x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-vw63-824v-qf2j #2910

tatianab · 2024-06-07T21:20:01Z

In GitHub Security Advisory GHSA-vw63-824v-qf2j, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/goharbor/harbor	2.10.2	>= 2.10.0, < 2.10.2

Cross references:

Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-q9x4-q76f-5h5j #704 EFFECTIVELY_PRIVATE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-33p6-fx42-7rf5 #781 NOT_IMPORTABLE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-38r5-34mr-mvm7 #785 NOT_IMPORTABLE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-jr34-mff8-pc6f #853 NOT_IMPORTABLE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-q6cj-6jvq-jwmh #863 NOT_IMPORTABLE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-rffr-c932-cpxv #876 NOT_IMPORTABLE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-w4x5-jqq4-qc8x #883 NOT_IMPORTABLE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31667, GHSA-xx9w-464f-7h6f #1009 EFFECTIVELY_PRIVATE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31669, GHSA-8c6p-v837-77f6 #1010 EFFECTIVELY_PRIVATE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31666, GHSA-jf8p-3vjh-pq94 #1011 EFFECTIVELY_PRIVATE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31670, GHSA-3637-v6vq-xqqw #1012 EFFECTIVELY_PRIVATE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2022-31671, GHSA-q76q-q8hw-hmpw #1013 EFFECTIVELY_PRIVATE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-mq6f-5xh5-hgcf #2109 EFFECTIVELY_PRIVATE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2019-16919 #2245 LEGACY_FALSE_POSITIVE
Module github.com/goharbor/harbor appears in issue x/vulndb: potential Go vuln in github.com/goharbor/harbor: CVE-2019-3990 #2256 LEGACY_FALSE_POSITIVE

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/goharbor/harbor
      versions:
        - fixed: 2.8.6+incompatible
        - introduced: 2.9.0+incompatible
          fixed: 2.9.4+incompatible
        - introduced: 2.10.0+incompatible
          fixed: 2.10.2+incompatible
      vulnerable_at: 2.10.2-rc1+incompatible
      packages:
        - package: github.com/goharbor/harbor
summary: SQL Injection in Harbor scan log API in github.com/goharbor/harbor
cves:
    - CVE-2024-22261
ghsas:
    - GHSA-vw63-824v-qf2j
references:
    - advisory: https://github.com/advisories/GHSA-vw63-824v-qf2j
    - advisory: https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j
source:
    id: GHSA-vw63-824v-qf2j
    created: 2024-06-07T17:20:00.604202-04:00
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-06-13T16:00:09Z

Change https://go.dev/cl/592456 mentions this issue: data/reports: add 19 unreviewed reports

tatianab · 2024-06-27T19:50:05Z

Duplicate of #2916

tatianab added NeedsTriage triaged and removed NeedsTriage labels Jun 7, 2024

tatianab added possible duplicate and removed possible duplicate labels Jun 13, 2024

tatianab removed the possible duplicate label Jun 27, 2024

tatianab marked this as a duplicate of #2916 Jun 27, 2024

tatianab closed this as completed Jun 27, 2024

tatianab added the duplicate label Jun 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-vw63-824v-qf2j #2910

x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-vw63-824v-qf2j #2910

tatianab commented Jun 7, 2024

gopherbot commented Jun 13, 2024

tatianab commented Jun 27, 2024

x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-vw63-824v-qf2j #2910

x/vulndb: potential Go vuln in github.com/goharbor/harbor: GHSA-vw63-824v-qf2j #2910

Comments

tatianab commented Jun 7, 2024

gopherbot commented Jun 13, 2024

tatianab commented Jun 27, 2024