x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-39907

[GoVulnBot]

Advisory CVE-2024-39907 references a vulnerability in the following Go modules:

Module
github.com/1Panel-dev/1Panel

Description:
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-39907
• WEB: GHSA-5grx-v727-qmq6

Cross references:

• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-36457 #1887 NOT_IMPORTABLE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-36458 #1888 EFFECTIVELY_PRIVATE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-37477 #1940 EFFECTIVELY_PRIVATE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-39964 #2004 EFFECTIVELY_PRIVATE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-39965 #2005 EFFECTIVELY_PRIVATE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-39966 #2006 EFFECTIVELY_PRIVATE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-24768 #2531
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: GHSA-26w3-q4j8-4xjp #2613
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: GHSA-x2vg-5wrf-vj6v #2636
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-30257 #2734
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-34352 #2830

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/1Panel-dev/1Panel
      vulnerable_at: 1.9.6
summary: CVE-2024-39907 in github.com/1Panel-dev/1Panel
cves:
    - CVE-2024-39907
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39907
    - web: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6
source:
    id: CVE-2024-39907
    created: 2024-07-18T17:01:20.291747321Z
review_status: UNREVIEWED

[tatianab]

Duplicate of #2990