x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ggcf-hwxp-rc77 #1996

GoVulnBot · 2023-08-03T17:01:28Z

In GitHub Security Advisory GHSA-ggcf-hwxp-rc77, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/answerdev/answer	1.1.0	< 1.1.0

Cross references:

Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-65px-4cpf-697r #1541 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-4cwh-8w4g-jxxh #1550 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-hjmr-xm25-36mh #1551 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-p7wj-c85f-xq9h #1552 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qx34-47fc-vv79 #1553 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-rmw8-7823-wp7f #1554 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6cvf-m58q-h9wf #1592 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6c32-3x46-m9rh #1612 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-55vm-3vq3-4jpc #1613 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-5w78-v688-cx9q #1614 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-8jh8-33f5-cgfp #1615 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-9v4v-9fj5-p982 #1616 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ff27-hrmr-ggpj #1617 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-h85v-cx5m-78wj #1618 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qrwm-xqfr-4vhv #1619 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-vxhr-p2vp-7gf8 #1620 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6x5v-cxpp-pc5x #1654 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-79hx-g43v-xfmr #1655 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-83qr-c7m9-wmgw #1656 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-g44v-6qfm-f6ch #1657 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-h2wg-83fc-xvm9 #1658 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-hwj7-frgj-7829 #1659 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-r95w-7cpx-h5mx #1660 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-rvjp-8qj4-8p29 #1661 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-xvfj-84vc-hrmf #1662 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-65v8-6pvw-jwvq #1716 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-8jg3-rx43-3fv4 #1718 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-j97g-77fj-9c4p #1719 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qmqw-r4x6-3w2q #1774 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/answerdev/answer
      versions:
        - fixed: 1.1.0
      vulnerable_at: 1.1.0-beta.2
      packages:
        - package: github.com/answerdev/answer
summary: Answer Insufficient Session Expiration vulnerability
description: |-
    Insufficient Session Expiration in GitHub repository answerdev/answer prior to
    v1.1.0.
cves:
    - CVE-2023-4126
ghsas:
    - GHSA-ggcf-hwxp-rc77
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-4126
    - fix: https://github.com/answerdev/answer/commit/4f468b58d0dea51290bfbdd3e96332b0014c8730
    - web: https://huntr.dev/bounties/7f50bf1c-bcb9-46ca-8cec-211493d280c5
    - advisory: https://github.com/advisories/GHSA-ggcf-hwxp-rc77

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-08-04T16:45:47Z

Change https://go.dev/cl/516055 mentions this issue: data/excluded: batch add 10 excluded reports

gopherbot · 2024-06-14T17:50:06Z

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:52:42Z

Change https://go.dev/cl/606789 mentions this issue: data/reports: unexclude 20 reports (9)

- data/reports/GO-2023-1955.yaml - data/reports/GO-2023-1956.yaml - data/reports/GO-2023-1957.yaml - data/reports/GO-2023-1959.yaml - data/reports/GO-2023-1961.yaml - data/reports/GO-2023-1962.yaml - data/reports/GO-2023-1965.yaml - data/reports/GO-2023-1971.yaml - data/reports/GO-2023-1972.yaml - data/reports/GO-2023-1973.yaml - data/reports/GO-2023-1977.yaml - data/reports/GO-2023-1979.yaml - data/reports/GO-2023-1980.yaml - data/reports/GO-2023-1982.yaml - data/reports/GO-2023-1985.yaml - data/reports/GO-2023-1986.yaml - data/reports/GO-2023-1991.yaml - data/reports/GO-2023-1993.yaml - data/reports/GO-2023-1995.yaml - data/reports/GO-2023-1996.yaml Updates #1955 Updates #1956 Updates #1957 Updates #1959 Updates #1961 Updates #1962 Updates #1965 Updates #1971 Updates #1972 Updates #1973 Updates #1977 Updates #1979 Updates #1980 Updates #1982 Updates #1985 Updates #1986 Updates #1991 Updates #1993 Updates #1995 Updates #1996 Change-Id: I681627cba89cee6d3bc2def3924c65a3b5da4453 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606789 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

tatianab self-assigned this Aug 3, 2023

tatianab added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Aug 4, 2023

gopherbot closed this as completed in 65508f5 Aug 4, 2023

GoVulnBot mentioned this issue Aug 8, 2023

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-j63x-f657-2m9g #2001

Closed

GoVulnBot mentioned this issue Sep 8, 2023

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-pj2h-85jq-g5vg #2051

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ggcf-hwxp-rc77 #1996

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ggcf-hwxp-rc77 #1996

GoVulnBot commented Aug 3, 2023

gopherbot commented Aug 4, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ggcf-hwxp-rc77 #1996

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ggcf-hwxp-rc77 #1996

Comments

GoVulnBot commented Aug 3, 2023

gopherbot commented Aug 4, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024