From ad51667c5cdac21e7cce55a9a7bc286fda15c63c Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Tue, 20 Aug 2024 15:33:24 -0400 Subject: [PATCH] data/reports: unexclude 3 reports (32) - data/reports/GO-2022-1263.yaml - data/reports/GO-2022-1264.yaml - data/reports/GO-2022-1266.yaml Updates golang/vulndb#1263 Updates golang/vulndb#1264 Updates golang/vulndb#1266 Change-Id: Ie46f3a72ff97ef701ba420b2e58954ec7fbf2977 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607234 Reviewed-by: Damien Neil LUCI-TryBot-Result: Go LUCI Auto-Submit: Tatiana Bradley Commit-Queue: Tatiana Bradley --- data/excluded/GO-2022-1263.yaml | 8 ----- data/excluded/GO-2022-1264.yaml | 8 ----- data/excluded/GO-2022-1266.yaml | 8 ----- data/osv/GO-2022-1263.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1264.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1266.json | 56 +++++++++++++++++++++++++++++++++ data/reports/GO-2022-1263.yaml | 21 +++++++++++++ data/reports/GO-2022-1264.yaml | 21 +++++++++++++ data/reports/GO-2022-1266.yaml | 23 ++++++++++++++ 9 files changed, 233 insertions(+), 24 deletions(-) delete mode 100644 data/excluded/GO-2022-1263.yaml delete mode 100644 data/excluded/GO-2022-1264.yaml delete mode 100644 data/excluded/GO-2022-1266.yaml create mode 100644 data/osv/GO-2022-1263.json create mode 100644 data/osv/GO-2022-1264.json create mode 100644 data/osv/GO-2022-1266.json create mode 100644 data/reports/GO-2022-1263.yaml create mode 100644 data/reports/GO-2022-1264.yaml create mode 100644 data/reports/GO-2022-1266.yaml diff --git a/data/excluded/GO-2022-1263.yaml b/data/excluded/GO-2022-1263.yaml deleted file mode 100644 index 0c4d7816..00000000 --- a/data/excluded/GO-2022-1263.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1263 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4810 -ghsas: - - GHSA-qf9q-3wwx-8qjv diff --git a/data/excluded/GO-2022-1264.yaml b/data/excluded/GO-2022-1264.yaml deleted file mode 100644 index 11894d38..00000000 --- a/data/excluded/GO-2022-1264.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1264 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4847 -ghsas: - - GHSA-r7hg-2cpp-8wqq diff --git a/data/excluded/GO-2022-1266.yaml b/data/excluded/GO-2022-1266.yaml deleted file mode 100644 index 63b2bcbb..00000000 --- a/data/excluded/GO-2022-1266.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1266 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4848 -ghsas: - - GHSA-vh43-cc6x-prpr diff --git a/data/osv/GO-2022-1263.json b/data/osv/GO-2022-1263.json new file mode 100644 index 00000000..3ac42bec --- /dev/null +++ b/data/osv/GO-2022-1263.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1263", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4810", + "GHSA-qf9q-3wwx-8qjv" + ], + "summary": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "details": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qf9q-3wwx-8qjv" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4810" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1263", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1264.json b/data/osv/GO-2022-1264.json new file mode 100644 index 00000000..c94e3977 --- /dev/null +++ b/data/osv/GO-2022-1264.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1264", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4847", + "GHSA-r7hg-2cpp-8wqq" + ], + "summary": "usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos", + "details": "usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-r7hg-2cpp-8wqq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4847" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1264", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1266.json b/data/osv/GO-2022-1266.json new file mode 100644 index 00000000..f1e10b85 --- /dev/null +++ b/data/osv/GO-2022-1266.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1266", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4848", + "GHSA-vh43-cc6x-prpr" + ], + "summary": "usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos", + "details": "usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-vh43-cc6x-prpr" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4848" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1266", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2022-1263.yaml b/data/reports/GO-2022-1263.yaml new file mode 100644 index 00000000..3e7406ee --- /dev/null +++ b/data/reports/GO-2022-1263.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1263 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4810 +ghsas: + - GHSA-qf9q-3wwx-8qjv +references: + - advisory: https://github.com/advisories/GHSA-qf9q-3wwx-8qjv + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4810 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e +source: + id: GHSA-qf9q-3wwx-8qjv + created: 2024-08-20T14:56:23.524956-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1264.yaml b/data/reports/GO-2022-1264.yaml new file mode 100644 index 00000000..9eb7bc8f --- /dev/null +++ b/data/reports/GO-2022-1264.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1264 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos +cves: + - CVE-2022-4847 +ghsas: + - GHSA-r7hg-2cpp-8wqq +references: + - advisory: https://github.com/advisories/GHSA-r7hg-2cpp-8wqq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4847 + - fix: https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 + - web: https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73 +source: + id: GHSA-r7hg-2cpp-8wqq + created: 2024-08-20T14:56:26.859444-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1266.yaml b/data/reports/GO-2022-1266.yaml new file mode 100644 index 00000000..911d6620 --- /dev/null +++ b/data/reports/GO-2022-1266.yaml @@ -0,0 +1,23 @@ +id: GO-2022-1266 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: |- + usememos/memos vulnerable to Improper Verification of Source of a Communication + Channel in github.com/usememos/memos +cves: + - CVE-2022-4848 +ghsas: + - GHSA-vh43-cc6x-prpr +references: + - advisory: https://github.com/advisories/GHSA-vh43-cc6x-prpr + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4848 + - fix: https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 + - web: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc +source: + id: GHSA-vh43-cc6x-prpr + created: 2024-08-20T14:56:30.374308-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE