File tree 14 files changed +505
-0
lines changed
14 files changed +505
-0
lines changed Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3057"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-41260"
8+ " GHSA-9v35-4xcr-w9ph"
9+ ],
10+ "summary" : " NetBird uses a static initialization vector (IV) in github.com/netbirdio/netbird"
11+ "details" : " NetBird uses a static initialization vector (IV) in github.com/netbirdio/netbird"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/netbirdio/netbird"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ }
30+ ],
31+ "references" : [
32+ {
33+ "type" : " ADVISORY"
34+ "url" : " https://github.com/advisories/GHSA-9v35-4xcr-w9ph"
35+ },
36+ {
37+ "type" : " ADVISORY"
38+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-41260"
39+ },
40+ {
41+ "type" : " REPORT"
42+ "url" : " https://github.com/netbirdio/netbird/issues/2246"
43+ },
44+ {
45+ "type" : " WEB"
46+ "url" : " https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636"
47+ }
48+ ],
49+ "database_specific" : {
50+ "url" : " https://pkg.go.dev/vuln/GO-2024-3057"
51+ "review_status" : " UNREVIEWED"
52+ }
53+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3059"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " GHSA-m3rh-cvr5-x6q4"
8+ ],
9+ "summary" : " CosmWasm wasmd has large address count in ValidateBasic in github.com/CosmWasm/wasmd"
10+ "details" : " CosmWasm wasmd has large address count in ValidateBasic in github.com/CosmWasm/wasmd"
11+ "affected" : [
12+ {
13+ "package" : {
14+ "name" : " github.com/CosmWasm/wasmd"
15+ "ecosystem" : " Go"
16+ },
17+ "ranges" : [
18+ {
19+ "type" : " SEMVER"
20+ "events" : [
21+ {
22+ "introduced" : " 0"
23+ },
24+ {
25+ "fixed" : " 0.52.0"
26+ }
27+ ]
28+ }
29+ ],
30+ "ecosystem_specific" : {}
31+ }
32+ ],
33+ "references" : [
34+ {
35+ "type" : " ADVISORY"
36+ "url" : " https://github.com/CosmWasm/wasmd/security/advisories/GHSA-m3rh-cvr5-x6q4"
37+ },
38+ {
39+ "type" : " FIX"
40+ "url" : " https://github.com/CosmWasm/wasmd/commit/76c0c061c9cb6b142163883e46c26d99384dc443"
41+ },
42+ {
43+ "type" : " WEB"
44+ "url" : " https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-003.md"
45+ }
46+ ],
47+ "database_specific" : {
48+ "url" : " https://pkg.go.dev/vuln/GO-2024-3059"
49+ "review_status" : " UNREVIEWED"
50+ }
51+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3061"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-42473"
8+ " GHSA-3f6g-m4hr-59h8"
9+ ],
10+ "summary" : " OpenFGA Authorization Bypass in github.com/openfga/openfga"
11+ "details" : " OpenFGA Authorization Bypass in github.com/openfga/openfga"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/openfga/openfga"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 1.5.7"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ }
30+ ],
31+ "references" : [
32+ {
33+ "type" : " ADVISORY"
34+ "url" : " https://github.com/openfga/openfga/security/advisories/GHSA-3f6g-m4hr-59h8"
35+ },
36+ {
37+ "type" : " ADVISORY"
38+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-42473"
39+ }
40+ ],
41+ "database_specific" : {
42+ "url" : " https://pkg.go.dev/vuln/GO-2024-3061"
43+ "review_status" : " UNREVIEWED"
44+ }
45+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3063"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-42480"
8+ " GHSA-6r4j-4rjc-8vw5"
9+ ],
10+ "summary" : " RBAC Roles for `etcd` created by Kamaji are not disjunct in github.com/clastix/kamaji"
11+ "details" : " RBAC Roles for `etcd` created by Kamaji are not disjunct in github.com/clastix/kamaji"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/clastix/kamaji"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ }
30+ ],
31+ "references" : [
32+ {
33+ "type" : " ADVISORY"
34+ "url" : " https://github.com/clastix/kamaji/security/advisories/GHSA-6r4j-4rjc-8vw5"
35+ },
36+ {
37+ "type" : " ADVISORY"
38+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-42480"
39+ },
40+ {
41+ "type" : " FIX"
42+ "url" : " https://github.com/clastix/kamaji/commit/1731e8c2ed5148b125ecfbdf091ee177bd44f3db"
43+ },
44+ {
45+ "type" : " WEB"
46+ "url" : " https://github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.go#L19-L24"
47+ }
48+ ],
49+ "database_specific" : {
50+ "url" : " https://pkg.go.dev/vuln/GO-2024-3063"
51+ "review_status" : " UNREVIEWED"
52+ }
53+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3064"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-41890"
8+ " GHSA-gvpv-r32v-9737"
9+ ],
10+ "summary" : " Apache Answer: The link to reset the user's password will remain valid after sending a new link in github.com/apache/incubator-answer"
11+ "details" : " Apache Answer: The link to reset the user's password will remain valid after sending a new link in github.com/apache/incubator-answer"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/apache/incubator-answer"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ },
25+ {
26+ "fixed" : " 1.3.6"
27+ }
28+ ]
29+ }
30+ ],
31+ "ecosystem_specific" : {}
32+ }
33+ ],
34+ "references" : [
35+ {
36+ "type" : " ADVISORY"
37+ "url" : " https://github.com/advisories/GHSA-gvpv-r32v-9737"
38+ },
39+ {
40+ "type" : " ADVISORY"
41+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-41890"
42+ },
43+ {
44+ "type" : " FIX"
45+ "url" : " https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b"
46+ },
47+ {
48+ "type" : " WEB"
49+ "url" : " https://lists.apache.org/thread/j7c080xj31x8rvz1pyk2h47rdd9pwbv9"
50+ }
51+ ],
52+ "database_specific" : {
53+ "url" : " https://pkg.go.dev/vuln/GO-2024-3064"
54+ "review_status" : " UNREVIEWED"
55+ }
56+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3065"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-41888"
8+ " GHSA-v3x9-wrq5-868j"
9+ ],
10+ "summary" : " Apache Answer: The link for resetting user password is not Single-Use in github.com/apache/incubator-answer"
11+ "details" : " Apache Answer: The link for resetting user password is not Single-Use in github.com/apache/incubator-answer"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/apache/incubator-answer"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ },
25+ {
26+ "fixed" : " 1.3.6"
27+ }
28+ ]
29+ }
30+ ],
31+ "ecosystem_specific" : {}
32+ }
33+ ],
34+ "references" : [
35+ {
36+ "type" : " ADVISORY"
37+ "url" : " https://github.com/advisories/GHSA-v3x9-wrq5-868j"
38+ },
39+ {
40+ "type" : " ADVISORY"
41+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-41888"
42+ },
43+ {
44+ "type" : " FIX"
45+ "url" : " https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b"
46+ },
47+ {
48+ "type" : " WEB"
49+ "url" : " https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4"
50+ }
51+ ],
52+ "database_specific" : {
53+ "url" : " https://pkg.go.dev/vuln/GO-2024-3065"
54+ "review_status" : " UNREVIEWED"
55+ }
56+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3066"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-42368"
8+ " GHSA-rfxf-mf63-cpqv"
9+ ],
10+ "summary" : " open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension"
11+ "details" : " open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0.80.0"
24+ },
25+ {
26+ "fixed" : " 0.107.0"
27+ }
28+ ]
29+ }
30+ ],
31+ "ecosystem_specific" : {}
32+ }
33+ ],
34+ "references" : [
35+ {
36+ "type" : " ADVISORY"
37+ "url" : " https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-rfxf-mf63-cpqv"
38+ },
39+ {
40+ "type" : " WEB"
41+ "url" : " https://github.com/open-telemetry/opentelemetry-collector-contrib/commit/c9bd3eff0bb357d9c812a0d8defd3b09db95699a"
42+ },
43+ {
44+ "type" : " WEB"
45+ "url" : " https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/34516"
46+ }
47+ ],
48+ "database_specific" : {
49+ "url" : " https://pkg.go.dev/vuln/GO-2024-3066"
50+ "review_status" : " UNREVIEWED"
51+ }
52+ }
You can’t perform that action at this time.
0 commit comments