data/reports: regenerate 50 reports

- data/reports/GO-2024-2642.yaml - data/reports/GO-2024-2644.yaml - data/reports/GO-2024-2645.yaml - data/reports/GO-2024-2664.yaml - data/reports/GO-2024-2665.yaml - data/reports/GO-2024-2675.yaml - data/reports/GO-2024-2684.yaml - data/reports/GO-2024-2690.yaml - data/reports/GO-2024-2697.yaml - data/reports/GO-2024-2704.yaml - data/reports/GO-2024-2707.yaml - data/reports/GO-2024-2718.yaml - data/reports/GO-2024-2719.yaml - data/reports/GO-2024-2728.yaml - data/reports/GO-2024-2741.yaml - data/reports/GO-2024-2752.yaml - data/reports/GO-2024-2757.yaml - data/reports/GO-2024-2769.yaml - data/reports/GO-2024-2792.yaml - data/reports/GO-2024-2801.yaml - data/reports/GO-2024-2815.yaml - data/reports/GO-2024-2843.yaml - data/reports/GO-2024-2844.yaml - data/reports/GO-2024-2847.yaml - data/reports/GO-2024-2848.yaml - data/reports/GO-2024-2851.yaml - data/reports/GO-2024-2852.yaml - data/reports/GO-2024-2854.yaml - data/reports/GO-2024-2855.yaml - data/reports/GO-2024-2856.yaml - data/reports/GO-2024-2857.yaml - data/reports/GO-2024-2858.yaml - data/reports/GO-2024-2866.yaml - data/reports/GO-2024-2867.yaml - data/reports/GO-2024-2877.yaml - data/reports/GO-2024-2886.yaml - data/reports/GO-2024-2891.yaml - data/reports/GO-2024-2898.yaml - data/reports/GO-2024-2901.yaml - data/reports/GO-2024-2902.yaml - data/reports/GO-2024-2905.yaml - data/reports/GO-2024-2911.yaml - data/reports/GO-2024-2917.yaml - data/reports/GO-2024-2919.yaml - data/reports/GO-2024-2922.yaml - data/reports/GO-2024-2939.yaml - data/reports/GO-2024-2941.yaml - data/reports/GO-2024-2972.yaml - data/reports/GO-2024-2981.yaml - data/reports/GO-2024-2987.yaml Updates #2642 Updates #2644 Updates #2645 Updates #2664 Updates #2665 Updates #2675 Updates #2684 Updates #2690 Updates #2697 Updates #2704 Updates #2707 Updates #2718 Updates #2719 Updates #2728 Updates #2741 Updates #2752 Updates #2757 Updates #2769 Updates #2792 Updates #2801 Updates #2815 Updates #2843 Updates #2844 Updates #2847 Updates #2848 Updates #2851 Updates #2852 Updates #2854 Updates #2855 Updates #2856 Updates #2857 Updates #2858 Updates #2866 Updates #2867 Updates #2877 Updates #2886 Updates #2891 Updates #2898 Updates #2901 Updates #2902 Updates #2905 Updates #2911 Updates #2917 Updates #2919 Updates #2922 Updates #2939 Updates #2941 Updates #2972 Updates #2981 Updates #2987 Change-Id: I2dff127628eabc7c25afa4020c15a4d35a46a2c4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606359 LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]>
golang · Aug 19, 2024 · 4c06ac4 · 4c06ac4
1 parent 08b42c7
commit 4c06ac4
Show file tree

Hide file tree

Showing 62 changed files with 170 additions and 168 deletions.
diff --git a/data/osv/GO-2024-2741.json b/data/osv/GO-2024-2741.json
@@ -4,10 +4,11 @@
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2024-31450"
+    "CVE-2024-31450",
+    "GHSA-9355-27m8-h74v"
   ],
-  "summary": "Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277) in github.com/owncast/owncast",
-  "details": "Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277) in github.com/owncast/owncast",
+  "summary": "Owncast Path Traversal vulnerability in github.com/owncast/owncast",
+  "details": "Owncast Path Traversal vulnerability in github.com/owncast/owncast",
   "affected": [
     {
       "package": {
@@ -31,10 +32,18 @@
     }
   ],
   "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-9355-27m8-h74v"
+    },
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31450"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://securitylab.github.com/advisories/GHSL-2023-277_Owncast"
+    },
     {
       "type": "FIX",
       "url": "https://github.com/owncast/owncast/commit/1b14800c7d7f54be14ed4d130bfe7f480645076e"
@@ -46,10 +55,6 @@
     {
       "type": "WEB",
       "url": "https://github.com/owncast/owncast/releases/tag/v0.1.3"
-    },
-    {
-      "type": "WEB",
-      "url": "https://securitylab.github.com/advisories/GHSL-2023-277_Owncast/"
     }
   ],
   "database_specific": {

diff --git a/data/osv/GO-2024-2769.json b/data/osv/GO-2024-2769.json
@@ -51,6 +51,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/go-gitea/gitea/pull/20196"
+    },
+    {
+      "type": "WEB",
+      "url": "https://herolab.usd.de/security-advisories/usd-2022-0015"
     }
   ],
   "database_specific": {

diff --git a/data/osv/GO-2024-2801.json b/data/osv/GO-2024-2801.json
@@ -8,7 +8,7 @@
     "GHSA-6362-gv4m-53ww"
   ],
   "summary": "Calico privilege escalation vulnerability in github.com/projectcalico/calico",
-  "details": "Calico privilege escalation vulnerability in github.com/projectcalico/calico.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/projectcalico/calico before v3.26.5, from v3.27.0 before v3.27.3.",
+  "details": "Calico privilege escalation vulnerability in github.com/projectcalico/calico.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/projectcalico/calico/v3 before v3.26.5, from v3.27.0 before v3.27.3.",
   "affected": [
     {
       "package": {
@@ -25,6 +25,23 @@
           ]
         }
       ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/projectcalico/calico/v3",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
       "ecosystem_specific": {
         "custom_ranges": [
           {

diff --git a/data/osv/GO-2024-2815.json b/data/osv/GO-2024-2815.json
@@ -7,9 +7,6 @@
     "CVE-2024-34068",
     "GHSA-qq22-jj8x-4wwv"
   ],
-  "related": [
-    "GHSA-6rg3-8h8x-5xfv"
-  ],
   "summary": "Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings",
   "details": "Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings",
   "affected": [

diff --git a/data/osv/GO-2024-2866.json b/data/osv/GO-2024-2866.json
@@ -55,6 +55,10 @@
       "type": "REPORT",
       "url": "https://github.com/submariner-io/submariner-operator/issues/3041"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:4591"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2024-5042"

diff --git a/data/osv/GO-2024-2891.json b/data/osv/GO-2024-2891.json
@@ -7,10 +7,6 @@
     "CVE-2024-32873",
     "GHSA-pxv8-qhrh-jc7v"
   ],
-  "related": [
-    "CVE-2024-37158",
-    "CVE-2024-37159"
-  ],
   "summary": "evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos",
   "details": "evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos",
   "affected": [
@@ -336,6 +332,14 @@
     {
       "type": "FIX",
       "url": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37158"
+    },
+    {
+      "type": "WEB",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37159"
     }
   ],
   "database_specific": {

diff --git a/data/osv/GO-2024-2901.json b/data/osv/GO-2024-2901.json
@@ -55,6 +55,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032"
     }
   ],
   "database_specific": {

diff --git a/data/osv/GO-2024-2905.json b/data/osv/GO-2024-2905.json
@@ -28,6 +28,22 @@
     }
   ],
   "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://access.redhat.com/errata/RHSA-2024:4151"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://access.redhat.com/errata/RHSA-2024:4156"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://access.redhat.com/errata/RHSA-2024:4329"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://access.redhat.com/errata/RHSA-2024:4484"
+    },
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5037"

diff --git a/data/osv/GO-2024-2919.json b/data/osv/GO-2024-2919.json
@@ -60,6 +60,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2024:3700"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:4008"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:4486"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2024-5154"

diff --git a/data/osv/GO-2024-2972.json b/data/osv/GO-2024-2972.json
@@ -37,6 +37,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39933"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/gogs/gogs/releases"
+    },
     {
       "type": "WEB",
       "url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1"

diff --git a/data/osv/GO-2024-2981.json b/data/osv/GO-2024-2981.json
@@ -34,7 +34,7 @@
   "references": [
     {
       "type": "ADVISORY",
-      "url": "https://github.com/openclarity/kubeclarity/security/advisories/GHSA-5248-h45p-9pgw"
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39909"
     },
     {
       "type": "WEB",

diff --git a/data/osv/GO-2024-2987.json b/data/osv/GO-2024-2987.json
@@ -44,6 +44,14 @@
       "type": "FIX",
       "url": "https://github.com/skupperproject/skupper/commit/d2cb3782e807853694ee66b6e3d4a1917485eb71"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:4865"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:4871"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2024-6535"

diff --git a/data/reports/GO-2024-2642.yaml b/data/reports/GO-2024-2642.yaml
@@ -15,5 +15,5 @@ references:
     - fix: https://github.com/pterodactyl/wings/commit/d1c0ca526007113a0f74f56eba99511b4e989287
 source:
     id: GHSA-494h-9924-xww9
-    created: 2024-05-17T16:14:39.536444-04:00
+    created: 2024-08-16T16:20:15.207291-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2644.yaml b/data/reports/GO-2024-2644.yaml
@@ -16,5 +16,5 @@ references:
     - fix: https://github.com/fluid-cloudnative/fluid/commit/e0184cff8790ad000c3e8943392c7f544fad7d66
 source:
     id: GHSA-wx8q-4gm9-rj2g
-    created: 2024-05-17T16:14:37.080903-04:00
+    created: 2024-08-16T16:20:19.628-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2645.yaml b/data/reports/GO-2024-2645.yaml
@@ -24,5 +24,5 @@ references:
     - web: https://docs.projectdiscovery.io/templates/workflows/overview
 source:
     id: GHSA-w5wx-6g2r-r78q
-    created: 2024-06-26T13:58:33.793233-04:00
+    created: 2024-08-16T16:20:23.793947-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2664.yaml b/data/reports/GO-2024-2664.yaml
@@ -33,5 +33,5 @@ references:
     - web: https://github.com/zitadel/zitadel/releases/tag/v2.48.3
 source:
     id: GHSA-gp8g-f42f-95q2
-    created: 2024-06-04T15:37:24.2634-04:00
+    created: 2024-08-16T16:20:28.404882-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2665.yaml b/data/reports/GO-2024-2665.yaml
@@ -35,5 +35,5 @@ references:
     - web: https://github.com/zitadel/zitadel/releases/tag/v2.48.3
 source:
     id: GHSA-hr5w-cwwq-2v4m
-    created: 2024-06-04T15:37:16.762486-04:00
+    created: 2024-08-16T16:20:34.214998-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2675.yaml b/data/reports/GO-2024-2675.yaml
@@ -17,5 +17,5 @@ references:
     - web: https://github.com/temporalio/ui-server/releases/tag/v2.25.0
 source:
     id: GHSA-8f25-w7qj-r7hc
-    created: 2024-06-26T13:58:51.59593-04:00
+    created: 2024-08-16T16:20:38.737583-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2684.yaml b/data/reports/GO-2024-2684.yaml
@@ -16,5 +16,5 @@ references:
     - web: https://github.com/CA17/TeamsACS/issues/26
 source:
     id: GHSA-hwvw-gh23-qpvq
-    created: 2024-06-06T16:16:42.764735-04:00
+    created: 2024-08-16T16:20:42.760133-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2690.yaml b/data/reports/GO-2024-2690.yaml
@@ -9,14 +9,12 @@ cves:
     - CVE-2024-2660
 ghsas:
     - GHSA-j2rp-gmqv-frhv
-unknown_aliases:
-    - BIT-vault-2024-2660
 references:
     - advisory: https://github.com/advisories/GHSA-j2rp-gmqv-frhv
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-2660
     - web: https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573
     - web: https://security.netapp.com/advisory/ntap-20240524-0007
 source:
     id: GHSA-j2rp-gmqv-frhv
-    created: 2024-06-26T13:59:09.265191-04:00
+    created: 2024-08-16T16:20:57.01244-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2697.yaml b/data/reports/GO-2024-2697.yaml
@@ -18,13 +18,11 @@ cves:
     - CVE-2024-1313
 ghsas:
     - GHSA-67rv-qpw2-6qrr
-unknown_aliases:
-    - BIT-grafana-2024-1313
 references:
     - advisory: https://github.com/grafana/bugbounty/security/advisories/GHSA-67rv-qpw2-6qrr
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1313
     - web: https://grafana.com/security/security-advisories/cve-2024-1313
 source:
     id: GHSA-67rv-qpw2-6qrr
-    created: 2024-06-04T15:31:16.41185-04:00
+    created: 2024-08-16T16:21:17.82198-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2704.yaml b/data/reports/GO-2024-2704.yaml
@@ -12,13 +12,11 @@ cves:
     - CVE-2023-3518
 ghsas:
     - GHSA-9rhf-q362-77mx
-unknown_aliases:
-    - BIT-consul-2023-3518
 references:
     - advisory: https://github.com/advisories/GHSA-9rhf-q362-77mx
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-3518
     - web: https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004
 source:
     id: GHSA-9rhf-q362-77mx
-    created: 2024-05-17T16:13:44.520242-04:00
+    created: 2024-08-16T16:26:30.299935-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2707.yaml b/data/reports/GO-2024-2707.yaml
@@ -1,27 +1,25 @@
 id: GO-2024-2707
 modules:
     - module: github.com/mattermost/mattermost-server
-      vulnerable_at: 9.9.0+incompatible
+      vulnerable_at: 9.11.0+incompatible
     - module: github.com/mattermost/mattermost-server/v5
       vulnerable_at: 5.39.3
     - module: github.com/mattermost/mattermost-server/v6
       vulnerable_at: 6.7.2
     - module: github.com/mattermost/mattermost/server/v8
       non_go_versions:
         - fixed: 8.1.11
-      vulnerable_at: 8.0.0-20240626145722-59998b0b8473
+      vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35
 summary: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
 cves:
     - CVE-2024-21848
 ghsas:
     - GHSA-xp9j-8p68-9q93
-unknown_aliases:
-    - CGA-w76m-mrwf-j7rf
 references:
     - advisory: https://github.com/advisories/GHSA-xp9j-8p68-9q93
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-21848
     - web: https://mattermost.com/security-updates
 source:
     id: GHSA-xp9j-8p68-9q93
-    created: 2024-06-26T14:00:29.455068-04:00
+    created: 2024-08-16T16:26:45.868718-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2718.yaml b/data/reports/GO-2024-2718.yaml
@@ -13,8 +13,6 @@ cves:
     - CVE-2024-29902
 ghsas:
     - GHSA-88jx-383q-w4qc
-unknown_aliases:
-    - BIT-cosign-2024-29902
 references:
     - advisory: https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-29902
@@ -24,5 +22,5 @@ references:
     - web: https://github.com/sigstore/cosign/releases/tag/v2.2.4
 source:
     id: GHSA-88jx-383q-w4qc
-    created: 2024-06-26T14:00:44.029803-04:00
+    created: 2024-08-16T16:27:02.130598-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2719.yaml b/data/reports/GO-2024-2719.yaml
@@ -13,8 +13,6 @@ cves:
     - CVE-2024-29903
 ghsas:
     - GHSA-95pr-fxf5-86gv
-unknown_aliases:
-    - BIT-cosign-2024-29903
 references:
     - advisory: https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-29903
@@ -24,5 +22,5 @@ references:
     - web: https://github.com/sigstore/cosign/releases/tag/v2.2.4
 source:
     id: GHSA-95pr-fxf5-86gv
-    created: 2024-06-26T14:00:49.329229-04:00
+    created: 2024-08-16T16:27:07.148334-04:00
 review_status: UNREVIEWED
diff --git a/data/reports/GO-2024-2728.yaml b/data/reports/GO-2024-2728.yaml
@@ -16,8 +16,6 @@ cves:
     - CVE-2024-31990
 ghsas:
     - GHSA-2gvw-w6fj-7m3c
-unknown_aliases:
-    - BIT-argo-cd-2024-31990
 references:
     - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-31990
@@ -26,5 +24,5 @@ references:
     - fix: https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17
 source:
     id: GHSA-2gvw-w6fj-7m3c
-    created: 2024-06-26T14:01:04.285149-04:00
+    created: 2024-08-16T16:27:22.05692-04:00
 review_status: UNREVIEWED