Skip to content

Commit aa5cc8a

Browse files
tatianabgopherbot
tatianab
authored and
gopherbot
committed
data/reports: unexclude 20 reports (11)
 - data/reports/GO-2023-2097.yaml - data/reports/GO-2023-2109.yaml - data/reports/GO-2023-2121.yaml - data/reports/GO-2023-2125.yaml - data/reports/GO-2023-2134.yaml - data/reports/GO-2023-2135.yaml - data/reports/GO-2023-2136.yaml - data/reports/GO-2023-2156.yaml - data/reports/GO-2023-2159.yaml - data/reports/GO-2023-2166.yaml - data/reports/GO-2023-2170.yaml - data/reports/GO-2023-2176.yaml - data/reports/GO-2023-2188.yaml - data/reports/GO-2023-2329.yaml - data/reports/GO-2023-2330.yaml - data/reports/GO-2023-2332.yaml - data/reports/GO-2023-2335.yaml - data/reports/GO-2023-2336.yaml - data/reports/GO-2023-2337.yaml - data/reports/GO-2023-2338.yaml Updates #2097 Updates #2109 Updates #2121 Updates #2125 Updates #2134 Updates #2135 Updates #2136 Updates #2156 Updates #2159 Updates #2166 Updates #2170 Updates #2176 Updates #2188 Updates #2329 Updates #2330 Updates #2332 Updates #2335 Updates #2336 Updates #2337 Updates #2338 Change-Id: I5fc55dacf7cdfd2512c00f07abfc0debfde9263f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606792 LUCI-TryBot-Result: Go LUCI <[email protected]> Commit-Queue: Tatiana Bradley <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]>
1 parent 36a46d8 commit aa5cc8a

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

60 files changed

+1897
-156
lines changed

data/excluded/GO-2023-2097.yaml

-8
This file was deleted.

data/excluded/GO-2023-2109.yaml

-8
This file was deleted.

data/excluded/GO-2023-2121.yaml

-8
This file was deleted.

data/excluded/GO-2023-2125.yaml

-8
This file was deleted.

data/excluded/GO-2023-2134.yaml

-8
This file was deleted.

data/excluded/GO-2023-2135.yaml

-8
This file was deleted.

data/excluded/GO-2023-2136.yaml

-8
This file was deleted.

data/excluded/GO-2023-2156.yaml

-6
This file was deleted.

data/excluded/GO-2023-2159.yaml

-8
This file was deleted.

data/excluded/GO-2023-2166.yaml

-8
This file was deleted.

data/excluded/GO-2023-2170.yaml

-8
This file was deleted.

data/excluded/GO-2023-2176.yaml

-8
This file was deleted.

data/excluded/GO-2023-2188.yaml

-6
This file was deleted.

data/excluded/GO-2023-2329.yaml

-8
This file was deleted.

data/excluded/GO-2023-2330.yaml

-8
This file was deleted.

data/excluded/GO-2023-2332.yaml

-8
This file was deleted.

data/excluded/GO-2023-2335.yaml

-8
This file was deleted.

data/excluded/GO-2023-2336.yaml

-8
This file was deleted.

data/excluded/GO-2023-2337.yaml

-8
This file was deleted.

data/excluded/GO-2023-2338.yaml

-8
This file was deleted.

data/osv/GO-2023-2097.json

+60
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2023-2097",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2023-43809",
8+
"GHSA-mc97-99j4-vm2v"
9+
],
10+
"summary": "Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve",
11+
"details": "Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/charmbracelet/soft-serve",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "0.6.2"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-mc97-99j4-vm2v"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43809"
42+
},
43+
{
44+
"type": "FIX",
45+
"url": "https://github.com/charmbracelet/soft-serve/commit/407c4ec72d1006cee1ff8c1775e5bcc091c2bc89"
46+
},
47+
{
48+
"type": "REPORT",
49+
"url": "https://github.com/charmbracelet/soft-serve/issues/389"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/charmbracelet/soft-serve/releases/tag/v0.6.2"
54+
}
55+
],
56+
"database_specific": {
57+
"url": "https://pkg.go.dev/vuln/GO-2023-2097",
58+
"review_status": "UNREVIEWED"
59+
}
60+
}

data/osv/GO-2023-2109.json

+76
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2023-2109",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2023-20902",
8+
"GHSA-mq6f-5xh5-hgcf"
9+
],
10+
"summary": "Harbor timing attack risk in github.com/goharbor/harbor",
11+
"details": "Harbor timing attack risk in github.com/goharbor/harbor",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/goharbor/harbor",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "1.10.18"
27+
},
28+
{
29+
"introduced": "2.0.0+incompatible"
30+
},
31+
{
32+
"fixed": "2.7.3+incompatible"
33+
},
34+
{
35+
"introduced": "2.8.0+incompatible"
36+
},
37+
{
38+
"fixed": "2.8.3+incompatible"
39+
}
40+
]
41+
}
42+
],
43+
"ecosystem_specific": {}
44+
}
45+
],
46+
"references": [
47+
{
48+
"type": "ADVISORY",
49+
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-mq6f-5xh5-hgcf"
50+
},
51+
{
52+
"type": "ADVISORY",
53+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20902"
54+
},
55+
{
56+
"type": "WEB",
57+
"url": "https://github.com/goharbor/harbor/blob/aaea068cceb4063ab89313d9785f2b40f35b0d63/src/jobservice/api/authenticator.go#L69-L69"
58+
},
59+
{
60+
"type": "WEB",
61+
"url": "https://github.com/goharbor/harbor/releases/tag/v1.10.18"
62+
},
63+
{
64+
"type": "WEB",
65+
"url": "https://github.com/goharbor/harbor/releases/tag/v2.7.3"
66+
},
67+
{
68+
"type": "WEB",
69+
"url": "https://github.com/goharbor/harbor/releases/tag/v2.8.3"
70+
}
71+
],
72+
"database_specific": {
73+
"url": "https://pkg.go.dev/vuln/GO-2023-2109",
74+
"review_status": "UNREVIEWED"
75+
}
76+
}

data/osv/GO-2023-2121.json

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2023-2121",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2023-45810",
8+
"GHSA-hr4f-6jh8-f2vq"
9+
],
10+
"summary": "OpenFGA DoS vulnerability in github.com/openfga/openfga",
11+
"details": "OpenFGA DoS vulnerability in github.com/openfga/openfga",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/openfga/openfga",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "1.3.4"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-hr4f-6jh8-f2vq"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45810"
42+
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/openfga/openfga/releases/tag/v1.3.4"
46+
}
47+
],
48+
"database_specific": {
49+
"url": "https://pkg.go.dev/vuln/GO-2023-2121",
50+
"review_status": "UNREVIEWED"
51+
}
52+
}

0 commit comments

Comments
 (0)