data/reports: regenerate GO-2024-2997

tatianab · tatianab · commit fcf3b07df359 · 2024-09-06T20:44:22.000Z
Regenerate with updated algorithm. - data/reports/GO-2024-2997.yaml Updates #2997 Change-Id: I6c6aec10dfb4e24bae5e2f5313ecda78e7ddabe7 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/610809 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/osv/GO-2024-2997.json b/data/osv/GO-2024-2997.json
@@ -7,7 +7,7 @@
     "CVE-2024-21583"
   ],
   "summary": "CVE-2024-21583 in github.com/gitpod-io/gitpod",
-  "details": "CVE-2024-21583 in github.com/gitpod-io/gitpod.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gitpod-io/gitpod before v0.1.5-main-gha.27122.",
+  "details": "CVE-2024-21583 in github.com/gitpod-io/gitpod.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gitpod-io/gitpod before v0.1.5-main-gha.27122; github.com/gitpod-io/gitpod/components/server/go before main-gha.27122; github.com/gitpod-io/gitpod/components/ws-proxy before main-gha.27122; github.com/gitpod-io/gitpod/install/installer before main-gha.27122.",
   "affected": [
     {
       "package": {
@@ -55,7 +55,21 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "custom_ranges": [
+          {
+            "type": "ECOSYSTEM",
+            "events": [
+              {
+                "introduced": "0"
+              },
+              {
+                "fixed": "main-gha.27122"
+              }
+            ]
+          }
+        ]
+      }
     },
     {
       "package": {
@@ -72,7 +86,21 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "custom_ranges": [
+          {
+            "type": "ECOSYSTEM",
+            "events": [
+              {
+                "introduced": "0"
+              },
+              {
+                "fixed": "main-gha.27122"
+              }
+            ]
+          }
+        ]
+      }
     },
     {
       "package": {
@@ -89,7 +117,21 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "custom_ranges": [
+          {
+            "type": "ECOSYSTEM",
+            "events": [
+              {
+                "introduced": "0"
+              },
+              {
+                "fixed": "main-gha.27122"
+              }
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
diff --git a/data/reports/GO-2024-2997.yaml b/data/reports/GO-2024-2997.yaml
@@ -5,17 +5,17 @@ modules:
         - fixed: 0.1.5-main-gha.27122
       vulnerable_at: 0.10.0
     - module: github.com/gitpod-io/gitpod/components/server/go
-      unsupported_versions:
-        - cve_version_range: affected from 0 before main-gha.27122
-      vulnerable_at: 0.0.0-20240816160918-43bcbc7f8f04
+      non_go_versions:
+        - fixed: main-gha.27122
+      vulnerable_at: 0.0.0-20240906145849-d652a27441a7
     - module: github.com/gitpod-io/gitpod/components/ws-proxy
-      unsupported_versions:
-        - cve_version_range: affected from 0 before main-gha.27122
-      vulnerable_at: 0.0.0-20240816160918-43bcbc7f8f04
+      non_go_versions:
+        - fixed: main-gha.27122
+      vulnerable_at: 0.0.0-20240906145849-d652a27441a7
     - module: github.com/gitpod-io/gitpod/install/installer
-      unsupported_versions:
-        - cve_version_range: affected from 0 before main-gha.27122
-      vulnerable_at: 0.0.0-20240816160918-43bcbc7f8f04
+      non_go_versions:
+        - fixed: main-gha.27122
+      vulnerable_at: 0.0.0-20240906145849-d652a27441a7
 summary: CVE-2024-21583 in github.com/gitpod-io/gitpod
 cves:
     - CVE-2024-21583
@@ -36,5 +36,5 @@ notes:
     - manually fixed ref "app.safebase.io" which contained bad URI due to unescape/escape error in our tooling
 source:
     id: CVE-2024-21583
-    created: 2024-08-16T16:57:56.243289-04:00
+    created: 2024-09-06T15:57:25.365883-04:00
 review_status: UNREVIEWED
