data/reports: add 51 unreviewed reports

Add 51 completely auto-generated reports. - data/reports/GO-2024-2647.yaml - data/reports/GO-2024-2728.yaml - data/reports/GO-2024-2568.yaml - data/reports/GO-2024-2569.yaml - data/reports/GO-2024-2597.yaml - data/reports/GO-2024-2756.yaml - data/reports/GO-2024-2765.yaml - data/reports/GO-2024-2853.yaml - data/reports/GO-2024-2860.yaml - data/reports/GO-2024-2785.yaml - data/reports/GO-2024-2579.yaml - data/reports/GO-2024-2747.yaml - data/reports/GO-2024-2645.yaml - data/reports/GO-2024-2723.yaml - data/reports/GO-2024-2690.yaml - data/reports/GO-2024-2766.yaml - data/reports/GO-2024-2863.yaml - data/reports/GO-2024-2641.yaml - data/reports/GO-2024-2754.yaml - data/reports/GO-2024-2846.yaml - data/reports/GO-2024-2580.yaml - data/reports/GO-2024-2791.yaml - data/reports/GO-2024-2859.yaml - data/reports/GO-2024-2752.yaml - data/reports/GO-2024-2779.yaml - data/reports/GO-2024-2636.yaml - data/reports/GO-2024-2675.yaml - data/reports/GO-2024-2727.yaml - data/reports/GO-2024-2689.yaml - data/reports/GO-2024-2803.yaml - data/reports/GO-2024-2648.yaml - data/reports/GO-2024-2792.yaml - data/reports/GO-2024-2861.yaml - data/reports/GO-2024-2644.yaml - data/reports/GO-2024-2741.yaml - data/reports/GO-2024-2692.yaml - data/reports/GO-2024-2575.yaml - data/reports/GO-2024-2729.yaml - data/reports/GO-2024-2757.yaml - data/reports/GO-2024-2649.yaml - data/reports/GO-2024-2763.yaml - data/reports/GO-2024-2703.yaml - data/reports/GO-2024-2716.yaml - data/reports/GO-2024-2642.yaml - data/reports/GO-2024-2704.yaml - data/reports/GO-2024-2578.yaml - data/reports/GO-2024-2814.yaml - data/reports/GO-2024-2581.yaml - data/reports/GO-2024-2836.yaml - data/reports/GO-2024-2701.yaml - data/reports/GO-2024-2746.yaml Fixes #2647 Fixes #2728 Fixes #2568 Fixes #2569 Fixes #2597 Fixes #2756 Fixes #2765 Fixes #2853 Fixes #2860 Fixes #2785 Fixes #2579 Fixes #2747 Fixes #2645 Fixes #2723 Fixes #2690 Fixes #2766 Fixes #2863 Fixes #2641 Fixes #2754 Fixes #2846 Fixes #2580 Fixes #2791 Fixes #2859 Fixes #2752 Fixes #2779 Fixes #2636 Fixes #2675 Fixes #2727 Fixes #2689 Fixes #2803 Fixes #2648 Fixes #2792 Fixes #2861 Fixes #2644 Fixes #2741 Fixes #2692 Fixes #2575 Fixes #2729 Fixes #2757 Fixes #2649 Fixes #2763 Fixes #2703 Fixes #2716 Fixes #2642 Fixes #2704 Fixes #2578 Fixes #2814 Fixes #2581 Fixes #2836 Fixes #2701 Fixes #2746 Change-Id: I0a5da056b5ccdc1125855a24e7fd6228a2f6d326 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/590039 Commit-Queue: Tatiana Bradley <tatianabradley@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
golang · Jun 4, 2024 · 96f0f48 · 96f0f48
1 parent c3c93c0
commit 96f0f48
Show file tree

Hide file tree

Showing 102 changed files with 4,139 additions and 0 deletions.
diff --git a/data/osv/GO-2024-2568.json b/data/osv/GO-2024-2568.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2568",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-25630",
+    "GHSA-7496-fgv9-xw82"
+  ],
+  "summary": "Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium",
+  "details": "Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/cilium/cilium",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.14.7"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-7496-fgv9-xw82"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25630"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.14.7"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2568",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2024-2569.json b/data/osv/GO-2024-2569.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2569",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-25631",
+    "GHSA-x989-52fc-4vr4"
+  ],
+  "summary": "Unencrypted traffic between pods when using Wireguard and an external kvstore in github.com/cilium/cilium",
+  "details": "Unencrypted traffic between pods when using Wireguard and an external kvstore in github.com/cilium/cilium",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/cilium/cilium",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.14.7"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25631"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cilium/cilium/releases/tag/v1.14.7"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2569",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2024-2575.json b/data/osv/GO-2024-2575.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2575",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-26147",
+    "GHSA-r53h-jv2g-vpx6"
+  ],
+  "summary": "Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3",
+  "details": "Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3",
+  "affected": [
+    {
+      "package": {
+        "name": "helm.sh/helm/v3",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.14.2"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2575",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2024-2578.json b/data/osv/GO-2024-2578.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2578",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-23349",
+    "GHSA-8pf2-qj4v-fj64"
+  ],
+  "summary": "Apache Answer Cross-site Scripting vulnerability in github.com/apache/incubator-answer",
+  "details": "Apache Answer Cross-site Scripting vulnerability in github.com/apache/incubator-answer",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/apache/incubator-answer",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.2.5"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-8pf2-qj4v-fj64"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23349"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2024/02/22/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2578",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2024-2579.json b/data/osv/GO-2024-2579.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2579",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-22393",
+    "GHSA-rmqp-mvv2-54c6"
+  ],
+  "summary": "Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability in github.com/apache/incubator-answer",
+  "details": "Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability in github.com/apache/incubator-answer",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/apache/incubator-answer",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.2.5"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-rmqp-mvv2-54c6"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22393"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2024/02/22/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2579",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2024-2580.json b/data/osv/GO-2024-2580.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2580",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-26578",
+    "GHSA-9q24-hwmc-797x"
+  ],
+  "summary": "Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer",
+  "details": "Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/apache/incubator-answer",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.2.5"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-9q24-hwmc-797x"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26578"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2024/02/22/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2580",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2024-2581.json b/data/osv/GO-2024-2581.json
@@ -0,0 +1,47 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2581",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-fvv5-h29g-f6w5"
+  ],
+  "summary": "User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs",
+  "details": "User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/treeverse/lakefs",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0.90.0"
+            },
+            {
+              "fixed": "1.12.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/treeverse/lakeFS/security/advisories/GHSA-fvv5-h29g-f6w5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/treeverse/lakeFS/commit/56556ee5406fc5425b9302cd08a8d412635fdcd7"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2581",
+    "review_status": "UNREVIEWED"
+  }
+}