x/vulndb: potential Go vuln in github.com/prometheus/alertmanager: GHSA-v86x-5fm3-5p7j

[GoVulnBot]

In GitHub Security Advisory GHSA-v86x-5fm3-5p7j, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/prometheus/alertmanager	0.25.1	<= 0.25.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/prometheus/alertmanager
      versions:
        - introduced: TODO (earliest fixed "0.25.1", vuln range "<= 0.25.0")
      vulnerable_at: 0.25.0
      packages:
        - package: github.com/prometheus/alertmanager
summary: Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
description: |-
    ### Impact

    An attacker with the permission to perform POST requests on the /api/v1/alerts
    endpoint could be able to execute arbitrary JavaScript code on the users of
    Prometheus Alertmanager.

    ### Patches

    Users can upgrade to Alertmanager v0.2.51.

    ### Workarounds

    Users can setup a reverse proxy in front of the Alertmanager web server to
    forbid access to the /api/v1/alerts endpoint.

    ### References

    N/A
ghsas:
    - GHSA-v86x-5fm3-5p7j
references:
    - advisory: https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j
    - advisory: https://github.com/advisories/GHSA-v86x-5fm3-5p7j

[gopherbot]

Change https://go.dev/cl/527176 mentions this issue: data/excluded: batch add 14 excluded reports

[gopherbot]

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

[gopherbot]

Change https://go.dev/cl/606790 mentions this issue: data/reports: unexclude 20 reports (10)