x/vulndb: potential Go vuln in github.com/writefreely/writefreely: CVE-2025-24337

[GoVulnBot]

Advisory CVE-2025-24337 references a vulnerability in the following Go modules:

Module
github.com/writefreely/writefreely

Description:
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-24337
• WEB: https://github.com/writefreely/writefreely/releases/tag/v0.15.1
• WEB: https://raphus.social/@TV4Fun/113846757112643161
• WEB: https://www.openwall.com/lists/oss-security/2025/01/18/1

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/writefreely/writefreely
      vulnerable_at: 0.15.1
summary: CVE-2025-24337 in github.com/writefreely/writefreely
cves:
    - CVE-2025-24337
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-24337
    - web: https://github.com/writefreely/writefreely/releases/tag/v0.15.1
    - web: https://raphus.social/@TV4Fun/113846757112643161
    - web: https://www.openwall.com/lists/oss-security/2025/01/18/1
source:
    id: CVE-2025-24337
    created: 2025-01-20T15:01:18.621881405Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/643498 mentions this issue: data/reports: add 7 unreviewed reports