diff --git a/data/excluded/GO-2022-0507.yaml b/data/excluded/GO-2022-0507.yaml deleted file mode 100644 index 325c753c1..000000000 --- a/data/excluded/GO-2022-0507.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0507 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/kubeedge/kubeedge -cves: - - CVE-2022-31073 -ghsas: - - GHSA-vwm6-qc77-v2rh diff --git a/data/excluded/GO-2022-0508.yaml b/data/excluded/GO-2022-0508.yaml deleted file mode 100644 index 3223dcf87..000000000 --- a/data/excluded/GO-2022-0508.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0508 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/kubeedge/kubeedge -cves: - - CVE-2022-31074 -ghsas: - - GHSA-w52j-3457-q9wr diff --git a/data/excluded/GO-2022-0509.yaml b/data/excluded/GO-2022-0509.yaml deleted file mode 100644 index 6254e5a9e..000000000 --- a/data/excluded/GO-2022-0509.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0509 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/kubeedge/kubeedge -cves: - - CVE-2022-31075 -ghsas: - - GHSA-x3px-2p95-f6jr diff --git a/data/excluded/GO-2022-0510.yaml b/data/excluded/GO-2022-0510.yaml deleted file mode 100644 index 522f8bbbc..000000000 --- a/data/excluded/GO-2022-0510.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0510 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/kubeedge/kubeedge -cves: - - CVE-2022-31078 -ghsas: - - GHSA-qpx3-9565-5xwm diff --git a/data/excluded/GO-2022-0511.yaml b/data/excluded/GO-2022-0511.yaml deleted file mode 100644 index d71c73c43..000000000 --- a/data/excluded/GO-2022-0511.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0511 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/kubeedge/kubeedge -cves: - - CVE-2022-31079 -ghsas: - - GHSA-wrcr-x4qj-j543 diff --git a/data/excluded/GO-2022-0512.yaml b/data/excluded/GO-2022-0512.yaml deleted file mode 100644 index 7089fae5e..000000000 --- a/data/excluded/GO-2022-0512.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0512 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/kubeedge/kubeedge -cves: - - CVE-2022-31080 -ghsas: - - GHSA-6wvc-6pww-qr4r diff --git a/data/excluded/GO-2022-0516.yaml b/data/excluded/GO-2022-0516.yaml deleted file mode 100644 index 1ce57ce91..000000000 --- a/data/excluded/GO-2022-0516.yaml +++ /dev/null @@ -1,11 +0,0 @@ -id: GO-2022-0516 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2022-1025 -ghsas: - - GHSA-96jv-vj39-x4j6 -related: - - CVE-2022-24768 - - GHSA-2f5v-8r3f-8pww diff --git a/data/excluded/GO-2022-0517.yaml b/data/excluded/GO-2022-0517.yaml deleted file mode 100644 index b5142cc37..000000000 --- a/data/excluded/GO-2022-0517.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0517 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2022-31102 -ghsas: - - GHSA-pmjg-52h9-72qv diff --git a/data/excluded/GO-2022-0518.yaml b/data/excluded/GO-2022-0518.yaml deleted file mode 100644 index 6628f6552..000000000 --- a/data/excluded/GO-2022-0518.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0518 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/argoproj/argo-cd -cves: - - CVE-2022-31105 -ghsas: - - GHSA-7943-82jg-wmw5 diff --git a/data/excluded/GO-2022-0540.yaml b/data/excluded/GO-2022-0540.yaml deleted file mode 100644 index 4757e3880..000000000 --- a/data/excluded/GO-2022-0540.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0540 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/mattermost/mattermost-server/v6 -cves: - - CVE-2022-2401 -ghsas: - - GHSA-7ggc-5r84-xf54 diff --git a/data/excluded/GO-2022-0547.yaml b/data/excluded/GO-2022-0547.yaml deleted file mode 100644 index bdd724584..000000000 --- a/data/excluded/GO-2022-0547.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0547 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: sigs.k8s.io/aws-iam-authenticator -cves: - - CVE-2022-2385 -ghsas: - - GHSA-pp3f-98qg-5g75 diff --git a/data/excluded/GO-2022-0550.yaml b/data/excluded/GO-2022-0550.yaml deleted file mode 100644 index 8ef358786..000000000 --- a/data/excluded/GO-2022-0550.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0550 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/v2fly/v2ray-core -cves: - - CVE-2021-4070 -ghsas: - - GHSA-4cxw-hq44-r344 diff --git a/data/excluded/GO-2022-0554.yaml b/data/excluded/GO-2022-0554.yaml deleted file mode 100644 index 0a202b44d..000000000 --- a/data/excluded/GO-2022-0554.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0554 -excluded: NOT_IMPORTABLE -modules: - - module: gogs.io/gogs -cves: - - CVE-2022-0415 -ghsas: - - GHSA-5gjh-5j4f-cpwv diff --git a/data/excluded/GO-2022-0556.yaml b/data/excluded/GO-2022-0556.yaml deleted file mode 100644 index 575af3df9..000000000 --- a/data/excluded/GO-2022-0556.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0556 -excluded: NOT_IMPORTABLE -modules: - - module: gogs.io/gogs -cves: - - CVE-2022-1986 -ghsas: - - GHSA-67mx-jc2f-jgjm diff --git a/data/excluded/GO-2022-0559.yaml b/data/excluded/GO-2022-0559.yaml deleted file mode 100644 index d1e03ec26..000000000 --- a/data/excluded/GO-2022-0559.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0559 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/hashicorp/consul -cves: - - CVE-2021-38698 -ghsas: - - GHSA-6hw5-6gcx-phmw diff --git a/data/excluded/GO-2022-0560.yaml b/data/excluded/GO-2022-0560.yaml deleted file mode 100644 index a3bfdf150..000000000 --- a/data/excluded/GO-2022-0560.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0560 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/hashicorp/nomad -cves: - - CVE-2022-24684 -ghsas: - - GHSA-6jm6-cmcp-fqjq diff --git a/data/excluded/GO-2022-0561.yaml b/data/excluded/GO-2022-0561.yaml deleted file mode 100644 index a9a313bf1..000000000 --- a/data/excluded/GO-2022-0561.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0561 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/gravitl/netmaker -cves: - - CVE-2022-0664 -ghsas: - - GHSA-6rrw-4fm9-rghv diff --git a/data/excluded/GO-2022-0562.yaml b/data/excluded/GO-2022-0562.yaml deleted file mode 100644 index b7b0528f0..000000000 --- a/data/excluded/GO-2022-0562.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0562 -excluded: NOT_IMPORTABLE -modules: - - module: gogs.io/gogs -cves: - - CVE-2022-1993 -ghsas: - - GHSA-6vcc-v9vw-g2x5 diff --git a/data/excluded/GO-2022-0566.yaml b/data/excluded/GO-2022-0566.yaml deleted file mode 100644 index 9b9027f22..000000000 --- a/data/excluded/GO-2022-0566.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0566 -excluded: NOT_IMPORTABLE -modules: - - module: gogs.io/gogs -cves: - - CVE-2022-0870 -ghsas: - - GHSA-7v5r-r995-q2x2 diff --git a/data/excluded/GO-2022-0570.yaml b/data/excluded/GO-2022-0570.yaml deleted file mode 100644 index f9c6c94bb..000000000 --- a/data/excluded/GO-2022-0570.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-0570 -excluded: NOT_IMPORTABLE -modules: - - module: gogs.io/gogs -cves: - - CVE-2022-1992 -ghsas: - - GHSA-994f-7g86-qr56 diff --git a/data/osv/GO-2022-0507.json b/data/osv/GO-2022-0507.json new file mode 100644 index 000000000..4faa4a667 --- /dev/null +++ b/data/osv/GO-2022-0507.json @@ -0,0 +1,72 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0507", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-31073", + "GHSA-vwm6-qc77-v2rh" + ], + "summary": "KubeEdge Edge ServiceBus module DoS in github.com/kubeedge/kubeedge", + "details": "KubeEdge Edge ServiceBus module DoS in github.com/kubeedge/kubeedge", + "affected": [ + { + "package": { + "name": "github.com/kubeedge/kubeedge", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.9.4" + }, + { + "introduced": "1.10.0" + }, + { + "fixed": "1.10.2" + }, + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-vwm6-qc77-v2rh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31073" + }, + { + "type": "FIX", + "url": "https://github.com/kubeedge/kubeedge/pull/4038" + }, + { + "type": "FIX", + "url": "https://github.com/kubeedge/kubeedge/pull/4039" + }, + { + "type": "FIX", + "url": "https://github.com/kubeedge/kubeedge/pull/4042" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0507", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0508.json b/data/osv/GO-2022-0508.json new file mode 100644 index 000000000..47e0875f1 --- /dev/null +++ b/data/osv/GO-2022-0508.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0508", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-31074", + "GHSA-w52j-3457-q9wr" + ], + "summary": "KubeEdge Cloud AdmissionController component DoS in github.com/kubeedge/kubeedge", + "details": "KubeEdge Cloud AdmissionController component DoS in github.com/kubeedge/kubeedge", + "affected": [ + { + "package": { + "name": "github.com/kubeedge/kubeedge", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.9.4" + }, + { + "introduced": "1.10.0" + }, + { + "fixed": "1.10.2" + }, + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31074" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0508", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0509.json b/data/osv/GO-2022-0509.json new file mode 100644 index 000000000..8b51b32b5 --- /dev/null +++ b/data/osv/GO-2022-0509.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0509", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-31075", + "GHSA-x3px-2p95-f6jr" + ], + "summary": "KubeEdge DoS when signing the CSR from EdgeCore in github.com/kubeedge/kubeedge", + "details": "KubeEdge DoS when signing the CSR from EdgeCore in github.com/kubeedge/kubeedge", + "affected": [ + { + "package": { + "name": "github.com/kubeedge/kubeedge", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.9.4" + }, + { + "introduced": "1.10.0" + }, + { + "fixed": "1.10.2" + }, + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31075" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0509", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0510.json b/data/osv/GO-2022-0510.json new file mode 100644 index 000000000..b5d5271d0 --- /dev/null +++ b/data/osv/GO-2022-0510.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0510", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-31078", + "GHSA-qpx3-9565-5xwm" + ], + "summary": "KubeEdge CloudCore Router memory exhaustion vulnerability in github.com/kubeedge/kubeedge", + "details": "KubeEdge CloudCore Router memory exhaustion vulnerability in github.com/kubeedge/kubeedge", + "affected": [ + { + "package": { + "name": "github.com/kubeedge/kubeedge", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.9.4" + }, + { + "introduced": "1.10.0" + }, + { + "fixed": "1.10.2" + }, + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-qpx3-9565-5xwm" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31078" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0510", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0511.json b/data/osv/GO-2022-0511.json new file mode 100644 index 000000000..b4aac131e --- /dev/null +++ b/data/osv/GO-2022-0511.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0511", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-31079", + "GHSA-wrcr-x4qj-j543" + ], + "summary": "KubeEdge Cloud Stream and Edge Stream DoS from large stream message in github.com/kubeedge/kubeedge", + "details": "KubeEdge Cloud Stream and Edge Stream DoS from large stream message in github.com/kubeedge/kubeedge", + "affected": [ + { + "package": { + "name": "github.com/kubeedge/kubeedge", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.9.4" + }, + { + "introduced": "1.10.0" + }, + { + "fixed": "1.10.2" + }, + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-wrcr-x4qj-j543" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31079" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0511", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0512.json b/data/osv/GO-2022-0512.json new file mode 100644 index 000000000..fa159392b --- /dev/null +++ b/data/osv/GO-2022-0512.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0512", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-31080", + "GHSA-6wvc-6pww-qr4r" + ], + "summary": "DoS in KubeEdge's Websocket Client in package Viaduct in github.com/kubeedge/kubeedge", + "details": "DoS in KubeEdge's Websocket Client in package Viaduct in github.com/kubeedge/kubeedge", + "affected": [ + { + "package": { + "name": "github.com/kubeedge/kubeedge", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.9.4" + }, + { + "introduced": "1.10.0" + }, + { + "fixed": "1.10.2" + }, + { + "introduced": "1.11.0" + }, + { + "fixed": "1.11.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-6wvc-6pww-qr4r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31080" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0512", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0516.json b/data/osv/GO-2022-0516.json new file mode 100644 index 000000000..f70601524 --- /dev/null +++ b/data/osv/GO-2022-0516.json @@ -0,0 +1,109 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0516", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-1025", + "GHSA-96jv-vj39-x4j6" + ], + "summary": "Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd", + "details": "Argo CD improper access control bug can allow malicious user to escalate privileges to admin level in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.5.0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.1.14" + }, + { + "introduced": "2.2.0" + }, + { + "fixed": "2.2.8" + }, + { + "introduced": "2.3.0" + }, + { + "fixed": "2.3.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-96jv-vj39-x4j6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1025" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/commit/af03b291d4b7e9d3ce9a6580ae9c8141af0e05cf" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2022:1039" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2022:1040" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2022:1041" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2022:1042" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2022-1025" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064682" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2f5v-8r3f-8pww" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0516", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0517.json b/data/osv/GO-2022-0517.json new file mode 100644 index 000000000..b7dd40e41 --- /dev/null +++ b/data/osv/GO-2022-0517.json @@ -0,0 +1,87 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0517", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-31102", + "GHSA-pmjg-52h9-72qv" + ], + "summary": "Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd", + "details": "Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "2.3.0" + }, + { + "fixed": "2.3.6" + }, + { + "introduced": "2.4.0" + }, + { + "fixed": "2.4.5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-pmjg-52h9-72qv" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31102" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/commit/3800a1e49d1d5a00a6692fee83396a37a6abe89a" + }, + { + "type": "FIX", + "url": "https://github.com/argoproj/argo-cd/commit/8d5119b1e3038a2c1d8b651cb242525e9e734c4c" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.3.6" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.4.5" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0517", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0518.json b/data/osv/GO-2022-0518.json new file mode 100644 index 000000000..1b6eff7cb --- /dev/null +++ b/data/osv/GO-2022-0518.json @@ -0,0 +1,85 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0518", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-31105", + "GHSA-7943-82jg-wmw5" + ], + "summary": "Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd", + "details": "Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd", + "affected": [ + { + "package": { + "name": "github.com/argoproj/argo-cd", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.4.0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/argoproj/argo-cd/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.2.11" + }, + { + "introduced": "2.3.0" + }, + { + "fixed": "2.3.6" + }, + { + "introduced": "2.4.0" + }, + { + "fixed": "2.4.5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31105" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.3.6" + }, + { + "type": "WEB", + "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.4.5" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0518", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0540.json b/data/osv/GO-2022-0540.json new file mode 100644 index 000000000..45450bf77 --- /dev/null +++ b/data/osv/GO-2022-0540.json @@ -0,0 +1,104 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0540", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-2401", + "GHSA-7ggc-5r84-xf54" + ], + "summary": "Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server", + "details": "Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v6", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "6.3.9" + }, + { + "introduced": "6.4.0" + }, + { + "fixed": "6.5.2" + }, + { + "introduced": "6.6.0" + }, + { + "fixed": "6.6.2" + }, + { + "introduced": "6.7.0" + }, + { + "fixed": "6.7.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-7ggc-5r84-xf54" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2401" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0540", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0547.json b/data/osv/GO-2022-0547.json new file mode 100644 index 000000000..cc53317eb --- /dev/null +++ b/data/osv/GO-2022-0547.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0547", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-2385", + "GHSA-pp3f-98qg-5g75" + ], + "summary": "aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9 in sigs.k8s.io/aws-iam-authenticator", + "details": "aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9 in sigs.k8s.io/aws-iam-authenticator", + "affected": [ + { + "package": { + "name": "sigs.k8s.io/aws-iam-authenticator", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.5.9" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-pp3f-98qg-5g75" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2385" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes-sigs/aws-iam-authenticator/commit/029d1dcf2ec8d662d9b1c21260bb197404bc8218" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes-sigs/aws-iam-authenticator/pull/469" + }, + { + "type": "WEB", + "url": "https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.9" + }, + { + "type": "WEB", + "url": "https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0547", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0550.json b/data/osv/GO-2022-0550.json new file mode 100644 index 000000000..9f08b8c63 --- /dev/null +++ b/data/osv/GO-2022-0550.json @@ -0,0 +1,73 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0550", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-4070", + "GHSA-4cxw-hq44-r344" + ], + "summary": "Off-by-one Error in v2fly/v2ray-core in github.com/v2fly/v2ray-core", + "details": "Off-by-one Error in v2fly/v2ray-core in github.com/v2fly/v2ray-core", + "affected": [ + { + "package": { + "name": "github.com/v2fly/v2ray-core", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/v2fly/v2ray-core/v4", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "4.44.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-4cxw-hq44-r344" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4070" + }, + { + "type": "FIX", + "url": "https://github.com/v2fly/v2ray-core/commit/c1af2bfd7aa59a4482aa7f6ec4b9208c1d350b5c" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/8da19456-4d89-41ef-9781-a41efd6a1877" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0550", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0554.json b/data/osv/GO-2022-0554.json new file mode 100644 index 000000000..58b891344 --- /dev/null +++ b/data/osv/GO-2022-0554.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0554", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-0415", + "GHSA-5gjh-5j4f-cpwv" + ], + "summary": "Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs", + "details": "Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs", + "affected": [ + { + "package": { + "name": "gogs.io/gogs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.12.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gogs/gogs/security/advisories/GHSA-5gjh-5j4f-cpwv" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0415" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/issues/6833" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/pull/6838" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0554", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0556.json b/data/osv/GO-2022-0556.json new file mode 100644 index 000000000..ef57a5fb0 --- /dev/null +++ b/data/osv/GO-2022-0556.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0556", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-1986", + "GHSA-67mx-jc2f-jgjm" + ], + "summary": "OS Command Injection in file editor in Gogs in gogs.io/gogs", + "details": "OS Command Injection in file editor in Gogs in gogs.io/gogs", + "affected": [ + { + "package": { + "name": "gogs.io/gogs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.12.9" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gogs/gogs/security/advisories/GHSA-67mx-jc2f-jgjm" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1986" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0556", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0559.json b/data/osv/GO-2022-0559.json new file mode 100644 index 000000000..c31ae0e43 --- /dev/null +++ b/data/osv/GO-2022-0559.json @@ -0,0 +1,76 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0559", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2021-38698", + "GHSA-6hw5-6gcx-phmw" + ], + "summary": "HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul", + "details": "HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/consul", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.8.15" + }, + { + "introduced": "1.9.0" + }, + { + "fixed": "1.9.9" + }, + { + "introduced": "1.10.1" + }, + { + "fixed": "1.10.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-6hw5-6gcx-phmw" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38698" + }, + { + "type": "FIX", + "url": "https://github.com/hashicorp/consul/pull/10824" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026" + }, + { + "type": "WEB", + "url": "https://security.gentoo.org/glsa/202208-09" + }, + { + "type": "WEB", + "url": "https://www.hashicorp.com/blog/category/consul" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0559", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0560.json b/data/osv/GO-2022-0560.json new file mode 100644 index 000000000..584af11f0 --- /dev/null +++ b/data/osv/GO-2022-0560.json @@ -0,0 +1,72 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0560", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-24684", + "GHSA-6jm6-cmcp-fqjq" + ], + "summary": "Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad", + "details": "Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad", + "affected": [ + { + "package": { + "name": "github.com/hashicorp/nomad", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.9.0" + }, + { + "fixed": "1.0.18" + }, + { + "introduced": "1.1.0" + }, + { + "fixed": "1.1.12" + }, + { + "introduced": "1.2.0" + }, + { + "fixed": "1.2.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-6jm6-cmcp-fqjq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24684" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers" + }, + { + "type": "WEB", + "url": "https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20220318-0008" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0560", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0561.json b/data/osv/GO-2022-0561.json new file mode 100644 index 000000000..8cd3fef10 --- /dev/null +++ b/data/osv/GO-2022-0561.json @@ -0,0 +1,62 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0561", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-0664", + "GHSA-6rrw-4fm9-rghv" + ], + "summary": "Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker", + "details": "Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker", + "affected": [ + { + "package": { + "name": "github.com/gravitl/netmaker", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.8.5" + }, + { + "introduced": "0.9.0" + }, + { + "fixed": "0.9.4" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-6rrw-4fm9-rghv" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0664" + }, + { + "type": "FIX", + "url": "https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0561", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0562.json b/data/osv/GO-2022-0562.json new file mode 100644 index 000000000..c39939dd8 --- /dev/null +++ b/data/osv/GO-2022-0562.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0562", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-1993", + "GHSA-6vcc-v9vw-g2x5" + ], + "summary": "Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs", + "details": "Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs", + "affected": [ + { + "package": { + "name": "gogs.io/gogs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.12.9" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gogs/gogs/security/advisories/GHSA-6vcc-v9vw-g2x5" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1993" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/issues/7002" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0562", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0566.json b/data/osv/GO-2022-0566.json new file mode 100644 index 000000000..bed0766a2 --- /dev/null +++ b/data/osv/GO-2022-0566.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0566", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-0870", + "GHSA-7v5r-r995-q2x2" + ], + "summary": "SSRF in repository migration in gogs.io/gogs", + "details": "SSRF in repository migration in gogs.io/gogs", + "affected": [ + { + "package": { + "name": "gogs.io/gogs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.12.5" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-7v5r-r995-q2x2" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0870" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0566", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-0570.json b/data/osv/GO-2022-0570.json new file mode 100644 index 000000000..165ce8dd6 --- /dev/null +++ b/data/osv/GO-2022-0570.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-0570", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-1992", + "GHSA-994f-7g86-qr56" + ], + "summary": "Path Traversal in file editor on Windows in Gogs in gogs.io/gogs", + "details": "Path Traversal in file editor on Windows in Gogs in gogs.io/gogs", + "affected": [ + { + "package": { + "name": "gogs.io/gogs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.12.9" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gogs/gogs/security/advisories/GHSA-994f-7g86-qr56" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1992" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0570", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2022-0507.yaml b/data/reports/GO-2022-0507.yaml new file mode 100644 index 000000000..353436610 --- /dev/null +++ b/data/reports/GO-2022-0507.yaml @@ -0,0 +1,26 @@ +id: GO-2022-0507 +modules: + - module: github.com/kubeedge/kubeedge + versions: + - fixed: 1.9.4 + - introduced: 1.10.0 + - fixed: 1.10.2 + - introduced: 1.11.0 + - fixed: 1.11.1 + vulnerable_at: 1.11.0 +summary: KubeEdge Edge ServiceBus module DoS in github.com/kubeedge/kubeedge +cves: + - CVE-2022-31073 +ghsas: + - GHSA-vwm6-qc77-v2rh +references: + - advisory: https://github.com/kubeedge/kubeedge/security/advisories/GHSA-vwm6-qc77-v2rh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-31073 + - fix: https://github.com/kubeedge/kubeedge/pull/4038 + - fix: https://github.com/kubeedge/kubeedge/pull/4039 + - fix: https://github.com/kubeedge/kubeedge/pull/4042 +source: + id: GHSA-vwm6-qc77-v2rh + created: 2024-08-20T14:01:44.45657-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0508.yaml b/data/reports/GO-2022-0508.yaml new file mode 100644 index 000000000..87d242bde --- /dev/null +++ b/data/reports/GO-2022-0508.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0508 +modules: + - module: github.com/kubeedge/kubeedge + versions: + - fixed: 1.9.4 + - introduced: 1.10.0 + - fixed: 1.10.2 + - introduced: 1.11.0 + - fixed: 1.11.1 + vulnerable_at: 1.11.0 +summary: KubeEdge Cloud AdmissionController component DoS in github.com/kubeedge/kubeedge +cves: + - CVE-2022-31074 +ghsas: + - GHSA-w52j-3457-q9wr +references: + - advisory: https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-31074 +source: + id: GHSA-w52j-3457-q9wr + created: 2024-08-20T14:01:49.247414-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0509.yaml b/data/reports/GO-2022-0509.yaml new file mode 100644 index 000000000..74a447647 --- /dev/null +++ b/data/reports/GO-2022-0509.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0509 +modules: + - module: github.com/kubeedge/kubeedge + versions: + - fixed: 1.9.4 + - introduced: 1.10.0 + - fixed: 1.10.2 + - introduced: 1.11.0 + - fixed: 1.11.1 + vulnerable_at: 1.11.0 +summary: KubeEdge DoS when signing the CSR from EdgeCore in github.com/kubeedge/kubeedge +cves: + - CVE-2022-31075 +ghsas: + - GHSA-x3px-2p95-f6jr +references: + - advisory: https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-31075 +source: + id: GHSA-x3px-2p95-f6jr + created: 2024-08-20T14:01:52.082256-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0510.yaml b/data/reports/GO-2022-0510.yaml new file mode 100644 index 000000000..67b5da03a --- /dev/null +++ b/data/reports/GO-2022-0510.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0510 +modules: + - module: github.com/kubeedge/kubeedge + versions: + - fixed: 1.9.4 + - introduced: 1.10.0 + - fixed: 1.10.2 + - introduced: 1.11.0 + - fixed: 1.11.1 + vulnerable_at: 1.11.0 +summary: KubeEdge CloudCore Router memory exhaustion vulnerability in github.com/kubeedge/kubeedge +cves: + - CVE-2022-31078 +ghsas: + - GHSA-qpx3-9565-5xwm +references: + - advisory: https://github.com/kubeedge/kubeedge/security/advisories/GHSA-qpx3-9565-5xwm + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-31078 +source: + id: GHSA-qpx3-9565-5xwm + created: 2024-08-20T14:01:54.822293-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0511.yaml b/data/reports/GO-2022-0511.yaml new file mode 100644 index 000000000..cfa8f538f --- /dev/null +++ b/data/reports/GO-2022-0511.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0511 +modules: + - module: github.com/kubeedge/kubeedge + versions: + - fixed: 1.9.4 + - introduced: 1.10.0 + - fixed: 1.10.2 + - introduced: 1.11.0 + - fixed: 1.11.1 + vulnerable_at: 1.11.0 +summary: KubeEdge Cloud Stream and Edge Stream DoS from large stream message in github.com/kubeedge/kubeedge +cves: + - CVE-2022-31079 +ghsas: + - GHSA-wrcr-x4qj-j543 +references: + - advisory: https://github.com/kubeedge/kubeedge/security/advisories/GHSA-wrcr-x4qj-j543 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-31079 +source: + id: GHSA-wrcr-x4qj-j543 + created: 2024-08-20T14:01:57.732292-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0512.yaml b/data/reports/GO-2022-0512.yaml new file mode 100644 index 000000000..d71945689 --- /dev/null +++ b/data/reports/GO-2022-0512.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0512 +modules: + - module: github.com/kubeedge/kubeedge + versions: + - fixed: 1.9.4 + - introduced: 1.10.0 + - fixed: 1.10.2 + - introduced: 1.11.0 + - fixed: 1.11.1 + vulnerable_at: 1.11.0 +summary: DoS in KubeEdge's Websocket Client in package Viaduct in github.com/kubeedge/kubeedge +cves: + - CVE-2022-31080 +ghsas: + - GHSA-6wvc-6pww-qr4r +references: + - advisory: https://github.com/kubeedge/kubeedge/security/advisories/GHSA-6wvc-6pww-qr4r + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-31080 +source: + id: GHSA-6wvc-6pww-qr4r + created: 2024-08-20T14:02:00.757089-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0516.yaml b/data/reports/GO-2022-0516.yaml new file mode 100644 index 000000000..9a4c38beb --- /dev/null +++ b/data/reports/GO-2022-0516.yaml @@ -0,0 +1,39 @@ +id: GO-2022-0516 +modules: + - module: github.com/argoproj/argo-cd + versions: + - introduced: 0.5.0 + unsupported_versions: + - last_affected: 1.8.7 + vulnerable_at: 1.8.6 + - module: github.com/argoproj/argo-cd/v2 + versions: + - fixed: 2.1.14 + - introduced: 2.2.0 + - fixed: 2.2.8 + - introduced: 2.3.0 + - fixed: 2.3.2 + vulnerable_at: 2.3.1 +summary: |- + Argo CD improper access control bug can allow malicious user to escalate + privileges to admin level in github.com/argoproj/argo-cd +cves: + - CVE-2022-1025 +ghsas: + - GHSA-96jv-vj39-x4j6 +references: + - advisory: https://github.com/advisories/GHSA-96jv-vj39-x4j6 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-1025 + - fix: https://github.com/argoproj/argo-cd/commit/af03b291d4b7e9d3ce9a6580ae9c8141af0e05cf + - web: https://access.redhat.com/errata/RHSA-2022:1039 + - web: https://access.redhat.com/errata/RHSA-2022:1040 + - web: https://access.redhat.com/errata/RHSA-2022:1041 + - web: https://access.redhat.com/errata/RHSA-2022:1042 + - web: https://access.redhat.com/security/cve/CVE-2022-1025 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=2064682 + - web: https://github.com/argoproj/argo-cd/security/advisories/GHSA-2f5v-8r3f-8pww +source: + id: GHSA-96jv-vj39-x4j6 + created: 2024-08-20T14:02:04.095506-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0517.yaml b/data/reports/GO-2022-0517.yaml new file mode 100644 index 000000000..9e265c329 --- /dev/null +++ b/data/reports/GO-2022-0517.yaml @@ -0,0 +1,28 @@ +id: GO-2022-0517 +modules: + - module: github.com/argoproj/argo-cd + vulnerable_at: 1.8.6 + - module: github.com/argoproj/argo-cd/v2 + versions: + - introduced: 2.3.0 + - fixed: 2.3.6 + - introduced: 2.4.0 + - fixed: 2.4.5 + vulnerable_at: 2.4.4 +summary: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd +cves: + - CVE-2022-31102 +ghsas: + - GHSA-pmjg-52h9-72qv +references: + - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-pmjg-52h9-72qv + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-31102 + - fix: https://github.com/argoproj/argo-cd/commit/3800a1e49d1d5a00a6692fee83396a37a6abe89a + - fix: https://github.com/argoproj/argo-cd/commit/8d5119b1e3038a2c1d8b651cb242525e9e734c4c + - web: https://github.com/argoproj/argo-cd/releases/tag/v2.3.6 + - web: https://github.com/argoproj/argo-cd/releases/tag/v2.4.5 +source: + id: GHSA-pmjg-52h9-72qv + created: 2024-08-20T14:02:10.709772-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0518.yaml b/data/reports/GO-2022-0518.yaml new file mode 100644 index 000000000..3214b6204 --- /dev/null +++ b/data/reports/GO-2022-0518.yaml @@ -0,0 +1,29 @@ +id: GO-2022-0518 +modules: + - module: github.com/argoproj/argo-cd + versions: + - introduced: 0.4.0 + vulnerable_at: 1.8.6 + - module: github.com/argoproj/argo-cd/v2 + versions: + - fixed: 2.2.11 + - introduced: 2.3.0 + - fixed: 2.3.6 + - introduced: 2.4.0 + - fixed: 2.4.5 + vulnerable_at: 2.4.4 +summary: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd +cves: + - CVE-2022-31105 +ghsas: + - GHSA-7943-82jg-wmw5 +references: + - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-31105 + - web: https://github.com/argoproj/argo-cd/releases/tag/v2.3.6 + - web: https://github.com/argoproj/argo-cd/releases/tag/v2.4.5 +source: + id: GHSA-7943-82jg-wmw5 + created: 2024-08-20T14:02:15.698222-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0540.yaml b/data/reports/GO-2022-0540.yaml new file mode 100644 index 000000000..9213a1047 --- /dev/null +++ b/data/reports/GO-2022-0540.yaml @@ -0,0 +1,30 @@ +id: GO-2022-0540 +modules: + - module: github.com/mattermost/mattermost-server + vulnerable_at: 9.11.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + vulnerable_at: 5.39.3 + - module: github.com/mattermost/mattermost-server/v6 + versions: + - fixed: 6.3.9 + - introduced: 6.4.0 + - fixed: 6.5.2 + - introduced: 6.6.0 + - fixed: 6.6.2 + - introduced: 6.7.0 + - fixed: 6.7.1 + vulnerable_at: 6.7.0 +summary: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server +cves: + - CVE-2022-2401 +ghsas: + - GHSA-7ggc-5r84-xf54 +references: + - advisory: https://github.com/advisories/GHSA-7ggc-5r84-xf54 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-2401 + - web: https://mattermost.com/security-updates +source: + id: GHSA-7ggc-5r84-xf54 + created: 2024-08-20T14:02:19.352638-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0547.yaml b/data/reports/GO-2022-0547.yaml new file mode 100644 index 000000000..adf46bbd6 --- /dev/null +++ b/data/reports/GO-2022-0547.yaml @@ -0,0 +1,26 @@ +id: GO-2022-0547 +modules: + - module: sigs.k8s.io/aws-iam-authenticator + versions: + - fixed: 0.5.9 + vulnerable_at: 0.5.8 +summary: |- + aws-iam-authenticator allow-listed IAM identity may be able to modify their + username, escalate privileges before v0.5.9 in sigs.k8s.io/aws-iam-authenticator +cves: + - CVE-2022-2385 +ghsas: + - GHSA-pp3f-98qg-5g75 +references: + - advisory: https://github.com/advisories/GHSA-pp3f-98qg-5g75 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-2385 + - web: https://github.com/kubernetes-sigs/aws-iam-authenticator/commit/029d1dcf2ec8d662d9b1c21260bb197404bc8218 + - web: https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472 + - web: https://github.com/kubernetes-sigs/aws-iam-authenticator/pull/469 + - web: https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.9 + - web: https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs +source: + id: GHSA-pp3f-98qg-5g75 + created: 2024-08-20T14:02:47.101293-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0550.yaml b/data/reports/GO-2022-0550.yaml new file mode 100644 index 000000000..9ac08be83 --- /dev/null +++ b/data/reports/GO-2022-0550.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0550 +modules: + - module: github.com/v2fly/v2ray-core + vulnerable_at: 3.50.2+incompatible + - module: github.com/v2fly/v2ray-core/v4 + versions: + - fixed: 4.44.0 + vulnerable_at: 4.43.0 +summary: Off-by-one Error in v2fly/v2ray-core in github.com/v2fly/v2ray-core +cves: + - CVE-2021-4070 +ghsas: + - GHSA-4cxw-hq44-r344 +references: + - advisory: https://github.com/advisories/GHSA-4cxw-hq44-r344 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-4070 + - fix: https://github.com/v2fly/v2ray-core/commit/c1af2bfd7aa59a4482aa7f6ec4b9208c1d350b5c + - web: https://huntr.dev/bounties/8da19456-4d89-41ef-9781-a41efd6a1877 +source: + id: GHSA-4cxw-hq44-r344 + created: 2024-08-20T14:03:33.859128-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0554.yaml b/data/reports/GO-2022-0554.yaml new file mode 100644 index 000000000..1fdb7f59c --- /dev/null +++ b/data/reports/GO-2022-0554.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0554 +modules: + - module: gogs.io/gogs + versions: + - fixed: 0.12.6 + vulnerable_at: 0.12.6-rc.1 +summary: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs +cves: + - CVE-2022-0415 +ghsas: + - GHSA-5gjh-5j4f-cpwv +references: + - advisory: https://github.com/gogs/gogs/security/advisories/GHSA-5gjh-5j4f-cpwv + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-0415 + - web: https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284 + - web: https://github.com/gogs/gogs/issues/6833 + - web: https://github.com/gogs/gogs/pull/6838 + - web: https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902 +source: + id: GHSA-5gjh-5j4f-cpwv + created: 2024-08-20T14:03:54.80236-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0556.yaml b/data/reports/GO-2022-0556.yaml new file mode 100644 index 000000000..719a3ecfd --- /dev/null +++ b/data/reports/GO-2022-0556.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0556 +modules: + - module: gogs.io/gogs + versions: + - fixed: 0.12.9 + vulnerable_at: 0.12.9-rc.1 +summary: OS Command Injection in file editor in Gogs in gogs.io/gogs +cves: + - CVE-2022-1986 +ghsas: + - GHSA-67mx-jc2f-jgjm +references: + - advisory: https://github.com/gogs/gogs/security/advisories/GHSA-67mx-jc2f-jgjm + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-1986 + - web: https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129 + - web: https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82 + - web: https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930 +source: + id: GHSA-67mx-jc2f-jgjm + created: 2024-08-20T14:04:03.84259-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0559.yaml b/data/reports/GO-2022-0559.yaml new file mode 100644 index 000000000..aea223eab --- /dev/null +++ b/data/reports/GO-2022-0559.yaml @@ -0,0 +1,30 @@ +id: GO-2022-0559 +modules: + - module: github.com/hashicorp/consul + versions: + - fixed: 1.8.15 + - introduced: 1.9.0 + - fixed: 1.9.9 + - introduced: 1.10.1 + - fixed: 1.10.2 + vulnerable_at: 1.10.1 +summary: |- + HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed + services to register proxies for other services, enabling access to service + traffic. in github.com/hashicorp/consul +cves: + - CVE-2021-38698 +ghsas: + - GHSA-6hw5-6gcx-phmw +references: + - advisory: https://github.com/advisories/GHSA-6hw5-6gcx-phmw + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-38698 + - fix: https://github.com/hashicorp/consul/pull/10824 + - web: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 + - web: https://security.gentoo.org/glsa/202208-09 + - web: https://www.hashicorp.com/blog/category/consul +source: + id: GHSA-6hw5-6gcx-phmw + created: 2024-08-20T14:04:08.33236-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0560.yaml b/data/reports/GO-2022-0560.yaml new file mode 100644 index 000000000..6bdee490b --- /dev/null +++ b/data/reports/GO-2022-0560.yaml @@ -0,0 +1,27 @@ +id: GO-2022-0560 +modules: + - module: github.com/hashicorp/nomad + versions: + - introduced: 0.9.0 + - fixed: 1.0.18 + - introduced: 1.1.0 + - fixed: 1.1.12 + - introduced: 1.2.0 + - fixed: 1.2.6 + vulnerable_at: 1.2.5 +summary: Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad +cves: + - CVE-2022-24684 +ghsas: + - GHSA-6jm6-cmcp-fqjq +references: + - advisory: https://github.com/advisories/GHSA-6jm6-cmcp-fqjq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-24684 + - web: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers + - web: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562 + - web: https://security.netapp.com/advisory/ntap-20220318-0008 +source: + id: GHSA-6jm6-cmcp-fqjq + created: 2024-08-20T14:04:15.437511-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0561.yaml b/data/reports/GO-2022-0561.yaml new file mode 100644 index 000000000..482ee09a6 --- /dev/null +++ b/data/reports/GO-2022-0561.yaml @@ -0,0 +1,23 @@ +id: GO-2022-0561 +modules: + - module: github.com/gravitl/netmaker + versions: + - fixed: 0.8.5 + - introduced: 0.9.0 + - fixed: 0.9.4 + vulnerable_at: 0.9.3 +summary: Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker +cves: + - CVE-2022-0664 +ghsas: + - GHSA-6rrw-4fm9-rghv +references: + - advisory: https://github.com/advisories/GHSA-6rrw-4fm9-rghv + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-0664 + - fix: https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf + - web: https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac +source: + id: GHSA-6rrw-4fm9-rghv + created: 2024-08-20T14:04:19.891114-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-0562.yaml b/data/reports/GO-2022-0562.yaml new file mode 100644 index 000000000..3de95d746 --- /dev/null +++ b/data/reports/GO-2022-0562.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0562 +modules: + - module: gogs.io/gogs + versions: + - fixed: 0.12.9 + vulnerable_at: 0.12.9-rc.1 +summary: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs +cves: + - CVE-2022-1993 +ghsas: + - GHSA-6vcc-v9vw-g2x5 +references: + - advisory: https://github.com/gogs/gogs/security/advisories/GHSA-6vcc-v9vw-g2x5 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-1993 + - web: https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf + - web: https://github.com/gogs/gogs/issues/7002 + - web: https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d +source: + id: GHSA-6vcc-v9vw-g2x5 + created: 2024-08-20T14:04:23.558566-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0566.yaml b/data/reports/GO-2022-0566.yaml new file mode 100644 index 000000000..319ead50a --- /dev/null +++ b/data/reports/GO-2022-0566.yaml @@ -0,0 +1,21 @@ +id: GO-2022-0566 +modules: + - module: gogs.io/gogs + versions: + - fixed: 0.12.5 + vulnerable_at: 0.12.5-rc.1 +summary: SSRF in repository migration in gogs.io/gogs +cves: + - CVE-2022-0870 +ghsas: + - GHSA-7v5r-r995-q2x2 +references: + - advisory: https://github.com/advisories/GHSA-7v5r-r995-q2x2 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-0870 + - web: https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb + - web: https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531 +source: + id: GHSA-7v5r-r995-q2x2 + created: 2024-08-20T14:04:31.4516-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-0570.yaml b/data/reports/GO-2022-0570.yaml new file mode 100644 index 000000000..21085e3b6 --- /dev/null +++ b/data/reports/GO-2022-0570.yaml @@ -0,0 +1,22 @@ +id: GO-2022-0570 +modules: + - module: gogs.io/gogs + versions: + - fixed: 0.12.9 + vulnerable_at: 0.12.9-rc.1 +summary: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs +cves: + - CVE-2022-1992 +ghsas: + - GHSA-994f-7g86-qr56 +references: + - advisory: https://github.com/gogs/gogs/security/advisories/GHSA-994f-7g86-qr56 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-1992 + - web: https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129 + - web: https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0 + - web: https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab +source: + id: GHSA-994f-7g86-qr56 + created: 2024-08-20T14:04:44.449409-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE