diff --git a/data/excluded/GO-2022-0887.yaml b/data/excluded/GO-2022-0887.yaml deleted file mode 100644 index 0f2ec9dc7..000000000 --- a/data/excluded/GO-2022-0887.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0887 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/go-ldap/ldap -cves: - - CVE-2017-14623 -ghsas: - - GHSA-x27w-qxhg-343v diff --git a/data/excluded/GO-2022-0888.yaml b/data/excluded/GO-2022-0888.yaml deleted file mode 100644 index 3bab3adf7..000000000 --- a/data/excluded/GO-2022-0888.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0888 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/syncthing/syncthing -cves: - - CVE-2021-21404 -ghsas: - - GHSA-x462-89pf-6r5h diff --git a/data/excluded/GO-2022-0889.yaml b/data/excluded/GO-2022-0889.yaml deleted file mode 100644 index fc275e973..000000000 --- a/data/excluded/GO-2022-0889.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0889 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/cosmos/ethermint -cves: - - CVE-2021-25835 -ghsas: - - GHSA-x5f3-qmwj-4f84 diff --git a/data/excluded/GO-2022-0890.yaml b/data/excluded/GO-2022-0890.yaml deleted file mode 100644 index 64d391995..000000000 --- a/data/excluded/GO-2022-0890.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0890 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/kubernetes/kubernetes -cves: - - CVE-2020-8555 -ghsas: - - GHSA-x6mj-w4jf-jmgw diff --git a/data/excluded/GO-2022-0892.yaml b/data/excluded/GO-2022-0892.yaml deleted file mode 100644 index a9fce8aaa..000000000 --- a/data/excluded/GO-2022-0892.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0892 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2020-8827 -ghsas: - - GHSA-xcqr-9h24-vrgw diff --git a/data/excluded/GO-2022-0893.yaml b/data/excluded/GO-2022-0893.yaml deleted file mode 100644 index c8e0e0ca0..000000000 --- a/data/excluded/GO-2022-0893.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0893 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/kubernetes/kubernetes -cves: - - CVE-2016-1905 -ghsas: - - GHSA-xx8c-m748-xr4j diff --git a/data/excluded/GO-2022-0894.yaml b/data/excluded/GO-2022-0894.yaml deleted file mode 100644 index 7fd2f5f15..000000000 --- a/data/excluded/GO-2022-0894.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0894 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/consul -cves: - - CVE-2021-32574 -ghsas: - - GHSA-25gf-8qrr-g78r diff --git a/data/excluded/GO-2022-0895.yaml b/data/excluded/GO-2022-0895.yaml deleted file mode 100644 index b02a97f8d..000000000 --- a/data/excluded/GO-2022-0895.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0895 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/consul -cves: - - CVE-2021-36213 -ghsas: - - GHSA-8h2g-r292-j8xh diff --git a/data/excluded/GO-2022-0903.yaml b/data/excluded/GO-2022-0903.yaml deleted file mode 100644 index 859279a87..000000000 --- a/data/excluded/GO-2022-0903.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0903 -excluded: NOT_IMPORTABLE -modules: - - module: ktbs.dev/teler -cves: - - CVE-2020-26213 -ghsas: - - GHSA-jhj6-5mh6-4pvf diff --git a/data/excluded/GO-2022-0905.yaml b/data/excluded/GO-2022-0905.yaml deleted file mode 100644 index da5164f34..000000000 --- a/data/excluded/GO-2022-0905.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0905 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/filecoin-project/lotus -cves: - - CVE-2021-21405 -ghsas: - - GHSA-4g52-pqcj-phvh diff --git a/data/excluded/GO-2022-0906.yaml b/data/excluded/GO-2022-0906.yaml deleted file mode 100644 index c10a8d5bc..000000000 --- a/data/excluded/GO-2022-0906.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0906 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/tyktechnologies/tyk-identity-broker -cves: - - CVE-2021-23365 -ghsas: - - GHSA-599h-8wpj-75xj diff --git a/data/excluded/GO-2022-0907.yaml b/data/excluded/GO-2022-0907.yaml deleted file mode 100644 index eab474c7b..000000000 --- a/data/excluded/GO-2022-0907.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0907 -excluded: NOT_IMPORTABLE -modules: - - module: k8s.io/kubernetes -cves: - - CVE-2021-25735 -ghsas: - - GHSA-g42g-737j-qx6j diff --git a/data/excluded/GO-2022-0908.yaml b/data/excluded/GO-2022-0908.yaml deleted file mode 100644 index f3de833c7..000000000 --- a/data/excluded/GO-2022-0908.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0908 -excluded: NOT_IMPORTABLE -modules: - - module: k8s.io/kubernetes -cves: - - CVE-2021-25737 -ghsas: - - GHSA-mfv7-gq43-w965 diff --git a/data/excluded/GO-2022-0910.yaml b/data/excluded/GO-2022-0910.yaml deleted file mode 100644 index 22d8f2db7..000000000 --- a/data/excluded/GO-2022-0910.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0910 -excluded: NOT_IMPORTABLE -modules: - - module: k8s.io/kubernetes -cves: - - CVE-2021-25741 -ghsas: - - GHSA-f5f7-6478-qm6p diff --git a/data/excluded/GO-2022-0912.yaml b/data/excluded/GO-2022-0912.yaml deleted file mode 100644 index 9d99a4f23..000000000 --- a/data/excluded/GO-2022-0912.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0912 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/sylabs/sif -cves: - - CVE-2021-29499 -ghsas: - - GHSA-4gh8-x3vv-phhg diff --git a/data/excluded/GO-2022-0914.yaml b/data/excluded/GO-2022-0914.yaml deleted file mode 100644 index c8b96246d..000000000 --- a/data/excluded/GO-2022-0914.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0914 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/opencontainers/runc -cves: - - CVE-2021-30465 -ghsas: - - GHSA-c3xm-pvg7-gh7r diff --git a/data/excluded/GO-2022-0915.yaml b/data/excluded/GO-2022-0915.yaml deleted file mode 100644 index e126f9277..000000000 --- a/data/excluded/GO-2022-0915.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0915 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/cortexproject/cortex -cves: - - CVE-2021-31232 -ghsas: - - GHSA-m45g-f45x-vv22 diff --git a/data/excluded/GO-2022-0919.yaml b/data/excluded/GO-2022-0919.yaml deleted file mode 100644 index 0c07c81fa..000000000 --- a/data/excluded/GO-2022-0919.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0919 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/pterodactyl/wings -cves: - - CVE-2021-32699 -ghsas: - - GHSA-jj6m-r8jc-2gp7 diff --git a/data/excluded/GO-2022-0920.yaml b/data/excluded/GO-2022-0920.yaml deleted file mode 100644 index f765e4680..000000000 --- a/data/excluded/GO-2022-0920.yaml +++ /dev/null @@ -1,10 +0,0 @@ -id: GO-2022-0920 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/ory/oathkeeper -cves: - - CVE-2021-32701 -ghsas: - - GHSA-vfvf-6gx5-mqv6 -related: - - GHSA-qvp4-rpmr-xwrr diff --git a/data/excluded/GO-2022-0921.yaml b/data/excluded/GO-2022-0921.yaml deleted file mode 100644 index fe0615da8..000000000 --- a/data/excluded/GO-2022-0921.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0921 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/containerd/containerd -cves: - - CVE-2021-32760 -ghsas: - - GHSA-c72p-9xmj-rx3w diff --git a/data/osv/GO-2022-0887.json b/data/osv/GO-2022-0887.json new file mode 100644 index 000000000..afd97186a --- /dev/null +++ b/data/osv/GO-2022-0887.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0887", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2017-14623", + "GHSA-x27w-qxhg-343v" + ], + "summary": "Access Restriction Bypass in go-ldap in github.com/go-ldap/ldap", + "details": "Access Restriction Bypass in go-ldap in github.com/go-ldap/ldap", + "affected": [ + { + "package": { + "name": "github.com/go-ldap/ldap", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.5.0+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-x27w-qxhg-343v" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14623" + }, + { + "type": "FIX", + "url": "https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66" + }, + { + "type": "FIX", + "url": "https://github.com/go-ldap/ldap/pull/126" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0887", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0888.json b/data/osv/GO-2022-0888.json new file mode 100644 index 000000000..363d8153e --- /dev/null +++ b/data/osv/GO-2022-0888.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0888", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-21404", + "GHSA-x462-89pf-6r5h" + ], + "summary": "Crash due to malformed relay protocol message in github.com/syncthing/syncthing", + "details": "Crash due to malformed relay protocol message in github.com/syncthing/syncthing", + "affected": [ + { + "package": { + "name": "github.com/syncthing/syncthing", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.15.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21404" + }, + { + "type": "FIX", + "url": "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97" + }, + { + "type": "WEB", + "url": "https://github.com/syncthing/syncthing/releases/tag/v1.15.0" + }, + { + "type": "WEB", + "url": "https://pkg.go.dev/github.com/syncthing/syncthing" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0888", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0889.json b/data/osv/GO-2022-0889.json new file mode 100644 index 000000000..2becd7b9b --- /dev/null +++ b/data/osv/GO-2022-0889.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0889", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-25835", + "GHSA-x5f3-qmwj-4f84" + ], + "summary": "Authentication bypass by capture-replay in github.com/cosmos/ethermint", + "details": "Authentication bypass by capture-replay in github.com/cosmos/ethermint", + "affected": [ + { + "package": { + "name": "github.com/cosmos/ethermint", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.4.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-x5f3-qmwj-4f84" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25835" + }, + { + "type": "FIX", + "url": "https://github.com/cosmos/ethermint/pull/692" + }, + { + "type": "REPORT", + "url": "https://github.com/cosmos/ethermint/issues/687" + }, + { + "type": "WEB", + "url": "https://github.com/cosmos/ethermint/releases/tag/v0.4.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0889", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0890.json b/data/osv/GO-2022-0890.json new file mode 100644 index 000000000..4204c4341 --- /dev/null +++ b/data/osv/GO-2022-0890.json @@ -0,0 +1,94 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0890", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-8555", + "GHSA-x6mj-w4jf-jmgw" + ], + "summary": "Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes", + "details": "Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes", + "affected": [ + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.15.12" + }, + { + "introduced": "1.16.0" + }, + { + "fixed": "1.16.9" + }, + { + "introduced": "1.17.0" + }, + { + "fixed": "1.17.4" + }, + { + "introduced": "1.18.0" + }, + { + "fixed": "1.18.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-x6mj-w4jf-jmgw" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8555" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2020/06/01/4" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2021/05/04/8" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/issues/91542" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/pull/89794" + }, + { + "type": "WEB", + "url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20200724-0005" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0890", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0892.json b/data/osv/GO-2022-0892.json new file mode 100644 index 000000000..6660c6e42 --- /dev/null +++ b/data/osv/GO-2022-0892.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0892", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-8827", + "GHSA-xcqr-9h24-vrgw" + ], + "summary": "Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd", + "details": "Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.5.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-xcqr-9h24-vrgw" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8827" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/commit/35a7350b7444bcaf53ee0bb11b9d8e3ae4b717a1" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/pull/3369" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/pull/3404" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo/releases" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0892", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0893.json b/data/osv/GO-2022-0893.json new file mode 100644 index 000000000..c3a527230 --- /dev/null +++ b/data/osv/GO-2022-0893.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0893", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2016-1905", + "GHSA-xx8c-m748-xr4j" + ], + "summary": "Access Restriction Bypass in kubernetes in github.com/kubernetes/kubernetes", + "details": "Access Restriction Bypass in kubernetes in github.com/kubernetes/kubernetes", + "affected": [ + { + "package": { + "name": "github.com/kubernetes/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.2.0-alpha.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-xx8c-m748-xr4j" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1905" + }, + { + "type": "REPORT", + "url": "https://github.com/kubernetes/kubernetes/issues/19479" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2016:0070" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2016:0351" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2016-1905" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297910" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0893", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0894.json b/data/osv/GO-2022-0894.json new file mode 100644 index 000000000..a384f1e6f --- /dev/null +++ b/data/osv/GO-2022-0894.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0894", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-32574", + "GHSA-25gf-8qrr-g78r" + ], + "summary": "Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul", + "details": "Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/consul", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.10.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-25gf-8qrr-g78r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32574" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/consul/releases/tag/v1.10.1" + }, + { + "type": "WEB", + "url": "https://security.gentoo.org/glsa/202208-09" + }, + { + "type": "WEB", + "url": "https://www.hashicorp.com/blog/category/consul" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0894", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0895.json b/data/osv/GO-2022-0895.json new file mode 100644 index 000000000..07fd97d3b --- /dev/null +++ b/data/osv/GO-2022-0895.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0895", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-36213", + "GHSA-8h2g-r292-j8xh" + ], + "summary": "HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul", + "details": "HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/consul", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.10.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-8h2g-r292-j8xh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36213" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/consul" + }, + { + "type": "WEB", + "url": "https://github.com/hashicorp/consul/releases/tag/v1.10.1" + }, + { + "type": "WEB", + "url": "https://security.gentoo.org/glsa/202208-09" + }, + { + "type": "WEB", + "url": "https://www.hashicorp.com/blog/category/consul" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0895", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0903.json b/data/osv/GO-2022-0903.json new file mode 100644 index 000000000..86bf39020 --- /dev/null +++ b/data/osv/GO-2022-0903.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0903", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2020-26213", + "GHSA-jhj6-5mh6-4pvf" + ], + "summary": "Denial-of-Service within Docker container in ktbs.dev/teler", + "details": "Denial-of-Service within Docker container in ktbs.dev/teler", + "affected": [ + { + "package": { + "name": "ktbs.dev/teler", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.0.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26213" + }, + { + "type": "WEB", + "url": "https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0903", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0905.json b/data/osv/GO-2022-0905.json new file mode 100644 index 000000000..0ea954608 --- /dev/null +++ b/data/osv/GO-2022-0905.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0905", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-21405", + "GHSA-4g52-pqcj-phvh" + ], + "summary": "BLS Signature \"Malleability\" in github.com/filecoin-project/lotus", + "details": "BLS Signature \"Malleability\" in github.com/filecoin-project/lotus", + "affected": [ + { + "package": { + "name": "github.com/filecoin-project/lotus", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.5.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21405" + }, + { + "type": "FIX", + "url": "https://github.com/filecoin-project/lotus/pull/5393" + }, + { + "type": "WEB", + "url": "https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0905", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0906.json b/data/osv/GO-2022-0906.json new file mode 100644 index 000000000..b540d8908 --- /dev/null +++ b/data/osv/GO-2022-0906.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0906", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-23365", + "GHSA-599h-8wpj-75xj" + ], + "summary": "Authentication Bypass in tyk-identity-broker in github.com/TykTechnologies/tyk-identity-broker", + "details": "Authentication Bypass in tyk-identity-broker in github.com/TykTechnologies/tyk-identity-broker", + "affected": [ + { + "package": { + "name": "github.com/TykTechnologies/tyk-identity-broker", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.1.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-599h-8wpj-75xj" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23365" + }, + { + "type": "FIX", + "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0" + }, + { + "type": "FIX", + "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0" + }, + { + "type": "FIX", + "url": "https://github.com/TykTechnologies/tyk-identity-broker/pull/147" + }, + { + "type": "WEB", + "url": "https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1" + }, + { + "type": "WEB", + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0906", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0907.json b/data/osv/GO-2022-0907.json new file mode 100644 index 000000000..aadaf83f4 --- /dev/null +++ b/data/osv/GO-2022-0907.json @@ -0,0 +1,88 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0907", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-25735", + "GHSA-g42g-737j-qx6j" + ], + "summary": "Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes", + "details": "Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes", + "affected": [ + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.18" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.10" + }, + { + "introduced": "1.20.0" + }, + { + "fixed": "1.20.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-g42g-737j-qx6j" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25735" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937562" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/commit/00e81db174ef7aca497be5f42d87e46d14df2a90" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/issues/100096" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/pull/99946" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y" + }, + { + "type": "WEB", + "url": "https://pkg.go.dev/k8s.io/kubernetes@v1.23.5/cmd/kube-apiserver" + }, + { + "type": "WEB", + "url": "https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0907", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0908.json b/data/osv/GO-2022-0908.json new file mode 100644 index 000000000..7a12fe6f9 --- /dev/null +++ b/data/osv/GO-2022-0908.json @@ -0,0 +1,78 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0908", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-25737", + "GHSA-mfv7-gq43-w965" + ], + "summary": "Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes", + "details": "Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes", + "affected": [ + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.16.0" + }, + { + "fixed": "1.18.19" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.11" + }, + { + "introduced": "1.20.0" + }, + { + "fixed": "1.20.7" + }, + { + "introduced": "1.21.0" + }, + { + "fixed": "1.21.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-mfv7-gq43-w965" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25737" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/issues/102106" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20211004-0004" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0908", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0910.json b/data/osv/GO-2022-0910.json new file mode 100644 index 000000000..26b3c7479 --- /dev/null +++ b/data/osv/GO-2022-0910.json @@ -0,0 +1,78 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0910", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-25741", + "GHSA-f5f7-6478-qm6p" + ], + "summary": "Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes", + "details": "Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes", + "affected": [ + { + "package": { + "name": "k8s.io/kubernetes", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.19.15" + }, + { + "introduced": "1.20.0" + }, + { + "fixed": "1.20.11" + }, + { + "introduced": "1.21.0" + }, + { + "fixed": "1.21.5" + }, + { + "introduced": "1.22.0" + }, + { + "fixed": "1.22.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-f5f7-6478-qm6p" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25741" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes/kubernetes/issues/104980" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20211008-0006" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0910", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0912.json b/data/osv/GO-2022-0912.json new file mode 100644 index 000000000..6da7e8412 --- /dev/null +++ b/data/osv/GO-2022-0912.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0912", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-29499", + "GHSA-4gh8-x3vv-phhg" + ], + "summary": "Predictable SIF UUID Identifiers in github.com/sylabs/sif", + "details": "Predictable SIF UUID Identifiers in github.com/sylabs/sif", + "affected": [ + { + "package": { + "name": "github.com/sylabs/sif", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.2.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29499" + }, + { + "type": "FIX", + "url": "https://github.com/sylabs/sif/commit/193962882122abf85ff5f5bcc86404933e71c07d" + }, + { + "type": "WEB", + "url": "https://github.com/satori/go.uuid/issues/73" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0912", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0914.json b/data/osv/GO-2022-0914.json new file mode 100644 index 000000000..774169841 --- /dev/null +++ b/data/osv/GO-2022-0914.json @@ -0,0 +1,84 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0914", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-30465", + "GHSA-c3xm-pvg7-gh7r" + ], + "summary": "mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc", + "details": "mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc", + "affected": [ + { + "package": { + "name": "github.com/opencontainers/runc", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.0-rc95" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30465" + }, + { + "type": "FIX", + "url": "https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2021/05/19/2" + }, + { + "type": "WEB", + "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1185405" + }, + { + "type": "WEB", + "url": "https://github.com/opencontainers/runc/releases" + }, + { + "type": "WEB", + "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV" + }, + { + "type": "WEB", + "url": "https://security.gentoo.org/glsa/202107-26" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20210708-0003" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0914", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0915.json b/data/osv/GO-2022-0915.json new file mode 100644 index 000000000..ac2e11150 --- /dev/null +++ b/data/osv/GO-2022-0915.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0915", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-31232", + "GHSA-m45g-f45x-vv22" + ], + "summary": "Improper input validation in CNCF Cortex in github.com/cortexproject/cortex", + "details": "Improper input validation in CNCF Cortex in github.com/cortexproject/cortex", + "affected": [ + { + "package": { + "name": "github.com/cortexproject/cortex", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.8.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-m45g-f45x-vv22" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31232" + }, + { + "type": "FIX", + "url": "https://github.com/cortexproject/cortex/pull/4129/files" + }, + { + "type": "WEB", + "url": "https://github.com/cortexproject/cortex" + }, + { + "type": "WEB", + "url": "https://lists.cncf.io/g/cortex-users/message/50" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0915", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0919.json b/data/osv/GO-2022-0919.json new file mode 100644 index 000000000..f93b6bf19 --- /dev/null +++ b/data/osv/GO-2022-0919.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0919", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-32699", + "GHSA-jj6m-r8jc-2gp7" + ], + "summary": "Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings in github.com/pterodactyl/wings", + "details": "Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings in github.com/pterodactyl/wings", + "affected": [ + { + "package": { + "name": "github.com/pterodactyl/wings", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-jj6m-r8jc-2gp7" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32699" + }, + { + "type": "FIX", + "url": "https://github.com/pterodactyl/wings/commit/e0078eee0a71d61573a94c75e6efcad069d78de3" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0919", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0920.json b/data/osv/GO-2022-0920.json new file mode 100644 index 000000000..2a9a12f37 --- /dev/null +++ b/data/osv/GO-2022-0920.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0920", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-32701", + "GHSA-vfvf-6gx5-mqv6" + ], + "summary": "Incorrect Authorization in ORY Oathkeeper in github.com/ory/oathkeeper", + "details": "Incorrect Authorization in ORY Oathkeeper in github.com/ory/oathkeeper", + "affected": [ + { + "package": { + "name": "github.com/ory/oathkeeper", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.38.0-beta.2" + }, + { + "fixed": "0.38.12-beta.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-vfvf-6gx5-mqv6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32701" + }, + { + "type": "FIX", + "url": "https://github.com/ory/oathkeeper/commit/1f9f625c1a49e134ae2299ee95b8cf158feec932" + }, + { + "type": "FIX", + "url": "https://github.com/ory/oathkeeper/pull/424" + }, + { + "type": "WEB", + "url": "https://github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0920", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0921.json b/data/osv/GO-2022-0921.json new file mode 100644 index 000000000..de07716cd --- /dev/null +++ b/data/osv/GO-2022-0921.json @@ -0,0 +1,82 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0921", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-32760", + "GHSA-c72p-9xmj-rx3w" + ], + "summary": "Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd", + "details": "Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd", + "affected": [ + { + "package": { + "name": "github.com/containerd/containerd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.8" + }, + { + "introduced": "1.5.0" + }, + { + "fixed": "1.5.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32760" + }, + { + "type": "FIX", + "url": "https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c" + }, + { + "type": "FIX", + "url": "https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f" + }, + { + "type": "WEB", + "url": "https://github.com/containerd/containerd/releases/tag/v1.4.8" + }, + { + "type": "WEB", + "url": "https://github.com/containerd/containerd/releases/tag/v1.5.4" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3" + }, + { + "type": "WEB", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3" + }, + { + "type": "WEB", + "url": "https://security.gentoo.org/glsa/202401-31" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0921", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2022-0887.yaml b/data/reports/GO-2022-0887.yaml new file mode 100644 index 000000000..b243ef536 --- /dev/null +++ b/data/reports/GO-2022-0887.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0887 +modules: + - module: github.com/go-ldap/ldap + versions: + - fixed: 2.5.0+incompatible + vulnerable_at: 2.4.1+incompatible +summary: Access Restriction Bypass in go-ldap in github.com/go-ldap/ldap +cves: + - CVE-2017-14623 +ghsas: + - GHSA-x27w-qxhg-343v +references: + - advisory: https://github.com/advisories/GHSA-x27w-qxhg-343v + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2017-14623 + - fix: https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66 + - fix: https://github.com/go-ldap/ldap/pull/126 +source: + id: GHSA-x27w-qxhg-343v + created: 2024-08-20T14:27:16.422482-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0888.yaml b/data/reports/GO-2022-0888.yaml new file mode 100644 index 000000000..ee8208fbd --- /dev/null +++ b/data/reports/GO-2022-0888.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0888 +modules: + - module: github.com/syncthing/syncthing + versions: + - fixed: 1.15.0 + vulnerable_at: 1.15.0-rc.6 +summary: Crash due to malformed relay protocol message in github.com/syncthing/syncthing +cves: + - CVE-2021-21404 +ghsas: + - GHSA-x462-89pf-6r5h +references: + - advisory: https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-21404 + - fix: https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97 + - web: https://github.com/syncthing/syncthing/releases/tag/v1.15.0 + - web: https://pkg.go.dev/github.com/syncthing/syncthing +source: + id: GHSA-x462-89pf-6r5h + created: 2024-08-20T14:27:23.486788-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0889.yaml b/data/reports/GO-2022-0889.yaml new file mode 100644 index 000000000..07e7daebe --- /dev/null +++ b/data/reports/GO-2022-0889.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0889 +modules: + - module: github.com/cosmos/ethermint + versions: + - fixed: 0.4.1 + vulnerable_at: 0.4.0 +summary: Authentication bypass by capture-replay in github.com/cosmos/ethermint +cves: + - CVE-2021-25835 +ghsas: + - GHSA-x5f3-qmwj-4f84 +references: + - advisory: https://github.com/advisories/GHSA-x5f3-qmwj-4f84 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-25835 + - fix: https://github.com/cosmos/ethermint/pull/692 + - report: https://github.com/cosmos/ethermint/issues/687 + - web: https://github.com/cosmos/ethermint/releases/tag/v0.4.1 +source: + id: GHSA-x5f3-qmwj-4f84 + created: 2024-08-20T14:27:27.667965-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0890.yaml b/data/reports/GO-2022-0890.yaml new file mode 100644 index 000000000..75d39f0d4 --- /dev/null +++ b/data/reports/GO-2022-0890.yaml @@ -0,0 +1,32 @@ +id: GO-2022-0890 +modules: + - module: k8s.io/kubernetes + versions: + - fixed: 1.15.12 + - introduced: 1.16.0 + - fixed: 1.16.9 + - introduced: 1.17.0 + - fixed: 1.17.4 + - introduced: 1.18.0 + - fixed: 1.18.1 + vulnerable_at: 1.18.1-beta.0 +summary: Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes +cves: + - CVE-2020-8555 +ghsas: + - GHSA-x6mj-w4jf-jmgw +references: + - advisory: https://github.com/advisories/GHSA-x6mj-w4jf-jmgw + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-8555 + - web: http://www.openwall.com/lists/oss-security/2020/06/01/4 + - web: http://www.openwall.com/lists/oss-security/2021/05/04/8 + - web: https://github.com/kubernetes/kubernetes/issues/91542 + - web: https://github.com/kubernetes/kubernetes/pull/89794 + - web: https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX + - web: https://security.netapp.com/advisory/ntap-20200724-0005 +source: + id: GHSA-x6mj-w4jf-jmgw + created: 2024-08-20T14:27:31.859677-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0892.yaml b/data/reports/GO-2022-0892.yaml new file mode 100644 index 000000000..973d30584 --- /dev/null +++ b/data/reports/GO-2022-0892.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0892 +modules: + - module: github.com/argoproj/argo-cd + versions: + - fixed: 1.5.1 + vulnerable_at: 1.5.0 +summary: Improper Restriction of Excessive Authentication Attempts in Argo API in github.com/argoproj/argo-cd +cves: + - CVE-2020-8827 +ghsas: + - GHSA-xcqr-9h24-vrgw +references: + - advisory: https://github.com/advisories/GHSA-xcqr-9h24-vrgw + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-8827 + - fix: https://github.com/argoproj/argo-cd/commit/35a7350b7444bcaf53ee0bb11b9d8e3ae4b717a1 + - fix: https://github.com/argoproj/argo-cd/pull/3369 + - fix: https://github.com/argoproj/argo-cd/pull/3404 + - web: https://github.com/argoproj/argo/releases +source: + id: GHSA-xcqr-9h24-vrgw + created: 2024-08-20T14:27:38.772652-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0893.yaml b/data/reports/GO-2022-0893.yaml new file mode 100644 index 000000000..386dadb72 --- /dev/null +++ b/data/reports/GO-2022-0893.yaml @@ -0,0 +1,24 @@ +id: GO-2022-0893 +modules: + - module: github.com/kubernetes/kubernetes + versions: + - fixed: 1.2.0-alpha.6 + vulnerable_at: 1.2.0-alpha.5 +summary: Access Restriction Bypass in kubernetes in github.com/kubernetes/kubernetes +cves: + - CVE-2016-1905 +ghsas: + - GHSA-xx8c-m748-xr4j +references: + - advisory: https://github.com/advisories/GHSA-xx8c-m748-xr4j + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2016-1905 + - report: https://github.com/kubernetes/kubernetes/issues/19479 + - web: https://access.redhat.com/errata/RHSA-2016:0070 + - web: https://access.redhat.com/errata/RHSA-2016:0351 + - web: https://access.redhat.com/security/cve/CVE-2016-1905 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=1297910 +source: + id: GHSA-xx8c-m748-xr4j + created: 2024-08-20T14:27:43.897027-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0894.yaml b/data/reports/GO-2022-0894.yaml new file mode 100644 index 000000000..0eb09b5aa --- /dev/null +++ b/data/reports/GO-2022-0894.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0894 +modules: + - module: github.com/hashicorp/consul + versions: + - fixed: 1.10.1 + vulnerable_at: 1.10.1-beta1 +summary: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul +cves: + - CVE-2021-32574 +ghsas: + - GHSA-25gf-8qrr-g78r +references: + - advisory: https://github.com/advisories/GHSA-25gf-8qrr-g78r + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-32574 + - web: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 + - web: https://github.com/hashicorp/consul/releases/tag/v1.10.1 + - web: https://security.gentoo.org/glsa/202208-09 + - web: https://www.hashicorp.com/blog/category/consul +source: + id: GHSA-25gf-8qrr-g78r + created: 2024-08-20T14:27:50.634232-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0895.yaml b/data/reports/GO-2022-0895.yaml new file mode 100644 index 000000000..69fa6d8c4 --- /dev/null +++ b/data/reports/GO-2022-0895.yaml @@ -0,0 +1,24 @@ +id: GO-2022-0895 +modules: + - module: github.com/hashicorp/consul + versions: + - fixed: 1.10.1 + vulnerable_at: 1.10.1-beta1 +summary: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul +cves: + - CVE-2021-36213 +ghsas: + - GHSA-8h2g-r292-j8xh +references: + - advisory: https://github.com/advisories/GHSA-8h2g-r292-j8xh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-36213 + - web: https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 + - web: https://github.com/hashicorp/consul + - web: https://github.com/hashicorp/consul/releases/tag/v1.10.1 + - web: https://security.gentoo.org/glsa/202208-09 + - web: https://www.hashicorp.com/blog/category/consul +source: + id: GHSA-8h2g-r292-j8xh + created: 2024-08-20T14:27:55.083611-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0903.yaml b/data/reports/GO-2022-0903.yaml new file mode 100644 index 000000000..6500a331d --- /dev/null +++ b/data/reports/GO-2022-0903.yaml @@ -0,0 +1,20 @@ +id: GO-2022-0903 +modules: + - module: ktbs.dev/teler + versions: + - fixed: 0.0.1 + vulnerable_at: 0.0.1-rc2.1 +summary: Denial-of-Service within Docker container in ktbs.dev/teler +cves: + - CVE-2020-26213 +ghsas: + - GHSA-jhj6-5mh6-4pvf +references: + - advisory: https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-26213 + - web: https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e +source: + id: GHSA-jhj6-5mh6-4pvf + created: 2024-08-20T14:28:27.271663-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0905.yaml b/data/reports/GO-2022-0905.yaml new file mode 100644 index 000000000..a5646271c --- /dev/null +++ b/data/reports/GO-2022-0905.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0905 +modules: + - module: github.com/filecoin-project/lotus + versions: + - fixed: 1.5.0 + vulnerable_at: 1.5.0-rc2 +summary: BLS Signature "Malleability" in github.com/filecoin-project/lotus +cves: + - CVE-2021-21405 +ghsas: + - GHSA-4g52-pqcj-phvh +references: + - advisory: https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-21405 + - fix: https://github.com/filecoin-project/lotus/pull/5393 + - web: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754 +source: + id: GHSA-4g52-pqcj-phvh + created: 2024-08-20T14:28:35.422481-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0906.yaml b/data/reports/GO-2022-0906.yaml new file mode 100644 index 000000000..eab78bc3a --- /dev/null +++ b/data/reports/GO-2022-0906.yaml @@ -0,0 +1,24 @@ +id: GO-2022-0906 +modules: + - module: github.com/TykTechnologies/tyk-identity-broker + versions: + - fixed: 1.1.1 + vulnerable_at: 1.1.0 +summary: Authentication Bypass in tyk-identity-broker in github.com/TykTechnologies/tyk-identity-broker +cves: + - CVE-2021-23365 +ghsas: + - GHSA-599h-8wpj-75xj +references: + - advisory: https://github.com/advisories/GHSA-599h-8wpj-75xj + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-23365 + - fix: https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0 + - fix: https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0 + - fix: https://github.com/TykTechnologies/tyk-identity-broker/pull/147 + - web: https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1 + - web: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720 +source: + id: GHSA-599h-8wpj-75xj + created: 2024-08-20T14:28:40.033284-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0907.yaml b/data/reports/GO-2022-0907.yaml new file mode 100644 index 000000000..4aa44d1e7 --- /dev/null +++ b/data/reports/GO-2022-0907.yaml @@ -0,0 +1,30 @@ +id: GO-2022-0907 +modules: + - module: k8s.io/kubernetes + versions: + - fixed: 1.18.18 + - introduced: 1.19.0 + - fixed: 1.19.10 + - introduced: 1.20.0 + - fixed: 1.20.6 + vulnerable_at: 1.20.6-rc.0 +summary: Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes +cves: + - CVE-2021-25735 +ghsas: + - GHSA-g42g-737j-qx6j +references: + - advisory: https://github.com/advisories/GHSA-g42g-737j-qx6j + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-25735 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=1937562 + - web: https://github.com/kubernetes/kubernetes/commit/00e81db174ef7aca497be5f42d87e46d14df2a90 + - web: https://github.com/kubernetes/kubernetes/issues/100096 + - web: https://github.com/kubernetes/kubernetes/pull/99946 + - web: https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y + - web: https://pkg.go.dev/k8s.io/kubernetes@v1.23.5/cmd/kube-apiserver + - web: https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass +source: + id: GHSA-g42g-737j-qx6j + created: 2024-08-20T14:28:47.166417-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0908.yaml b/data/reports/GO-2022-0908.yaml new file mode 100644 index 000000000..a04bed47c --- /dev/null +++ b/data/reports/GO-2022-0908.yaml @@ -0,0 +1,29 @@ +id: GO-2022-0908 +modules: + - module: k8s.io/kubernetes + versions: + - introduced: 1.16.0 + - fixed: 1.18.19 + - introduced: 1.19.0 + - fixed: 1.19.11 + - introduced: 1.20.0 + - fixed: 1.20.7 + - introduced: 1.21.0 + - fixed: 1.21.1 + vulnerable_at: 1.21.1-rc.0 +summary: Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes +cves: + - CVE-2021-25737 +ghsas: + - GHSA-mfv7-gq43-w965 +references: + - advisory: https://github.com/advisories/GHSA-mfv7-gq43-w965 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-25737 + - web: https://github.com/kubernetes/kubernetes/issues/102106 + - web: https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY + - web: https://security.netapp.com/advisory/ntap-20211004-0004 +source: + id: GHSA-mfv7-gq43-w965 + created: 2024-08-20T14:28:55.826196-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0910.yaml b/data/reports/GO-2022-0910.yaml new file mode 100644 index 000000000..19c38f103 --- /dev/null +++ b/data/reports/GO-2022-0910.yaml @@ -0,0 +1,28 @@ +id: GO-2022-0910 +modules: + - module: k8s.io/kubernetes + versions: + - fixed: 1.19.15 + - introduced: 1.20.0 + - fixed: 1.20.11 + - introduced: 1.21.0 + - fixed: 1.21.5 + - introduced: 1.22.0 + - fixed: 1.22.2 + vulnerable_at: 1.22.2-rc.0 +summary: Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes +cves: + - CVE-2021-25741 +ghsas: + - GHSA-f5f7-6478-qm6p +references: + - advisory: https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-f5f7-6478-qm6p + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-25741 + - web: https://github.com/kubernetes/kubernetes/issues/104980 + - web: https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s + - web: https://security.netapp.com/advisory/ntap-20211008-0006 +source: + id: GHSA-f5f7-6478-qm6p + created: 2024-08-20T14:29:05.823528-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0912.yaml b/data/reports/GO-2022-0912.yaml new file mode 100644 index 000000000..4ef9adcb3 --- /dev/null +++ b/data/reports/GO-2022-0912.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0912 +modules: + - module: github.com/sylabs/sif + versions: + - fixed: 1.2.3 + vulnerable_at: 1.2.2 +summary: Predictable SIF UUID Identifiers in github.com/sylabs/sif +cves: + - CVE-2021-29499 +ghsas: + - GHSA-4gh8-x3vv-phhg +references: + - advisory: https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-29499 + - fix: https://github.com/sylabs/sif/commit/193962882122abf85ff5f5bcc86404933e71c07d + - web: https://github.com/satori/go.uuid/issues/73 +source: + id: GHSA-4gh8-x3vv-phhg + created: 2024-08-20T14:29:21.80878-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0914.yaml b/data/reports/GO-2022-0914.yaml new file mode 100644 index 000000000..39b83eefd --- /dev/null +++ b/data/reports/GO-2022-0914.yaml @@ -0,0 +1,30 @@ +id: GO-2022-0914 +modules: + - module: github.com/opencontainers/runc + versions: + - fixed: 1.0.0-rc95 + vulnerable_at: 1.0.0-rc94 +summary: |- + mount destinations can be swapped via symlink-exchange to cause mounts outside + the rootfs in github.com/opencontainers/runc +cves: + - CVE-2021-30465 +ghsas: + - GHSA-c3xm-pvg7-gh7r +references: + - advisory: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-30465 + - fix: https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f + - web: http://www.openwall.com/lists/oss-security/2021/05/19/2 + - web: https://bugzilla.opensuse.org/show_bug.cgi?id=1185405 + - web: https://github.com/opencontainers/runc/releases + - web: https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV + - web: https://security.gentoo.org/glsa/202107-26 + - web: https://security.netapp.com/advisory/ntap-20210708-0003 +source: + id: GHSA-c3xm-pvg7-gh7r + created: 2024-08-20T14:29:55.083436-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0915.yaml b/data/reports/GO-2022-0915.yaml new file mode 100644 index 000000000..bd9d6b80a --- /dev/null +++ b/data/reports/GO-2022-0915.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0915 +modules: + - module: github.com/cortexproject/cortex + versions: + - fixed: 1.8.1 + vulnerable_at: 1.8.0 +summary: Improper input validation in CNCF Cortex in github.com/cortexproject/cortex +cves: + - CVE-2021-31232 +ghsas: + - GHSA-m45g-f45x-vv22 +references: + - advisory: https://github.com/advisories/GHSA-m45g-f45x-vv22 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-31232 + - fix: https://github.com/cortexproject/cortex/pull/4129/files + - web: https://github.com/cortexproject/cortex + - web: https://lists.cncf.io/g/cortex-users/message/50 +source: + id: GHSA-m45g-f45x-vv22 + created: 2024-08-20T14:30:03.89951-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0919.yaml b/data/reports/GO-2022-0919.yaml new file mode 100644 index 000000000..45c31c87d --- /dev/null +++ b/data/reports/GO-2022-0919.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0919 +modules: + - module: github.com/pterodactyl/wings + versions: + - fixed: 1.4.4 + vulnerable_at: 1.4.3 +summary: |- + Asymmetric Resource Consumption (Amplification) in Docker containers created by + Wings in github.com/pterodactyl/wings +cves: + - CVE-2021-32699 +ghsas: + - GHSA-jj6m-r8jc-2gp7 +references: + - advisory: https://github.com/pterodactyl/wings/security/advisories/GHSA-jj6m-r8jc-2gp7 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-32699 + - fix: https://github.com/pterodactyl/wings/commit/e0078eee0a71d61573a94c75e6efcad069d78de3 +source: + id: GHSA-jj6m-r8jc-2gp7 + created: 2024-08-20T14:30:33.385895-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0920.yaml b/data/reports/GO-2022-0920.yaml new file mode 100644 index 000000000..8171a1f14 --- /dev/null +++ b/data/reports/GO-2022-0920.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0920 +modules: + - module: github.com/ory/oathkeeper + versions: + - introduced: 0.38.0-beta.2 + - fixed: 0.38.12-beta.1 + vulnerable_at: 0.38.11-beta.1 +summary: Incorrect Authorization in ORY Oathkeeper in github.com/ory/oathkeeper +cves: + - CVE-2021-32701 +ghsas: + - GHSA-vfvf-6gx5-mqv6 +references: + - advisory: https://github.com/advisories/GHSA-vfvf-6gx5-mqv6 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-32701 + - fix: https://github.com/ory/oathkeeper/commit/1f9f625c1a49e134ae2299ee95b8cf158feec932 + - fix: https://github.com/ory/oathkeeper/pull/424 + - web: https://github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr +source: + id: GHSA-vfvf-6gx5-mqv6 + created: 2024-08-20T14:30:36.516363-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0921.yaml b/data/reports/GO-2022-0921.yaml new file mode 100644 index 000000000..2adf60406 --- /dev/null +++ b/data/reports/GO-2022-0921.yaml @@ -0,0 +1,28 @@ +id: GO-2022-0921 +modules: + - module: github.com/containerd/containerd + versions: + - fixed: 1.4.8 + - introduced: 1.5.0 + - fixed: 1.5.4 + vulnerable_at: 1.5.3 +summary: Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd +cves: + - CVE-2021-32760 +ghsas: + - GHSA-c72p-9xmj-rx3w +references: + - advisory: https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-32760 + - fix: https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c + - fix: https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f + - web: https://github.com/containerd/containerd/releases/tag/v1.4.8 + - web: https://github.com/containerd/containerd/releases/tag/v1.5.4 + - web: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3 + - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3 + - web: https://security.gentoo.org/glsa/202401-31 +source: + id: GHSA-c72p-9xmj-rx3w + created: 2024-08-20T14:30:41.699693-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE