-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data/reports: add 11 unreviewed reports
- data/reports/GO-2024-3135.yaml - data/reports/GO-2024-3136.yaml - data/reports/GO-2024-3137.yaml - data/reports/GO-2024-3138.yaml - data/reports/GO-2024-3139.yaml - data/reports/GO-2024-3153.yaml - data/reports/GO-2024-3155.yaml - data/reports/GO-2024-3156.yaml - data/reports/GO-2024-3157.yaml - data/reports/GO-2024-3158.yaml - data/reports/GO-2024-3160.yaml Fixes #3135 Fixes #3136 Fixes #3137 Fixes #3138 Fixes #3139 Fixes #3153 Fixes #3155 Fixes #3156 Fixes #3157 Fixes #3158 Fixes #3160 Change-Id: I35e14a6e3457549217ad4853570de94f94fc0281 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/616060 Reviewed-by: Zvonimir Pavlinovic <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]>
- Loading branch information
Showing
22 changed files
with
1,041 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3135", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-45410", | ||
| "GHSA-62c8-mh53-4cqv" | ||
| ], | ||
| "summary": "HTTP client can manipulate custom HTTP headers that are added by Traefik in github.com/traefik/traefik", | ||
| "details": "HTTP client can manipulate custom HTTP headers that are added by Traefik in github.com/traefik/traefik", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/traefik/traefik", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "github.com/traefik/traefik/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "2.11.9" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "github.com/traefik/traefik/v3", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "3.0.0-beta3" | ||
| }, | ||
| { | ||
| "fixed": "3.1.3" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45410" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/traefik/traefik/commit/584144100524277829f26219baaab29a53b8134f" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/traefik/traefik/releases/tag/v2.11.9" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/traefik/traefik/releases/tag/v3.1.3" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3135", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3136", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2023-27584", | ||
| "GHSA-hpc8-7wpm-889w" | ||
| ], | ||
| "summary": "Dragonfly2 has hard coded cyptographic key in d7y.io/dragonfly", | ||
| "details": "Dragonfly2 has hard coded cyptographic key in d7y.io/dragonfly", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "d7y.io/dragonfly/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "2.1.0-beta.1" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/dragonflyoss/Dragonfly2/security/advisories/GHSA-hpc8-7wpm-889w" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27584" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/dragonflyoss/Dragonfly2/commit/e9da69dc4048bf2a18a671be94616d85e3429433" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/dragonflyoss/Dragonfly2/releases/tag/v2.0.9" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3136", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3137", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-46999", | ||
| "GHSA-2w5j-qfvw-2hf5" | ||
| ], | ||
| "summary": "ZITADEL's User Grant Deactivation not Working in github.com/zitadel/zitadel", | ||
| "details": "ZITADEL's User Grant Deactivation not Working in github.com/zitadel/zitadel.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/zitadel/zitadel before v2.54.10, from v2.55.0 before v2.55.8, from v2.56.0 before v2.56.6, from v2.57.0 before v2.57.5, from v2.58.0 before v2.58.5, from v2.59.0 before v2.59.3, from v2.60.0 before v2.60.2, from v2.61.0 before v2.61.1, from v2.62.0 before v2.62.1.", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/zitadel/zitadel", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": { | ||
| "custom_ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "2.54.10" | ||
| }, | ||
| { | ||
| "introduced": "2.55.0" | ||
| }, | ||
| { | ||
| "fixed": "2.55.8" | ||
| }, | ||
| { | ||
| "introduced": "2.56.0" | ||
| }, | ||
| { | ||
| "fixed": "2.56.6" | ||
| }, | ||
| { | ||
| "introduced": "2.57.0" | ||
| }, | ||
| { | ||
| "fixed": "2.57.5" | ||
| }, | ||
| { | ||
| "introduced": "2.58.0" | ||
| }, | ||
| { | ||
| "fixed": "2.58.5" | ||
| }, | ||
| { | ||
| "introduced": "2.59.0" | ||
| }, | ||
| { | ||
| "fixed": "2.59.3" | ||
| }, | ||
| { | ||
| "introduced": "2.60.0" | ||
| }, | ||
| { | ||
| "fixed": "2.60.2" | ||
| }, | ||
| { | ||
| "introduced": "2.61.0" | ||
| }, | ||
| { | ||
| "fixed": "2.61.1" | ||
| }, | ||
| { | ||
| "introduced": "2.62.0" | ||
| }, | ||
| { | ||
| "fixed": "2.62.1" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-2w5j-qfvw-2hf5" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46999" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3137", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3138", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-47060", | ||
| "GHSA-jj94-6f5c-65r8" | ||
| ], | ||
| "summary": "ZITADEL Allows Unauthorized Access After Organization or Project Deactivation in github.com/zitadel/zitadel", | ||
| "details": "ZITADEL Allows Unauthorized Access After Organization or Project Deactivation in github.com/zitadel/zitadel.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/zitadel/zitadel before v2.54.10, from v2.55.0 before v2.55.8, from v2.56.0 before v2.56.6, from v2.57.0 before v2.57.5, from v2.58.0 before v2.58.5, from v2.59.0 before v2.59.3, from v2.60.0 before v2.60.2, from v2.61.0 before v2.61.1, from v2.62.0 before v2.62.1.", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/zitadel/zitadel", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": { | ||
| "custom_ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "2.54.10" | ||
| }, | ||
| { | ||
| "introduced": "2.55.0" | ||
| }, | ||
| { | ||
| "fixed": "2.55.8" | ||
| }, | ||
| { | ||
| "introduced": "2.56.0" | ||
| }, | ||
| { | ||
| "fixed": "2.56.6" | ||
| }, | ||
| { | ||
| "introduced": "2.57.0" | ||
| }, | ||
| { | ||
| "fixed": "2.57.5" | ||
| }, | ||
| { | ||
| "introduced": "2.58.0" | ||
| }, | ||
| { | ||
| "fixed": "2.58.5" | ||
| }, | ||
| { | ||
| "introduced": "2.59.0" | ||
| }, | ||
| { | ||
| "fixed": "2.59.3" | ||
| }, | ||
| { | ||
| "introduced": "2.60.0" | ||
| }, | ||
| { | ||
| "fixed": "2.60.2" | ||
| }, | ||
| { | ||
| "introduced": "2.61.0" | ||
| }, | ||
| { | ||
| "fixed": "2.61.1" | ||
| }, | ||
| { | ||
| "introduced": "2.62.0" | ||
| }, | ||
| { | ||
| "fixed": "2.62.1" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-jj94-6f5c-65r8" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47060" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3138", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
Oops, something went wrong.