data/reports: regenerate 50 reports

- data/reports/GO-2024-2642.yaml - data/reports/GO-2024-2644.yaml - data/reports/GO-2024-2645.yaml - data/reports/GO-2024-2664.yaml - data/reports/GO-2024-2665.yaml - data/reports/GO-2024-2675.yaml - data/reports/GO-2024-2684.yaml - data/reports/GO-2024-2690.yaml - data/reports/GO-2024-2697.yaml - data/reports/GO-2024-2704.yaml - data/reports/GO-2024-2707.yaml - data/reports/GO-2024-2718.yaml - data/reports/GO-2024-2719.yaml - data/reports/GO-2024-2728.yaml - data/reports/GO-2024-2741.yaml - data/reports/GO-2024-2752.yaml - data/reports/GO-2024-2757.yaml - data/reports/GO-2024-2769.yaml - data/reports/GO-2024-2792.yaml - data/reports/GO-2024-2801.yaml - data/reports/GO-2024-2815.yaml - data/reports/GO-2024-2843.yaml - data/reports/GO-2024-2844.yaml - data/reports/GO-2024-2847.yaml - data/reports/GO-2024-2848.yaml - data/reports/GO-2024-2851.yaml - data/reports/GO-2024-2852.yaml - data/reports/GO-2024-2854.yaml - data/reports/GO-2024-2855.yaml - data/reports/GO-2024-2856.yaml - data/reports/GO-2024-2857.yaml - data/reports/GO-2024-2858.yaml - data/reports/GO-2024-2866.yaml - data/reports/GO-2024-2867.yaml - data/reports/GO-2024-2877.yaml - data/reports/GO-2024-2886.yaml - data/reports/GO-2024-2891.yaml - data/reports/GO-2024-2898.yaml - data/reports/GO-2024-2901.yaml - data/reports/GO-2024-2902.yaml - data/reports/GO-2024-2905.yaml - data/reports/GO-2024-2911.yaml - data/reports/GO-2024-2917.yaml - data/reports/GO-2024-2919.yaml - data/reports/GO-2024-2922.yaml - data/reports/GO-2024-2939.yaml - data/reports/GO-2024-2941.yaml - data/reports/GO-2024-2972.yaml - data/reports/GO-2024-2981.yaml - data/reports/GO-2024-2987.yaml Updates #2642 Updates #2644 Updates #2645 Updates #2664 Updates #2665 Updates #2675 Updates #2684 Updates #2690 Updates #2697 Updates #2704 Updates #2707 Updates #2718 Updates #2719 Updates #2728 Updates #2741 Updates #2752 Updates #2757 Updates #2769 Updates #2792 Updates #2801 Updates #2815 Updates #2843 Updates #2844 Updates #2847 Updates #2848 Updates #2851 Updates #2852 Updates #2854 Updates #2855 Updates #2856 Updates #2857 Updates #2858 Updates #2866 Updates #2867 Updates #2877 Updates #2886 Updates #2891 Updates #2898 Updates #2901 Updates #2902 Updates #2905 Updates #2911 Updates #2917 Updates #2919 Updates #2922 Updates #2939 Updates #2941 Updates #2972 Updates #2981 Updates #2987 Change-Id: I2dff127628eabc7c25afa4020c15a4d35a46a2c4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606359 LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]>
golang · Aug 19, 2024 · 4c06ac4 · 4c06ac4
1 parent 08b42c7
commit 4c06ac4
Show file tree

Hide file tree

Showing 62 changed files with 170 additions and 168 deletions.
diff --git a/data/osv/GO-2024-2741.json b/data/osv/GO-2024-2741.json
@@ -4,10 +4,11 @@
  "modified": "0001-01-01T00:00:00Z",
  "published": "0001-01-01T00:00:00Z",
  "aliases": [
- "CVE-2024-31450"
+ "CVE-2024-31450",
+ "GHSA-9355-27m8-h74v"
  ],
- "summary": "Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277) in github.com/owncast/owncast",
- "details": "Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277) in github.com/owncast/owncast",
+ "summary": "Owncast Path Traversal vulnerability in github.com/owncast/owncast",
+ "details": "Owncast Path Traversal vulnerability in github.com/owncast/owncast",
  "affected": [
  {
  "package": {
@@ -31,10 +32,18 @@
  }
  ],
  "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-9355-27m8-h74v"
+ },
  {
  "type": "ADVISORY",
  "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31450"
  },
+ {
+ "type": "ADVISORY",
+ "url": "https://securitylab.github.com/advisories/GHSL-2023-277_Owncast"
+ },
  {
  "type": "FIX",
  "url": "https://github.com/owncast/owncast/commit/1b14800c7d7f54be14ed4d130bfe7f480645076e"
@@ -46,10 +55,6 @@
  {
  "type": "WEB",
  "url": "https://github.com/owncast/owncast/releases/tag/v0.1.3"
- },
- {
- "type": "WEB",
- "url": "https://securitylab.github.com/advisories/GHSL-2023-277_Owncast/"
  }
  ],
  "database_specific": {

diff --git a/data/osv/GO-2024-2769.json b/data/osv/GO-2024-2769.json
@@ -51,6 +51,10 @@
  {
  "type": "WEB",
  "url": "https://github.com/go-gitea/gitea/pull/20196"
+ },
+ {
+ "type": "WEB",
+ "url": "https://herolab.usd.de/security-advisories/usd-2022-0015"
  }
  ],
  "database_specific": {

diff --git a/data/osv/GO-2024-2801.json b/data/osv/GO-2024-2801.json
@@ -8,7 +8,7 @@
  "GHSA-6362-gv4m-53ww"
  ],
  "summary": "Calico privilege escalation vulnerability in github.com/projectcalico/calico",
- "details": "Calico privilege escalation vulnerability in github.com/projectcalico/calico.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/projectcalico/calico before v3.26.5, from v3.27.0 before v3.27.3.",
+ "details": "Calico privilege escalation vulnerability in github.com/projectcalico/calico.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/projectcalico/calico/v3 before v3.26.5, from v3.27.0 before v3.27.3.",
  "affected": [
  {
  "package": {
@@ -25,6 +25,23 @@
  ]
  }
  ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/projectcalico/calico/v3",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
  "ecosystem_specific": {
  "custom_ranges": [
  {

diff --git a/data/osv/GO-2024-2815.json b/data/osv/GO-2024-2815.json
@@ -7,9 +7,6 @@
  "CVE-2024-34068",
  "GHSA-qq22-jj8x-4wwv"
  ],
- "related": [
- "GHSA-6rg3-8h8x-5xfv"
- ],
  "summary": "Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings",
  "details": "Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings",
  "affected": [

diff --git a/data/osv/GO-2024-2866.json b/data/osv/GO-2024-2866.json
@@ -55,6 +55,10 @@
  "type": "REPORT",
  "url": "https://github.com/submariner-io/submariner-operator/issues/3041"
  },
+ {
+ "type": "WEB",
+ "url": "https://access.redhat.com/errata/RHSA-2024:4591"
+ },
  {
  "type": "WEB",
  "url": "https://access.redhat.com/security/cve/CVE-2024-5042"

diff --git a/data/osv/GO-2024-2891.json b/data/osv/GO-2024-2891.json
@@ -7,10 +7,6 @@
  "CVE-2024-32873",
  "GHSA-pxv8-qhrh-jc7v"
  ],
- "related": [
- "CVE-2024-37158",
- "CVE-2024-37159"
- ],
  "summary": "evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos",
  "details": "evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos",
  "affected": [
@@ -336,6 +332,14 @@
  {
  "type": "FIX",
  "url": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37158"
+ },
+ {
+ "type": "WEB",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37159"
  }
  ],
  "database_specific": {

diff --git a/data/osv/GO-2024-2901.json b/data/osv/GO-2024-2901.json
@@ -55,6 +55,10 @@
  {
  "type": "WEB",
  "url": "https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032"
  }
  ],
  "database_specific": {

diff --git a/data/osv/GO-2024-2905.json b/data/osv/GO-2024-2905.json
@@ -28,6 +28,22 @@
  }
  ],
  "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://access.redhat.com/errata/RHSA-2024:4151"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://access.redhat.com/errata/RHSA-2024:4156"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://access.redhat.com/errata/RHSA-2024:4329"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://access.redhat.com/errata/RHSA-2024:4484"
+ },
  {
  "type": "ADVISORY",
  "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5037"

diff --git a/data/osv/GO-2024-2919.json b/data/osv/GO-2024-2919.json
@@ -60,6 +60,14 @@
  "type": "WEB",
  "url": "https://access.redhat.com/errata/RHSA-2024:3700"
  },
+ {
+ "type": "WEB",
+ "url": "https://access.redhat.com/errata/RHSA-2024:4008"
+ },
+ {
+ "type": "WEB",
+ "url": "https://access.redhat.com/errata/RHSA-2024:4486"
+ },
  {
  "type": "WEB",
  "url": "https://access.redhat.com/security/cve/CVE-2024-5154"

diff --git a/data/osv/GO-2024-2972.json b/data/osv/GO-2024-2972.json
@@ -37,6 +37,10 @@
  "type": "ADVISORY",
  "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39933"
  },
+ {
+ "type": "WEB",
+ "url": "https://github.com/gogs/gogs/releases"
+ },
  {
  "type": "WEB",
  "url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1"

diff --git a/data/osv/GO-2024-2981.json b/data/osv/GO-2024-2981.json
@@ -34,7 +34,7 @@
  "references": [
  {
  "type": "ADVISORY",
- "url": "https://github.com/openclarity/kubeclarity/security/advisories/GHSA-5248-h45p-9pgw"
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39909"
  },
  {
  "type": "WEB",

diff --git a/data/osv/GO-2024-2987.json b/data/osv/GO-2024-2987.json
@@ -44,6 +44,14 @@
  "type": "FIX",
  "url": "https://github.com/skupperproject/skupper/commit/d2cb3782e807853694ee66b6e3d4a1917485eb71"
  },
+ {
+ "type": "WEB",
+ "url": "https://access.redhat.com/errata/RHSA-2024:4865"
+ },
+ {
+ "type": "WEB",
+ "url": "https://access.redhat.com/errata/RHSA-2024:4871"
+ },
  {
  "type": "WEB",
  "url": "https://access.redhat.com/security/cve/CVE-2024-6535"

diff --git a/data/reports/GO-2024-2642.yaml b/data/reports/GO-2024-2642.yaml
@@ -15,5 +15,5 @@ references:
  - fix: https://github.com/pterodactyl/wings/commit/d1c0ca526007113a0f74f56eba99511b4e989287
 source:
  id: GHSA-494h-9924-xww9
- created: 2024-05-17T16:14:39.536444-04:00
+ created: 2024-08-16T16:20:15.207291-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2644.yaml b/data/reports/GO-2024-2644.yaml
@@ -16,5 +16,5 @@ references:
  - fix: https://github.com/fluid-cloudnative/fluid/commit/e0184cff8790ad000c3e8943392c7f544fad7d66
 source:
  id: GHSA-wx8q-4gm9-rj2g
- created: 2024-05-17T16:14:37.080903-04:00
+ created: 2024-08-16T16:20:19.628-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2645.yaml b/data/reports/GO-2024-2645.yaml
@@ -24,5 +24,5 @@ references:
  - web: https://docs.projectdiscovery.io/templates/workflows/overview
 source:
  id: GHSA-w5wx-6g2r-r78q
- created: 2024-06-26T13:58:33.793233-04:00
+ created: 2024-08-16T16:20:23.793947-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2664.yaml b/data/reports/GO-2024-2664.yaml
@@ -33,5 +33,5 @@ references:
  - web: https://github.com/zitadel/zitadel/releases/tag/v2.48.3
 source:
  id: GHSA-gp8g-f42f-95q2
- created: 2024-06-04T15:37:24.2634-04:00
+ created: 2024-08-16T16:20:28.404882-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2665.yaml b/data/reports/GO-2024-2665.yaml
@@ -35,5 +35,5 @@ references:
  - web: https://github.com/zitadel/zitadel/releases/tag/v2.48.3
 source:
  id: GHSA-hr5w-cwwq-2v4m
- created: 2024-06-04T15:37:16.762486-04:00
+ created: 2024-08-16T16:20:34.214998-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2675.yaml b/data/reports/GO-2024-2675.yaml
@@ -17,5 +17,5 @@ references:
  - web: https://github.com/temporalio/ui-server/releases/tag/v2.25.0
 source:
  id: GHSA-8f25-w7qj-r7hc
- created: 2024-06-26T13:58:51.59593-04:00
+ created: 2024-08-16T16:20:38.737583-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2684.yaml b/data/reports/GO-2024-2684.yaml
@@ -16,5 +16,5 @@ references:
  - web: https://github.com/CA17/TeamsACS/issues/26
 source:
  id: GHSA-hwvw-gh23-qpvq
- created: 2024-06-06T16:16:42.764735-04:00
+ created: 2024-08-16T16:20:42.760133-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2690.yaml b/data/reports/GO-2024-2690.yaml
@@ -9,14 +9,12 @@ cves:
  - CVE-2024-2660
 ghsas:
  - GHSA-j2rp-gmqv-frhv
-unknown_aliases:
- - BIT-vault-2024-2660
 references:
  - advisory: https://github.com/advisories/GHSA-j2rp-gmqv-frhv
  - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-2660
  - web: https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573
  - web: https://security.netapp.com/advisory/ntap-20240524-0007
 source:
  id: GHSA-j2rp-gmqv-frhv
- created: 2024-06-26T13:59:09.265191-04:00
+ created: 2024-08-16T16:20:57.01244-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2697.yaml b/data/reports/GO-2024-2697.yaml
@@ -18,13 +18,11 @@ cves:
  - CVE-2024-1313
 ghsas:
  - GHSA-67rv-qpw2-6qrr
-unknown_aliases:
- - BIT-grafana-2024-1313
 references:
  - advisory: https://github.com/grafana/bugbounty/security/advisories/GHSA-67rv-qpw2-6qrr
  - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1313
  - web: https://grafana.com/security/security-advisories/cve-2024-1313
 source:
  id: GHSA-67rv-qpw2-6qrr
- created: 2024-06-04T15:31:16.41185-04:00
+ created: 2024-08-16T16:21:17.82198-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2704.yaml b/data/reports/GO-2024-2704.yaml
@@ -12,13 +12,11 @@ cves:
  - CVE-2023-3518
 ghsas:
  - GHSA-9rhf-q362-77mx
-unknown_aliases:
- - BIT-consul-2023-3518
 references:
  - advisory: https://github.com/advisories/GHSA-9rhf-q362-77mx
  - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-3518
  - web: https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004
 source:
  id: GHSA-9rhf-q362-77mx
- created: 2024-05-17T16:13:44.520242-04:00
+ created: 2024-08-16T16:26:30.299935-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2707.yaml b/data/reports/GO-2024-2707.yaml
@@ -1,27 +1,25 @@
 id: GO-2024-2707
 modules:
  - module: github.com/mattermost/mattermost-server
- vulnerable_at: 9.9.0+incompatible
+ vulnerable_at: 9.11.0+incompatible
  - module: github.com/mattermost/mattermost-server/v5
  vulnerable_at: 5.39.3
  - module: github.com/mattermost/mattermost-server/v6
  vulnerable_at: 6.7.2
  - module: github.com/mattermost/mattermost/server/v8
  non_go_versions:
  - fixed: 8.1.11
- vulnerable_at: 8.0.0-20240626145722-59998b0b8473
+ vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35
 summary: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
 cves:
  - CVE-2024-21848
 ghsas:
  - GHSA-xp9j-8p68-9q93
-unknown_aliases:
- - CGA-w76m-mrwf-j7rf
 references:
  - advisory: https://github.com/advisories/GHSA-xp9j-8p68-9q93
  - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-21848
  - web: https://mattermost.com/security-updates
 source:
  id: GHSA-xp9j-8p68-9q93
- created: 2024-06-26T14:00:29.455068-04:00
+ created: 2024-08-16T16:26:45.868718-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2718.yaml b/data/reports/GO-2024-2718.yaml
@@ -13,8 +13,6 @@ cves:
  - CVE-2024-29902
 ghsas:
  - GHSA-88jx-383q-w4qc
-unknown_aliases:
- - BIT-cosign-2024-29902
 references:
  - advisory: https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc
  - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-29902
@@ -24,5 +22,5 @@ references:
  - web: https://github.com/sigstore/cosign/releases/tag/v2.2.4
 source:
  id: GHSA-88jx-383q-w4qc
- created: 2024-06-26T14:00:44.029803-04:00
+ created: 2024-08-16T16:27:02.130598-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2719.yaml b/data/reports/GO-2024-2719.yaml
@@ -13,8 +13,6 @@ cves:
  - CVE-2024-29903
 ghsas:
  - GHSA-95pr-fxf5-86gv
-unknown_aliases:
- - BIT-cosign-2024-29903
 references:
  - advisory: https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv
  - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-29903
@@ -24,5 +22,5 @@ references:
  - web: https://github.com/sigstore/cosign/releases/tag/v2.2.4
 source:
  id: GHSA-95pr-fxf5-86gv
- created: 2024-06-26T14:00:49.329229-04:00
+ created: 2024-08-16T16:27:07.148334-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2728.yaml b/data/reports/GO-2024-2728.yaml
@@ -16,8 +16,6 @@ cves:
  - CVE-2024-31990
 ghsas:
  - GHSA-2gvw-w6fj-7m3c
-unknown_aliases:
- - BIT-argo-cd-2024-31990
 references:
  - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c
  - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-31990
@@ -26,5 +24,5 @@ references:
  - fix: https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17
 source:
  id: GHSA-2gvw-w6fj-7m3c
- created: 2024-06-26T14:01:04.285149-04:00
+ created: 2024-08-16T16:27:22.05692-04:00
 review_status: UNREVIEWED