x/vulndb: potential Go vuln in github.com/mayuresh82/gocast: GHSA-5qww-56gc-f66c

[GoVulnBot]

Advisory GHSA-5qww-56gc-f66c references a vulnerability in the following Go modules:

Module
github.com/mayuresh82/gocast

Description:
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

References:

• ADVISORY: GHSA-5qww-56gc-f66c
• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-28892
• WEB: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1960
• WEB: https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1960

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/mayuresh82/gocast
      vulnerable_at: 1.1.3
summary: GoCast OS Command Injection vulnerability in github.com/mayuresh82/gocast
cves:
    - CVE-2024-28892
ghsas:
    - GHSA-5qww-56gc-f66c
references:
    - advisory: https://github.com/advisories/GHSA-5qww-56gc-f66c
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-28892
    - web: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1960
    - web: https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1960
source:
    id: GHSA-5qww-56gc-f66c
    created: 2024-12-26T17:01:16.636012272Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/640916 mentions this issue: data/reports: add 10 unreviewed reports