Skip to content

Commit

Permalink
data/reports: add 9 unreviewed reports
Browse files Browse the repository at this point in the history
  - data/reports/GO-2024-3267.yaml
  - data/reports/GO-2024-3269.yaml
  - data/reports/GO-2024-3271.yaml
  - data/reports/GO-2024-3272.yaml
  - data/reports/GO-2024-3273.yaml
  - data/reports/GO-2024-3274.yaml
  - data/reports/GO-2024-3275.yaml
  - data/reports/GO-2024-3277.yaml
  - data/reports/GO-2024-3278.yaml

Fixes #3267
Fixes #3269
Fixes #3271
Fixes #3272
Fixes #3273
Fixes #3274
Fixes #3275
Fixes #3277
Fixes #3278

Change-Id: Iff40e4830d8ead8505d427db90e38c3e08bc9e38
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/629356
Reviewed-by: Zvonimir Pavlinovic <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
  • Loading branch information
tatianab committed Nov 19, 2024
1 parent 847cfb8 commit 6b4d4e2
Show file tree
Hide file tree
Showing 18 changed files with 683 additions and 0 deletions.
67 changes: 67 additions & 0 deletions data/osv/GO-2024-3267.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3267",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-52010",
"GHSA-7hpf-g48v-hw3j"
],
"summary": "Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy",
"details": "Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: .",
"affected": [
{
"package": {
"name": "github.com/tobychui/zoraxy",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3+incompatible"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.6.1"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/tobychui/zoraxy/security/advisories/GHSA-7hpf-g48v-hw3j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52010"
},
{
"type": "FIX",
"url": "https://github.com/tobychui/zoraxy/commit/2e9bc77a5d832bff1093058d42ce7a61382e4bc6"
},
{
"type": "FIX",
"url": "https://github.com/tobychui/zoraxy/commit/c07d5f85dfc37bd32819358ed7d4bc32c604e8f0"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3267",
"review_status": "UNREVIEWED"
}
}
65 changes: 65 additions & 0 deletions data/osv/GO-2024-3269.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3269",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-52308",
"GHSA-p2h2-3vg9-4p87"
],
"summary": "Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli",
"details": "Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli",
"affected": [
{
"package": {
"name": "github.com/cli/cli",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/cli/cli/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.62.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52308"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3269",
"review_status": "UNREVIEWED"
}
}
51 changes: 51 additions & 0 deletions data/osv/GO-2024-3271.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3271",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-52522"
],
"summary": "Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata in github.com/rclone/rclone",
"details": "Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata in github.com/rclone/rclone",
"affected": [
{
"package": {
"name": "github.com/rclone/rclone",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.59.0"
},
{
"fixed": "1.68.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52522"
},
{
"type": "FIX",
"url": "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0"
},
{
"type": "WEB",
"url": "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3271",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2024-3272.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3272",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-24425"
],
"summary": "CVE-2024-24425 in github.com/magma/magma",
"details": "CVE-2024-24425 in github.com/magma/magma",
"affected": [
{
"package": {
"name": "github.com/magma/magma",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24425"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
},
{
"type": "WEB",
"url": "https://github.com/OPENAIRINTERFACE/openair-epc-fed"
},
{
"type": "WEB",
"url": "https://github.com/magma/magma"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3272",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2024-3273.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3273",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-24426"
],
"summary": "CVE-2024-24426 in github.com/magma/magma",
"details": "CVE-2024-24426 in github.com/magma/magma",
"affected": [
{
"package": {
"name": "github.com/magma/magma",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24426"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
},
{
"type": "WEB",
"url": "https://github.com/OPENAIRINTERFACE/openair-epc-fed"
},
{
"type": "WEB",
"url": "https://github.com/magma/magma"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3273",
"review_status": "UNREVIEWED"
}
}
56 changes: 56 additions & 0 deletions data/osv/GO-2024-3274.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3274",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-0109",
"GHSA-5r2g-59px-3q9w"
],
"summary": "Stored XSS using two files in usememos/memos in github.com/usememos/memos",
"details": "Stored XSS using two files in usememos/memos in github.com/usememos/memos",
"affected": [
{
"package": {
"name": "github.com/usememos/memos",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5r2g-59px-3q9w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0109"
},
{
"type": "FIX",
"url": "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3274",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit 6b4d4e2

Please sign in to comment.