diff --git a/data/excluded/GO-2022-0573.yaml b/data/excluded/GO-2022-0573.yaml deleted file mode 100644 index 9fc30c10..00000000 --- a/data/excluded/GO-2022-0573.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0573 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/nomad -cves: - - CVE-2021-43415 -ghsas: - - GHSA-2jhh-5xm2-j4gf diff --git a/data/excluded/GO-2022-0576.yaml b/data/excluded/GO-2022-0576.yaml deleted file mode 100644 index 138ed841..00000000 --- a/data/excluded/GO-2022-0576.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0576 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/mattermost/mattermost-server/v6 -cves: - - CVE-2022-1384 -ghsas: - - GHSA-32rp-q37p-jg6w diff --git a/data/excluded/GO-2022-0577.yaml b/data/excluded/GO-2022-0577.yaml deleted file mode 100644 index 8a21228c..00000000 --- a/data/excluded/GO-2022-0577.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0577 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/nomad -cves: - - CVE-2022-24685 -ghsas: - - GHSA-3382-r9q8-4hfg diff --git a/data/excluded/GO-2022-0578.yaml b/data/excluded/GO-2022-0578.yaml deleted file mode 100644 index f4e9ab60..00000000 --- a/data/excluded/GO-2022-0578.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0578 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/vault -cves: - - CVE-2021-42135 -ghsas: - - GHSA-362v-wg5p-64w2 diff --git a/data/excluded/GO-2022-0579.yaml b/data/excluded/GO-2022-0579.yaml deleted file mode 100644 index f0525727..00000000 --- a/data/excluded/GO-2022-0579.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0579 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/go-gitea/gitea -cves: - - CVE-2021-45328 -ghsas: - - GHSA-36h2-95gj-w488 diff --git a/data/excluded/GO-2022-0580.yaml b/data/excluded/GO-2022-0580.yaml deleted file mode 100644 index 3174397a..00000000 --- a/data/excluded/GO-2022-0580.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0580 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/cloudflare/cfrpki -cves: - - CVE-2021-3978 -ghsas: - - GHSA-3pqh-p72c-fj85 diff --git a/data/excluded/GO-2022-0583.yaml b/data/excluded/GO-2022-0583.yaml deleted file mode 100644 index 528c60d7..00000000 --- a/data/excluded/GO-2022-0583.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0583 -excluded: NOT_IMPORTABLE -modules: - - module: gogs.io/gogs -cves: - - CVE-2022-1285 -ghsas: - - GHSA-w689-557m-2cvq diff --git a/data/excluded/GO-2022-0584.yaml b/data/excluded/GO-2022-0584.yaml deleted file mode 100644 index 38e19c25..00000000 --- a/data/excluded/GO-2022-0584.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0584 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/nomad -cves: - - CVE-2022-24683 -ghsas: - - GHSA-wmrx-57hm-mw7r diff --git a/data/excluded/GO-2022-0585.yaml b/data/excluded/GO-2022-0585.yaml deleted file mode 100644 index c1b2d627..00000000 --- a/data/excluded/GO-2022-0585.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0585 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/apache/trafficcontrol -cves: - - CVE-2022-23206 -ghsas: - - GHSA-wp47-9r3h-xfgq diff --git a/data/excluded/GO-2022-0590.yaml b/data/excluded/GO-2022-0590.yaml deleted file mode 100644 index 7d28b2f2..00000000 --- a/data/excluded/GO-2022-0590.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0590 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/vault -cves: - - CVE-2022-30689 -ghsas: - - GHSA-c5wc-v287-82pc diff --git a/data/excluded/GO-2022-0591.yaml b/data/excluded/GO-2022-0591.yaml deleted file mode 100644 index 701a1f69..00000000 --- a/data/excluded/GO-2022-0591.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0591 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/nomad -cves: - - CVE-2021-37218 -ghsas: - - GHSA-c8x3-rg72-fwwg diff --git a/data/excluded/GO-2022-0593.yaml b/data/excluded/GO-2022-0593.yaml deleted file mode 100644 index 9d2ce1c8..00000000 --- a/data/excluded/GO-2022-0593.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0593 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/consul -cves: - - CVE-2021-37219 -ghsas: - - GHSA-ccw8-7688-vqx4 diff --git a/data/excluded/GO-2022-0595.yaml b/data/excluded/GO-2022-0595.yaml deleted file mode 100644 index 60440303..00000000 --- a/data/excluded/GO-2022-0595.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0595 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/mattermost/mattermost-server/v6 -cves: - - CVE-2022-1337 -ghsas: - - GHSA-f37q-q7p2-ccfc diff --git a/data/excluded/GO-2022-0597.yaml b/data/excluded/GO-2022-0597.yaml deleted file mode 100644 index 746c2743..00000000 --- a/data/excluded/GO-2022-0597.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0597 -excluded: NOT_IMPORTABLE -modules: - - module: gogs.io/gogs -cves: - - CVE-2022-1464 -ghsas: - - GHSA-ff28-f46g-r9g8 diff --git a/data/excluded/GO-2022-0599.yaml b/data/excluded/GO-2022-0599.yaml deleted file mode 100644 index 53b9ea55..00000000 --- a/data/excluded/GO-2022-0599.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0599 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/mattermost/mattermost-server/v6 -cves: - - CVE-2022-1385 -ghsas: - - GHSA-fxwj-v664-wv5g diff --git a/data/excluded/GO-2022-0600.yaml b/data/excluded/GO-2022-0600.yaml deleted file mode 100644 index 4fbcfb27..00000000 --- a/data/excluded/GO-2022-0600.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0600 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/nomad -cves: - - CVE-2022-24686 -ghsas: - - GHSA-gwmc-6795-qghj diff --git a/data/excluded/GO-2022-0602.yaml b/data/excluded/GO-2022-0602.yaml deleted file mode 100644 index 81c1b722..00000000 --- a/data/excluded/GO-2022-0602.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0602 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/apache/trafficcontrol -cves: - - CVE-2021-42009 -ghsas: - - GHSA-gw97-f6h8-gm94 diff --git a/data/excluded/GO-2022-0604.yaml b/data/excluded/GO-2022-0604.yaml deleted file mode 100644 index 9fae25dc..00000000 --- a/data/excluded/GO-2022-0604.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0604 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/mattermost/mattermost-server/v5 -cves: - - CVE-2021-37860 -ghsas: - - GHSA-hv5f-73mr-7vvj diff --git a/data/excluded/GO-2022-0606.yaml b/data/excluded/GO-2022-0606.yaml deleted file mode 100644 index 0a15712d..00000000 --- a/data/excluded/GO-2022-0606.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0606 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/IceWhaleTech/CasaOS -cves: - - CVE-2022-24193 -ghsas: - - GHSA-jh63-28gx-7p26 diff --git a/data/excluded/GO-2022-0608.yaml b/data/excluded/GO-2022-0608.yaml deleted file mode 100644 index 4800a9d0..00000000 --- a/data/excluded/GO-2022-0608.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0608 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/cri-o/cri-o -cves: - - CVE-2022-0532 -ghsas: - - GHSA-jqmc-79gx-7g8p diff --git a/data/osv/GO-2022-0573.json b/data/osv/GO-2022-0573.json new file mode 100644 index 00000000..d0c9c18a --- /dev/null +++ b/data/osv/GO-2022-0573.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0573", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-43415", + "GHSA-2jhh-5xm2-j4gf" + ], + "summary": "Improper Authentication in HashiCorp Nomad in github.com/hashicorp/nomad", + "details": "Improper Authentication in HashiCorp Nomad in github.com/hashicorp/nomad", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/nomad", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.14" + }, + { + "introduced": "1.1.0" + }, + { + "fixed": "1.1.8" + }, + { + "introduced": "1.2.0" + }, + { + "fixed": "1.2.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-2jhh-5xm2-j4gf" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43415" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288" + }, + { + "type": "WEB", + "url": "https://www.hashicorp.com/blog/category/nomad" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0573", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0576.json b/data/osv/GO-2022-0576.json new file mode 100644 index 00000000..5e28b08a --- /dev/null +++ b/data/osv/GO-2022-0576.json @@ -0,0 +1,86 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0576", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-1384", + "GHSA-32rp-q37p-jg6w" + ], + "summary": "Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server", + "details": "Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v6", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "6.4.0" + }, + { + "fixed": "6.5.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-32rp-q37p-jg6w" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1384" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0576", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0577.json b/data/osv/GO-2022-0577.json new file mode 100644 index 00000000..8e014144 --- /dev/null +++ b/data/osv/GO-2022-0577.json @@ -0,0 +1,76 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0577", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-24685", + "GHSA-3382-r9q8-4hfg" + ], + "summary": "HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling in github.com/hashicorp/nomad", + "details": "HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling in github.com/hashicorp/nomad", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/nomad", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.0.0" + }, + { + "fixed": "1.0.17" + }, + { + "introduced": "1.1.0" + }, + { + "fixed": "1.1.12" + }, + { + "introduced": "1.2.0" + }, + { + "fixed": "1.2.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-3382-r9q8-4hfg" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24685" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20220331-0007" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0577", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0578.json b/data/osv/GO-2022-0578.json new file mode 100644 index 00000000..eecac01e --- /dev/null +++ b/data/osv/GO-2022-0578.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0578", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-42135", + "GHSA-362v-wg5p-64w2" + ], + "summary": "Incorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vault", + "details": "Incorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vault", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/vault", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.8.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-362v-wg5p-64w2" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42135" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#180" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0578", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0579.json b/data/osv/GO-2022-0579.json new file mode 100644 index 00000000..dfd6abd6 --- /dev/null +++ b/data/osv/GO-2022-0579.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0579", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-45328", + "GHSA-36h2-95gj-w488" + ], + "summary": "Open redirect in Gitea in github.com/go-gitea/gitea", + "details": "Open redirect in Gitea in github.com/go-gitea/gitea", + "affected": [ + { + "package": { + "name": "github.com/go-gitea/gitea", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-36h2-95gj-w488" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45328" + }, + { + "type": "REPORT", + "url": "https://github.com/go-gitea/gitea/issues/4332" + }, + { + "type": "WEB", + "url": "https://blog.gitea.io/2018/06/release-of-1.4.3" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0579", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0580.json b/data/osv/GO-2022-0580.json new file mode 100644 index 00000000..cfacc76b --- /dev/null +++ b/data/osv/GO-2022-0580.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0580", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-3978", + "GHSA-3pqh-p72c-fj85" + ], + "summary": "Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki in github.com/cloudflare/cfrpki", + "details": "Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki in github.com/cloudflare/cfrpki", + "affected": [ + { + "package": { + "name": "github.com/cloudflare/cfrpki", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0580", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0583.json b/data/osv/GO-2022-0583.json new file mode 100644 index 00000000..c345cc84 --- /dev/null +++ b/data/osv/GO-2022-0583.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0583", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-1285", + "GHSA-w689-557m-2cvq" + ], + "summary": "Server-Side Request Forgery in gogs webhook in gogs.io/gogs", + "details": "Server-Side Request Forgery in gogs webhook in gogs.io/gogs", + "affected": [ + { + "package": { + "name": "gogs.io/gogs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.12.8" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gogs/gogs/security/advisories/GHSA-w689-557m-2cvq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1285" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0583", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0584.json b/data/osv/GO-2022-0584.json new file mode 100644 index 00000000..f382b9ff --- /dev/null +++ b/data/osv/GO-2022-0584.json @@ -0,0 +1,84 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0584", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-24683", + "GHSA-wmrx-57hm-mw7r" + ], + "summary": "Arbitrary file reads in HashiCorp Nomad in github.com/hashicorp/nomad", + "details": "Arbitrary file reads in HashiCorp Nomad in github.com/hashicorp/nomad", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/nomad", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.9.2" + }, + { + "fixed": "1.0.18" + }, + { + "introduced": "1.1.0" + }, + { + "fixed": "1.1.12" + }, + { + "introduced": "1.2.0" + }, + { + "fixed": "1.2.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wmrx-57hm-mw7r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24683" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/nomad/commit/1aa46c3796e924b72eb45a7f02dae32df0c1179c" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/nomad/commit/b3c0e6a7a53d624003698b48b6c59739552c3721" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/nomad/commit/fcb3a5d016a3dfcc63efcdb567373735a0703279" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20220318-0008" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0584", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0585.json b/data/osv/GO-2022-0585.json new file mode 100644 index 00000000..f8ebc853 --- /dev/null +++ b/data/osv/GO-2022-0585.json @@ -0,0 +1,58 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0585", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-23206", + "GHSA-wp47-9r3h-xfgq" + ], + "summary": "Server-Side Request Forgery in Apache Traffic Control in github.com/apache/trafficcontrol", + "details": "Server-Side Request Forgery in Apache Traffic Control in github.com/apache/trafficcontrol", + "affected": [ + { + "package": { + "name": "github.com/apache/trafficcontrol", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.1.6+incompatible" + }, + { + "introduced": "6.0.0+incompatible" + }, + { + "fixed": "6.1.0+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wp47-9r3h-xfgq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23206" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/lsrd2mqj29vrvwsh8g0d560vvz8n126f" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0585", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0590.json b/data/osv/GO-2022-0590.json new file mode 100644 index 00000000..5b72923a --- /dev/null +++ b/data/osv/GO-2022-0590.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0590", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-30689", + "GHSA-c5wc-v287-82pc" + ], + "summary": "HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault", + "details": "HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/vault", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.10.0" + }, + { + "fixed": "1.10.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-c5wc-v287-82pc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30689" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/vault/commit/15baea5fa3e71c837c33b8bcbd8f06e0fbbc110d" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/vault" + }, + { + "type": "WEB", + "url": "https://security.gentoo.org/glsa/202207-01" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20220629-0006" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0590", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0591.json b/data/osv/GO-2022-0591.json new file mode 100644 index 00000000..8d2a5995 --- /dev/null +++ b/data/osv/GO-2022-0591.json @@ -0,0 +1,62 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0591", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-37218", + "GHSA-c8x3-rg72-fwwg" + ], + "summary": "Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad", + "details": "Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/nomad", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.10" + }, + { + "introduced": "1.1.0" + }, + { + "fixed": "1.1.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-c8x3-rg72-fwwg" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37218" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023" + }, + { + "type": "WEB", + "url": "https://www.hashicorp.com/blog/category/nomad" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0591", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0593.json b/data/osv/GO-2022-0593.json new file mode 100644 index 00000000..0d40daba --- /dev/null +++ b/data/osv/GO-2022-0593.json @@ -0,0 +1,88 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0593", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-37219", + "GHSA-ccw8-7688-vqx4" + ], + "summary": "HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul", + "details": "HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/consul", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.8.15" + }, + { + "introduced": "1.9.0" + }, + { + "fixed": "1.9.9" + }, + { + "introduced": "1.10.1" + }, + { + "fixed": "1.10.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-ccw8-7688-vqx4" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37219" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/pull/10925" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024" + }, + { + "type": "WEB", + "url": "https://security.gentoo.org/glsa/202207-01" + }, + { + "type": "WEB", + "url": "https://www.hashicorp.com/blog/category/consul" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0593", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0595.json b/data/osv/GO-2022-0595.json new file mode 100644 index 00000000..2ca7c5f0 --- /dev/null +++ b/data/osv/GO-2022-0595.json @@ -0,0 +1,86 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0595", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-1337", + "GHSA-f37q-q7p2-ccfc" + ], + "summary": "Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server", + "details": "Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v6", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "6.4.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-f37q-q7p2-ccfc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1337" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0595", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0597.json b/data/osv/GO-2022-0597.json new file mode 100644 index 00000000..8e4ed861 --- /dev/null +++ b/data/osv/GO-2022-0597.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0597", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-1464", + "GHSA-ff28-f46g-r9g8" + ], + "summary": "Cross-site Scripting in Gogs in gogs.io/gogs", + "details": "Cross-site Scripting in Gogs in gogs.io/gogs", + "affected": [ + { + "package": { + "name": "gogs.io/gogs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.12.7" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gogs/gogs/security/advisories/GHSA-ff28-f46g-r9g8" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1464" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0597", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0599.json b/data/osv/GO-2022-0599.json new file mode 100644 index 00000000..9657a65d --- /dev/null +++ b/data/osv/GO-2022-0599.json @@ -0,0 +1,90 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0599", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-1385", + "GHSA-fxwj-v664-wv5g" + ], + "summary": "Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server", + "details": "Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v6", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "6.5.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-fxwj-v664-wv5g" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1385" + }, + { + "type": "WEB", + "url": "https://hackerone.com/reports/1486820" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0599", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0600.json b/data/osv/GO-2022-0600.json new file mode 100644 index 00000000..cf11e398 --- /dev/null +++ b/data/osv/GO-2022-0600.json @@ -0,0 +1,80 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0600", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-24686", + "GHSA-gwmc-6795-qghj" + ], + "summary": "HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad", + "details": "HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/nomad", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.3.0" + }, + { + "fixed": "1.0.18" + }, + { + "introduced": "1.1.0" + }, + { + "fixed": "1.1.12" + }, + { + "introduced": "1.2.0" + }, + { + "fixed": "1.2.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-gwmc-6795-qghj" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24686" + }, + { + "type": "REPORT", + "url": "https://github.com/hashicorp/nomad/issues/12036" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/nomad/releases/tag/v1.2.6" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20220318-0008" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0600", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0602.json b/data/osv/GO-2022-0602.json new file mode 100644 index 00000000..f5b6da89 --- /dev/null +++ b/data/osv/GO-2022-0602.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0602", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-42009", + "GHSA-gw97-f6h8-gm94" + ], + "summary": "Email relay in Apache Traffic Control in github.com/apache/trafficcontrol", + "details": "Email relay in Apache Traffic Control in github.com/apache/trafficcontrol", + "affected": [ + { + "package": { + "name": "github.com/apache/trafficcontrol", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.1.3+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-gw97-f6h8-gm94" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42009" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2021/10/12/1" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread.html/r78d471d8a4fd268a4c5ae6c47327c09d9d4b4467c31da2c97422febb@%3Cdev.trafficcontrol.apache.org%3E" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread.html/r7dfa9a89b39d06caeeeb7b5cdc41b3493a9b86cc6cfa059d3f349d87@%3Cannounce.apache.org%3E" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread.html/re384fd0f44c6d230f31376153c6e8b59e4a669f927c1533d06d702af%40%3Cdev.trafficcontrol.apache.org%3E" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread.html/rf0481b9e38ece1ece458d3ce7b2d671df819e3555597f31fc34f084e%40%3Ccommits.trafficcontrol.apache.org%3E" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0602", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0604.json b/data/osv/GO-2022-0604.json new file mode 100644 index 00000000..fe170f01 --- /dev/null +++ b/data/osv/GO-2022-0604.json @@ -0,0 +1,77 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0604", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-37860", + "GHSA-hv5f-73mr-7vvj" + ], + "summary": "Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server", + "details": "Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.39.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hv5f-73mr-7vvj" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37860" + }, + { + "type": "WEB", + "url": "https://docs.mattermost.com/install/self-managed-changelog.html#release-v5-39-quality-release" + }, + { + "type": "WEB", + "url": "https://github.com/mattermost/mattermost-server" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0604", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0606.json b/data/osv/GO-2022-0606.json new file mode 100644 index 00000000..3ba03c7f --- /dev/null +++ b/data/osv/GO-2022-0606.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0606", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-24193", + "GHSA-jh63-28gx-7p26" + ], + "summary": "Command Injection in CasaOS in github.com/IceWhaleTech/CasaOS", + "details": "Command Injection in CasaOS in github.com/IceWhaleTech/CasaOS", + "affected": [ + { + "package": { + "name": "github.com/IceWhaleTech/CasaOS", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.2.8" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-jh63-28gx-7p26" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24193" + }, + { + "type": "FIX", + "url": "https://github.com/IceWhaleTech/CasaOS/commit/d060968b7ab08e7f8cbfe7ca9ccdfa47afe9bb06" + }, + { + "type": "REPORT", + "url": "https://github.com/IceWhaleTech/CasaOS/issues/84" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0606", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0608.json b/data/osv/GO-2022-0608.json new file mode 100644 index 00000000..1d8c5420 --- /dev/null +++ b/data/osv/GO-2022-0608.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0608", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-0532", + "GHSA-jqmc-79gx-7g8p" + ], + "summary": "Incorrect Permission Assignment for Critical Resource in CRI-O in github.com/cri-o/cri-o", + "details": "Incorrect Permission Assignment for Critical Resource in CRI-O in github.com/cri-o/cri-o", + "affected": [ + { + "package": { + "name": "github.com/cri-o/cri-o", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.23.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-jqmc-79gx-7g8p" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0532" + }, + { + "type": "FIX", + "url": "https://github.com/cri-o/cri-o/pull/5610" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051730" + }, + { + "type": "WEB", + "url": "https://github.com/cri-o/cri-o/releases/tag/v1.23.1" + }, + { + "type": "WEB", + "url": "https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0608", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2022-0573.yaml b/data/reports/GO-2022-0573.yaml new file mode 100644 index 00000000..0c4449f5 --- /dev/null +++ b/data/reports/GO-2022-0573.yaml @@ -0,0 +1,25 @@ +id: GO-2022-0573 +modules: + - module: github.com/hashicorp/nomad + versions: + - fixed: 1.0.14 + - introduced: 1.1.0 + - fixed: 1.1.8 + - introduced: 1.2.0 + - fixed: 1.2.1 + vulnerable_at: 1.2.0 +summary: Improper Authentication in HashiCorp Nomad in github.com/hashicorp/nomad +cves: + - CVE-2021-43415 +ghsas: + - GHSA-2jhh-5xm2-j4gf +references: + - advisory: https://github.com/advisories/GHSA-2jhh-5xm2-j4gf + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-43415 + - web: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288 + - web: https://www.hashicorp.com/blog/category/nomad +source: + id: GHSA-2jhh-5xm2-j4gf + created: 2024-08-20T14:04:51.260737-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0576.yaml b/data/reports/GO-2022-0576.yaml new file mode 100644 index 00000000..6705c0e7 --- /dev/null +++ b/data/reports/GO-2022-0576.yaml @@ -0,0 +1,25 @@ +id: GO-2022-0576 +modules: + - module: github.com/mattermost/mattermost-server + vulnerable_at: 9.11.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + vulnerable_at: 5.39.3 + - module: github.com/mattermost/mattermost-server/v6 + versions: + - introduced: 6.4.0 + - fixed: 6.5.0 + vulnerable_at: 6.4.3 +summary: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server +cves: + - CVE-2022-1384 +ghsas: + - GHSA-32rp-q37p-jg6w +references: + - advisory: https://github.com/advisories/GHSA-32rp-q37p-jg6w + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-1384 + - web: https://mattermost.com/security-updates +source: + id: GHSA-32rp-q37p-jg6w + created: 2024-08-20T14:04:54.58755-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0577.yaml b/data/reports/GO-2022-0577.yaml new file mode 100644 index 00000000..8ae5e5f3 --- /dev/null +++ b/data/reports/GO-2022-0577.yaml @@ -0,0 +1,30 @@ +id: GO-2022-0577 +modules: + - module: github.com/hashicorp/nomad + versions: + - introduced: 1.0.0 + - fixed: 1.0.17 + - introduced: 1.1.0 + - fixed: 1.1.12 + - introduced: 1.2.0 + - fixed: 1.2.6 + vulnerable_at: 1.2.5 +summary: |- + HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or + Throttling in github.com/hashicorp/nomad +cves: + - CVE-2022-24685 +ghsas: + - GHSA-3382-r9q8-4hfg +references: + - advisory: https://github.com/advisories/GHSA-3382-r9q8-4hfg + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-24685 + - web: https://discuss.hashicorp.com + - web: https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage + - web: https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561 + - web: https://security.netapp.com/advisory/ntap-20220331-0007 +source: + id: GHSA-3382-r9q8-4hfg + created: 2024-08-20T14:04:58.138987-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0578.yaml b/data/reports/GO-2022-0578.yaml new file mode 100644 index 00000000..e373e161 --- /dev/null +++ b/data/reports/GO-2022-0578.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0578 +modules: + - module: github.com/hashicorp/vault + versions: + - introduced: 1.8.0 + unsupported_versions: + - last_affected: 1.8.4 + vulnerable_at: 1.17.3 +summary: Incorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vault +cves: + - CVE-2021-42135 +ghsas: + - GHSA-362v-wg5p-64w2 +references: + - advisory: https://github.com/advisories/GHSA-362v-wg5p-64w2 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-42135 + - web: https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards + - web: https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#180 +source: + id: GHSA-362v-wg5p-64w2 + created: 2024-08-20T14:05:02.493104-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0579.yaml b/data/reports/GO-2022-0579.yaml new file mode 100644 index 00000000..1deac6c9 --- /dev/null +++ b/data/reports/GO-2022-0579.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0579 +modules: + - module: github.com/go-gitea/gitea + versions: + - fixed: 1.4.3 + vulnerable_at: 1.4.2 +summary: Open redirect in Gitea in github.com/go-gitea/gitea +cves: + - CVE-2021-45328 +ghsas: + - GHSA-36h2-95gj-w488 +references: + - advisory: https://github.com/advisories/GHSA-36h2-95gj-w488 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-45328 + - report: https://github.com/go-gitea/gitea/issues/4332 + - web: https://blog.gitea.io/2018/06/release-of-1.4.3 +source: + id: GHSA-36h2-95gj-w488 + created: 2024-08-20T14:05:08.367888-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0580.yaml b/data/reports/GO-2022-0580.yaml new file mode 100644 index 00000000..c05dcfd5 --- /dev/null +++ b/data/reports/GO-2022-0580.yaml @@ -0,0 +1,20 @@ +id: GO-2022-0580 +modules: + - module: github.com/cloudflare/cfrpki + versions: + - fixed: 1.4.2 + vulnerable_at: 1.4.1 +summary: |- + Improper Preservation of Permissions in + github.com/cloudflare/cfrpki/cmd/octorpki in github.com/cloudflare/cfrpki +cves: + - CVE-2021-3978 +ghsas: + - GHSA-3pqh-p72c-fj85 +references: + - advisory: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85 +source: + id: GHSA-3pqh-p72c-fj85 + created: 2024-08-20T14:05:12.956562-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0583.yaml b/data/reports/GO-2022-0583.yaml new file mode 100644 index 00000000..e8843ab3 --- /dev/null +++ b/data/reports/GO-2022-0583.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0583 +modules: + - module: gogs.io/gogs + versions: + - fixed: 0.12.8 + vulnerable_at: 0.12.8-rc.1 +summary: Server-Side Request Forgery in gogs webhook in gogs.io/gogs +cves: + - CVE-2022-1285 +ghsas: + - GHSA-w689-557m-2cvq +references: + - advisory: https://github.com/gogs/gogs/security/advisories/GHSA-w689-557m-2cvq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-1285 + - web: https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f + - web: https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d +source: + id: GHSA-w689-557m-2cvq + created: 2024-08-20T14:05:22.255595-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0584.yaml b/data/reports/GO-2022-0584.yaml new file mode 100644 index 00000000..1ad8919a --- /dev/null +++ b/data/reports/GO-2022-0584.yaml @@ -0,0 +1,30 @@ +id: GO-2022-0584 +modules: + - module: github.com/hashicorp/nomad + versions: + - introduced: 0.9.2 + - fixed: 1.0.18 + - introduced: 1.1.0 + - fixed: 1.1.12 + - introduced: 1.2.0 + - fixed: 1.2.6 + vulnerable_at: 1.2.5 +summary: Arbitrary file reads in HashiCorp Nomad in github.com/hashicorp/nomad +cves: + - CVE-2022-24683 +ghsas: + - GHSA-wmrx-57hm-mw7r +references: + - advisory: https://github.com/advisories/GHSA-wmrx-57hm-mw7r + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-24683 + - fix: https://github.com/hashicorp/nomad/commit/1aa46c3796e924b72eb45a7f02dae32df0c1179c + - fix: https://github.com/hashicorp/nomad/commit/b3c0e6a7a53d624003698b48b6c59739552c3721 + - fix: https://github.com/hashicorp/nomad/commit/fcb3a5d016a3dfcc63efcdb567373735a0703279 + - web: https://discuss.hashicorp.com + - web: https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560 + - web: https://security.netapp.com/advisory/ntap-20220318-0008 +source: + id: GHSA-wmrx-57hm-mw7r + created: 2024-08-20T14:05:26.753203-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0585.yaml b/data/reports/GO-2022-0585.yaml new file mode 100644 index 00000000..ba31117d --- /dev/null +++ b/data/reports/GO-2022-0585.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0585 +modules: + - module: github.com/apache/trafficcontrol + versions: + - fixed: 5.1.6+incompatible + - introduced: 6.0.0+incompatible + - fixed: 6.1.0+incompatible + vulnerable_at: 6.0.2+incompatible +summary: Server-Side Request Forgery in Apache Traffic Control in github.com/apache/trafficcontrol +cves: + - CVE-2022-23206 +ghsas: + - GHSA-wp47-9r3h-xfgq +references: + - advisory: https://github.com/advisories/GHSA-wp47-9r3h-xfgq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-23206 + - web: https://lists.apache.org/thread/lsrd2mqj29vrvwsh8g0d560vvz8n126f +source: + id: GHSA-wp47-9r3h-xfgq + created: 2024-08-20T14:05:32.463309-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0590.yaml b/data/reports/GO-2022-0590.yaml new file mode 100644 index 00000000..5c67ae23 --- /dev/null +++ b/data/reports/GO-2022-0590.yaml @@ -0,0 +1,25 @@ +id: GO-2022-0590 +modules: + - module: github.com/hashicorp/vault + versions: + - introduced: 1.10.0 + - fixed: 1.10.3 + vulnerable_at: 1.10.2 +summary: HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault +cves: + - CVE-2022-30689 +ghsas: + - GHSA-c5wc-v287-82pc +references: + - advisory: https://github.com/advisories/GHSA-c5wc-v287-82pc + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-30689 + - fix: https://github.com/hashicorp/vault/commit/15baea5fa3e71c837c33b8bcbd8f06e0fbbc110d + - web: https://discuss.hashicorp.com + - web: https://github.com/hashicorp/vault + - web: https://security.gentoo.org/glsa/202207-01 + - web: https://security.netapp.com/advisory/ntap-20220629-0006 +source: + id: GHSA-c5wc-v287-82pc + created: 2024-08-20T14:05:53.149021-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0591.yaml b/data/reports/GO-2022-0591.yaml new file mode 100644 index 00000000..93e5eab3 --- /dev/null +++ b/data/reports/GO-2022-0591.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0591 +modules: + - module: github.com/hashicorp/nomad + versions: + - fixed: 1.0.10 + - introduced: 1.1.0 + - fixed: 1.1.4 + vulnerable_at: 1.1.3 +summary: Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad +cves: + - CVE-2021-37218 +ghsas: + - GHSA-c8x3-rg72-fwwg +references: + - advisory: https://github.com/advisories/GHSA-c8x3-rg72-fwwg + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-37218 + - web: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023 + - web: https://www.hashicorp.com/blog/category/nomad +source: + id: GHSA-c8x3-rg72-fwwg + created: 2024-08-20T14:05:58.841096-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0593.yaml b/data/reports/GO-2022-0593.yaml new file mode 100644 index 00000000..4a3fa392 --- /dev/null +++ b/data/reports/GO-2022-0593.yaml @@ -0,0 +1,30 @@ +id: GO-2022-0593 +modules: + - module: github.com/hashicorp/consul + versions: + - fixed: 1.8.15 + - introduced: 1.9.0 + - fixed: 1.9.9 + - introduced: 1.10.1 + - fixed: 1.10.2 + vulnerable_at: 1.10.1 +summary: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul +cves: + - CVE-2021-37219 +ghsas: + - GHSA-ccw8-7688-vqx4 +references: + - advisory: https://github.com/advisories/GHSA-ccw8-7688-vqx4 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-37219 + - fix: https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0 + - fix: https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1 + - fix: https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 + - fix: https://github.com/hashicorp/consul/pull/10925 + - web: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 + - web: https://security.gentoo.org/glsa/202207-01 + - web: https://www.hashicorp.com/blog/category/consul +source: + id: GHSA-ccw8-7688-vqx4 + created: 2024-08-20T14:06:02.16931-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0595.yaml b/data/reports/GO-2022-0595.yaml new file mode 100644 index 00000000..9ae18565 --- /dev/null +++ b/data/reports/GO-2022-0595.yaml @@ -0,0 +1,24 @@ +id: GO-2022-0595 +modules: + - module: github.com/mattermost/mattermost-server + vulnerable_at: 9.11.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + vulnerable_at: 5.39.3 + - module: github.com/mattermost/mattermost-server/v6 + versions: + - fixed: 6.4.2 + vulnerable_at: 6.4.1 +summary: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server +cves: + - CVE-2022-1337 +ghsas: + - GHSA-f37q-q7p2-ccfc +references: + - advisory: https://github.com/advisories/GHSA-f37q-q7p2-ccfc + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-1337 + - web: https://mattermost.com/security-updates +source: + id: GHSA-f37q-q7p2-ccfc + created: 2024-08-20T14:06:15.357907-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0597.yaml b/data/reports/GO-2022-0597.yaml new file mode 100644 index 00000000..c99f20aa --- /dev/null +++ b/data/reports/GO-2022-0597.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0597 +modules: + - module: gogs.io/gogs + versions: + - fixed: 0.12.7 + vulnerable_at: 0.12.7-rc.1 +summary: Cross-site Scripting in Gogs in gogs.io/gogs +cves: + - CVE-2022-1464 +ghsas: + - GHSA-ff28-f46g-r9g8 +references: + - advisory: https://github.com/gogs/gogs/security/advisories/GHSA-ff28-f46g-r9g8 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-1464 + - web: https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850 + - web: https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d +source: + id: GHSA-ff28-f46g-r9g8 + created: 2024-08-20T14:06:21.612131-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0599.yaml b/data/reports/GO-2022-0599.yaml new file mode 100644 index 00000000..d55972c5 --- /dev/null +++ b/data/reports/GO-2022-0599.yaml @@ -0,0 +1,25 @@ +id: GO-2022-0599 +modules: + - module: github.com/mattermost/mattermost-server + vulnerable_at: 9.11.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + vulnerable_at: 5.39.3 + - module: github.com/mattermost/mattermost-server/v6 + versions: + - fixed: 6.5.0 + vulnerable_at: 6.4.3 +summary: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server +cves: + - CVE-2022-1385 +ghsas: + - GHSA-fxwj-v664-wv5g +references: + - advisory: https://github.com/advisories/GHSA-fxwj-v664-wv5g + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-1385 + - web: https://hackerone.com/reports/1486820 + - web: https://mattermost.com/security-updates +source: + id: GHSA-fxwj-v664-wv5g + created: 2024-08-20T14:06:26.274145-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0600.yaml b/data/reports/GO-2022-0600.yaml new file mode 100644 index 00000000..2dd16fc7 --- /dev/null +++ b/data/reports/GO-2022-0600.yaml @@ -0,0 +1,29 @@ +id: GO-2022-0600 +modules: + - module: github.com/hashicorp/nomad + versions: + - introduced: 0.3.0 + - fixed: 1.0.18 + - introduced: 1.1.0 + - fixed: 1.1.12 + - introduced: 1.2.0 + - fixed: 1.2.6 + vulnerable_at: 1.2.5 +summary: HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad +cves: + - CVE-2022-24686 +ghsas: + - GHSA-gwmc-6795-qghj +references: + - advisory: https://github.com/advisories/GHSA-gwmc-6795-qghj + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-24686 + - report: https://github.com/hashicorp/nomad/issues/12036 + - web: https://discuss.hashicorp.com + - web: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559 + - web: https://github.com/hashicorp/nomad/releases/tag/v1.2.6 + - web: https://security.netapp.com/advisory/ntap-20220318-0008 +source: + id: GHSA-gwmc-6795-qghj + created: 2024-08-20T14:06:29.984852-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0602.yaml b/data/reports/GO-2022-0602.yaml new file mode 100644 index 00000000..4db7cfcb --- /dev/null +++ b/data/reports/GO-2022-0602.yaml @@ -0,0 +1,24 @@ +id: GO-2022-0602 +modules: + - module: github.com/apache/trafficcontrol + versions: + - fixed: 5.1.3+incompatible + vulnerable_at: 5.1.2+incompatible +summary: Email relay in Apache Traffic Control in github.com/apache/trafficcontrol +cves: + - CVE-2021-42009 +ghsas: + - GHSA-gw97-f6h8-gm94 +references: + - advisory: https://github.com/advisories/GHSA-gw97-f6h8-gm94 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-42009 + - web: http://www.openwall.com/lists/oss-security/2021/10/12/1 + - web: https://lists.apache.org/thread.html/r78d471d8a4fd268a4c5ae6c47327c09d9d4b4467c31da2c97422febb@%3Cdev.trafficcontrol.apache.org%3E + - web: https://lists.apache.org/thread.html/r7dfa9a89b39d06caeeeb7b5cdc41b3493a9b86cc6cfa059d3f349d87@%3Cannounce.apache.org%3E + - web: https://lists.apache.org/thread.html/re384fd0f44c6d230f31376153c6e8b59e4a669f927c1533d06d702af%40%3Cdev.trafficcontrol.apache.org%3E + - web: https://lists.apache.org/thread.html/rf0481b9e38ece1ece458d3ce7b2d671df819e3555597f31fc34f084e%40%3Ccommits.trafficcontrol.apache.org%3E +source: + id: GHSA-gw97-f6h8-gm94 + created: 2024-08-20T14:06:40.261131-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0604.yaml b/data/reports/GO-2022-0604.yaml new file mode 100644 index 00000000..ec65fe94 --- /dev/null +++ b/data/reports/GO-2022-0604.yaml @@ -0,0 +1,24 @@ +id: GO-2022-0604 +modules: + - module: github.com/mattermost/mattermost-server + vulnerable_at: 9.11.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + versions: + - fixed: 5.39.0 + vulnerable_at: 5.38.4 +summary: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server +cves: + - CVE-2021-37860 +ghsas: + - GHSA-hv5f-73mr-7vvj +references: + - advisory: https://github.com/advisories/GHSA-hv5f-73mr-7vvj + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-37860 + - web: https://docs.mattermost.com/install/self-managed-changelog.html#release-v5-39-quality-release + - web: https://github.com/mattermost/mattermost-server + - web: https://mattermost.com/security-updates +source: + id: GHSA-hv5f-73mr-7vvj + created: 2024-08-20T14:06:46.963305-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0606.yaml b/data/reports/GO-2022-0606.yaml new file mode 100644 index 00000000..2542461e --- /dev/null +++ b/data/reports/GO-2022-0606.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0606 +modules: + - module: github.com/IceWhaleTech/CasaOS + versions: + - fixed: 0.2.8 + vulnerable_at: 0.2.7 +summary: Command Injection in CasaOS in github.com/IceWhaleTech/CasaOS +cves: + - CVE-2022-24193 +ghsas: + - GHSA-jh63-28gx-7p26 +references: + - advisory: https://github.com/advisories/GHSA-jh63-28gx-7p26 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-24193 + - fix: https://github.com/IceWhaleTech/CasaOS/commit/d060968b7ab08e7f8cbfe7ca9ccdfa47afe9bb06 + - report: https://github.com/IceWhaleTech/CasaOS/issues/84 +source: + id: GHSA-jh63-28gx-7p26 + created: 2024-08-20T14:06:56.602539-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0608.yaml b/data/reports/GO-2022-0608.yaml new file mode 100644 index 00000000..e225c5bf --- /dev/null +++ b/data/reports/GO-2022-0608.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0608 +modules: + - module: github.com/cri-o/cri-o + versions: + - fixed: 1.23.1 + vulnerable_at: 1.23.0 +summary: Incorrect Permission Assignment for Critical Resource in CRI-O in github.com/cri-o/cri-o +cves: + - CVE-2022-0532 +ghsas: + - GHSA-jqmc-79gx-7g8p +references: + - advisory: https://github.com/advisories/GHSA-jqmc-79gx-7g8p + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-0532 + - fix: https://github.com/cri-o/cri-o/pull/5610 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=2051730 + - web: https://github.com/cri-o/cri-o/releases/tag/v1.23.1 + - web: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls +source: + id: GHSA-jqmc-79gx-7g8p + created: 2024-08-20T14:07:11.296031-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE