data/reports: unexclude 20 reports (26)

- data/reports/GO-2022-0887.yaml - data/reports/GO-2022-0888.yaml - data/reports/GO-2022-0889.yaml - data/reports/GO-2022-0890.yaml - data/reports/GO-2022-0892.yaml - data/reports/GO-2022-0893.yaml - data/reports/GO-2022-0894.yaml - data/reports/GO-2022-0895.yaml - data/reports/GO-2022-0903.yaml - data/reports/GO-2022-0905.yaml - data/reports/GO-2022-0906.yaml - data/reports/GO-2022-0907.yaml - data/reports/GO-2022-0908.yaml - data/reports/GO-2022-0910.yaml - data/reports/GO-2022-0912.yaml - data/reports/GO-2022-0914.yaml - data/reports/GO-2022-0915.yaml - data/reports/GO-2022-0919.yaml - data/reports/GO-2022-0920.yaml - data/reports/GO-2022-0921.yaml Updates #887 Updates #888 Updates #889 Updates #890 Updates #892 Updates #893 Updates #894 Updates #895 Updates #903 Updates #905 Updates #906 Updates #907 Updates #908 Updates #910 Updates #912 Updates #914 Updates #915 Updates #919 Updates #920 Updates #921 Change-Id: I6d9c7aaa7d687d3c0aaa5797012853825c9ab22f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607228 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]>
golang · Aug 21, 2024 · 81d1655 · 81d1655
1 parent 91b6914
commit 81d1655
Show file tree

Hide file tree

Showing 60 changed files with 1,837 additions and 162 deletions.
diff --git a/data/excluded/GO-2022-0887.yaml b/data/excluded/GO-2022-0887.yaml
diff --git a/data/excluded/GO-2022-0888.yaml b/data/excluded/GO-2022-0888.yaml
diff --git a/data/excluded/GO-2022-0889.yaml b/data/excluded/GO-2022-0889.yaml
diff --git a/data/excluded/GO-2022-0890.yaml b/data/excluded/GO-2022-0890.yaml
diff --git a/data/excluded/GO-2022-0892.yaml b/data/excluded/GO-2022-0892.yaml
diff --git a/data/excluded/GO-2022-0893.yaml b/data/excluded/GO-2022-0893.yaml
diff --git a/data/excluded/GO-2022-0894.yaml b/data/excluded/GO-2022-0894.yaml
diff --git a/data/excluded/GO-2022-0895.yaml b/data/excluded/GO-2022-0895.yaml
diff --git a/data/excluded/GO-2022-0903.yaml b/data/excluded/GO-2022-0903.yaml
diff --git a/data/excluded/GO-2022-0905.yaml b/data/excluded/GO-2022-0905.yaml
diff --git a/data/excluded/GO-2022-0906.yaml b/data/excluded/GO-2022-0906.yaml
diff --git a/data/excluded/GO-2022-0907.yaml b/data/excluded/GO-2022-0907.yaml
diff --git a/data/excluded/GO-2022-0908.yaml b/data/excluded/GO-2022-0908.yaml
diff --git a/data/excluded/GO-2022-0910.yaml b/data/excluded/GO-2022-0910.yaml
diff --git a/data/excluded/GO-2022-0912.yaml b/data/excluded/GO-2022-0912.yaml
diff --git a/data/excluded/GO-2022-0914.yaml b/data/excluded/GO-2022-0914.yaml
diff --git a/data/excluded/GO-2022-0915.yaml b/data/excluded/GO-2022-0915.yaml
diff --git a/data/excluded/GO-2022-0919.yaml b/data/excluded/GO-2022-0919.yaml
diff --git a/data/excluded/GO-2022-0920.yaml b/data/excluded/GO-2022-0920.yaml
diff --git a/data/excluded/GO-2022-0921.yaml b/data/excluded/GO-2022-0921.yaml
diff --git a/data/osv/GO-2022-0887.json b/data/osv/GO-2022-0887.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0887",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2017-14623",
+    "GHSA-x27w-qxhg-343v"
+  ],
+  "summary": "Access Restriction Bypass in go-ldap in github.com/go-ldap/ldap",
+  "details": "Access Restriction Bypass in go-ldap in github.com/go-ldap/ldap",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/go-ldap/ldap",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.5.0+incompatible"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-x27w-qxhg-343v"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14623"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/go-ldap/ldap/pull/126"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0887",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2022-0888.json b/data/osv/GO-2022-0888.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0888",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2021-21404",
+    "GHSA-x462-89pf-6r5h"
+  ],
+  "summary": "Crash due to malformed relay protocol message in github.com/syncthing/syncthing",
+  "details": "Crash due to malformed relay protocol message in github.com/syncthing/syncthing",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/syncthing/syncthing",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.15.0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21404"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/syncthing/syncthing/releases/tag/v1.15.0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/github.com/syncthing/syncthing"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0888",
+    "review_status": "UNREVIEWED"
+  }
+}
diff --git a/data/osv/GO-2022-0889.json b/data/osv/GO-2022-0889.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0889",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2021-25835",
+    "GHSA-x5f3-qmwj-4f84"
+  ],
+  "summary": "Authentication bypass by capture-replay in github.com/cosmos/ethermint",
+  "details": "Authentication bypass by capture-replay in github.com/cosmos/ethermint",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/cosmos/ethermint",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.4.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-x5f3-qmwj-4f84"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25835"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/cosmos/ethermint/pull/692"
+    },
+    {
+      "type": "REPORT",
+      "url": "https://github.com/cosmos/ethermint/issues/687"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cosmos/ethermint/releases/tag/v0.4.1"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0889",
+    "review_status": "UNREVIEWED"
+  }
+}