Skip to content

Commit 1be2c0b

Browse files
tatianabgopherbot
tatianab
authored and
gopherbot
committed
data/reports: add 19 unreviewed reports
 - data/reports/GO-2024-3020.yaml - data/reports/GO-2024-3022.yaml - data/reports/GO-2024-3024.yaml - data/reports/GO-2024-3025.yaml - data/reports/GO-2024-3030.yaml - data/reports/GO-2024-3031.yaml - data/reports/GO-2024-3044.yaml - data/reports/GO-2024-3045.yaml - data/reports/GO-2024-3046.yaml - data/reports/GO-2024-3047.yaml - data/reports/GO-2024-3048.yaml - data/reports/GO-2024-3049.yaml - data/reports/GO-2024-3050.yaml - data/reports/GO-2024-3051.yaml - data/reports/GO-2024-3052.yaml - data/reports/GO-2024-3053.yaml - data/reports/GO-2024-3054.yaml - data/reports/GO-2024-3055.yaml - data/reports/GO-2024-3056.yaml Fixes #3020 Fixes #3022 Fixes #3024 Fixes #3025 Fixes #3030 Fixes #3031 Fixes #3044 Fixes #3045 Fixes #3046 Fixes #3047 Fixes #3048 Fixes #3049 Fixes #3050 Fixes #3051 Fixes #3052 Fixes #3053 Fixes #3054 Fixes #3055 Fixes #3056 Change-Id: I4acf1bbe85a209dd79a8549d6176fb33175d4356 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/603716 LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Zvonimir Pavlinovic <[email protected]>
1 parent 7162f20 commit 1be2c0b

38 files changed

+1996
-0
lines changed

data/osv/GO-2024-3020.json

+121
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,121 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3020",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-39832",
8+
"GHSA-762m-4cx6-6mf4"
9+
],
10+
"summary": "Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "9.5.0+incompatible"
24+
},
25+
{
26+
"fixed": "9.5.7+incompatible"
27+
},
28+
{
29+
"introduced": "9.7.0+incompatible"
30+
},
31+
{
32+
"fixed": "9.7.6+incompatible"
33+
},
34+
{
35+
"introduced": "9.8.0+incompatible"
36+
},
37+
{
38+
"fixed": "9.8.2+incompatible"
39+
},
40+
{
41+
"introduced": "9.9.0+incompatible"
42+
},
43+
{
44+
"fixed": "9.9.1+incompatible"
45+
}
46+
]
47+
}
48+
],
49+
"ecosystem_specific": {}
50+
},
51+
{
52+
"package": {
53+
"name": "github.com/mattermost/mattermost-server/v5",
54+
"ecosystem": "Go"
55+
},
56+
"ranges": [
57+
{
58+
"type": "SEMVER",
59+
"events": [
60+
{
61+
"introduced": "0"
62+
}
63+
]
64+
}
65+
],
66+
"ecosystem_specific": {}
67+
},
68+
{
69+
"package": {
70+
"name": "github.com/mattermost/mattermost-server/v6",
71+
"ecosystem": "Go"
72+
},
73+
"ranges": [
74+
{
75+
"type": "SEMVER",
76+
"events": [
77+
{
78+
"introduced": "0"
79+
}
80+
]
81+
}
82+
],
83+
"ecosystem_specific": {}
84+
},
85+
{
86+
"package": {
87+
"name": "github.com/mattermost/mattermost/server/v8",
88+
"ecosystem": "Go"
89+
},
90+
"ranges": [
91+
{
92+
"type": "SEMVER",
93+
"events": [
94+
{
95+
"introduced": "0"
96+
}
97+
]
98+
}
99+
],
100+
"ecosystem_specific": {}
101+
}
102+
],
103+
"references": [
104+
{
105+
"type": "ADVISORY",
106+
"url": "https://github.com/advisories/GHSA-762m-4cx6-6mf4"
107+
},
108+
{
109+
"type": "ADVISORY",
110+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39832"
111+
},
112+
{
113+
"type": "WEB",
114+
"url": "https://mattermost.com/security-updates"
115+
}
116+
],
117+
"database_specific": {
118+
"url": "https://pkg.go.dev/vuln/GO-2024-3020",
119+
"review_status": "UNREVIEWED"
120+
}
121+
}

data/osv/GO-2024-3022.json

+109
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,109 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3022",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-41926",
8+
"GHSA-9fpw-c9x7-cv3j"
9+
],
10+
"summary": "Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "9.5.0+incompatible"
24+
},
25+
{
26+
"fixed": "9.5.7+incompatible"
27+
},
28+
{
29+
"introduced": "9.9.0+incompatible"
30+
},
31+
{
32+
"fixed": "9.9.1+incompatible"
33+
}
34+
]
35+
}
36+
],
37+
"ecosystem_specific": {}
38+
},
39+
{
40+
"package": {
41+
"name": "github.com/mattermost/mattermost-server/v5",
42+
"ecosystem": "Go"
43+
},
44+
"ranges": [
45+
{
46+
"type": "SEMVER",
47+
"events": [
48+
{
49+
"introduced": "0"
50+
}
51+
]
52+
}
53+
],
54+
"ecosystem_specific": {}
55+
},
56+
{
57+
"package": {
58+
"name": "github.com/mattermost/mattermost-server/v6",
59+
"ecosystem": "Go"
60+
},
61+
"ranges": [
62+
{
63+
"type": "SEMVER",
64+
"events": [
65+
{
66+
"introduced": "0"
67+
}
68+
]
69+
}
70+
],
71+
"ecosystem_specific": {}
72+
},
73+
{
74+
"package": {
75+
"name": "github.com/mattermost/mattermost/server/v8",
76+
"ecosystem": "Go"
77+
},
78+
"ranges": [
79+
{
80+
"type": "SEMVER",
81+
"events": [
82+
{
83+
"introduced": "0"
84+
}
85+
]
86+
}
87+
],
88+
"ecosystem_specific": {}
89+
}
90+
],
91+
"references": [
92+
{
93+
"type": "ADVISORY",
94+
"url": "https://github.com/advisories/GHSA-9fpw-c9x7-cv3j"
95+
},
96+
{
97+
"type": "ADVISORY",
98+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41926"
99+
},
100+
{
101+
"type": "WEB",
102+
"url": "https://mattermost.com/security-updates"
103+
}
104+
],
105+
"database_specific": {
106+
"url": "https://pkg.go.dev/vuln/GO-2024-3022",
107+
"review_status": "UNREVIEWED"
108+
}
109+
}

data/osv/GO-2024-3024.json

+121
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,121 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3024",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-39839",
8+
"GHSA-vg6q-84p8-qvqh"
9+
],
10+
"summary": "Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "9.5.0+incompatible"
24+
},
25+
{
26+
"fixed": "9.5.7+incompatible"
27+
},
28+
{
29+
"introduced": "9.7.0+incompatible"
30+
},
31+
{
32+
"fixed": "9.7.6+incompatible"
33+
},
34+
{
35+
"introduced": "9.8.0+incompatible"
36+
},
37+
{
38+
"fixed": "9.8.2+incompatible"
39+
},
40+
{
41+
"introduced": "9.9.0+incompatible"
42+
},
43+
{
44+
"fixed": "9.9.1+incompatible"
45+
}
46+
]
47+
}
48+
],
49+
"ecosystem_specific": {}
50+
},
51+
{
52+
"package": {
53+
"name": "github.com/mattermost/mattermost-server/v5",
54+
"ecosystem": "Go"
55+
},
56+
"ranges": [
57+
{
58+
"type": "SEMVER",
59+
"events": [
60+
{
61+
"introduced": "0"
62+
}
63+
]
64+
}
65+
],
66+
"ecosystem_specific": {}
67+
},
68+
{
69+
"package": {
70+
"name": "github.com/mattermost/mattermost-server/v6",
71+
"ecosystem": "Go"
72+
},
73+
"ranges": [
74+
{
75+
"type": "SEMVER",
76+
"events": [
77+
{
78+
"introduced": "0"
79+
}
80+
]
81+
}
82+
],
83+
"ecosystem_specific": {}
84+
},
85+
{
86+
"package": {
87+
"name": "github.com/mattermost/mattermost/server/v8",
88+
"ecosystem": "Go"
89+
},
90+
"ranges": [
91+
{
92+
"type": "SEMVER",
93+
"events": [
94+
{
95+
"introduced": "0"
96+
}
97+
]
98+
}
99+
],
100+
"ecosystem_specific": {}
101+
}
102+
],
103+
"references": [
104+
{
105+
"type": "ADVISORY",
106+
"url": "https://github.com/advisories/GHSA-vg6q-84p8-qvqh"
107+
},
108+
{
109+
"type": "ADVISORY",
110+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39839"
111+
},
112+
{
113+
"type": "WEB",
114+
"url": "https://mattermost.com/security-updates"
115+
}
116+
],
117+
"database_specific": {
118+
"url": "https://pkg.go.dev/vuln/GO-2024-3024",
119+
"review_status": "UNREVIEWED"
120+
}
121+
}

0 commit comments

Comments
 (0)