File tree Expand file tree Collapse file tree 2 files changed +71
-0
lines changed Expand file tree Collapse file tree 2 files changed +71
-0
lines changed Original file line number Diff line number Diff line change
1
+ {
2
+ "schema_version" : " 1.3.1" ,
3
+ "id" : " GO-2024-2864" ,
4
+ "modified" : " 0001-01-01T00:00:00Z" ,
5
+ "published" : " 0001-01-01T00:00:00Z" ,
6
+ "aliases" : [
7
+ " CVE-2024-35185" ,
8
+ " GHSA-fjw8-3gp8-4cvx"
9
+ ],
10
+ "summary" : " Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder" ,
11
+ "details" : " Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder" ,
12
+ "affected" : [
13
+ {
14
+ "package" : {
15
+ "name" : " github.com/stacklok/minder" ,
16
+ "ecosystem" : " Go"
17
+ },
18
+ "ranges" : [
19
+ {
20
+ "type" : " SEMVER" ,
21
+ "events" : [
22
+ {
23
+ "introduced" : " 0"
24
+ },
25
+ {
26
+ "fixed" : " 0.0.49"
27
+ }
28
+ ]
29
+ }
30
+ ],
31
+ "ecosystem_specific" : {}
32
+ }
33
+ ],
34
+ "references" : [
35
+ {
36
+ "type" : " ADVISORY" ,
37
+ "url" : " https://github.com/stacklok/minder/security/advisories/GHSA-fjw8-3gp8-4cvx"
38
+ },
39
+ {
40
+ "type" : " ADVISORY" ,
41
+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-35185"
42
+ },
43
+ {
44
+ "type" : " FIX" ,
45
+ "url" : " https://github.com/stacklok/minder/commit/065049336aac0621ee00a0bb2211f8051d47c14b"
46
+ }
47
+ ],
48
+ "database_specific" : {
49
+ "url" : " https://pkg.go.dev/vuln/GO-2024-2864" ,
50
+ "review_status" : " UNREVIEWED"
51
+ }
52
+ }
Original file line number Diff line number Diff line change
1
+ id : GO-2024-2864
2
+ modules :
3
+ - module : github.com/stacklok/minder
4
+ versions :
5
+ - fixed : 0.0.49
6
+ vulnerable_at : 0.0.48
7
+ summary : Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder
8
+ cves :
9
+ - CVE-2024-35185
10
+ ghsas :
11
+ - GHSA-fjw8-3gp8-4cvx
12
+ references :
13
+ - advisory : https://github.com/stacklok/minder/security/advisories/GHSA-fjw8-3gp8-4cvx
14
+ - advisory : https://nvd.nist.gov/vuln/detail/CVE-2024-35185
15
+ - fix : https://github.com/stacklok/minder/commit/065049336aac0621ee00a0bb2211f8051d47c14b
16
+ source :
17
+ id : GHSA-fjw8-3gp8-4cvx
18
+ created : 2024-05-16T17:13:21.902381-04:00
19
+ review_status : UNREVIEWED
You can’t perform that action at this time.
0 commit comments