x/vulndb: potential Go vuln in github.com/karmada-io/karmada: GHSA-wccg-v638-j9q2

[GoVulnBot]

In GitHub Security Advisory GHSA-wccg-v638-j9q2, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/karmada-io/karmada		<= 1.9.0

Cross references:

• Module github.com/karmada-io/karmada appears in issue x/vulndb: potential Go vuln in github.com/karmada-io/karmada: GHSA-7xg2-83f8-39mr #2441 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/karmada-io/karmada
      versions:
        - {}
      vulnerable_at: 1.9.1
      packages:
        - package: github.com/karmada-io/karmada
summary: karmada vulnerable to arbitrary code execution via a crafted command in github.com/karmada-io/karmada
cves:
    - CVE-2024-33396
ghsas:
    - GHSA-wccg-v638-j9q2
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-33396
    - web: https://gist.github.com/HouqiyuA/2b56a893c06553013982836abb77ba50
    - advisory: https://github.com/advisories/GHSA-wccg-v638-j9q2
source:
    id: GHSA-wccg-v638-j9q2

[gopherbot]

Change https://go.dev/cl/590277 mentions this issue: data/reports: add 26 unreviewed reports