | ||
"Debug", | ||
"Emergency", | ||
"Error", | ||
"GetLogger", | ||
"Info", | ||
"Informational", | ||
"JLWriter.Format", | ||
"JLWriter.Init", | ||
"JLWriter.WriteMsg", | ||
"LogMsg.OldStyleFormat", | ||
"NewLogger", | ||
"Notice", | ||
"PatternLogFormatter.Format", | ||
"PatternLogFormatter.ToString", | ||
"Reset", | ||
"SLACKWriter.Format", | ||
"SLACKWriter.Init", | ||
"SLACKWriter.WriteMsg", | ||
"SMTPWriter.Format", | ||
"SMTPWriter.Init", | ||
"SMTPWriter.WriteMsg", | ||
"SMTPWriter.sendMail", | ||
"SetLogger", | ||
"Trace", | ||
"Warn", | ||
"Warning", | ||
"connWriter.Format", | ||
"connWriter.Init", | ||
"connWriter.WriteMsg", | ||
"consoleWriter.Format", | ||
"consoleWriter.Init", | ||
"consoleWriter.WriteMsg", | ||
"fileLogWriter.Format", | ||
"fileLogWriter.Init", | ||
"fileLogWriter.WriteMsg", | ||
"multiFileLogWriter.Format", | ||
"multiFileLogWriter.Init", | ||
"multiFileLogWriter.WriteMsg", | ||
"newSMTPWriter" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-r6qh-j42j-pw64" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://gist.github.com/nyxfqq/b53b0148b9aa040de63f58a68fd11445" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/beego/beego/commit/8f89e12e6cafb106d5c201dbc3b2a338bfde74e2" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/beego/beego/security/advisories/GHSA-6g9p-wv47-4fxq" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3016", | ||
"review_status": "REVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3058", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-41270", | ||
"GHSA-p3pf-mff8-3h47" | ||
], | ||
"summary": "Gorush uses deprecated TLS versions in github.com/appleboy/gorush", | ||
"details": "An issue in the RunHTTPServer function in Gorush allows attackers to intercept and manipulate data due to the use of a deprecated TLS version.", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/appleboy/gorush", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "1.18.5" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": { | ||
"imports": [ | ||
{ | ||
"path": "github.com/appleboy/gorush/router", | ||
"symbols": [ | ||
"RunHTTPServer" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-p3pf-mff8-3h47" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/appleboy/gorush/commit/067cb597e485e40b790a267187bf7f00730b1c4b" | ||
}, | ||
{ | ||
"type": "REPORT", | ||
"url": "https://github.com/appleboy/gorush/issues/792" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://gist.github.com/nyxfqq/cfae38fada582a0f576d154be1aeb1fc" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3058", | ||
"review_status": "REVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3068", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"GHSA-83qr-9v2h-qxp4" | ||
], | ||
"summary": "Missing check for the height of cryptographic equivocation evidence in github.com/cosmos/gaia", | ||
"details": "Missing check for the height of cryptographic equivocation evidence in github.com/cosmos/gaia", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/cosmos/gaia/v14", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "14.2.0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
}, | ||
{ | ||
"package": { | ||
"name": "github.com/cosmos/gaia/v15", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
}, | ||
{ | ||
"package": { | ||
"name": "github.com/cosmos/gaia/v16", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
}, | ||
{ | ||
"package": { | ||
"name": "github.com/cosmos/gaia/v17", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "17.3.0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-83qr-9v2h-qxp4" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3068", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-3073", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-7625", | ||
"GHSA-25qx-vfw2-fw8r" | ||
], | ||
"summary": "Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking in github.com/hashicorp/nomad", | ||
"details": "Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking in github.com/hashicorp/nomad.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/hashicorp/nomad from v0.6.1 before v1.6.14, from v1.7.0 before v1.7.11, from v1.8.0 before v1.8.3.", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/hashicorp/nomad", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0.6.1" | ||
}, | ||
{ | ||
"fixed": "1.8.3" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": { | ||
"custom_ranges": [ | ||
{ | ||
"type": "ECOSYSTEM", | ||
"events": [ | ||
{ | ||
"introduced": "0.6.1" | ||
}, | ||
{ | ||
"fixed": "1.6.14" | ||
}, | ||
{ | ||
"introduced": "1.7.0" | ||
}, | ||
{ | ||
"fixed": "1.7.11" | ||
}, | ||
{ | ||
"introduced": "1.8.0" | ||
}, | ||
{ | ||
"fixed": "1.8.3" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-25qx-vfw2-fw8r" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7625" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://discuss.hashicorp.com/t/hcsec-2024-17-nomad-vulnerable-to-allocation-directory-escape-on-non-existing-file-paths-through-archive-unpacking/69293" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-3073", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
Oops, something went wrong.