Skip to content

Commit c65acd9

Browse files
tatianabtatianab
committed
data/reports: add 9 unreviewed reports
 - data/reports/GO-2024-3233.yaml - data/reports/GO-2024-3234.yaml - data/reports/GO-2024-3235.yaml - data/reports/GO-2024-3237.yaml - data/reports/GO-2024-3239.yaml - data/reports/GO-2024-3240.yaml - data/reports/GO-2024-3241.yaml - data/reports/GO-2024-3242.yaml - data/reports/GO-2024-3243.yaml Fixes #3233 Fixes #3234 Fixes #3235 Fixes #3237 Fixes #3239 Fixes #3240 Fixes #3241 Fixes #3242 Fixes #3243 Change-Id: I8148a4e2ac49b0894001ed39381c7ec159c29ce9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/623640 Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Zvonimir Pavlinovic <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
1 parent 630bd41 commit c65acd9

18 files changed

+868
-0
lines changed

data/osv/GO-2024-3233.json

+103
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,103 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3233",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-46872",
8+
"GHSA-762g-9p7f-mrww"
9+
],
10+
"summary": "Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
},
30+
{
31+
"package": {
32+
"name": "github.com/mattermost/mattermost-server/v5",
33+
"ecosystem": "Go"
34+
},
35+
"ranges": [
36+
{
37+
"type": "SEMVER",
38+
"events": [
39+
{
40+
"introduced": "0"
41+
}
42+
]
43+
}
44+
],
45+
"ecosystem_specific": {}
46+
},
47+
{
48+
"package": {
49+
"name": "github.com/mattermost/mattermost-server/v6",
50+
"ecosystem": "Go"
51+
},
52+
"ranges": [
53+
{
54+
"type": "SEMVER",
55+
"events": [
56+
{
57+
"introduced": "0"
58+
}
59+
]
60+
}
61+
],
62+
"ecosystem_specific": {}
63+
},
64+
{
65+
"package": {
66+
"name": "github.com/mattermost/mattermost/server/v8",
67+
"ecosystem": "Go"
68+
},
69+
"ranges": [
70+
{
71+
"type": "SEMVER",
72+
"events": [
73+
{
74+
"introduced": "0"
75+
},
76+
{
77+
"fixed": "8.0.0-20240926115259-20ed58906adc"
78+
}
79+
]
80+
}
81+
],
82+
"ecosystem_specific": {}
83+
}
84+
],
85+
"references": [
86+
{
87+
"type": "ADVISORY",
88+
"url": "https://github.com/advisories/GHSA-762g-9p7f-mrww"
89+
},
90+
{
91+
"type": "ADVISORY",
92+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46872"
93+
},
94+
{
95+
"type": "WEB",
96+
"url": "https://mattermost.com/security-updates"
97+
}
98+
],
99+
"database_specific": {
100+
"url": "https://pkg.go.dev/vuln/GO-2024-3233",
101+
"review_status": "UNREVIEWED"
102+
}
103+
}

data/osv/GO-2024-3234.json

+103
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,103 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3234",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-47401",
8+
"GHSA-762v-rq7q-ff97"
9+
],
10+
"summary": "Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
},
30+
{
31+
"package": {
32+
"name": "github.com/mattermost/mattermost-server/v5",
33+
"ecosystem": "Go"
34+
},
35+
"ranges": [
36+
{
37+
"type": "SEMVER",
38+
"events": [
39+
{
40+
"introduced": "0"
41+
}
42+
]
43+
}
44+
],
45+
"ecosystem_specific": {}
46+
},
47+
{
48+
"package": {
49+
"name": "github.com/mattermost/mattermost-server/v6",
50+
"ecosystem": "Go"
51+
},
52+
"ranges": [
53+
{
54+
"type": "SEMVER",
55+
"events": [
56+
{
57+
"introduced": "0"
58+
}
59+
]
60+
}
61+
],
62+
"ecosystem_specific": {}
63+
},
64+
{
65+
"package": {
66+
"name": "github.com/mattermost/mattermost/server/v8",
67+
"ecosystem": "Go"
68+
},
69+
"ranges": [
70+
{
71+
"type": "SEMVER",
72+
"events": [
73+
{
74+
"introduced": "0"
75+
},
76+
{
77+
"fixed": "8.0.0-20240926115259-20ed58906adc"
78+
}
79+
]
80+
}
81+
],
82+
"ecosystem_specific": {}
83+
}
84+
],
85+
"references": [
86+
{
87+
"type": "ADVISORY",
88+
"url": "https://github.com/advisories/GHSA-762v-rq7q-ff97"
89+
},
90+
{
91+
"type": "ADVISORY",
92+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47401"
93+
},
94+
{
95+
"type": "WEB",
96+
"url": "https://mattermost.com/security-updates"
97+
}
98+
],
99+
"database_specific": {
100+
"url": "https://pkg.go.dev/vuln/GO-2024-3234",
101+
"review_status": "UNREVIEWED"
102+
}
103+
}

data/osv/GO-2024-3235.json

+99
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3235",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-50052",
8+
"GHSA-g376-m3h3-mj4r"
9+
],
10+
"summary": "Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
},
30+
{
31+
"package": {
32+
"name": "github.com/mattermost/mattermost-server/v5",
33+
"ecosystem": "Go"
34+
},
35+
"ranges": [
36+
{
37+
"type": "SEMVER",
38+
"events": [
39+
{
40+
"introduced": "0"
41+
}
42+
]
43+
}
44+
],
45+
"ecosystem_specific": {}
46+
},
47+
{
48+
"package": {
49+
"name": "github.com/mattermost/mattermost-server/v6",
50+
"ecosystem": "Go"
51+
},
52+
"ranges": [
53+
{
54+
"type": "SEMVER",
55+
"events": [
56+
{
57+
"introduced": "0"
58+
}
59+
]
60+
}
61+
],
62+
"ecosystem_specific": {}
63+
},
64+
{
65+
"package": {
66+
"name": "github.com/mattermost/mattermost/server/v8",
67+
"ecosystem": "Go"
68+
},
69+
"ranges": [
70+
{
71+
"type": "SEMVER",
72+
"events": [
73+
{
74+
"introduced": "0"
75+
},
76+
{
77+
"fixed": "8.0.0-20240926115259-20ed58906adc"
78+
}
79+
]
80+
}
81+
],
82+
"ecosystem_specific": {}
83+
}
84+
],
85+
"references": [
86+
{
87+
"type": "ADVISORY",
88+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50052"
89+
},
90+
{
91+
"type": "WEB",
92+
"url": "https://mattermost.com/security-updates"
93+
}
94+
],
95+
"database_specific": {
96+
"url": "https://pkg.go.dev/vuln/GO-2024-3235",
97+
"review_status": "UNREVIEWED"
98+
}
99+
}

data/osv/GO-2024-3237.json

+60
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3237",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-0133",
8+
"GHSA-f748-7hpg-88ch"
9+
],
10+
"summary": "NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system in github.com/NVIDIA/nvidia-container-toolkit",
11+
"details": "NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system in github.com/NVIDIA/nvidia-container-toolkit",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/NVIDIA/nvidia-container-toolkit",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "1.16.2"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/NVIDIA/nvidia-container-toolkit/security/advisories/GHSA-f748-7hpg-88ch"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0133"
42+
},
43+
{
44+
"type": "WEB",
45+
"url": "https://advisory-inbox.githubapp.com/advisory_reviews/GHSA-wqq7-v22c-gpfp"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/NVIDIA/libnvidia-container/security/advisories/GHSA-xff4-h7r9-vrpf"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5582"
54+
}
55+
],
56+
"database_specific": {
57+
"url": "https://pkg.go.dev/vuln/GO-2024-3237",
58+
"review_status": "UNREVIEWED"
59+
}
60+
}

0 commit comments

Comments
 (0)