Skip to content

Commit 744bbfb

Browse files
tatianabtatianab
committed
data/reports: add 7 unreviewed reports
 - data/reports/GO-2025-3409.yaml - data/reports/GO-2025-3410.yaml - data/reports/GO-2025-3413.yaml - data/reports/GO-2025-3415.yaml - data/reports/GO-2025-3416.yaml - data/reports/GO-2025-3418.yaml - data/reports/GO-2025-3419.yaml Fixes #3409 Fixes #3410 Fixes #3413 Fixes #3415 Fixes #3416 Fixes #3418 Fixes #3419 Change-Id: I298ca9406188ee90727531dc0f74530ab0b5c92d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/643498 Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
1 parent 785857f commit 744bbfb

14 files changed

+579
-0
lines changed

data/osv/GO-2025-3409.json

+67
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3409",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-23208",
8+
"GHSA-c9p4-xwr9-rfhx"
9+
],
10+
"summary": "Zot IdP group membership revocation ignored in zotregistry.dev/zot",
11+
"details": "Zot IdP group membership revocation ignored in zotregistry.dev/zot.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: zotregistry.dev/zot before v2.1.2.",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "zotregistry.dev/zot",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {
29+
"custom_ranges": [
30+
{
31+
"type": "ECOSYSTEM",
32+
"events": [
33+
{
34+
"introduced": "0"
35+
},
36+
{
37+
"fixed": "2.1.2"
38+
}
39+
]
40+
}
41+
]
42+
}
43+
}
44+
],
45+
"references": [
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://github.com/project-zot/zot/security/advisories/GHSA-c9p4-xwr9-rfhx"
49+
},
50+
{
51+
"type": "ADVISORY",
52+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23208"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://github.com/project-zot/zot/blob/5e30fec65c49e3139907e2819ccb39b2e3bd784e/pkg/meta/boltdb/boltdb.go#L1665"
57+
},
58+
{
59+
"type": "WEB",
60+
"url": "https://github.com/project-zot/zot/commit/002ac62d8a15bf0cba010b3ba7bde86f9837b613"
61+
}
62+
],
63+
"database_specific": {
64+
"url": "https://pkg.go.dev/vuln/GO-2025-3409",
65+
"review_status": "UNREVIEWED"
66+
}
67+
}

data/osv/GO-2025-3410.json

+57
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3410",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-24337",
8+
"GHSA-3qc3-mx6x-267h"
9+
],
10+
"summary": "Insecure default config access in WriteFreely in github.com/writefreely/writefreely",
11+
"details": "Insecure default config access in WriteFreely in github.com/writefreely/writefreely",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/writefreely/writefreely",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/advisories/GHSA-3qc3-mx6x-267h"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24337"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://github.com/writefreely/writefreely/releases/tag/v0.15.1"
43+
},
44+
{
45+
"type": "WEB",
46+
"url": "https://raphus.social/@TV4Fun/113846757112643161"
47+
},
48+
{
49+
"type": "WEB",
50+
"url": "https://www.openwall.com/lists/oss-security/2025/01/18/1"
51+
}
52+
],
53+
"database_specific": {
54+
"url": "https://pkg.go.dev/vuln/GO-2025-3410",
55+
"review_status": "UNREVIEWED"
56+
}
57+
}

data/osv/GO-2025-3413.json

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3413",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-0377",
8+
"GHSA-wpfp-cm49-9m9q"
9+
],
10+
"summary": "HashiCorp go-slug Vulnerable to Zip Slip Attack in github.com/hashicorp/go-slug",
11+
"details": "HashiCorp go-slug Vulnerable to Zip Slip Attack in github.com/hashicorp/go-slug",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/hashicorp/go-slug",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "0.16.3"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/advisories/GHSA-wpfp-cm49-9m9q"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0377"
42+
},
43+
{
44+
"type": "WEB",
45+
"url": "https://discuss.hashicorp.com/t/hcsec-2025-01-hashicorp-go-slug-vulnerable-to-zip-slip-attack"
46+
}
47+
],
48+
"database_specific": {
49+
"url": "https://pkg.go.dev/vuln/GO-2025-3413",
50+
"review_status": "UNREVIEWED"
51+
}
52+
}

data/osv/GO-2025-3415.json

+72
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3415",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-23028",
8+
"GHSA-9m5p-c77c-f9j7"
9+
],
10+
"summary": "DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium",
11+
"details": "DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/cilium/cilium",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "1.14.0"
24+
},
25+
{
26+
"fixed": "1.14.18"
27+
},
28+
{
29+
"introduced": "1.15.0"
30+
},
31+
{
32+
"fixed": "1.15.12"
33+
},
34+
{
35+
"introduced": "1.16.0"
36+
},
37+
{
38+
"fixed": "1.16.5"
39+
}
40+
]
41+
}
42+
],
43+
"ecosystem_specific": {}
44+
}
45+
],
46+
"references": [
47+
{
48+
"type": "ADVISORY",
49+
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-9m5p-c77c-f9j7"
50+
},
51+
{
52+
"type": "ADVISORY",
53+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23028"
54+
},
55+
{
56+
"type": "FIX",
57+
"url": "https://github.com/cilium/cilium/commit/1971bc684b6b36703ebae0dd7539c623f988a257"
58+
},
59+
{
60+
"type": "FIX",
61+
"url": "https://github.com/cilium/cilium/commit/b1948e217a4212b81175d8bf763d0ef350fcc96c"
62+
},
63+
{
64+
"type": "FIX",
65+
"url": "https://github.com/cilium/cilium/pull/36252"
66+
}
67+
],
68+
"database_specific": {
69+
"url": "https://pkg.go.dev/vuln/GO-2025-3415",
70+
"review_status": "UNREVIEWED"
71+
}
72+
}

data/osv/GO-2025-3416.json

+64
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3416",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-23047",
8+
"GHSA-h78m-j95m-5356"
9+
],
10+
"summary": "Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium",
11+
"details": "Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/cilium/cilium",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "1.14.0"
24+
},
25+
{
26+
"fixed": "1.14.19"
27+
},
28+
{
29+
"introduced": "1.15.0"
30+
},
31+
{
32+
"fixed": "1.15.13"
33+
},
34+
{
35+
"introduced": "1.16.0"
36+
},
37+
{
38+
"fixed": "1.16.6"
39+
}
40+
]
41+
}
42+
],
43+
"ecosystem_specific": {}
44+
}
45+
],
46+
"references": [
47+
{
48+
"type": "ADVISORY",
49+
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-h78m-j95m-5356"
50+
},
51+
{
52+
"type": "ADVISORY",
53+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23047"
54+
},
55+
{
56+
"type": "FIX",
57+
"url": "https://github.com/cilium/cilium/commit/a3489f190ba6e87b5336ee685fb6c80b1270d06d"
58+
}
59+
],
60+
"database_specific": {
61+
"url": "https://pkg.go.dev/vuln/GO-2025-3416",
62+
"review_status": "UNREVIEWED"
63+
}
64+
}

data/osv/GO-2025-3418.json

+60
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3418",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-24030",
8+
"GHSA-j777-63hf-hx76"
9+
],
10+
"summary": "Envoy Admin Interface Exposed through prometheus metrics endpoint in github.com/envoyproxy/gateway",
11+
"details": "Envoy Admin Interface Exposed through prometheus metrics endpoint in github.com/envoyproxy/gateway",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/envoyproxy/gateway",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "1.2.6"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/envoyproxy/gateway/security/advisories/GHSA-j777-63hf-hx76"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24030"
42+
},
43+
{
44+
"type": "FIX",
45+
"url": "https://github.com/envoyproxy/gateway/commit/3eb3301ab3dbf12b201b47bdb6074d1233be07bd"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://www.envoyproxy.io/docs/envoy/latest/operations/admin"
54+
}
55+
],
56+
"database_specific": {
57+
"url": "https://pkg.go.dev/vuln/GO-2025-3418",
58+
"review_status": "UNREVIEWED"
59+
}
60+
}

0 commit comments

Comments
 (0)