Skip to content

Commit 4ab2b0a

Browse files
tatianabgopherbot
tatianab
authored and
gopherbot
committed
data/reports: add 10 unreviewed reports
 - data/reports/GO-2024-3355.yaml - data/reports/GO-2024-3356.yaml - data/reports/GO-2024-3357.yaml - data/reports/GO-2024-3358.yaml - data/reports/GO-2024-3359.yaml - data/reports/GO-2024-3360.yaml - data/reports/GO-2025-3361.yaml - data/reports/GO-2025-3362.yaml - data/reports/GO-2025-3363.yaml - data/reports/GO-2025-3364.yaml Fixes #3355 Fixes #3356 Fixes #3357 Fixes #3358 Fixes #3359 Fixes #3360 Fixes #3361 Fixes #3362 Fixes #3363 Fixes #3364 Change-Id: Iac7e4b46ef09ae6a2274d806baa2e47eeb08523b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/640916 Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Zvonimir Pavlinovic <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
1 parent 728aa21 commit 4ab2b0a

20 files changed

+798
-0
lines changed

data/osv/GO-2024-3355.json

+60
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3355",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-54148",
8+
"GHSA-r7j8-5h9c-f6fx"
9+
],
10+
"summary": "Remote Command Execution in file editing in gogs in gogs.io/gogs",
11+
"details": "Remote Command Execution in file editing in gogs in gogs.io/gogs",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "gogs.io/gogs",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "0.13.1"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fx"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54148"
42+
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/gogs/gogs/commit/c94baec9ca923f38c19f0c7c5af722b9ec04022a"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/gogs/gogs/issues/7582"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/gogs/gogs/pull/7857"
54+
}
55+
],
56+
"database_specific": {
57+
"url": "https://pkg.go.dev/vuln/GO-2024-3355",
58+
"review_status": "UNREVIEWED"
59+
}
60+
}

data/osv/GO-2024-3356.json

+60
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3356",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-55947",
8+
"GHSA-qf5v-rp47-55gg"
9+
],
10+
"summary": "Path Traversal in file update API in gogs in gogs.io/gogs",
11+
"details": "Path Traversal in file update API in gogs in gogs.io/gogs",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "gogs.io/gogs",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "0.13.1"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55gg"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55947"
42+
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/gogs/gogs/commit/9a9388ace25bd646f5098cb9193d983332c34e41"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/gogs/gogs/issues/7582"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/gogs/gogs/pull/7859"
54+
}
55+
],
56+
"database_specific": {
57+
"url": "https://pkg.go.dev/vuln/GO-2024-3356",
58+
"review_status": "UNREVIEWED"
59+
}
60+
}

data/osv/GO-2024-3357.json

+60
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3357",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-56362",
8+
"GHSA-xwx7-p63r-2rj8"
9+
],
10+
"summary": "Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome",
11+
"details": "Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/navidrome/navidrome",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "0.54.1"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-xwx7-p63r-2rj8"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56362"
42+
},
43+
{
44+
"type": "FIX",
45+
"url": "https://github.com/navidrome/navidrome/commit/7f030b0859653593fd2ac0df69f4a313f9caf9ff"
46+
},
47+
{
48+
"type": "FIX",
49+
"url": "https://github.com/navidrome/navidrome/commit/9cbdb20a318a49daf95888b1fd207d4d729b55f1"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/navidrome/navidrome/releases/tag/v0.54.1"
54+
}
55+
],
56+
"database_specific": {
57+
"url": "https://pkg.go.dev/vuln/GO-2024-3357",
58+
"review_status": "UNREVIEWED"
59+
}
60+
}

data/osv/GO-2024-3358.json

+77
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,77 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3358",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-45387",
8+
"GHSA-vq94-9pfv-ccqr"
9+
],
10+
"summary": "SQL injection in Apache Traffic Control in github.com/apache/trafficcontrol",
11+
"details": "SQL injection in Apache Traffic Control in github.com/apache/trafficcontrol",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/apache/trafficcontrol",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
},
30+
{
31+
"package": {
32+
"name": "github.com/apache/trafficcontrol/v8",
33+
"ecosystem": "Go"
34+
},
35+
"ranges": [
36+
{
37+
"type": "SEMVER",
38+
"events": [
39+
{
40+
"introduced": "8.0.0"
41+
},
42+
{
43+
"fixed": "8.0.2"
44+
}
45+
]
46+
}
47+
],
48+
"ecosystem_specific": {}
49+
}
50+
],
51+
"references": [
52+
{
53+
"type": "ADVISORY",
54+
"url": "https://github.com/advisories/GHSA-vq94-9pfv-ccqr"
55+
},
56+
{
57+
"type": "ADVISORY",
58+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45387"
59+
},
60+
{
61+
"type": "WEB",
62+
"url": "http://www.openwall.com/lists/oss-security/2024/12/23/3"
63+
},
64+
{
65+
"type": "WEB",
66+
"url": "https://github.com/apache/trafficcontrol/releases/tag/v8.0.2"
67+
},
68+
{
69+
"type": "WEB",
70+
"url": "https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr"
71+
}
72+
],
73+
"database_specific": {
74+
"url": "https://pkg.go.dev/vuln/GO-2024-3358",
75+
"review_status": "UNREVIEWED"
76+
}
77+
}

data/osv/GO-2024-3359.json

+53
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3359",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-28892",
8+
"GHSA-5qww-56gc-f66c"
9+
],
10+
"summary": "GoCast OS Command Injection vulnerability in github.com/mayuresh82/gocast",
11+
"details": "GoCast OS Command Injection vulnerability in github.com/mayuresh82/gocast",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mayuresh82/gocast",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/advisories/GHSA-5qww-56gc-f66c"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28892"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1960"
43+
},
44+
{
45+
"type": "WEB",
46+
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1960"
47+
}
48+
],
49+
"database_specific": {
50+
"url": "https://pkg.go.dev/vuln/GO-2024-3359",
51+
"review_status": "UNREVIEWED"
52+
}
53+
}

data/osv/GO-2024-3360.json

+57
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3360",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-25133",
8+
"GHSA-wgqq-9qh8-wvqv"
9+
],
10+
"summary": "OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation in github.com/openshift/hive",
11+
"details": "OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation in github.com/openshift/hive",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/openshift/hive",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/advisories/GHSA-wgqq-9qh8-wvqv"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25133"
39+
},
40+
{
41+
"type": "FIX",
42+
"url": "https://github.com/openshift/hive/commit/5ba846620f9dbf49301dabb0d40cc980aabef4e0"
43+
},
44+
{
45+
"type": "FIX",
46+
"url": "https://github.com/openshift/hive/pull/2306"
47+
},
48+
{
49+
"type": "WEB",
50+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260372"
51+
}
52+
],
53+
"database_specific": {
54+
"url": "https://pkg.go.dev/vuln/GO-2024-3360",
55+
"review_status": "UNREVIEWED"
56+
}
57+
}

0 commit comments

Comments
 (0)