x/vulndb: potential Go vuln in github.com/Velocidex/velociraptor: CVE-2023-5950

[GoVulnBot]

CVE-2023-5950 references github.com/Velocidex/velociraptor, which may be a Go module.

Description:
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-5950
• JSON: https://github.com/CVEProject/cvelist/tree/38cf6aadd23988aab8e5ce81a708e1fee8c3db0d/2023/5xxx/CVE-2023-5950.json
• web: https://github.com/Velocidex/velociraptor/releases/tag/v0.7.0
• Imported by: https://pkg.go.dev/github.com/Velocidex/velociraptor?tab=importedby

Cross references:

• Module github.com/Velocidex/velociraptor appears in issue x/vulndb: potential Go vuln in github.com/Velocidex/velociraptor: CVE-2023-0290 #1502 EFFECTIVELY_PRIVATE
• Module github.com/Velocidex/velociraptor appears in issue x/vulndb: potential Go vuln in github.com/Velocidex/velociraptor: CVE-2023-2226 #1731 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/Velocidex/velociraptor
      packages:
        - package: Velociraptor
cves:
    - CVE-2023-5950
references:
    - web: https://github.com/Velocidex/velociraptor/releases/tag/v0.7.0

[gopherbot]

Change https://go.dev/cl/539359 mentions this issue: data/excluded: batch add 1 excluded reports

[gopherbot]

Change https://go.dev/cl/592763 mentions this issue: data/reports: unexclude 75 reports