x/vulndb: potential Go vuln in github.com/imgproxy/imgproxy/v3: GHSA-ch9g-x9j7-rcgp #1651

GoVulnBot · 2023-03-20T22:01:13Z

In GitHub Security Advisory GHSA-ch9g-x9j7-rcgp, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/imgproxy/imgproxy/v3	3.14.0	< 3.14.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/imgproxy/imgproxy/v3
    versions:
      - fixed: 3.14.0
    packages:
      - package: github.com/imgproxy/imgproxy/v3
summary: imgproxy Cross-site Scripting vulnerability
description: Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy
    prior to 3.14.0.
cves:
  - CVE-2023-1496
ghsas:
  - GHSA-ch9g-x9j7-rcgp
references:
  - web: https://nvd.nist.gov/vuln/detail/CVE-2023-1496
  - fix: https://github.com/imgproxy/imgproxy/commit/62f8d08a93d301285dcd1dabcc7ba10c6c65b689
  - web: https://huntr.dev/bounties/de603972-935a-401a-96fb-17ddadd282b2
  - advisory: https://github.com/advisories/GHSA-ch9g-x9j7-rcgp

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-06-14T17:51:41Z

Change https://go.dev/cl/592760 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:56:08Z

Change https://go.dev/cl/606784 mentions this issue: data/reports: unexclude 20 reports (4)

- data/reports/GO-2023-1643.yaml - data/reports/GO-2023-1644.yaml - data/reports/GO-2023-1651.yaml - data/reports/GO-2023-1652.yaml - data/reports/GO-2023-1653.yaml - data/reports/GO-2023-1654.yaml - data/reports/GO-2023-1655.yaml - data/reports/GO-2023-1656.yaml - data/reports/GO-2023-1657.yaml - data/reports/GO-2023-1658.yaml - data/reports/GO-2023-1659.yaml - data/reports/GO-2023-1660.yaml - data/reports/GO-2023-1661.yaml - data/reports/GO-2023-1662.yaml - data/reports/GO-2023-1670.yaml - data/reports/GO-2023-1671.yaml - data/reports/GO-2023-1682.yaml - data/reports/GO-2023-1683.yaml - data/reports/GO-2023-1685.yaml - data/reports/GO-2023-1699.yaml Updates #1643 Updates #1644 Updates #1651 Updates #1652 Updates #1653 Updates #1654 Updates #1655 Updates #1656 Updates #1657 Updates #1658 Updates #1659 Updates #1660 Updates #1661 Updates #1662 Updates #1670 Updates #1671 Updates #1682 Updates #1683 Updates #1685 Updates #1699 Change-Id: Iddcfb6c5438e03827049eecbf0a95fae6c078436 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606784 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>

neild self-assigned this Mar 21, 2023

neild added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Mar 21, 2023

jba closed this as completed Mar 29, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/imgproxy/imgproxy/v3: GHSA-ch9g-x9j7-rcgp #1651

x/vulndb: potential Go vuln in github.com/imgproxy/imgproxy/v3: GHSA-ch9g-x9j7-rcgp #1651

GoVulnBot commented Mar 20, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/imgproxy/imgproxy/v3: GHSA-ch9g-x9j7-rcgp #1651

x/vulndb: potential Go vuln in github.com/imgproxy/imgproxy/v3: GHSA-ch9g-x9j7-rcgp #1651

Comments

GoVulnBot commented Mar 20, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024