data/reports: unexclude 20 reports (16)

  - data/reports/GO-2022-0407.yaml
  - data/reports/GO-2022-0410.yaml
  - data/reports/GO-2022-0413.yaml
  - data/reports/GO-2022-0416.yaml
  - data/reports/GO-2022-0418.yaml
  - data/reports/GO-2022-0424.yaml
  - data/reports/GO-2022-0426.yaml
  - data/reports/GO-2022-0429.yaml
  - data/reports/GO-2022-0440.yaml
  - data/reports/GO-2022-0442.yaml
  - data/reports/GO-2022-0447.yaml
  - data/reports/GO-2022-0448.yaml
  - data/reports/GO-2022-0449.yaml
  - data/reports/GO-2022-0450.yaml
  - data/reports/GO-2022-0451.yaml
  - data/reports/GO-2022-0452.yaml
  - data/reports/GO-2022-0453.yaml
  - data/reports/GO-2022-0454.yaml
  - data/reports/GO-2022-0455.yaml
  - data/reports/GO-2022-0456.yaml

Updates #407
Updates #410
Updates #413
Updates #416
Updates #418
Updates #424
Updates #426
Updates #429
Updates #440
Updates #442
Updates #447
Updates #448
Updates #449
Updates #450
Updates #451
Updates #452
Updates #453
Updates #454
Updates #455
Updates #456

Change-Id: I206c09343a83edd1fd9f1a37410a59391d904c6d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607218
Reviewed-by: Damien Neil <[email protected]>
Auto-Submit: Tatiana Bradley <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>

Author: tatianab

data/excluded/GO-2022-0407.yaml

@@ -0,0 +1,43 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0407",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-qmfx-75ff-8mw6"
+  ],
+  "summary": "Listing of upload directory contents possible in github.com/ThomasLeister/prosody-filer",
+  "details": "Listing of upload directory contents possible in github.com/ThomasLeister/prosody-filer",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/ThomasLeister/prosody-filer",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.0.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/ThomasLeister/prosody-filer/security/advisories/GHSA-qmfx-75ff-8mw6"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0407",
+    "review_status": "UNREVIEWED"
+  }
+}

data/excluded/GO-2022-0410.yaml

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0410",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-x5c7-x7m2-rhmf"
+  ],
+  "summary": "Local directory executable lookup in sops (Windows-only) in go.mozilla.org/sops",
+  "details": "Local directory executable lookup in sops (Windows-only) in go.mozilla.org/sops",
+  "affected": [
+    {
+      "package": {
+        "name": "go.mozilla.org/sops",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "go.mozilla.org/sops/v3",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.7.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/mozilla/sops/security/advisories/GHSA-x5c7-x7m2-rhmf"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0410",
+    "review_status": "UNREVIEWED"
+  }
+}

data/excluded/GO-2022-0413.yaml

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0413",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2022-24797",
+    "GHSA-q98f-2x4p-prjr"
+  ],
+  "summary": "Exposure of Sensitive Information in Pomerium in github.com/pomerium/pomerium",
+  "details": "Exposure of Sensitive Information in Pomerium in github.com/pomerium/pomerium",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/pomerium/pomerium",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0.16.0"
+            },
+            {
+              "fixed": "0.17.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-q98f-2x4p-prjr"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24797"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/pomerium/pomerium/commit/b435f73e2b54088da2aca5e8c3aa1808293d6903"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/pomerium/pomerium/pull/3212"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0413",
+    "review_status": "UNREVIEWED"
+  }
+}