-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data/reports: unexclude 20 reports (15)
- data/reports/GO-2022-0367.yaml - data/reports/GO-2022-0368.yaml - data/reports/GO-2022-0369.yaml - data/reports/GO-2022-0372.yaml - data/reports/GO-2022-0374.yaml - data/reports/GO-2022-0375.yaml - data/reports/GO-2022-0377.yaml - data/reports/GO-2022-0378.yaml - data/reports/GO-2022-0381.yaml - data/reports/GO-2022-0387.yaml - data/reports/GO-2022-0388.yaml - data/reports/GO-2022-0389.yaml - data/reports/GO-2022-0390.yaml - data/reports/GO-2022-0392.yaml - data/reports/GO-2022-0393.yaml - data/reports/GO-2022-0395.yaml - data/reports/GO-2022-0396.yaml - data/reports/GO-2022-0398.yaml - data/reports/GO-2022-0405.yaml - data/reports/GO-2022-0406.yaml Updates #367 Updates #368 Updates #369 Updates #372 Updates #374 Updates #375 Updates #377 Updates #378 Updates #381 Updates #387 Updates #388 Updates #389 Updates #390 Updates #392 Updates #393 Updates #395 Updates #396 Updates #398 Updates #405 Updates #406 Change-Id: I001f245aa4d9225668c2b30e3d5b4ca7a7e9b3b3 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607217 Commit-Queue: Tatiana Bradley <tatianabradley@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
- Loading branch information
Showing
60 changed files
with
1,520 additions
and
130 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2022-0367", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "GHSA-gp6j-vx54-5pmf" | ||
| ], | ||
| "summary": "Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme in github.com/keep-network/keep-ecdsa", | ||
| "details": "Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme in github.com/keep-network/keep-ecdsa", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/keep-network/keep-ecdsa", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "1.8.1" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/keep-network/keep-ecdsa/security/advisories/GHSA-gp6j-vx54-5pmf" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/keep-network/keep-ecdsa/releases/tag/v1.8.1" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2022-0367", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2022-0368", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "GHSA-gv9j-4w24-q7vx" | ||
| ], | ||
| "summary": "Improper random number generation in github.com/coredns/coredns", | ||
| "details": "Improper random number generation in github.com/coredns/coredns", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/coredns/coredns", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "1.6.6" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/coredns/coredns/security/advisories/GHSA-gv9j-4w24-q7vx" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2022-0368", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2022-0369", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2022-0871", | ||
| "GHSA-gw5h-h6hj-f56g" | ||
| ], | ||
| "summary": "Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs", | ||
| "details": "Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "gogs.io/gogs", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "0.12.5" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/gogs/gogs/security/advisories/GHSA-gw5h-h6hj-f56g" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0871" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/gogs/gogs/commit/64102be2c90e1b47dbdd379873ba76c80d4b0e78" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/gogs/gogs/issues/6810" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2022-0369", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2022-0372", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2023-36474", | ||
| "GHSA-m36x-mgfh-8g78" | ||
| ], | ||
| "summary": "Subdomain Takeover in Interactsh server in github.com/projectdiscovery/interactsh", | ||
| "details": "Subdomain Takeover in Interactsh server in github.com/projectdiscovery/interactsh", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/projectdiscovery/interactsh", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "1.0.0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/projectdiscovery/interactsh/security/advisories/GHSA-m36x-mgfh-8g78" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36474" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/projectdiscovery/interactsh/pull/155" | ||
| }, | ||
| { | ||
| "type": "REPORT", | ||
| "url": "https://github.com/projectdiscovery/interactsh/issues/136" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2022-0372", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
Oops, something went wrong.