x/vulndb: potential Go vuln in github.com/hpcng/singularity: GHSA-4x32-h296-rg6j

[GoVulnBot]

In GitHub Security Advisory GHSA-4x32-h296-rg6j, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hpcng/singularity		>= 2.3.0, <= 2.5.1

Cross references:

• Module github.com/hpcng/singularity appears in issue x/vulndb: potential Go vuln in github.com/hpcng/singularity: GHSA-jq42-hfch-42f3 #404 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/hpcng/singularity
      versions:
        - introduced: TODO (earliest fixed "", vuln range ">= 2.3.0, <= 2.5.1")
      vulnerable_at: 0.0.0-20221010175028-9dceb4240c12
      packages:
        - package: github.com/hpcng/singularity
summary: Singularity Incorrect Access Control
description: |-
    Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on
    systems supporting overlay file system. When using the overlay option, a
    malicious user may access sensitive information by exploiting a few specific
    Singularity features.
cves:
    - CVE-2018-12021
ghsas:
    - GHSA-4x32-h296-rg6j
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2018-12021
    - web: https://github.com/singularityware/singularity/releases/tag/2.5.2
    - web: http://www.openwall.com/lists/oss-security/2019/05/16/1
    - advisory: https://github.com/advisories/GHSA-4x32-h296-rg6j

[gopherbot]

Change https://go.dev/cl/514636 mentions this issue: data/excluded: batch add 31 excluded reports

[gopherbot]

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports