Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 575b77eb9c33 · 2025-01-16T22:37:07.000Z
GHSA-8vmr-h7h5-cqhg GHSA-gp86-q8hg-fpxj GHSA-r6jg-jfv6-2fjv GHSA-rcxc-wjgw-579r GHSA-vc2m-hw89-qjxf
diff --git a/advisories/github-reviewed/2025/01/GHSA-8vmr-h7h5-cqhg/GHSA-8vmr-h7h5-cqhg.json b/advisories/github-reviewed/2025/01/GHSA-8vmr-h7h5-cqhg/GHSA-8vmr-h7h5-cqhg.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8vmr-h7h5-cqhg",
-  "modified": "2025-01-16T19:05:01Z",
+  "modified": "2025-01-16T22:35:37Z",
   "published": "2025-01-16T19:05:01Z",
   "aliases": [
     "CVE-2024-36402"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-8vmr-h7h5-cqhg"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36402"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3916"
@@ -56,6 +60,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-01-16T19:05:01Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-01-16T20:15:32Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/01/GHSA-gp86-q8hg-fpxj/GHSA-gp86-q8hg-fpxj.json b/advisories/github-reviewed/2025/01/GHSA-gp86-q8hg-fpxj/GHSA-gp86-q8hg-fpxj.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gp86-q8hg-fpxj",
-  "modified": "2025-01-16T19:07:43Z",
+  "modified": "2025-01-16T22:36:04Z",
   "published": "2025-01-16T19:07:43Z",
   "aliases": [
     "CVE-2024-52791"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-gp86-q8hg-fpxj"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52791"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/t2bot/matrix-media-repo"
@@ -59,6 +63,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-01-16T19:07:43Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-01-16T20:15:32Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/01/GHSA-r6jg-jfv6-2fjv/GHSA-r6jg-jfv6-2fjv.json b/advisories/github-reviewed/2025/01/GHSA-r6jg-jfv6-2fjv/GHSA-r6jg-jfv6-2fjv.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r6jg-jfv6-2fjv",
-  "modified": "2025-01-16T19:35:02Z",
+  "modified": "2025-01-16T22:35:55Z",
   "published": "2025-01-16T19:35:02Z",
   "aliases": [
     "CVE-2024-52602"
@@ -43,13 +43,29 @@
       "type": "WEB",
       "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-r6jg-jfv6-2fjv"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52602"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/t2bot/matrix-media-repo"
     },
     {
       "type": "WEB",
       "url": "https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://learn.snyk.io/lesson/ssrf-server-side-request-forgery"
+    },
+    {
+      "type": "WEB",
+      "url": "https://owasp.org/www-community/attacks/Server_Side_Request_Forgery"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang"
     }
   ],
   "database_specific": {
@@ -59,6 +75,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-01-16T19:35:02Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-01-16T20:15:32Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/01/GHSA-rcxc-wjgw-579r/GHSA-rcxc-wjgw-579r.json b/advisories/github-reviewed/2025/01/GHSA-rcxc-wjgw-579r/GHSA-rcxc-wjgw-579r.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rcxc-wjgw-579r",
-  "modified": "2025-01-16T19:35:09Z",
+  "modified": "2025-01-16T22:36:15Z",
   "published": "2025-01-16T19:35:09Z",
   "aliases": [
     "CVE-2024-56515"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-rcxc-wjgw-579r"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56515"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/t2bot/matrix-media-repo"
@@ -54,11 +58,12 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-434"
+      "CWE-434",
+      "CWE-502"
     ],
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-01-16T19:35:09Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-01-16T20:15:33Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/01/GHSA-vc2m-hw89-qjxf/GHSA-vc2m-hw89-qjxf.json b/advisories/github-reviewed/2025/01/GHSA-vc2m-hw89-qjxf/GHSA-vc2m-hw89-qjxf.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vc2m-hw89-qjxf",
-  "modified": "2025-01-16T19:05:12Z",
+  "modified": "2025-01-16T22:35:46Z",
   "published": "2025-01-16T19:05:12Z",
   "aliases": [
     "CVE-2024-36403"
@@ -40,6 +40,14 @@
       "type": "WEB",
       "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-vc2m-hw89-qjxf"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36403"
+    },
+    {
+      "type": "WEB",
+      "url": "https://en.wikipedia.org/wiki/Leaky_bucket#As_a_meter"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/t2bot/matrix-media-repo"
@@ -52,6 +60,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-01-16T19:05:12Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-01-16T20:15:32Z"
   }
 }
