Skip to content

Commit

Permalink
data/reports: add GO-2024-3005
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-3005.yaml

Fixes #3005

Change-Id: I838e1eec8624f1d42ee2666d841a4aee96c8b4d1
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/601387
Reviewed-by: Damien Neil <[email protected]>
Auto-Submit: Tatiana Bradley <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Jul 29, 2024
1 parent 73d6765 commit 5107252
Show file tree
Hide file tree
Showing 2 changed files with 372 additions and 0 deletions.
279 changes: 279 additions & 0 deletions data/osv/GO-2024-3005.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,279 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3005",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-41110"
],
"summary": "Moby authz zero length regression in github.com/moby/moby",
"details": "Moby authz zero length regression in github.com/moby/moby",
"affected": [
{
"package": {
"name": "github.com/moby/moby",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "20.10.0+incompatible"
},
{
"fixed": "25.0.6+incompatible"
},
{
"introduced": "26.0.0+incompatible"
},
{
"fixed": "26.1.5+incompatible"
},
{
"introduced": "27.0.0+incompatible"
},
{
"fixed": "27.1.1+incompatible"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/moby/moby/pkg/authorization",
"symbols": [
"Ctx.AuthZRequest",
"Ctx.AuthZResponse",
"sendBody"
]
}
],
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "19.0.0"
},
{
"fixed": "19.03.16"
},
{
"introduced": "23.0.0"
},
{
"fixed": "23.0.15"
},
{
"introduced": "24.0.0"
},
{
"fixed": "24.0.10"
},
{
"introduced": "20.0.0"
},
{
"fixed": "20.10.28"
},
{
"introduced": "25.0.0"
},
{
"fixed": "25.0.6"
},
{
"introduced": "26.0.0"
},
{
"fixed": "26.0.3"
},
{
"introduced": "26.1.0"
},
{
"fixed": "26.1.15"
},
{
"introduced": "27.0.0"
},
{
"fixed": "27.0.4"
},
{
"introduced": "27.1.0"
},
{
"fixed": "27.1.1"
}
]
}
]
}
},
{
"package": {
"name": "github.com/docker/docker",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "20.10.0+incompatible"
},
{
"fixed": "25.0.6+incompatible"
},
{
"introduced": "26.0.0+incompatible"
},
{
"fixed": "26.1.5+incompatible"
},
{
"introduced": "27.0.0+incompatible"
},
{
"fixed": "27.1.1+incompatible"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/docker/docker/pkg/authorization",
"symbols": [
"Ctx.AuthZRequest",
"Ctx.AuthZResponse",
"sendBody"
]
}
],
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "19.0.0"
},
{
"fixed": "19.03.16"
},
{
"introduced": "23.0.0"
},
{
"fixed": "23.0.15"
},
{
"introduced": "24.0.0"
},
{
"fixed": "24.0.10"
},
{
"introduced": "20.0.0"
},
{
"fixed": "20.10.28"
},
{
"introduced": "25.0.0"
},
{
"fixed": "25.0.6"
},
{
"introduced": "26.0.0"
},
{
"fixed": "26.0.3"
},
{
"introduced": "26.1.0"
},
{
"fixed": "26.1.15"
},
{
"introduced": "27.0.0"
},
{
"fixed": "27.0.4"
},
{
"introduced": "27.1.0"
},
{
"fixed": "27.1.1"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110"
},
{
"type": "FIX",
"url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191"
},
{
"type": "FIX",
"url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76"
},
{
"type": "FIX",
"url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919"
},
{
"type": "FIX",
"url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b"
},
{
"type": "FIX",
"url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0"
},
{
"type": "FIX",
"url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1"
},
{
"type": "FIX",
"url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00"
},
{
"type": "FIX",
"url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f"
},
{
"type": "FIX",
"url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801"
},
{
"type": "FIX",
"url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq"
},
{
"type": "WEB",
"url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3005",
"review_status": "REVIEWED"
}
}
93 changes: 93 additions & 0 deletions data/reports/GO-2024-3005.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
id: GO-2024-3005
modules:
- module: github.com/moby/moby
versions:
- introduced: 20.10.0+incompatible
- fixed: 25.0.6+incompatible
- introduced: 26.0.0+incompatible
- fixed: 26.1.5+incompatible
- introduced: 27.0.0+incompatible
- fixed: 27.1.1+incompatible
non_go_versions:
- introduced: 19.0.0
- fixed: 19.03.16
- introduced: 23.0.0
- fixed: 23.0.15
- introduced: 24.0.0
- fixed: 24.0.10
- introduced: 20.0.0
- fixed: 20.10.28
- introduced: 25.0.0
- fixed: 25.0.6
- introduced: 26.0.0
- fixed: 26.0.3
- introduced: 26.1.0
- fixed: 26.1.15
- introduced: 27.0.0
- fixed: 27.0.4
- introduced: 27.1.0
- fixed: 27.1.1
vulnerable_at: 27.1.0+incompatible
packages:
- package: github.com/moby/moby/pkg/authorization
symbols:
- Ctx.AuthZRequest
- sendBody
derived_symbols:
- Ctx.AuthZResponse
- module: github.com/docker/docker
versions:
- introduced: 20.10.0+incompatible
- fixed: 25.0.6+incompatible
- introduced: 26.0.0+incompatible
- fixed: 26.1.5+incompatible
- introduced: 27.0.0+incompatible
- fixed: 27.1.1+incompatible
non_go_versions:
- introduced: 19.0.0
- fixed: 19.03.16
- introduced: 23.0.0
- fixed: 23.0.15
- introduced: 24.0.0
- fixed: 24.0.10
- introduced: 20.0.0
- fixed: 20.10.28
- introduced: 25.0.0
- fixed: 25.0.6
- introduced: 26.0.0
- fixed: 26.0.3
- introduced: 26.1.0
- fixed: 26.1.15
- introduced: 27.0.0
- fixed: 27.0.4
- introduced: 27.1.0
- fixed: 27.1.1
vulnerable_at: 27.1.0+incompatible
packages:
- package: github.com/docker/docker/pkg/authorization
symbols:
- Ctx.AuthZRequest
- sendBody
derived_symbols:
- Ctx.AuthZResponse
summary: Moby authz zero length regression in github.com/moby/moby
cves:
- CVE-2024-41110
references:
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41110
- fix: https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191
- fix: https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76
- fix: https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919
- fix: https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b
- fix: https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0
- fix: https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
- fix: https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00
- fix: https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f
- fix: https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801
- fix: https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
- web: https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
- web: https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
source:
id: CVE-2024-41110
created: 2024-07-29T10:49:08.963064-04:00
review_status: REVIEWED

0 comments on commit 5107252

Please sign in to comment.