x/vulndb: potential Go vuln in github.com/pydio/cells: GHSA-mv7x-27pc-8c96

[GoVulnBot]

In GitHub Security Advisory GHSA-mv7x-27pc-8c96, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/pydio/cells	4.2.1	< 4.2.1

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/pydio/cells
    versions:
      - fixed: 4.2.1
    packages:
      - package: github.com/pydio/cells
summary: Go package pydio/cells vulnerable to authorization bypass
description: A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been
    rated as problematic. Affected by this issue is some unknown functionality of
    the component Change Subscription Handler. The manipulation leads to authorization
    bypass. Upgrading to version 4.2.1 is able to address this issue. It is recommended
    to upgrade the affected component. VDB-230210 is the identifier assigned to this
    vulnerability.
cves:
  - CVE-2023-2978
ghsas:
  - GHSA-mv7x-27pc-8c96
references:
  - web: https://nvd.nist.gov/vuln/detail/CVE-2023-2978
  - web: https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421
  - web: https://vuldb.com/?ctiid.230210
  - web: https://vuldb.com/?id.230210
  - advisory: https://github.com/advisories/GHSA-mv7x-27pc-8c96

[gopherbot]

Change https://go.dev/cl/501842 mentions this issue: data/excluded: batch add 15 excluded reports

[gopherbot]

Change https://go.dev/cl/592761 mentions this issue: data/reports: unexclude 75 reports

[gopherbot]

Change https://go.dev/cl/606786 mentions this issue: data/reports: unexclude 20 reports (6)