Skip to content

Commit 99eb11d

Browse files
committed
data/reports: add GO-2024-2864
Add the first UNREVIEWED report. - data/reports/GO-2024-2864.yaml Fixes #2864 Change-Id: Ib67d84b1da34f0a9ede9af69fdef084efa44db17 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/586295 Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
1 parent 4191954 commit 99eb11d

File tree

2 files changed

+71
-0
lines changed

2 files changed

+71
-0
lines changed

data/osv/GO-2024-2864.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2864",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-35185",
8+
"GHSA-fjw8-3gp8-4cvx"
9+
],
10+
"summary": "Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder",
11+
"details": "Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/stacklok/minder",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "0.0.49"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/stacklok/minder/security/advisories/GHSA-fjw8-3gp8-4cvx"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35185"
42+
},
43+
{
44+
"type": "FIX",
45+
"url": "https://github.com/stacklok/minder/commit/065049336aac0621ee00a0bb2211f8051d47c14b"
46+
}
47+
],
48+
"database_specific": {
49+
"url": "https://pkg.go.dev/vuln/GO-2024-2864",
50+
"review_status": "UNREVIEWED"
51+
}
52+
}

data/reports/GO-2024-2864.yaml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
id: GO-2024-2864
2+
modules:
3+
- module: github.com/stacklok/minder
4+
versions:
5+
- fixed: 0.0.49
6+
vulnerable_at: 0.0.48
7+
summary: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder
8+
cves:
9+
- CVE-2024-35185
10+
ghsas:
11+
- GHSA-fjw8-3gp8-4cvx
12+
references:
13+
- advisory: https://github.com/stacklok/minder/security/advisories/GHSA-fjw8-3gp8-4cvx
14+
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-35185
15+
- fix: https://github.com/stacklok/minder/commit/065049336aac0621ee00a0bb2211f8051d47c14b
16+
source:
17+
id: GHSA-fjw8-3gp8-4cvx
18+
created: 2024-05-16T17:13:21.902381-04:00
19+
review_status: UNREVIEWED

0 commit comments

Comments
 (0)