File tree 10 files changed +492
-0
lines changed
10 files changed +492
-0
lines changed Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3294"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-53264"
8+ ],
9+ "summary" : " Open Redirect Vulnerability in Loading Page in bunkerweb in github.com/bunkerity/bunkerweb"
10+ "details" : " Open Redirect Vulnerability in Loading Page in bunkerweb in github.com/bunkerity/bunkerweb"
11+ "affected" : [
12+ {
13+ "package" : {
14+ "name" : " github.com/bunkerity/bunkerweb"
15+ "ecosystem" : " Go"
16+ },
17+ "ranges" : [
18+ {
19+ "type" : " SEMVER"
20+ "events" : [
21+ {
22+ "introduced" : " 0"
23+ },
24+ {
25+ "fixed" : " 1.5.11"
26+ }
27+ ]
28+ }
29+ ],
30+ "ecosystem_specific" : {}
31+ }
32+ ],
33+ "references" : [
34+ {
35+ "type" : " ADVISORY"
36+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-53264"
37+ },
38+ {
39+ "type" : " WEB"
40+ "url" : " https://github.com/bunkerity/bunkerweb/security/advisories/GHSA-q9rr-h3hx-m87g"
41+ }
42+ ],
43+ "database_specific" : {
44+ "url" : " https://pkg.go.dev/vuln/GO-2024-3294"
45+ "review_status" : " UNREVIEWED"
46+ }
47+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3296"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-53858"
8+ " GHSA-jwcm-9g39-pmcw"
9+ ],
10+ "summary" : " Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli"
11+ "details" : " Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/cli/cli"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ },
30+ {
31+ "package" : {
32+ "name" : " github.com/cli/cli/v2"
33+ "ecosystem" : " Go"
34+ },
35+ "ranges" : [
36+ {
37+ "type" : " SEMVER"
38+ "events" : [
39+ {
40+ "introduced" : " 0"
41+ },
42+ {
43+ "fixed" : " 2.63.0"
44+ }
45+ ]
46+ }
47+ ],
48+ "ecosystem_specific" : {}
49+ }
50+ ],
51+ "references" : [
52+ {
53+ "type" : " ADVISORY"
54+ "url" : " https://github.com/cli/cli/security/advisories/GHSA-jwcm-9g39-pmcw"
55+ },
56+ {
57+ "type" : " ADVISORY"
58+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-53858"
59+ },
60+ {
61+ "type" : " WEB"
62+ "url" : " https://git-scm.com/docs/gitcredentials"
63+ }
64+ ],
65+ "database_specific" : {
66+ "url" : " https://pkg.go.dev/vuln/GO-2024-3296"
67+ "review_status" : " UNREVIEWED"
68+ }
69+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3299"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-52003"
8+ " GHSA-h924-8g65-j9wg"
9+ ],
10+ "summary" : " Traefik's X-Forwarded-Prefix Header still allows for Open Redirect in github.com/traefik/traefik"
11+ "details" : " Traefik's X-Forwarded-Prefix Header still allows for Open Redirect in github.com/traefik/traefik"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/traefik/traefik"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ },
30+ {
31+ "package" : {
32+ "name" : " github.com/traefik/traefik/v2"
33+ "ecosystem" : " Go"
34+ },
35+ "ranges" : [
36+ {
37+ "type" : " SEMVER"
38+ "events" : [
39+ {
40+ "introduced" : " 0"
41+ },
42+ {
43+ "fixed" : " 2.11.14"
44+ }
45+ ]
46+ }
47+ ],
48+ "ecosystem_specific" : {}
49+ },
50+ {
51+ "package" : {
52+ "name" : " github.com/traefik/traefik/v3"
53+ "ecosystem" : " Go"
54+ },
55+ "ranges" : [
56+ {
57+ "type" : " SEMVER"
58+ "events" : [
59+ {
60+ "introduced" : " 0"
61+ },
62+ {
63+ "fixed" : " 3.2.1"
64+ }
65+ ]
66+ }
67+ ],
68+ "ecosystem_specific" : {}
69+ }
70+ ],
71+ "references" : [
72+ {
73+ "type" : " ADVISORY"
74+ "url" : " https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg"
75+ },
76+ {
77+ "type" : " ADVISORY"
78+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-52003"
79+ },
80+ {
81+ "type" : " FIX"
82+ "url" : " https://github.com/traefik/traefik/pull/11253"
83+ },
84+ {
85+ "type" : " WEB"
86+ "url" : " https://github.com/traefik/traefik/releases/tag/v2.11.14"
87+ },
88+ {
89+ "type" : " WEB"
90+ "url" : " https://github.com/traefik/traefik/releases/tag/v3.2.1"
91+ }
92+ ],
93+ "database_specific" : {
94+ "url" : " https://pkg.go.dev/vuln/GO-2024-3299"
95+ "review_status" : " UNREVIEWED"
96+ }
97+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3300"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-52801"
8+ " GHSA-6943-qr24-82vx"
9+ ],
10+ "summary" : " sftpgo vulnerable to brute force takeover of OpenID Connect session cookies in github.com/drakkan/sftpgo"
11+ "details" : " sftpgo vulnerable to brute force takeover of OpenID Connect session cookies in github.com/drakkan/sftpgo"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/drakkan/sftpgo"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ },
30+ {
31+ "package" : {
32+ "name" : " github.com/drakkan/sftpgo/v2"
33+ "ecosystem" : " Go"
34+ },
35+ "ranges" : [
36+ {
37+ "type" : " SEMVER"
38+ "events" : [
39+ {
40+ "introduced" : " 2.3.0"
41+ },
42+ {
43+ "fixed" : " 2.6.4"
44+ }
45+ ]
46+ }
47+ ],
48+ "ecosystem_specific" : {}
49+ }
50+ ],
51+ "references" : [
52+ {
53+ "type" : " ADVISORY"
54+ "url" : " https://github.com/drakkan/sftpgo/security/advisories/GHSA-6943-qr24-82vx"
55+ },
56+ {
57+ "type" : " ADVISORY"
58+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-52801"
59+ },
60+ {
61+ "type" : " FIX"
62+ "url" : " https://github.com/drakkan/sftpgo/commit/f30a9a2095bf90c0661b04fe038e3b7efc788bc6"
63+ },
64+ {
65+ "type" : " WEB"
66+ "url" : " https://github.com/rs/xid"
67+ }
68+ ],
69+ "database_specific" : {
70+ "url" : " https://pkg.go.dev/vuln/GO-2024-3300"
71+ "review_status" : " UNREVIEWED"
72+ }
73+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3303"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-53862"
8+ ],
9+ "summary" : " Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows"
10+ "details" : " Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows"
11+ "affected" : [
12+ {
13+ "package" : {
14+ "name" : " github.com/argoproj/argo-workflows"
15+ "ecosystem" : " Go"
16+ },
17+ "ranges" : [
18+ {
19+ "type" : " SEMVER"
20+ "events" : [
21+ {
22+ "introduced" : " 0"
23+ }
24+ ]
25+ }
26+ ],
27+ "ecosystem_specific" : {}
28+ },
29+ {
30+ "package" : {
31+ "name" : " github.com/argoproj/argo-workflows/v2"
32+ "ecosystem" : " Go"
33+ },
34+ "ranges" : [
35+ {
36+ "type" : " SEMVER"
37+ "events" : [
38+ {
39+ "introduced" : " 0"
40+ }
41+ ]
42+ }
43+ ],
44+ "ecosystem_specific" : {}
45+ },
46+ {
47+ "package" : {
48+ "name" : " github.com/argoproj/argo-workflows/v3"
49+ "ecosystem" : " Go"
50+ },
51+ "ranges" : [
52+ {
53+ "type" : " SEMVER"
54+ "events" : [
55+ {
56+ "introduced" : " 3.5.7"
57+ },
58+ {
59+ "fixed" : " 3.5.13"
60+ },
61+ {
62+ "introduced" : " 3.6.0-rc1"
63+ },
64+ {
65+ "fixed" : " 3.6.2"
66+ }
67+ ]
68+ }
69+ ],
70+ "ecosystem_specific" : {}
71+ }
72+ ],
73+ "references" : [
74+ {
75+ "type" : " ADVISORY"
76+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-53862"
77+ },
78+ {
79+ "type" : " FIX"
80+ "url" : " https://github.com/argoproj/argo-workflows/pull/13021/files#diff-a5b255abaceddc9cc20bf6da6ae92c3a5d3605d94366af503ed754c079a1171aL668-R715"
81+ },
82+ {
83+ "type" : " WEB"
84+ "url" : " https://github.com/argoproj/argo-workflows/security/advisories/GHSA-h36c-m3rf-34h9"
85+ }
86+ ],
87+ "database_specific" : {
88+ "url" : " https://pkg.go.dev/vuln/GO-2024-3303"
89+ "review_status" : " UNREVIEWED"
90+ }
91+ }
You can’t perform that action at this time.
0 commit comments