x/vulndb: potential Go vuln in github.com/octo-sts/app: CVE-2024-34079

[GoVulnBot]

CVE-2024-34079 references github.com/octo-sts/app, which may be a Go module.

Description:
octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-34079
• JSON: https://github.com/CVEProject/cvelist/tree/03b84c421b52086f2da672857d7e7ec3d3fdea83/2024/34xxx/CVE-2024-34079.json
• advisory: GHSA-75r6-6jg8-pfcq
• fix: octo-sts/app@74ba874
• Imported by: https://pkg.go.dev/github.com/octo-sts/app?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/octo-sts/app
      vulnerable_at: 0.1.0
      packages:
        - package: app
summary: CVE-2024-34079 in github.com/octo-sts/app
cves:
    - CVE-2024-34079
references:
    - advisory: https://github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq
    - fix: https://github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57
source:
    id: CVE-2024-34079

[gopherbot]

Change https://go.dev/cl/584897 mentions this issue: data/reports: add GO-2024-2833.yaml

[gopherbot]

Change https://go.dev/cl/596175 mentions this issue: data/reports: add GO-2024-2519, update GO-2024-2833