srv: moved to x/vulndb
See CL 373495 for context.
For golang/go#50247
Change-Id: I097e26827cb1837d3f50b4e79090bd24e17fde51
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/373494
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
diff --git a/srv/checks.bash b/srv/checks.bash
deleted file mode 100755
index f1a3ca2..0000000
--- a/srv/checks.bash
+++ /dev/null
@@ -1,133 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 2021 The Go Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-# This file will be run by `go test`.
-# See all_test.go in this directory.
-
-go version
-
-# Ensure that installed go binaries are on the path.
-# This bash expression follows the algorithm described at the top of
-# `go install help`: first try $GOBIN, then $GOPATH/bin, then $HOME/go/bin.
-go_install_dir=${GOBIN:-${GOPATH:-$HOME/go}/bin}
-PATH=$PATH:$go_install_dir
-
-source devtools/lib.sh
-
-# ensure_go_binary verifies that a binary exists in $PATH corresponding to the
-# given go-gettable URI. If no such binary exists, it is fetched via `go get`.
-ensure_go_binary() {
- local binary=$(basename $1)
- if ! [ -x "$(command -v $binary)" ]; then
- info "Installing: $1"
- # Install the binary in a way that doesn't affect our go.mod file.
- go install $1
- fi
-}
-
-# verify_header checks that all given files contain the standard header for Go
-# projects.
-verify_header() {
- if [[ "$@" != "" ]]; then
- for FILE in $@
- do
- line="$(head -4 $FILE)"
- if [[ ! $line == *"The Go Authors. All rights reserved."* ]] &&
- [[ ! $line == "// DO NOT EDIT. This file was copied from" ]]; then
- err "missing license header: $FILE"
- fi
- done
- fi
-}
-
-# Support ** in globs for finding files throughout the tree.
-shopt -s globstar
-
-# check_headers checks that all source files that have been staged in this
-# commit, and all other non-third-party files in the repo, have a license
-# header.
-check_headers() {
- if [[ $# -gt 0 ]]; then
- info "Checking listed files for license header"
- verify_header $*
- else
- # Check code files that have been modified or added.
- info "Checking go and sh files for license header"
- verify_header $(find **/*.go) $(find **/*.sh)
- fi
-}
-
-# check_unparam runs unparam on source files.
-check_unparam() {
- if [[ $(go version) = *go1.17* ]]; then
- ensure_go_binary mvdan.cc/unparam
- runcmd unparam ./...
- fi
-}
-
-# check_vet runs go vet on source files.
-check_vet() {
- runcmd go vet -all ./...
-}
-
-# check_staticcheck runs staticcheck on source files.
-check_staticcheck() {
- if [[ $(go version) = *go1.17* ]]; then
- ensure_go_binary honnef.co/go/tools/cmd/staticcheck
- runcmd staticcheck ./...
- fi
-}
-
-# check_misspell runs misspell on source files.
-check_misspell() {
- ensure_go_binary github.com/client9/misspell/cmd/misspell
- runcmd misspell -error .
-}
-
-go_linters() {
- check_vet
- check_staticcheck
- check_misspell
- check_unparam
-}
-
-go_modtidy() {
- runcmd go mod tidy
-}
-
-runchecks() {
- check_headers
- go_linters
- go_modtidy
-}
-
-usage() {
- cat <<EOUSAGE
-Usage: $0 [subcommand]
-Available subcommands:
- help - display this help message
-EOUSAGE
-}
-
-main() {
- case "$1" in
- "-h" | "--help" | "help")
- usage
- exit 0
- ;;
- "")
- runchecks
- ;;
- *)
- usage
- exit 1
- esac
- if [[ $EXIT_CODE != 0 ]]; then
- err "FAILED; see errors above"
- fi
- exit $EXIT_CODE
-}
-
-main $@
diff --git a/srv/cmd/cvetriage/cve.go b/srv/cmd/cvetriage/cve.go
deleted file mode 100644
index d4e4c4f..0000000
--- a/srv/cmd/cvetriage/cve.go
+++ /dev/null
@@ -1,156 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package main
-
-import (
- "errors"
- "fmt"
- "net/http"
- "net/url"
- "strings"
-
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/report"
-)
-
-const (
- stateReserved = "Reserved"
- statePublicNotGoVuln = "Public - Not Go Vuln"
- statePublicGoVuln = "Public - Go Vuln"
-)
-
-var errCVEVersionUnsupported = errors.New("unsupported CVE version")
-
-// triageCVE triages the CVE and creates a cve record state.
-func triageCVE(c *cveschema.CVE) (_ *cve, err error) {
- defer derrors.Wrap(&err, "cveToIssue(%q)", c.ID)
- if isReservedCVE(c) {
- return createCVE(c, stateReserved, "", false), nil
- }
- switch c.DataVersion {
- case "4.0":
- mp, err := cveModulePath(c)
- if err != nil {
- return nil, err
- }
- if mp == "" {
- return createCVE(c, statePublicNotGoVuln, "", false), nil
- }
- return createCVE(c, statePublicGoVuln, mp, true), nil
- default:
- // TODO(https://golang.org/issue/49289): Add support for v5.0.
- return nil, fmt.Errorf("CVE %q has DataVersion %q: %w", c.ID, c.DataVersion, errCVEVersionUnsupported)
- }
-}
-
-// createCVE creates a cve record state from the data provided.
-func createCVE(c *cveschema.CVE, state string, mp string, isGoVuln bool) *cve {
- r := &cve{
- CVE: *c,
- state: state,
- cwe: cveCWE(c),
- modulePath: mp,
- links: cveLinks(c),
- description: description(c),
- isGoVuln: isGoVuln,
- }
- return r
-}
-
-// isPendingCVE reports if the CVE is still waiting on information and not
-// ready to be triaged.
-func isReservedCVE(c *cveschema.CVE) bool {
- return c.State == cveschema.StateReserved
-}
-
-var vcsHostsWithThreeElementRepoName = map[string]bool{
- "bitbucket.org": true,
- "gitea.com": true,
- "gitee.com": true,
- "github.com": true,
- "gitlab.com": true,
- "golang.org": true,
-}
-
-var stdlibKeywords = map[string]bool{
- "github.com/golang": true,
- "golang-announce": true,
- "golang-nuts": true,
- "golang.org": true,
-}
-
-// cveModulePath returns a Go module path for a CVE, if we can determine what
-// it is.
-func cveModulePath(c *cveschema.CVE) (_ string, err error) {
- defer derrors.Wrap(&err, "cveModulePath(%q)", c.ID)
- for _, r := range c.References.Data {
- if r.URL == "" {
- continue
- }
- for k := range stdlibKeywords {
- if strings.Contains(r.URL, k) {
- return "Go Standard Library", nil
- }
- }
- for host := range vcsHostsWithThreeElementRepoName {
- if !strings.Contains(r.URL, host) {
- continue
- }
- refURL, err := url.Parse(r.URL)
- if err != nil {
- return "", fmt.Errorf("url.Parse(%q): %v", r.URL, err)
- }
- u := refURL.Host + refURL.Path
- parts := strings.Split(u, "/")
- if len(parts) < 3 {
- continue
- }
- mod := strings.Join(parts[0:3], "/")
- r, err := http.DefaultClient.Get(fmt.Sprintf("https://pkg.go.dev/%s", mod))
- if err != nil {
- return "", err
- }
- if r.StatusCode == http.StatusOK {
- return mod, nil
- }
- }
- }
- return "", nil
-}
-
-func cveLinks(c *cveschema.CVE) report.Links {
- var links report.Links
- for _, r := range c.References.Data {
- if links.Commit == "" && strings.Contains(r.URL, "/commit/") {
- links.Commit = r.URL
- } else if links.PR == "" && strings.Contains(r.URL, "/pull/") {
- links.PR = r.URL
- } else {
- links.Context = append(links.Context, r.URL)
- }
- }
- return links
-}
-
-func cveCWE(c *cveschema.CVE) string {
- var cwe string
- for _, pt := range c.ProblemType.Data {
- for _, d := range pt.Description {
- if strings.Contains(d.Value, "CWE") {
- cwe = d.Value
- }
- }
- }
- return cwe
-}
-
-func description(c *cveschema.CVE) string {
- var ds []string
- for _, d := range c.Description.Data {
- ds = append(ds, d.Value)
- }
- return strings.Join(ds, "| \n ")
-}
diff --git a/srv/cmd/cvetriage/main.go b/srv/cmd/cvetriage/main.go
deleted file mode 100644
index 9ae2f76..0000000
--- a/srv/cmd/cvetriage/main.go
+++ /dev/null
@@ -1,90 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Command cvetriage is used to manage the processing and triaging of CVE data
-// from the github.com/CVEProject/cvelist git repository. It is intended to be
-// run by a third-party scheduler, such as Cloud Run, at some predefined interval.
-//
-// Running this tool will do the following: run the tool does the following things:
-// 1. Reads each CVE JSON file, filtering them based on possible indicators
-// that the CVE is related to a Go project.
-// 2. Reads a list of already processed CVEs (currently stored at
-// triaged-cve-list, but will likely be moved to a database in the future), skipping
-// any CVEs from the previous step that have already been processed.
-// 3. For each unprocessed CVE, a preliminary YAML vulnerability report will be generated, and a
-// GitHub issue will be created.
-package main
-
-import (
- "flag"
- "fmt"
- "log"
- "strings"
-
- "golang.org/x/vuln/srv/internal"
- "golang.org/x/vuln/srv/internal/derrors"
-)
-
-func main() {
- flag.Parse()
- args := flag.Args()
-
- var repoPath string
- switch len(args) {
- case 0:
- case 1:
- repoPath = args[0]
- default:
- log.Fatalf("unexpected number of args: %v", args)
- }
- if err := run(repoPath); err != nil {
- log.Fatal(err)
- }
-}
-
-func run(repoPath string) (err error) {
- triaged, err := readTriagedCVEList()
- if err != nil {
- return err
- }
- return Run(repoPath, triaged)
-}
-
-const (
- triagedCVEList = "triaged-cve-list"
- statusFalsePositive = "false-positive"
- statusTriaged = "triaged"
-)
-
-func readTriagedCVEList() (_ map[string]string, err error) {
- defer derrors.Wrap(&err, "readTriagedCVEList()")
- triaged := map[string]string{}
- lines, err := internal.ReadFileLines(triagedCVEList)
- if err != nil {
- return nil, err
- }
- for _, l := range lines {
- vuln := strings.Fields(l)
- if len(vuln) < 2 {
- return nil, fmt.Errorf("unexpected syntax: %q", l)
- }
- var (
- cveID = vuln[0]
- state = vuln[1]
- )
- if state != statusFalsePositive && state != statusTriaged {
- return nil, fmt.Errorf("unexpected syntax: %q", l)
- }
- if state == statusTriaged {
- if len(vuln) != 3 {
- return nil, fmt.Errorf("unexpected syntax: %q", l)
- }
- triaged[cveID] = state
- }
- if state == statusFalsePositive {
- triaged[cveID] = state
- }
- }
- return triaged, nil
-}
diff --git a/srv/cmd/cvetriage/triager.go b/srv/cmd/cvetriage/triager.go
deleted file mode 100644
index 4cf64f2..0000000
--- a/srv/cmd/cvetriage/triager.go
+++ /dev/null
@@ -1,83 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package main
-
-import (
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/report"
-)
-
-// triager is a map of cveID to the CVE record in our database.
-type triager map[string]*cve
-
-// cve represents a CVE.
-type cve struct {
- cveschema.CVE
-
- // state is an internal representation of the CVE state.
- state string
-
- // modulePath is the module path corresponding to this CVE, if any.
- modulePath string
-
- // cwe is the CWE for the CVE.
- cwe string
-
- // links contains links that will be included in the report.
- links report.Links
-
- // description is a description of the CVE.
- description string
-
- // isGoVuln reports if the cve is a potential Go vulnerability.
- isGoVuln bool
-}
-
-func (c *cve) id() string {
- return c.ID
-}
-
-func newTriager(triaged map[string]string) triager {
- t := map[string]*cve{}
- for cveID, state := range triaged {
- t[cveID] = &cve{
- CVE: cveschema.CVE{
- Metadata: cveschema.Metadata{
- ID: cveID,
- },
- },
- state: state,
- }
- }
- return t
-}
-
-// add adds a CVE to be tracked by the triager.
-func (t triager) add(r *cve) {
- t[r.id()] = r
-}
-
-// contains reports whether the triager has already seen this cveID.
-func (t triager) contains(cveID string) bool {
- _, ok := t[cveID]
- return ok
-}
-
-// totalCVEs reports the total number of CVEs that have been seen by the triager.
-func (t triager) totalCVEs() int {
- return len(t)
-}
-
-// totalVulns reports the total number of CVEs that are potential Go
-// vulnerabilities.
-func (t triager) totalVulns() int {
- var count int
- for _, r := range t {
- if r.isGoVuln {
- count += 1
- }
- }
- return count
-}
diff --git a/srv/cmd/cvetriage/worker.go b/srv/cmd/cvetriage/worker.go
deleted file mode 100644
index 1bcad1f..0000000
--- a/srv/cmd/cvetriage/worker.go
+++ /dev/null
@@ -1,130 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package main
-
-import (
- "context"
- "encoding/json"
- "fmt"
- "path"
- "sort"
- "strings"
-
- "github.com/go-git/go-git/v5"
- "github.com/go-git/go-git/v5/plumbing/filemode"
- "github.com/go-git/go-git/v5/plumbing/object"
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/gitrepo"
- "golang.org/x/vuln/srv/internal/worker/log"
-)
-
-// Run clones the CVEProject/cvelist repository and compares the files to the
-// existing triaged-cve-list.
-func Run(dirpath string, triaged map[string]string) (err error) {
- ctx := context.Background()
- defer derrors.Wrap(&err, "Run(triaged)")
- var repo *git.Repository
- if dirpath != "" {
- repo, err = gitrepo.Open(ctx, dirpath)
- } else {
- repo, err = gitrepo.Clone(ctx, gitrepo.CVEListRepoURL)
- }
- if err != nil {
- return err
- }
- root, err := gitrepo.Root(repo)
- if err != nil {
- return err
- }
- t := newTriager(triaged)
- log.Infof(ctx, "Finding new Go vulnerabilities from CVE list...")
- if err := walkRepo(repo, root, "", t); err != nil {
- return err
- }
- var newVulns []string
- for cveID, r := range t {
- if r.isGoVuln {
- newVulns = append(newVulns, fmt.Sprintf("%s (%s)", cveID, r.modulePath))
- }
- }
- sort.Strings(newVulns)
- log.Infof(context.Background(), "Found %d new issues from %d CVEs", t.totalVulns(), t.totalCVEs())
- for _, v := range newVulns {
- fmt.Println(v)
- }
- return nil
-}
-
-// walkRepo looks at the files in t, recursively, and check if it is a CVE that
-// needs to be manually triaged.
-func walkRepo(repo *git.Repository, root *object.Tree, dirpath string, t triager) (err error) {
- defer derrors.Wrap(&err, "walkRepo(repo, root, %q, t)", dirpath)
- for _, e := range root.Entries {
- fp := path.Join(dirpath, e.Name)
- if !strings.HasPrefix(fp, "202") {
- continue
- }
- switch e.Mode {
- case filemode.Dir:
- root2, err := repo.TreeObject(e.Hash)
- if err != nil {
- return err
- }
- if err := walkRepo(repo, root2, fp, t); err != nil {
- return err
- }
- default:
- if !strings.HasPrefix(e.Name, "CVE-") {
- continue
- }
- cveID := strings.TrimSuffix(e.Name, ".json")
- if t.contains(cveID) {
- continue
- }
- c, err := parseCVE(repo, e)
- if err != nil {
- return err
- }
- issue, err := triageCVE(c)
- if err != nil {
- return err
- }
- if issue != nil {
- t.add(issue)
- }
- }
- }
- return nil
-}
-
-// parseCVEJSON parses a CVE file following the CVE JSON format:
-// https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md
-func parseCVE(r *git.Repository, e object.TreeEntry) (_ *cveschema.CVE, err error) {
- defer derrors.Wrap(&err, "parseCVE(r, e)")
- blob, err := r.BlobObject(e.Hash)
- if err != nil {
- return nil, fmt.Errorf("r.BlobObject: %v", err)
- }
- src, err := blob.Reader()
- if err != nil {
- return nil, fmt.Errorf("blob.Reader: %v", err)
- }
- defer func() {
- cerr := src.Close()
- if err == nil {
- err = cerr
- }
- }()
- var c cveschema.CVE
- d := json.NewDecoder(src)
- if err := d.Decode(&c); err != nil {
- return nil, fmt.Errorf("d.Decode: %v", err)
- }
- if err != nil {
- return nil, err
- }
- return &c, nil
-}
diff --git a/srv/cmd/db/main.go b/srv/cmd/db/main.go
deleted file mode 100644
index fe114ac..0000000
--- a/srv/cmd/db/main.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Command db provides a tool for creating and checking the vulndb.
-package main
-
-import (
- "flag"
- "fmt"
- "log"
- "os"
-
- "golang.org/x/vuln/srv/internal/database"
-)
-
-func main() {
- flag.Usage = func() {
- fmt.Fprintf(flag.CommandLine.Output(), "usage: db [cmd]\n")
- fmt.Fprintf(flag.CommandLine.Output(), " diff [dbname1] [dbname2]: compare two different versions of the vulndb\n")
- fmt.Fprintf(flag.CommandLine.Output(), " generate [reportsDir] [jsonDir]: create a new vulndb\n")
- flag.PrintDefaults()
- }
- flag.Parse()
- if flag.NArg() != 3 {
- flag.Usage()
- os.Exit(1)
- }
- cmd := os.Args[0]
- switch cmd {
- case "diff":
- if err := database.Diff(os.Args[1], os.Args[2]); err != nil {
- log.Fatal(err)
- }
- case "generate":
- if err := database.Generate(os.Args[1], os.Args[2]); err != nil {
- log.Fatal(err)
- }
- default:
- log.Fatalf("unsupported command: %q", cmd)
- }
-}
diff --git a/srv/cmd/vulnreport/main.go b/srv/cmd/vulnreport/main.go
deleted file mode 100644
index a44c3bb..0000000
--- a/srv/cmd/vulnreport/main.go
+++ /dev/null
@@ -1,115 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Command vulnreport provides a tool for creating a YAML vulnerability report for
-// x/vulndb.
-package main
-
-import (
- "encoding/json"
- "flag"
- "fmt"
- "io/ioutil"
- "log"
- "strings"
-
- "os"
-
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/report"
- "gopkg.in/yaml.v2"
-)
-
-func main() {
- flag.Usage = func() {
- fmt.Fprintf(flag.CommandLine.Output(), "usage: vulnreport [cmd] [filename.yaml]\n")
- fmt.Fprintf(flag.CommandLine.Output(), " create [filename.yaml]: creates a new vulnerability YAML report\n")
- fmt.Fprintf(flag.CommandLine.Output(), " lint [filename.yaml]: lints a vulnerability YAML report\n")
- fmt.Fprintf(flag.CommandLine.Output(), " newcve [filename.yaml]: creates a CVE report from the provided YAML report\n")
- flag.PrintDefaults()
- }
-
- flag.Parse()
- if flag.NArg() != 2 {
- flag.Usage()
- os.Exit(1)
- }
-
- cmd := flag.Arg(0)
- filename := flag.Arg(1)
- switch cmd {
- case "create":
- if err := create(filename); err != nil {
- log.Fatal(err)
- }
- case "lint":
- if err := lint(filename); err != nil {
- log.Fatal(err)
- }
- case "newcve":
- if err := newCVE(filename); err != nil {
- log.Fatal(err)
- }
- default:
- flag.Usage()
- log.Fatalf("unsupported command: %q", cmd)
- }
-}
-
-func create(filename string) (err error) {
- defer derrors.Wrap(&err, "create(%q)", filename)
- return os.WriteFile(filename,
- []byte(`module:
-package:
-versions:
- - introduced:
- - fixed:
-description: |
-
-cve:
-credit:
-symbols:
- -
-published:
-links:
- commit:
- pr:
- context:
- -
-`), 0644)
-}
-
-func lint(filename string) (err error) {
- defer derrors.Wrap(&err, "lint(%q)", filename)
- content, err := ioutil.ReadFile(filename)
- if err != nil {
- return fmt.Errorf("ioutil.ReadFile: %v", err)
- }
-
- var vuln report.Report
- err = yaml.UnmarshalStrict(content, &vuln)
- if err != nil {
- return fmt.Errorf("yaml.UnmarshalStrict: %v", err)
- }
-
- if lints := vuln.Lint(); len(lints) > 0 {
- return fmt.Errorf("vuln.Lint returned errors:\n\t %s", strings.Join(lints, "\n\t"))
- }
- return nil
-}
-
-func newCVE(filename string) (err error) {
- defer derrors.Wrap(&err, "newCVE(%q)", filename)
- cve, err := report.ToCVE(filename)
- if err != nil {
- return err
- }
-
- // We need to use an encoder so that it doesn't escape angle
- // brackets.
- e := json.NewEncoder(os.Stdout)
- e.SetEscapeHTML(false)
- e.SetIndent("", "\t")
- return e.Encode(cve)
-}
diff --git a/srv/cmd/worker/Dockerfile b/srv/cmd/worker/Dockerfile
deleted file mode 100644
index 14d19b3..0000000
--- a/srv/cmd/worker/Dockerfile
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 2021 The Go Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-# This Dockerfile expects the build context to be the repo root.
-
-################################################################
-FROM golang:1.17.3 AS builder
-# If you change the Go version above, change the FROM line below as well.
-
-# Set the working directory outside $GOPATH to ensure module mode is enabled.
-WORKDIR /src
-
-# Copy go.mod and go.sum into the container.
-# If they don't change, which is the common case, then docker can
-# cache this COPY and the subsequent RUN.
-COPY go.mod go.sum checks.bash /
-
-# Download the dependencies.
-RUN go mod download
-
-# Copy the repo from local machine into Docker client’s current working
-# directory, so that we can use it to build the binary.
-# See .dockerignore at the repo root for excluded files.
-COPY . /src
-
-# Build the binary.
-RUN go build -mod=readonly ./cmd/worker
-
-################################################################
-FROM debian:stable-slim
-
-LABEL maintainer="Go VulnDB Team <go-vulndb-team@google.com>"
-
-# Copy CA certificates to prevent "x509: certificate signed by unknown authority" errors.
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
-
-WORKDIR app
-
-COPY --from=builder src/worker worker
-COPY internal/worker/static internal/worker/static
-
-CMD ["./worker"]
diff --git a/srv/cmd/worker/main.go b/srv/cmd/worker/main.go
deleted file mode 100644
index 4d9a348..0000000
--- a/srv/cmd/worker/main.go
+++ /dev/null
@@ -1,275 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Command worker runs the vuln worker server.
-// It can also be used to perform actions from the command line
-// by providing a sub-command.
-package main
-
-import (
- "bufio"
- "context"
- "encoding/json"
- "errors"
- "flag"
- "fmt"
- "io/ioutil"
- "net/http"
- "os"
- "strings"
- "text/tabwriter"
- "time"
-
- "golang.org/x/exp/event"
- "golang.org/x/vuln/srv/internal/gitrepo"
- "golang.org/x/vuln/srv/internal/worker"
- "golang.org/x/vuln/srv/internal/worker/log"
- "golang.org/x/vuln/srv/internal/worker/store"
-)
-
-var (
- // Flags only for the command-line tool.
- localRepoPath = flag.String("local-cve-repo", "", "path to local repo, instead of cloning remote")
- force = flag.Bool("force", false, "force an update to happen")
- limit = flag.Int("limit", 0,
- "limit on number of things to list or issues to create (0 means unlimited)")
- githubTokenFile = flag.String("ghtokenfile", "",
- "path to file containing GitHub access token (for creating issues)")
- knownModuleFile = flag.String("known-module-file", "", "file with list of all known modules")
-)
-
-// Config for both the server and the command-line tool.
-var cfg worker.Config
-
-func init() {
- flag.StringVar(&cfg.Project, "project", os.Getenv("GOOGLE_CLOUD_PROJECT"), "project ID (required)")
- flag.StringVar(&cfg.Namespace, "namespace", os.Getenv("VULN_WORKER_NAMESPACE"), "Firestore namespace (required)")
- flag.BoolVar(&cfg.UseErrorReporting, "report-errors", os.Getenv("VULN_WORKER_REPORT_ERRORS") == "true",
- "use the error reporting API")
- flag.StringVar(&cfg.IssueRepo, "issue-repo", os.Getenv("VULN_WORKER_ISSUE_REPO"), "repo to create issues in")
-}
-
-const pkgsiteURL = "https://pkg.go.dev"
-
-func main() {
- flag.Usage = func() {
- out := flag.CommandLine.Output()
- fmt.Fprintln(out, "usage:")
- fmt.Fprintln(out, "worker FLAGS")
- fmt.Fprintln(out, " run as a server, listening at the PORT env var")
- fmt.Fprintln(out, "worker FLAGS SUBCOMMAND ...")
- fmt.Fprintln(out, " run as a command-line tool, executing SUBCOMMAND")
- fmt.Fprintln(out, " subcommands:")
- fmt.Fprintln(out, " update COMMIT: perform an update operation")
- fmt.Fprintln(out, " list-updates: display info about update operations")
- fmt.Fprintln(out, " list-cves TRIAGE_STATE: display info about CVE records")
- fmt.Fprintln(out, " create-issues: create issues for CVEs that need them")
- fmt.Fprintln(out, " show ID1 ID2 ...: display CVE records")
- fmt.Fprintln(out, "flags:")
- flag.PrintDefaults()
- }
-
- flag.Parse()
- if *githubTokenFile != "" {
- data, err := ioutil.ReadFile(*githubTokenFile)
- if err != nil {
- die("%v", err)
- }
- cfg.GitHubAccessToken = strings.TrimSpace(string(data))
- } else {
- cfg.GitHubAccessToken = os.Getenv("VULN_GITHUB_ACCESS_TOKEN")
- }
- if err := cfg.Validate(); err != nil {
- dieWithUsage("%v", err)
- }
-
- ctx := log.WithLineLogger(context.Background())
- log.Info(ctx, "config",
- event.String("Project", cfg.Project),
- event.String("Namespace", cfg.Namespace),
- event.String("IssueRepo", cfg.IssueRepo))
-
- var err error
- cfg.Store, err = store.NewFireStore(ctx, cfg.Project, cfg.Namespace)
- if err != nil {
- die("firestore: %v", err)
- }
- if flag.NArg() > 0 {
- err = runCommandLine(ctx)
- } else {
- err = runServer(ctx)
- }
- if err != nil {
- dieWithUsage("%v", err)
- }
-}
-
-func runServer(ctx context.Context) error {
- if os.Getenv("PORT") == "" {
- return errors.New("need PORT")
- }
- if _, err := worker.NewServer(ctx, cfg); err != nil {
- return err
- }
- addr := ":" + os.Getenv("PORT")
- log.Infof(ctx, "Listening on addr %s", addr)
- return fmt.Errorf("listening: %v", http.ListenAndServe(addr, nil))
-}
-
-const timeFormat = "2006/01/02 15:04:05"
-
-func runCommandLine(ctx context.Context) error {
- switch flag.Arg(0) {
- case "list-updates":
- return listUpdatesCommand(ctx)
- case "list-cves":
- return listCVEsCommand(ctx, flag.Arg(1))
- case "update":
- if flag.NArg() != 2 {
- return errors.New("usage: update COMMIT")
- }
- return updateCommand(ctx, flag.Arg(1))
- case "create-issues":
- return createIssuesCommand(ctx)
- case "show":
- return showCommand(ctx, flag.Args()[1:])
- default:
- return fmt.Errorf("unknown command: %q", flag.Arg(1))
- }
-}
-
-func listUpdatesCommand(ctx context.Context) error {
- recs, err := cfg.Store.ListCommitUpdateRecords(ctx, 0)
- if err != nil {
- return err
- }
- tw := tabwriter.NewWriter(os.Stdout, 1, 8, 2, ' ', 0)
- fmt.Fprintf(tw, "Start\tEnd\tCommit\tID\tCVEs Processed\n")
- for i, r := range recs {
- if *limit > 0 && i >= *limit {
- break
- }
- endTime := "unfinished"
- if !r.EndedAt.IsZero() {
- endTime = r.EndedAt.In(time.Local).Format(timeFormat)
- }
- fmt.Fprintf(tw, "%s\t%s\t%s\t%s\t%d/%d (added %d, modified %d)\n",
- r.StartedAt.In(time.Local).Format(timeFormat),
- endTime,
- r.CommitHash,
- r.ID,
- r.NumProcessed, r.NumTotal, r.NumAdded, r.NumModified)
- }
- return tw.Flush()
-}
-
-func listCVEsCommand(ctx context.Context, triageState string) error {
- ts := store.TriageState(triageState)
- if err := ts.Validate(); err != nil {
- return err
- }
- crs, err := cfg.Store.ListCVERecordsWithTriageState(ctx, ts)
- if err != nil {
- return err
- }
- tw := tabwriter.NewWriter(os.Stdout, 1, 8, 2, ' ', 0)
- fmt.Fprintf(tw, "ID\tCVEState\tCommit\tReason\tModule\tIssue\tIssue Created\n")
- for i, r := range crs {
- if *limit > 0 && i >= *limit {
- break
- }
- fmt.Fprintf(tw, "%s\t%s\t%s\t%s\t%s\t%s\t%s\n",
- r.ID, r.CVEState, r.CommitHash, r.TriageStateReason, r.Module, r.IssueReference, worker.FormatTime(r.IssueCreatedAt))
- }
- return tw.Flush()
-}
-
-func updateCommand(ctx context.Context, commitHash string) error {
- repoPath := gitrepo.CVEListRepoURL
- if *localRepoPath != "" {
- repoPath = *localRepoPath
- }
- if *knownModuleFile != "" {
- if err := populateKnownModules(*knownModuleFile); err != nil {
- return err
- }
- }
- err := worker.UpdateCommit(ctx, repoPath, commitHash, cfg.Store, pkgsiteURL, *force)
- if cerr := new(worker.CheckUpdateError); errors.As(err, &cerr) {
- return fmt.Errorf("%w; use -force to override", cerr)
- }
- return err
-}
-
-func populateKnownModules(filename string) error {
- f, err := os.Open(filename)
- if err != nil {
- return err
- }
- defer f.Close()
-
- var mods []string
- scan := bufio.NewScanner(f)
- for scan.Scan() {
- line := strings.TrimSpace(scan.Text())
- if line == "" || line[0] == '#' {
- continue
- }
- mods = append(mods, line)
- }
- if err := scan.Err(); err != nil {
- return err
- }
- worker.SetKnownModules(mods)
- fmt.Printf("set %d known modules\n", len(mods))
- return nil
-}
-
-func createIssuesCommand(ctx context.Context) error {
- if cfg.IssueRepo == "" {
- return errors.New("need -issue-repo")
- }
- if cfg.GitHubAccessToken == "" {
- return errors.New("need -ghtokenfile")
- }
- owner, repoName, err := worker.ParseGithubRepo(cfg.IssueRepo)
- if err != nil {
- return err
- }
- client := worker.NewGithubIssueClient(owner, repoName, cfg.GitHubAccessToken)
- return worker.CreateIssues(ctx, cfg.Store, client, *limit)
-}
-
-func showCommand(ctx context.Context, ids []string) error {
- for _, id := range ids {
- r, err := cfg.Store.GetCVERecord(ctx, id)
- if err != nil {
- return err
- }
- if r == nil {
- fmt.Printf("%s not found\n", id)
- } else {
- // Display as JSON because it's an easy way to get nice formatting.
- j, err := json.MarshalIndent(r, "", "\t")
- if err != nil {
- return err
- }
- fmt.Printf("%s\n", j)
- }
- }
- return nil
-}
-
-func die(format string, args ...interface{}) {
- fmt.Fprintf(os.Stderr, format, args...)
- fmt.Fprintln(os.Stderr)
- os.Exit(1)
-}
-
-func dieWithUsage(format string, args ...interface{}) {
- fmt.Fprintf(os.Stderr, format, args...)
- fmt.Fprintln(os.Stderr)
- flag.Usage()
- os.Exit(1)
-}
diff --git a/srv/devtools/lib.sh b/srv/devtools/lib.sh
deleted file mode 100644
index cd9c621..0000000
--- a/srv/devtools/lib.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-# Copyright 2021 The Go Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-# Library of useful bash functions and variables.
-
-RED=; GREEN=; YELLOW=; NORMAL=;
-MAXWIDTH=0
-
-if tput setaf 1 >& /dev/null; then
- RED=`tput setaf 1`
- GREEN=`tput setaf 2`
- YELLOW=`tput setaf 3`
- NORMAL=`tput sgr0`
- MAXWIDTH=$(( $(tput cols) - 2 ))
-fi
-
-EXIT_CODE=0
-
-info() { echo -e "${GREEN}$@${NORMAL}" 1>&2; }
-warn() { echo -e "${YELLOW}$@${NORMAL}" 1>&2; }
-err() { echo -e "${RED}$@${NORMAL}" 1>&2; EXIT_CODE=1; }
-
-die() {
- err $@
- exit 1
-}
-
-dryrun=false
-
-# runcmd prints an info log describing the command that is about to be run, and
-# then runs it. It sets EXIT_CODE to non-zero if the command fails, but does not exit
-# the script.
-runcmd() {
- msg="$@"
- if $dryrun; then
- echo -e "${YELLOW}dryrun${GREEN}\$ $msg${NORMAL}"
- return 0
- fi
- # Truncate command logging for narrow terminals.
- # Account for the 2 characters of '$ '.
- if [[ $MAXWIDTH -gt 0 && ${#msg} -gt $MAXWIDTH ]]; then
- msg="${msg::$(( MAXWIDTH - 3 ))}..."
- fi
-
- echo -e "$@\n" 1>&2;
- $@ || err "command failed"
-}
diff --git a/srv/go.mod b/srv/go.mod
deleted file mode 100644
index be76130..0000000
--- a/srv/go.mod
+++ /dev/null
@@ -1,61 +0,0 @@
-module golang.org/x/vuln/srv
-
-go 1.17
-
-require (
- cloud.google.com/go/errorreporting v0.1.0
- cloud.google.com/go/firestore v1.6.1
- github.com/go-git/go-billy/v5 v5.3.1
- github.com/go-git/go-git/v5 v5.4.2
- github.com/google/go-cmp v0.5.6
- github.com/google/go-github v17.0.0+incompatible
- github.com/google/safehtml v0.0.2
- github.com/jba/templatecheck v0.6.0
- golang.org/x/exp v0.0.0-20211216164055-b2b84827b756
- golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57
- golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
- golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
- golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11
- golang.org/x/tools v0.1.8
- golang.org/x/vuln v0.0.0-00010101000000-000000000000
- google.golang.org/api v0.63.0
- google.golang.org/grpc v1.43.0
- gopkg.in/yaml.v2 v2.4.0
-)
-
-require (
- cloud.google.com/go v0.99.0 // indirect
- github.com/Microsoft/go-winio v0.4.16 // indirect
- github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
- github.com/acomagu/bufpipe v1.0.3 // indirect
- github.com/census-instrumentation/opencensus-proto v0.2.1 // indirect
- github.com/cespare/xxhash/v2 v2.1.1 // indirect
- github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect
- github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1 // indirect
- github.com/emirpasic/gods v1.12.0 // indirect
- github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021 // indirect
- github.com/envoyproxy/protoc-gen-validate v0.1.0 // indirect
- github.com/go-git/gcfg v1.5.0 // indirect
- github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
- github.com/golang/protobuf v1.5.2 // indirect
- github.com/google/go-querystring v1.1.0 // indirect
- github.com/googleapis/gax-go/v2 v2.1.1 // indirect
- github.com/imdario/mergo v0.3.12 // indirect
- github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
- github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
- github.com/mitchellh/go-homedir v1.1.0 // indirect
- github.com/sergi/go-diff v1.1.0 // indirect
- github.com/xanzy/ssh-agent v0.3.0 // indirect
- go.opencensus.io v0.23.0 // indirect
- golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
- golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f // indirect
- golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827 // indirect
- golang.org/x/text v0.3.7 // indirect
- golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
- google.golang.org/appengine v1.6.7 // indirect
- google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect
- google.golang.org/protobuf v1.27.1 // indirect
- gopkg.in/warnings.v0 v0.1.2 // indirect
-)
-
-replace golang.org/x/vuln => ../
diff --git a/srv/go.sum b/srv/go.sum
deleted file mode 100644
index cc6699a..0000000
--- a/srv/go.sum
+++ /dev/null
@@ -1,961 +0,0 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
-cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
-cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
-cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
-cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
-cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
-cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
-cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
-cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
-cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.99.0 h1:y/cM2iqGgGi5D5DQZl6D9STN/3dR/Vx5Mp8s752oJTY=
-cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/errorreporting v0.1.0 h1:z40EhrjRspplwbpO+9DSnC4kgDokBi94T/gYwtdKL5Q=
-cloud.google.com/go/errorreporting v0.1.0/go.mod h1:cZSiBMvrnl0X13pD9DwKf9sQ8Eqy3EzHqkyKBZxiIrM=
-cloud.google.com/go/firestore v1.6.1 h1:8rBq3zRjnHx8UtBvaOWqBB1xq9jH6/wltfQLlTMh2Fw=
-cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20201218220906-28db891af037/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
-github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
-github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
-github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
-github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
-github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
-github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
-github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
-github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
-github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 h1:hzAQntlaYRkVSFEfj9OTWlVV1H155FMD8BTKktLv0QI=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1 h1:zH8ljVhhq7yC0MIeUL/IviMtY8hx2mK8cN9wEYb8ggw=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
-github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
-github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
-github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
-github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021 h1:fP+fF0up6oPY49OrjPrhIJ8yQfdIM85NXMLkMg1EXVs=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
-github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
-github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
-github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
-github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34=
-github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8=
-github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0=
-github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4=
-github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
-github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
-github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
-github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/safehtml v0.0.2 h1:ZOt2VXg4x24bW0m2jtzAOkhoXV0iM8vNKc0paByCZqM=
-github.com/google/safehtml v0.0.2/go.mod h1:L4KWwDsUJdECRAEpZoBn3O64bQaywRscowZjJAzjHnU=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.1.1 h1:dp3bWCh+PPO1zjRRiCSczJav13sBvG4UhNyVTa1KqdU=
-github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
-github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
-github.com/jba/templatecheck v0.6.0 h1:SwM8C4hlK/YNLsdcXStfnHWE2HKkuTVwy5FKQHt5ro8=
-github.com/jba/templatecheck v0.6.0/go.mod h1:/1k7EajoSErFI9GLHAsiIJEaNLt3ALKNw2TV7z2SYv4=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
-github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck=
-github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
-github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
-github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
-github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
-github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
-github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg=
-github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU=
-github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k=
-github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w=
-github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
-github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
-github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
-github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
-github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
-github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
-github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA=
-github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
-github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
-github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
-github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
-github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
-github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
-github.com/rs/zerolog v1.21.0/go.mod h1:ZPhntP/xmq1nnND05hhpAh2QMhSsA4UN3MGZ6O2J3hM=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI=
-github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
-go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
-go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
-go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
-go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
-go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
-go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
-go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
-go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
-go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20211216164055-b2b84827b756 h1:/5Bs7sWi0i3rOVO5KnM55OwugpsD4bRW1zywKoZjbkI=
-golang.org/x/exp v0.0.0-20211216164055-b2b84827b756/go.mod h1:b9TAUYHmRtqA6klRHApnXMnj+OyLce4yF5cZCUbk2ps=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mobile v0.0.0-20201217150744-e6ae53a27f4f/go.mod h1:skQtrUTUwhdJvXM/2KKJzY8pDgNr9I/FOMqDVRPBUS4=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191209134235-331c550502dd/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 h1:LQmS1nU0twXLA96Kt7U9qtHJEbBk3z6Q0V4UXjZkpr4=
-golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f h1:OfiFi4JbukWwe3lzw+xunroH1mnC1e2Gy5cxNJApiSY=
-golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827 h1:A0Qkn7Z/n8zC1xd9LTw17AiKlBRK64tw3ejWQiEqca0=
-golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117012304-6edc0a871e69/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.8-0.20211029000441-d6a9af8af023/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
-golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
-golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
-google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
-google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
-google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
-google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
-google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
-google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
-google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU=
-google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
-google.golang.org/api v0.63.0 h1:n2bqqK895ygnBpdPDYetfy23K7fJ22wsrZKCyfuRkkA=
-google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
-google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
-google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
-google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM=
-google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
-gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=
-honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
-mvdan.cc/unparam v0.0.0-20211214103731-d0ef000c54e5/go.mod h1:b8RRCBm0eeiWR8cfN88xeq2G5SG3VKGO+5UPWi5FSOY=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=
diff --git a/srv/internal/cveschema/cveschema.go b/srv/internal/cveschema/cveschema.go
deleted file mode 100644
index e19970d..0000000
--- a/srv/internal/cveschema/cveschema.go
+++ /dev/null
@@ -1,217 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package cveschema contains the schema for a CVE, as derived from
-// https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema.
-package cveschema
-
-const (
- // StateReserved is the initial state for a CVE Record; when the associated
- // CVE ID is Reserved by a CNA.
- StateReserved = "RESERVED"
-
- // StatePublic is when a CNA populates the data associated with a CVE ID
- // as a CVE Record, the state of the CVE Record is PUBLIC. The
- // associated data must contain an identification number (CVE ID), a prose
- // description, and at least one public reference.
- StatePublic = "PUBLIC"
-
- // StateRejected is when the CVE ID and associated CVE Record should no
- // longer be used, the CVE Record is placed in the REJECT state. A Rejected
- // CVE Record remains on the CVE List so that users can know when it is
- // invalid.
- StateRejected = "REJECT"
-)
-
-// CVE represents a "Common Vulnerabilities and Exposures" record, which is
-// associated with a CVE ID and provided by a CNA.
-//
-// A CVE corresponds to a flaw in a software, firmware, hardware, or service
-// component resulting from a weakness that can be exploited, causing a negative
-// impact to the confidentiality, integrity, or availability of an impacted
-// component or components.
-type CVE struct {
- // Metadata is metadata about the CVE ID such as the CVE ID, who
- // requested it, who assigned it, when it was requested, when it was assigned,
- // the current state (PUBLIC, REJECT, etc.) and so on.
- Metadata `json:"CVE_data_meta"`
-
- // DataType identifies what kind of data is held in this JSON file. This is
- // mandatory and designed to prevent problems with attempting to detect
- // what kind of file this is. Valid values for this string are CVE, CNA,
- // CVEMENTOR.
- DataType string `json:"data_type"`
-
- // DataFormat identifies what data format is used in this JSON file. This
- // is mandatory and designed to prevent problems with attempting to detect
- // what format of data is used. Valid values for this string are MITRE, it can
- // also be user defined (e.g. for internal use).
- DataFormat string `json:"data_format"`
-
- // DataVersion identifies which version of the data format is in use. This
- // is mandatory and designed to prevent problems with attempting to detect
- // what format of data is used.
- DataVersion string `json:"data_version"`
-
- // Affects is the root level container for affected vendors and in turn
- // their affected technologies, products, hardware, etc. It only goes in
- // the root level.
- Affects Affects `json:"affects"`
-
- // Description is a description of the issue. It can exist in the root
- // level or within virtually any other container, the intent being that for
- // example different products, and configurations may result in different
- // impacts and thus descriptions of the issue.
- Description Description `json:"description"`
-
- // ProblemType is problem type information (e.g. CWE identifier).
- ProblemType ProblemType `json:"problemtype"`
-
- // References is reference data in the form of URLs or file objects
- // (uuencoded and embedded within the JSON file, exact format to be
- // decided, e.g. we may require a compressed format so the objects require
- // unpacking before they are "dangerous").
- References References `json:"references"`
-}
-
-// Metadata is meta data about the CVE ID such as the CVE ID, who requested
-// it, who assigned it, when it was requested, when it was assigned, the
-// current state (PUBLIC, REJECT, etc.) and so on.
-type Metadata struct {
- Assigner string `json:"ASSIGNER"`
- ID string `json:"ID"`
- State string `json:"STATE"`
-}
-
-// Affects is the root level container for affected vendors and in turn their
-// affected technologies, products, hardware, etc. It only goes in the root
-// level.
-type Affects struct {
- Vendor Vendor `json:"vendor"`
-}
-
-// Description is a description of the issue. It can exist in the root level or
-// within virtually any other container, the intent being that for example
-// different products, and configurations may result in different impacts and
-// thus descriptions of the issue.
-//
-// The description could include:
-//
-// An explanation of an attack type using the vulnerability;
-// The impact of the vulnerability;
-// The software components within a software product that are affected by the
-// vulnerability; and
-// Any attack vectors that can make use of the vulnerability.
-//
-// Descriptions often follow this template:
-//
-// [PROBLEM TYPE] in [PRODUCT/VERSION] causes [IMPACT] when [ATTACK]
-//
-// where impact and attack are arbitrary terms that should be relevant to the
-// nature of the vulnerability.
-type Description struct {
- Data []LangString `json:"description_data"`
-}
-
-// ProblemType is problem type information (e.g. CWE identifier).
-//
-// It can include an arbitrary summary of the problem, though Common Weakness
-// Enumerations (CWEs) are a standard to use in this field.
-type ProblemType struct {
- Data []ProblemTypeDataItem `json:"problemtype_data"`
-}
-
-// A ProblemTypeDataItem is an entry in ProblemType.Data.
-type ProblemTypeDataItem struct {
- Description []LangString `json:"description"`
-}
-
-// LangString is a JSON data type containing the language that a description is
-// written in and the text string.
-type LangString struct {
- Lang string `json:"lang"`
- Value string `json:"value"`
-}
-
-// References is reference data in the form of URLs or file objects (uuencoded
-// and embedded within the JSON file, exact format to be decided, e.g. we may
-// require a compressed format so the objects require unpacking before they are
-// "dangerous").
-type References struct {
- Data []Reference `json:"reference_data"`
-}
-
-// A reference is a URL pointing to a world-wide-web-based resource. For
-// CSV and flat-file formats, they should be separated by a space. References
-// should point to content that is relevant to the vulnerability and include at
-// least all the details included in the CVE entry. Ideally, references should
-// point to content that includes the CVE ID itself whenever possible. References
-// must also be publicly available, as described in Section 2.1.1 of the CVE
-// Numbering Authorities (CNA) Rules.
-type Reference struct {
- URL string `json:"url"`
-}
-
-// Vendor is the container for affected vendors, it only goes in the affects
-// container.
-type Vendor struct {
- // Data is an array of version values (vulnerable and not); we use an
- // array so that different entities can make statements about the same
- // vendor and they are separate (if we used a JSON object we'd essentially
- // be keying on the vendor name and they would have to overlap). Also this
- // allows things like data_version or description to be applied directly to
- // the vendor entry.
- Data []VendorDataItem `json:"vendor_data"`
-}
-
-// A VendorDataItem represents a single vendor name and product.
-type VendorDataItem struct {
- Product Product `json:"product"`
- VendorName string `json:"vendor_name"`
-}
-
-// Product is the container for affected technologies, products, hardware, etc.
-//
-// As a general guideline, the product should include the vendor, developer, or
-// project name as well as the name of the actual software or hardware in which
-// the vulnerability exists.
-type Product struct {
- // Data is an array of version values (vulnerable and not); we use
- // an array so that we can make multiple statements about the same product and
- // they are separate (if we used a JSON object we'd essentially be keying on
- // the product name and they would have to overlap). Also this allows things
- // like data_version or description to be applied directly to the product
- // entry.
- Data []ProductDataItem `json:"product_data"`
-}
-
-// ProductDataItem represents a single product name and version that belongs to
-// a product container.
-type ProductDataItem struct {
- ProductName string `json:"product_name"`
- Version VersionData `json:"version"`
-}
-
-// VersionData is an array of version values (vulnerable and not); we use an
-// array so that we can make multiple statements about the same version and they
-// are separate (if we used a JSON object we'd essentially be keying on the
-// version name/number and they would have to overlap). Also this allows things
-// like data_version or description to be applied directly to the product entry.
-// This also allows more complex statements such as "Product X between versions
-// 10.2 and 10.8" to be put in a machine-readable format. As well since multiple
-// statements can be used multiple branches of the same product can be defined
-// here.
-type VersionData struct {
- Data []VersionDataItem `json:"version_data"`
-}
-
-// A VersionDataItem represents a version, the date of release, or whatever
-// indicator that is used by vendors, developers, or projects to differentiate
-// between releases. The version can be described with specific version
-// numbers, ranges of versions, or “all versions before/after” a version number or
-// date.
-type VersionDataItem struct {
- VersionValue string `json:"version_value"`
- VersionAffected string `json:"version_affected"`
-}
diff --git a/srv/internal/database/generate.go b/srv/internal/database/generate.go
deleted file mode 100644
index 917285b..0000000
--- a/srv/internal/database/generate.go
+++ /dev/null
@@ -1,237 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package database generates the vulnerability database.
-package database
-
-import (
- "encoding/json"
- "fmt"
- "io/ioutil"
- "os"
- "path/filepath"
- "strings"
-
- "golang.org/x/mod/semver"
- "golang.org/x/vuln/client"
- "golang.org/x/vuln/osv"
- "golang.org/x/vuln/srv/internal"
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/report"
- "gopkg.in/yaml.v2"
-)
-
-const dbURL = "https://go.googlesource.com/vuln/+/refs/heads/master/reports/"
-
-func Generate(yamlDir, jsonDir string) (err error) {
- defer derrors.Wrap(&err, "Generate(%q)", yamlDir)
- yamlFiles, err := ioutil.ReadDir(yamlDir)
- if err != nil {
- return fmt.Errorf("can't read %q: %s", yamlDir, err)
- }
-
- jsonVulns := map[string][]osv.Entry{}
- var entries []osv.Entry
- for _, f := range yamlFiles {
- if !strings.HasSuffix(f.Name(), ".yaml") {
- continue
- }
- content, err := ioutil.ReadFile(filepath.Join(yamlDir, f.Name()))
- if err != nil {
- return fmt.Errorf("can't read %q: %s", f.Name(), err)
- }
- var vuln report.Report
- if err := yaml.UnmarshalStrict(content, &vuln); err != nil {
- return fmt.Errorf("unable to unmarshal %q: %s", f.Name(), err)
- }
- if lints := vuln.Lint(); len(lints) > 0 {
- return fmt.Errorf("vuln.Lint: %v", lints)
- }
-
- name := strings.TrimSuffix(filepath.Base(f.Name()), filepath.Ext(f.Name()))
-
- // TODO(rolandshoemaker): once the HTML representation is ready this should be
- // the link to the HTML page.
- linkName := fmt.Sprintf("%s%s.yaml", dbURL, name)
- entry, paths := generateOSVEntry(name, linkName, vuln)
- for _, path := range paths {
- jsonVulns[path] = append(jsonVulns[path], entry)
- }
- entries = append(entries, entry)
- }
-
- index := make(client.DBIndex, len(jsonVulns))
- for path, vulns := range jsonVulns {
- outPath := filepath.Join(jsonDir, path)
- content, err := json.Marshal(vulns)
- if err != nil {
- return fmt.Errorf("failed to marshal json: %s", err)
- }
- if err := os.MkdirAll(filepath.Dir(outPath), 0700); err != nil {
- return fmt.Errorf("failed to create directory %q: %s", filepath.Dir(outPath), err)
- }
- if err := ioutil.WriteFile(outPath+".json", content, 0644); err != nil {
- return fmt.Errorf("failed to write %q: %s", outPath+".json", err)
- }
- for _, v := range vulns {
- if v.Modified.After(index[path]) || v.Published.After(index[path]) {
- index[path] = v.Modified
- }
- }
- }
-
- indexJSON, err := json.Marshal(index)
- if err != nil {
- return fmt.Errorf("failed to marshal index json: %s", err)
- }
- if err := ioutil.WriteFile(filepath.Join(jsonDir, "index.json"), indexJSON, 0644); err != nil {
- return fmt.Errorf("failed to write index: %s", err)
- }
-
- // Write a directory containing entries by ID.
- idDir := filepath.Join(jsonDir, internal.IDDirectory)
- if err := os.MkdirAll(idDir, 0700); err != nil {
- return fmt.Errorf("failed to create directory %q: %v", idDir, err)
- }
- var idIndex []string
- for _, e := range entries {
- outPath := filepath.Join(idDir, e.ID+".json")
- content, err := json.Marshal(e)
- if err != nil {
- return fmt.Errorf("failed to marshal json: %v", err)
- }
- if err := ioutil.WriteFile(outPath, content, 0644); err != nil {
- return fmt.Errorf("failed to write %q: %v", outPath, err)
- }
- idIndex = append(idIndex, e.ID)
- }
-
- // Write an index.json in the ID directory with a list of all the IDs.
- idIndexJSON, err := json.Marshal(idIndex)
- if err != nil {
- return fmt.Errorf("failed to marshal index json: %s", err)
- }
- if err := ioutil.WriteFile(filepath.Join(idDir, "index.json"), idIndexJSON, 0644); err != nil {
- return fmt.Errorf("failed to write index: %s", err)
- }
- return nil
-}
-
-func generateOSVEntry(id string, url string, r report.Report) (osv.Entry, []string) {
- importPath := r.Module
- if r.Package != "" {
- importPath = r.Package
- }
- moduleMap := make(map[string]bool)
- if r.Stdlib {
- moduleMap["stdlib"] = true
- } else {
- moduleMap[r.Module] = true
- }
- lastModified := r.Published
- if r.LastModified != nil {
- lastModified = *r.LastModified
- }
- entry := osv.Entry{
- ID: id,
- Published: r.Published,
- Modified: lastModified,
- Withdrawn: r.Withdrawn,
- Details: r.Description,
- Affected: []osv.Affected{generateAffected(importPath, r.Versions, r.OS, r.Arch, r.Symbols, url)},
- }
-
- for _, additional := range r.AdditionalPackages {
- additionalPath := additional.Module
- if additional.Package != "" {
- additionalPath = additional.Package
- }
- if !r.Stdlib {
- moduleMap[additional.Module] = true
- }
- entry.Affected = append(entry.Affected, generateAffected(additionalPath, additional.Versions, r.OS, r.Arch, additional.Symbols, url))
- }
-
- if r.Links.PR != "" {
- entry.References = append(entry.References, osv.Reference{Type: "FIX", URL: r.Links.PR})
- }
- if r.Links.Commit != "" {
- entry.References = append(entry.References, osv.Reference{Type: "FIX", URL: r.Links.Commit})
- }
- for _, link := range r.Links.Context {
- entry.References = append(entry.References, osv.Reference{Type: "WEB", URL: link})
- }
-
- if r.CVE != "" {
- entry.Aliases = []string{r.CVE}
- } else {
- entry.Aliases = r.CVEs
- }
-
- var modules []string
- for module := range moduleMap {
- modules = append(modules, module)
- }
- return entry, modules
-}
-
-func generateAffectedRanges(versions []report.VersionRange) osv.Affects {
- a := osv.AffectsRange{Type: osv.TypeSemver}
- if len(versions) == 0 || versions[0].Introduced == "" {
- a.Events = append(a.Events, osv.RangeEvent{Introduced: "0"})
- }
- for _, v := range versions {
- if v.Introduced != "" {
- v.Introduced = canonicalizeSemverPrefix(v.Introduced)
- a.Events = append(a.Events, osv.RangeEvent{Introduced: removeSemverPrefix(semver.Canonical(v.Introduced))})
- }
- if v.Fixed != "" {
- v.Fixed = canonicalizeSemverPrefix(v.Fixed)
- a.Events = append(a.Events, osv.RangeEvent{Fixed: removeSemverPrefix(semver.Canonical(v.Fixed))})
- }
- }
- return osv.Affects{a}
-}
-
-func generateAffected(importPath string, versions []report.VersionRange, goos, goarch, symbols []string, url string) osv.Affected {
- return osv.Affected{
- Package: osv.Package{
- Name: importPath,
- Ecosystem: osv.GoEcosystem,
- },
- Ranges: generateAffectedRanges(versions),
- DatabaseSpecific: osv.DatabaseSpecific{URL: url},
- EcosystemSpecific: osv.EcosystemSpecific{
- GOOS: goos,
- GOARCH: goarch,
- Symbols: symbols,
- },
- }
-}
-
-// removeSemverPrefix removes the 'v' or 'go' prefixes from go-style
-// SEMVER strings, for usage in the public vulnerability format.
-func removeSemverPrefix(s string) string {
- s = strings.TrimPrefix(s, "v")
- s = strings.TrimPrefix(s, "go")
- return s
-}
-
-// canonicalizeSemverPrefix turns a SEMVER string into the canonical
-// representation using the 'v' prefix, as used by the OSV format.
-// Input may be a bare SEMVER ("1.2.3"), Go prefixed SEMVER ("go1.2.3"),
-// or already canonical SEMVER ("v1.2.3").
-func canonicalizeSemverPrefix(s string) string {
- return addSemverPrefix(removeSemverPrefix(s))
-}
-
-// addSemverPrefix adds a 'v' prefix to s if it isn't already prefixed
-// with 'v' or 'go'. This allows us to easily test go-style SEMVER
-// strings against normal SEMVER strings.
-func addSemverPrefix(s string) string {
- if !strings.HasPrefix(s, "v") && !strings.HasPrefix(s, "go") {
- return "v" + s
- }
- return s
-}
diff --git a/srv/internal/database/generate_test.go b/srv/internal/database/generate_test.go
deleted file mode 100644
index 2150a85..0000000
--- a/srv/internal/database/generate_test.go
+++ /dev/null
@@ -1,204 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package database
-
-import (
- "reflect"
- "sort"
- "testing"
- "time"
-
- "github.com/google/go-cmp/cmp"
- "golang.org/x/vuln/osv"
- "golang.org/x/vuln/srv/internal/report"
-)
-
-func TestGenerate(t *testing.T) {
- r := report.Report{
- Module: "example.com/vulnerable/v2",
- AdditionalPackages: []report.Additional{
- {
- Module: "vanity.host/vulnerable",
- Package: "vanity.host/vulnerable/package",
- Symbols: []string{"b", "A.b"},
- Versions: []report.VersionRange{
- {Fixed: "v2.1.1"},
- {Introduced: "v2.3.4", Fixed: "v2.3.5"},
- {Introduced: "v2.5.0"},
- },
- },
- {
- Module: "example.com/also-vulnerable",
- Package: "example.com/also-vulnerable/package",
- Symbols: []string{"z"},
- Versions: []report.VersionRange{
- {Fixed: "v2.1.1"},
- },
- },
- },
- Versions: []report.VersionRange{
- {Fixed: "v2.1.1"},
- {Introduced: "v2.3.4", Fixed: "v2.3.5"},
- {Introduced: "v2.5.0"},
- },
- Description: "It's a real bad one, I'll tell you that",
- CVE: "CVE-0000-0000",
- Credit: "ignored",
- Symbols: []string{"A", "B.b"},
- OS: []string{"windows"},
- Arch: []string{"arm64"},
- Links: report.Links{
- PR: "pr",
- Commit: "commit",
- Context: []string{"issue-a", "issue-b"},
- },
- }
-
- url := "https://vulns.golang.org/GO-1991-0001.html"
- wantEntry := osv.Entry{
- ID: "GO-1991-0001",
- Details: "It's a real bad one, I'll tell you that",
- References: []osv.Reference{
- {Type: "FIX", URL: "pr"},
- {Type: "FIX", URL: "commit"},
- {Type: "WEB", URL: "issue-a"},
- {Type: "WEB", URL: "issue-b"},
- },
- Aliases: []string{"CVE-0000-0000"},
- Affected: []osv.Affected{
- {
- Package: osv.Package{
- Name: "example.com/vulnerable/v2",
- Ecosystem: "Go",
- },
- Ranges: []osv.AffectsRange{
- {
- Type: osv.TypeSemver,
- Events: []osv.RangeEvent{
- {
- Introduced: "0",
- },
- {
- Fixed: "2.1.1",
- },
- {
- Introduced: "2.3.4",
- },
- {
- Fixed: "2.3.5",
- },
- {
- Introduced: "2.5.0",
- },
- },
- },
- },
- DatabaseSpecific: osv.DatabaseSpecific{URL: url},
- EcosystemSpecific: osv.EcosystemSpecific{
- Symbols: []string{"A", "B.b"},
- GOOS: []string{"windows"},
- GOARCH: []string{"arm64"},
- },
- },
- {
- Package: osv.Package{
- Name: "vanity.host/vulnerable/package",
- Ecosystem: "Go",
- },
- Ranges: []osv.AffectsRange{
- {
- Type: osv.TypeSemver,
- Events: []osv.RangeEvent{
- {
- Introduced: "0",
- },
- {
- Fixed: "2.1.1",
- },
- {
- Introduced: "2.3.4",
- },
- {
- Fixed: "2.3.5",
- },
- {
- Introduced: "2.5.0",
- },
- },
- },
- },
- DatabaseSpecific: osv.DatabaseSpecific{URL: url},
- EcosystemSpecific: osv.EcosystemSpecific{
- Symbols: []string{"b", "A.b"},
- GOOS: []string{"windows"},
- GOARCH: []string{"arm64"},
- },
- },
- {
- Package: osv.Package{
- Name: "example.com/also-vulnerable/package",
- Ecosystem: "Go",
- },
- Ranges: []osv.AffectsRange{
- {
- Type: osv.TypeSemver,
- Events: []osv.RangeEvent{
- {
- Introduced: "0",
- },
- {
- Fixed: "2.1.1",
- },
- },
- },
- },
- DatabaseSpecific: osv.DatabaseSpecific{URL: url},
- EcosystemSpecific: osv.EcosystemSpecific{
- Symbols: []string{"z"},
- GOOS: []string{"windows"},
- GOARCH: []string{"arm64"},
- },
- },
- },
- }
- wantModules := []string{"example.com/vulnerable/v2", "vanity.host/vulnerable", "example.com/also-vulnerable"}
- sort.Strings(wantModules)
-
- gotEntry, gotModules := generateOSVEntry("GO-1991-0001", url, r)
- if diff := cmp.Diff(wantEntry, gotEntry, cmp.Comparer(func(a, b time.Time) bool { return a.Equal(b) })); diff != "" {
- t.Errorf("Generate returned unexpected entry (-want +got):\n%s", diff)
- }
- sort.Strings(gotModules)
- if !reflect.DeepEqual(gotModules, wantModules) {
- t.Errorf("Generate returned unexpected modules: got %v, want %v", gotModules, wantModules)
- }
-}
-
-func TestSemverCanonicalize(t *testing.T) {
- in := []report.VersionRange{
- {
- Introduced: "go1.16",
- Fixed: "go1.17",
- },
- }
- expected := osv.Affects{
- {
- Type: osv.TypeSemver,
- Events: []osv.RangeEvent{
- {
- Introduced: "1.16.0",
- },
- {
- Fixed: "1.17.0",
- },
- },
- },
- }
-
- out := generateAffectedRanges(in)
- if !reflect.DeepEqual(out, expected) {
- t.Fatalf("unexpected output: got %#v, want %#v", out, expected)
- }
-}
diff --git a/srv/internal/database/load.go b/srv/internal/database/load.go
deleted file mode 100644
index fc1dece..0000000
--- a/srv/internal/database/load.go
+++ /dev/null
@@ -1,97 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package database
-
-import (
- "encoding/json"
- "fmt"
- "io/ioutil"
- "path/filepath"
- "strings"
-
- "github.com/google/go-cmp/cmp"
- "golang.org/x/vuln/client"
- "golang.org/x/vuln/osv"
- "golang.org/x/vuln/srv/internal"
- "golang.org/x/vuln/srv/internal/derrors"
-)
-
-func Diff(dbname1, dbname2 string) (err error) {
- defer derrors.Wrap(&err, "Diff(%q, %q)", dbname1, dbname2)
- indexA, dbA, err := loadDB(dbname1)
- if err != nil {
- return fmt.Errorf("unable to load %q: %s", dbname1, err)
- }
- indexB, dbB, err := loadDB(dbname2)
- if err != nil {
- return fmt.Errorf("unable to load %q: %s", dbname2, err)
- }
- indexDiff := cmp.Diff(indexA, indexB)
- if indexDiff == "" {
- indexDiff = "(no change)"
- }
- dbDiff := cmp.Diff(dbA, dbB)
- if dbDiff == "" {
- dbDiff = "(no change)"
- }
- fmt.Printf("# index\n%s\n\n# db\n%s\n", indexDiff, dbDiff)
- return nil
-}
-
-func loadDB(dbPath string) (_ client.DBIndex, _ map[string][]osv.Entry, err error) {
- defer derrors.Wrap(&err, "loadDB(%q)", dbPath)
- index := client.DBIndex{}
- dbMap := map[string][]osv.Entry{}
-
- var loadDir func(string) error
- loadDir = func(path string) error {
- dir, err := ioutil.ReadDir(path)
- if err != nil {
- return err
- }
- for _, f := range dir {
- fpath := filepath.Join(path, f.Name())
- if f.IsDir() {
- if err := loadDir(fpath); err != nil {
- return err
- }
- continue
- }
- content, err := ioutil.ReadFile(fpath)
- if err != nil {
- return err
- }
- if path == dbPath && f.Name() == "index.json" {
- if err := json.Unmarshal(content, &index); err != nil {
- return fmt.Errorf("unable to parse %q: %s", fpath, err)
- }
- } else if path == filepath.Join(dbPath, internal.IDDirectory) {
- if f.Name() == "index.json" {
- // The ID index is just a list of the entries' IDs; we'll
- // catch any diffs in the entries themselves.
- continue
- }
- var entry osv.Entry
- if err := json.Unmarshal(content, &entry); err != nil {
- return fmt.Errorf("unable to parse %q: %s", fpath, err)
- }
- fname := strings.TrimPrefix(fpath, dbPath)
- dbMap[fname] = []osv.Entry{entry}
- } else {
- var entries []osv.Entry
- if err := json.Unmarshal(content, &entries); err != nil {
- return fmt.Errorf("unable to parse %q: %s", fpath, err)
- }
- module := strings.TrimPrefix(fpath, dbPath)
- dbMap[module] = entries
- }
- }
- return nil
- }
- if err := loadDir(dbPath); err != nil {
- return nil, nil, err
- }
- return index, dbMap, nil
-}
diff --git a/srv/internal/derrors/derrors.go b/srv/internal/derrors/derrors.go
deleted file mode 100644
index cc1faf0..0000000
--- a/srv/internal/derrors/derrors.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package derrors defines internal error values to categorize the different
-// types error semantics supported by x/vuln.
-package derrors
-
-import (
- "fmt"
-
- "cloud.google.com/go/errorreporting"
-)
-
-// Wrap adds context to the error and allows
-// unwrapping the result to recover the original error.
-//
-// Example:
-//
-// defer derrors.Wrap(&err, "copy(%s, %s)", dst, src)
-func Wrap(errp *error, format string, args ...interface{}) {
- if *errp != nil {
- *errp = fmt.Errorf("%s: %w", fmt.Sprintf(format, args...), *errp)
- }
-}
-
-// WrapAndReport calls Wrap followed by Report.
-func WrapAndReport(errp *error, format string, args ...interface{}) {
- Wrap(errp, format, args...)
- if *errp != nil {
- Report(*errp)
- }
-}
-
-var repClient *errorreporting.Client
-
-// SetReportingClient sets an errorreporting client, for use by Report.
-func SetReportingClient(c *errorreporting.Client) {
- repClient = c
-}
-
-// Report uses the errorreporting API to report an error.
-func Report(err error) {
- if repClient != nil {
- repClient.Report(errorreporting.Entry{Error: err})
- }
-}
diff --git a/srv/internal/gitrepo/gitrepo.go b/srv/internal/gitrepo/gitrepo.go
deleted file mode 100644
index c04888a..0000000
--- a/srv/internal/gitrepo/gitrepo.go
+++ /dev/null
@@ -1,67 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package gitrepo provides operations on git repos.
-package gitrepo
-
-import (
- "context"
- "strings"
-
- "github.com/go-git/go-git/v5"
- "github.com/go-git/go-git/v5/plumbing"
- "github.com/go-git/go-git/v5/plumbing/object"
- "github.com/go-git/go-git/v5/storage/memory"
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/worker/log"
-)
-
-const CVEListRepoURL = "https://github.com/CVEProject/cvelist"
-
-// Clone returns a repo by cloning the repo at repoURL.
-func Clone(ctx context.Context, repoURL string) (repo *git.Repository, err error) {
- defer derrors.Wrap(&err, "gitrepo.Clone(%q)", repoURL)
- log.Infof(ctx, "Cloning repo %q at HEAD", repoURL)
- return git.Clone(memory.NewStorage(), nil, &git.CloneOptions{
- URL: repoURL,
- ReferenceName: plumbing.HEAD,
- SingleBranch: true,
- Depth: 1,
- Tags: git.NoTags,
- })
-}
-
-// Open returns a repo by opening the repo at the local path dirpath.
-func Open(ctx context.Context, dirpath string) (repo *git.Repository, err error) {
- defer derrors.Wrap(&err, "gitrepo.Open(%q)", dirpath)
- log.Infof(ctx, "Opening repo at %q", dirpath)
- repo, err = git.PlainOpen(dirpath)
- if err != nil {
- return nil, err
- }
- return repo, nil
-}
-
-// CloneOrOpen clones repoPath if it is an HTTP(S) URL, or opens it from the
-// local disk otherwise.
-func CloneOrOpen(ctx context.Context, repoPath string) (*git.Repository, error) {
- if strings.HasPrefix(repoPath, "http://") || strings.HasPrefix(repoPath, "https://") {
- return Clone(ctx, repoPath)
- }
- return Open(ctx, repoPath)
-}
-
-// Root returns the root tree of the repo at HEAD.
-func Root(repo *git.Repository) (root *object.Tree, err error) {
- refName := plumbing.HEAD
- ref, err := repo.Reference(refName, true)
- if err != nil {
- return nil, err
- }
- commit, err := repo.CommitObject(ref.Hash())
- if err != nil {
- return nil, err
- }
- return repo.TreeObject(commit.TreeHash)
-}
diff --git a/srv/internal/internal.go b/srv/internal/internal.go
deleted file mode 100644
index b5c173a..0000000
--- a/srv/internal/internal.go
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package internal contains functionality for x/vuln.
-package internal
-
-import (
- "bufio"
- "os"
- "strings"
-
- "golang.org/x/vuln/srv/internal/derrors"
-)
-
-// IDDirectory is the name of the directory that contains entries
-// listed by their IDs.
-const IDDirectory = "ID"
-
-// Readfilelines reads and returns the lines from a file.
-// Whitespace on each line is trimmed.
-// Blank lines and lines beginning with '#' are ignored.
-func ReadFileLines(filename string) (lines []string, err error) {
- defer derrors.Wrap(&err, "ReadFileLines(%q)", filename)
- f, err := os.Open(filename)
- if err != nil {
- return nil, err
- }
- defer f.Close()
-
- s := bufio.NewScanner(f)
- for s.Scan() {
- line := strings.TrimSpace(s.Text())
- if line == "" || strings.HasPrefix(line, "#") {
- continue
- }
- lines = append(lines, line)
- }
- if s.Err() != nil {
- return nil, s.Err()
- }
- return lines, nil
-}
-
-// Cut cuts s around the first instance of sep,
-// returning the text before and after sep.
-// The found result reports whether sep appears in s.
-// If sep does not appear in s, cut returns s, "", false.
-//
-// https://golang.org/issue/46336 is an accepted proposal to add this to the
-// standard library. It will presumably land in Go 1.18, so this can be removed
-// when pkgsite moves to that version.
-func Cut(s, sep string) (before, after string, found bool) {
- if i := strings.Index(s, sep); i >= 0 {
- return s[:i], s[i+len(sep):], true
- }
- return s, "", false
-}
diff --git a/srv/internal/report/cve.go b/srv/internal/report/cve.go
deleted file mode 100644
index 94e32f0..0000000
--- a/srv/internal/report/cve.go
+++ /dev/null
@@ -1,136 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package report
-
-import (
- "errors"
- "fmt"
- "io/ioutil"
- "strings"
-
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/derrors"
- "gopkg.in/yaml.v2"
-)
-
-func ToCVE(reportPath string) (_ *cveschema.CVE, err error) {
- defer derrors.Wrap(&err, "report.ToCVE(%q)", reportPath)
-
- b, err := ioutil.ReadFile(reportPath)
- if err != nil {
- return nil, fmt.Errorf("ioutil.ReadFile(%q): %v", reportPath, err)
- }
-
- var r Report
- if err = yaml.UnmarshalStrict(b, &r); err != nil {
- return nil, fmt.Errorf("yaml.Unmarshal:: %v", err)
- }
-
- if r.CVE != "" || len(r.CVEs) > 0 {
- return nil, errors.New("report has CVE ID is wrong section (should be in cve_metadata for self-issued CVEs)")
- }
- if r.CVEMetadata == nil {
- return nil, errors.New("report missing cve_metadata section")
- }
- if r.CVEMetadata.ID == "" {
- return nil, errors.New("report missing CVE ID")
- }
-
- c := &cveschema.CVE{
- DataType: "CVE",
- DataFormat: "MITRE",
- DataVersion: "4.0",
- Metadata: cveschema.Metadata{
- ID: r.CVEMetadata.ID,
- Assigner: "security@golang.org",
- State: cveschema.StatePublic,
- },
-
- Description: cveschema.Description{
- Data: []cveschema.LangString{
- {
- Lang: "eng",
- Value: strings.TrimSuffix(r.CVEMetadata.Description, "\n"),
- },
- },
- },
-
- ProblemType: cveschema.ProblemType{
- Data: []cveschema.ProblemTypeDataItem{
- {
- Description: []cveschema.LangString{
- {
- Lang: "eng",
- Value: r.CVEMetadata.CWE,
- },
- },
- },
- },
- },
-
- Affects: cveschema.Affects{
- Vendor: cveschema.Vendor{
- Data: []cveschema.VendorDataItem{
- {
- VendorName: "n/a", // ???
- Product: cveschema.Product{
- Data: []cveschema.ProductDataItem{
- {
- ProductName: r.Package,
- Version: versionToVersion(r.Versions),
- },
- },
- },
- },
- },
- },
- },
- }
-
- for _, additional := range r.AdditionalPackages {
- c.Affects.Vendor.Data = append(c.Affects.Vendor.Data, cveschema.VendorDataItem{
- VendorName: "n/a",
- Product: cveschema.Product{
- Data: []cveschema.ProductDataItem{
- {
- ProductName: additional.Package,
- Version: versionToVersion(additional.Versions),
- },
- },
- },
- })
- }
-
- if r.Links.PR != "" {
- c.References.Data = append(c.References.Data, cveschema.Reference{URL: r.Links.PR})
- }
- if r.Links.Commit != "" {
- c.References.Data = append(c.References.Data, cveschema.Reference{URL: r.Links.Commit})
- }
- for _, url := range r.Links.Context {
- c.References.Data = append(c.References.Data, cveschema.Reference{URL: url})
- }
-
- return c, nil
-}
-
-func versionToVersion(versions []VersionRange) cveschema.VersionData {
- vd := cveschema.VersionData{}
- for _, vr := range versions {
- if vr.Introduced != "" {
- vd.Data = append(vd.Data, cveschema.VersionDataItem{
- VersionValue: vr.Introduced,
- VersionAffected: ">=",
- })
- }
- if vr.Fixed != "" {
- vd.Data = append(vd.Data, cveschema.VersionDataItem{
- VersionValue: vr.Fixed,
- VersionAffected: "<",
- })
- }
- }
- return vd
-}
diff --git a/srv/internal/report/lint.go b/srv/internal/report/lint.go
deleted file mode 100644
index 801bc27..0000000
--- a/srv/internal/report/lint.go
+++ /dev/null
@@ -1,246 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package report
-
-import (
- "errors"
- "fmt"
- "io/ioutil"
- "net/http"
- "os"
- "regexp"
- "strings"
-
- "golang.org/x/mod/modfile"
- "golang.org/x/mod/module"
- "golang.org/x/mod/semver"
- "golang.org/x/vuln/srv/internal/derrors"
-)
-
-// TODO: getting things from the proxy should all be cached so we
-// aren't re-requesting the same stuff over and over.
-
-var proxyURL = "https://proxy.golang.org"
-
-func init() {
- if proxy, ok := os.LookupEnv("GOPROXY"); ok {
- proxyURL = proxy
- }
-}
-
-func getModVersions(module string) (_ map[string]bool, err error) {
- defer derrors.Wrap(&err, "getModVersions(%q)", module)
- resp, err := http.Get(fmt.Sprintf("%s/%s/@v/list", proxyURL, module))
- if err != nil {
- return nil, err
- }
- defer resp.Body.Close()
- b, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
- versions := map[string]bool{}
- for _, v := range strings.Split(string(b), "\n") {
- versions[v] = true
- }
- return versions, nil
-}
-
-func getCanonicalModName(module, version string) (_ string, err error) {
- defer derrors.Wrap(&err, "getCanonicalModName(%q, %q)", module, version)
- resp, err := http.Get(fmt.Sprintf("%s/%s/@v/%s.mod", proxyURL, module, version))
- if err != nil {
- return "", err
- }
- defer resp.Body.Close()
- b, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return "", err
- }
- m, err := modfile.ParseLax("go.mod", b, nil)
- if err != nil {
- return "", err
- }
- if m.Module == nil {
- return "", fmt.Errorf("unable to retrieve module information for %s", module)
- }
- return m.Module.Mod.Path, nil
-}
-
-var pseudoVersionRE = regexp.MustCompile(`^v[0-9]+\.(0\.0-|\d+\.\d+-([^+]*\.)?0\.)\d{14}-[A-Za-z0-9]+(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?$`)
-
-// isPseudoVersion reports whether v is a pseudo-version.
-// NOTE: this is taken from cmd/go/internal/modfetch/pseudo.go but
-// uses regexp instead of the internal lazyregex package.
-func isPseudoVersion(v string) bool {
- return strings.Count(v, "-") >= 2 && semver.IsValid(v) && pseudoVersionRE.MatchString(v)
-}
-
-func versionExists(version string, versions map[string]bool) (err error) {
- defer derrors.Wrap(&err, "versionExists(%q, %v)", version, versions)
- // TODO: for now, just skip pseudo-versions. at some point we should verify that
- // it is a likely pseudo-version, i.e. one that could feasibly exist given the
- // actual versions that we know about.
- //
- // pseudo-version check should take into account the canonical import path
- // probably? (I think cmd/go/internal/modfetch/coderepo.go has something like
- // this, check the error containing "has post-%v module path")
- if isPseudoVersion(version) {
- return nil
- }
- if !versions[version] {
- return fmt.Errorf("proxy unaware of version")
- }
- return nil
-}
-
-func checkModVersions(path string, vr []VersionRange) (err error) {
- defer derrors.Wrap(&err, "checkModVersions(%q, vr)", path)
- realVersions, err := getModVersions(path)
- if err != nil {
- return fmt.Errorf("unable to retrieve module versions from proxy: %s", err)
- }
- checkVersion := func(version string) error {
- if !semver.IsValid(version) {
- return errors.New("invalid module semver")
- }
- if err := module.Check(path, version); err != nil {
- return err
- }
- if err := versionExists(version, realVersions); err != nil {
- return err
- }
- canonicalPath, err := getCanonicalModName(path, version)
- if err != nil {
- return err
- }
- if canonicalPath != path {
- return fmt.Errorf("invalid module path at version (canonical path is %s)", canonicalPath)
- }
- return nil
- }
- for _, version := range vr {
- if version.Introduced != "" {
- if err := checkVersion(version.Introduced); err != nil {
- return fmt.Errorf("bad version.introduced %q: %s", version.Introduced, err)
- }
- }
- if version.Fixed != "" {
- if err := checkVersion(version.Fixed); err != nil {
- return fmt.Errorf("bad version.fixed %q: %s", version.Fixed, err)
- }
- }
- }
- return nil
-}
-
-var cveRegex = regexp.MustCompile(`^CVE-\d{4}-\d{4,}$`)
-
-// Lint checks the content of a Report.
-// TODO: It might make sense to include warnings or informational things
-// alongside errors, especially during for use during the triage process.
-func (vuln *Report) Lint() []string {
- var issues []string
-
- addIssue := func(iss string) {
- issues = append(issues, iss)
- }
-
- var importPath string
- if !vuln.Stdlib {
- if vuln.Module == "" {
- addIssue("missing module")
- }
- if vuln.Module != "" && vuln.Package == vuln.Module {
- addIssue("package is redundant and can be removed")
- }
- if vuln.Package != "" && !strings.HasPrefix(vuln.Package, vuln.Module) {
- addIssue("module must be a prefix of package")
- }
- if vuln.Package == "" {
- importPath = vuln.Module
- } else {
- importPath = vuln.Package
- }
- if vuln.Module != "" && importPath != "" {
- if err := checkModVersions(vuln.Module, vuln.Versions); err != nil {
- addIssue(err.Error())
- }
-
- if err := module.CheckImportPath(importPath); err != nil {
- addIssue(err.Error())
- }
- }
- } else if vuln.Package == "" {
- addIssue("missing package")
- }
-
- for _, additionalPackage := range vuln.AdditionalPackages {
- var additionalImportPath string
- if additionalPackage.Module == "" {
- addIssue("missing additional_package.module")
- }
- if additionalPackage.Package == additionalPackage.Module {
- addIssue("package is redundant and can be removed")
- }
- if additionalPackage.Package != "" && !strings.HasPrefix(additionalPackage.Package, additionalPackage.Module) {
- addIssue("additional_package.module must be a prefix of additional_package.package")
- }
- if additionalPackage.Package == "" {
- additionalImportPath = additionalPackage.Module
- } else {
- additionalImportPath = additionalPackage.Package
- }
- if err := module.CheckImportPath(additionalImportPath); err != nil {
- addIssue(err.Error())
- }
- if !vuln.Stdlib {
- if err := checkModVersions(additionalPackage.Module, additionalPackage.Versions); err != nil {
- addIssue(err.Error())
- }
- }
- }
-
- if vuln.Description == "" {
- addIssue("missing description")
- }
-
- if vuln.Published.IsZero() {
- addIssue("missing published")
- }
-
- if vuln.LastModified != nil && vuln.LastModified.Before(vuln.Published) {
- addIssue("last_modified is before published")
- }
-
- if vuln.CVE != "" && len(vuln.CVEs) > 0 {
- addIssue("use only one of CVE and CVEs")
- }
-
- if vuln.CVE != "" && vuln.CVEMetadata != nil && vuln.CVEMetadata.ID != "" {
- // TODO: may just want to use one of these? :shrug:
- addIssue("only one of cve and cve_metadata.id should be present")
- }
-
- if vuln.CVE != "" && !cveRegex.MatchString(vuln.CVE) {
- issues = append(issues, "malformed cve identifier")
- }
- for _, cve := range vuln.CVEs {
- if !cveRegex.MatchString(cve) {
- addIssue("malformed cve identifier")
- }
- }
-
- if vuln.CVEMetadata != nil {
- if vuln.CVEMetadata.ID == "" {
- addIssue("cve_metadata.id is required")
- }
- if !cveRegex.MatchString(vuln.CVEMetadata.ID) {
- addIssue("malformed cve_metadata.id identifier")
- }
- }
-
- return issues
-}
diff --git a/srv/internal/report/report.go b/srv/internal/report/report.go
deleted file mode 100644
index c33da0a..0000000
--- a/srv/internal/report/report.go
+++ /dev/null
@@ -1,76 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package report contains functionality for parsing and linting YAML reports
-// in reports/.
-package report
-
-import "time"
-
-type VersionRange struct {
- Introduced string `yaml:",omitempty"`
- Fixed string `yaml:",omitempty"`
-}
-
-type Additional struct {
- Module string `yaml:",omitempty"`
- Package string `yaml:",omitempty"`
- Symbols []string `yaml:",omitempty"`
- Versions []VersionRange `yaml:",omitempty"`
-}
-
-type Links struct {
- PR string `yaml:",omitempty"`
- Commit string `yaml:",omitempty"`
- Context []string `yaml:",omitempty"`
-}
-
-type CVEMeta struct {
- ID string `yaml:",omitempty"`
- CWE string `yaml:",omitempty"`
- Description string `yaml:",omitempty"`
-}
-
-type Report struct {
- Module string `yaml:",omitempty"`
- Package string `yaml:",omitempty"`
- // TODO: could also be GoToolchain, but we might want
- // this for other things?
- //
- // could we also automate this by just looking for
- // things prefixed with cmd/go?
- DoNotExport bool `yaml:"do_not_export,omitempty"`
- // TODO: how does this interact with Versions etc?
- Stdlib bool `yaml:",omitempty"`
- // TODO: the most common usage of additional package should
- // really be replaced with 'aliases', we'll still need
- // additional packages for some cases, but it's too heavy
- // for most
- AdditionalPackages []Additional `yaml:"additional_packages,omitempty"`
- Versions []VersionRange `yaml:",omitempty"`
-
- // Description is the CVE description from an existing CVE. If we are
- // assigning a CVE ID ourselves, use CVEMetadata.Description instead.
- Description string `yaml:",omitempty"`
- Published time.Time `yaml:",omitempty"`
- LastModified *time.Time `yaml:"last_modified,omitempty"`
- Withdrawn *time.Time `yaml:",omitempty"`
-
- // CVE is the CVE ID for an existing CVE. If we are assigning a CVE ID
- // ourselves, use CVEMetdata.ID instead.
- CVE string `yaml:",omitempty"`
- // CVE are CVE IDs for existing CVEs, if there is more than one.
- // Use either CVE or CVEs, but not both.
- CVEs []string `yaml:",omitempty"`
- Credit string `yaml:",omitempty"`
- Symbols []string `yaml:",omitempty"`
- OS []string `yaml:",omitempty"`
- Arch []string `yaml:",omitempty"`
- Links Links `yaml:",omitempty"`
-
- // CVEMetdata is used to capture CVE information when we want to assign a
- // CVE ourselves. If a CVE already exists for an issue, use the CVE field
- // to fill in the ID string.
- CVEMetadata *CVEMeta `yaml:"cve_metadata,omitempty"`
-}
diff --git a/srv/internal/worker/config.go b/srv/internal/worker/config.go
deleted file mode 100644
index debf2c1..0000000
--- a/srv/internal/worker/config.go
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package worker
-
-import (
- "errors"
-
- "golang.org/x/vuln/srv/internal/worker/store"
-)
-
-// serviceID names the Cloud Run service.
-const serviceID = "vuln-worker"
-
-// Config holds configuration information for the worker server.
-type Config struct {
- // Project is the Google Cloud Project where the resources live.
- Project string
-
- // Namespace is the Firstore namespace to use.
- Namespace string
-
- // UseErrorReporting determines whether errors go to the Error Reporting API.
- UseErrorReporting bool
-
- // IssueRepo is the GitHub repo to use for issues.
- // An empty string disables issue creation.
- IssueRepo string
-
- // GitHubAccessToken is the token needed to authorize to the GitHub API.
- GitHubAccessToken string
-
- // Store is the implementation of store.Store used by the server.
- Store store.Store
-}
-
-func (c *Config) Validate() error {
- if c.Project == "" {
- return errors.New("missing project")
- }
- if c.Namespace == "" {
- return errors.New("missing namespace")
- }
- if c.IssueRepo != "" && c.GitHubAccessToken == "" {
- return errors.New("issue repo requires access token")
- }
- return nil
-}
diff --git a/srv/internal/worker/false_positive_records.gen.go b/srv/internal/worker/false_positive_records.gen.go
deleted file mode 100644
index 82022d5..0000000
--- a/srv/internal/worker/false_positive_records.gen.go
+++ /dev/null
@@ -1,11704 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Code generated by gen_false_positives.go; DO NOT EDIT.
-
-package worker
-
-import "golang.org/x/vuln/srv/internal/worker/store"
-
-var falsePositives = []*store.CVERecord{
- {
- ID: "CVE-2013-2124",
- Path: "2013/2xxx/CVE-2013-2124.json",
- BlobHash: "b1ff88f81a229ecf77fe19b4abcaea1188732b10",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://seclists.org/oss-sec/2013/q2/431",
- "https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd",
- "https://exchange.xforce.ibmcloud.com/vulnerabilities/85145",
- "https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html",
- "https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html",
- "http://osvdb.org/93724",
- "http://www.securityfocus.com/bid/60205",
- },
- },
- {
- ID: "CVE-2013-2233",
- Path: "2013/2xxx/CVE-2013-2233.json",
- BlobHash: "fff4e81581d35ca5feb18f441687a4e8ac2ef346",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.ansible.com/security",
- "https://bugzilla.redhat.com/show_bug.cgi?id=980821",
- "https://github.com/ansible/ansible/issues/857",
- "http://www.openwall.com/lists/oss-security/2013/07/01/2",
- "http://www.openwall.com/lists/oss-security/2013/07/02/6",
- },
- },
- {
- ID: "CVE-2014-0177",
- Path: "2014/0xxx/CVE-2014-0177.json",
- BlobHash: "2b106b8cbe92d17dbe0f40ef2bf8131a19a79dcc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://secunia.com/advisories/58273",
- "https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600",
- },
- },
- {
- ID: "CVE-2014-3498",
- Path: "2014/3xxx/CVE-2014-3498.json",
- BlobHash: "82cec2c1ae4a884effa2c621469c9018ad07b09e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1335551",
- },
- },
- {
- ID: "CVE-2014-3971",
- Path: "2014/3xxx/CVE-2014-3971.json",
- BlobHash: "cef39ff58a76f2b3b266e9fe49e3e1af75aa4199",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b",
- "https://jira.mongodb.org/browse/SERVER-13753",
- },
- },
- {
- ID: "CVE-2014-4657",
- Path: "2014/4xxx/CVE-2014-4657.json",
- BlobHash: "973d958f719b33379fa47ac5330f68c79ad9b0f4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md",
- "https://www.securityfocus.com/bid/68232",
- },
- },
- {
- ID: "CVE-2014-4658",
- Path: "2014/4xxx/CVE-2014-4658.json",
- BlobHash: "831c7a476ec7ddeebe0311821efd8ec207878b06",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md",
- "https://www.securityfocus.com/bid/68233",
- },
- },
- {
- ID: "CVE-2014-4659",
- Path: "2014/4xxx/CVE-2014-4659.json",
- BlobHash: "1fcaa970aab33beb1c8f5e94544a976060829bd5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md",
- "https://www.securityfocus.com/bid/68234",
- },
- },
- {
- ID: "CVE-2014-4660",
- Path: "2014/4xxx/CVE-2014-4660.json",
- BlobHash: "1aff32c0d305a69e039cf6f5a909b9e3adb88965",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md",
- "https://www.securityfocus.com/bid/68231",
- "https://www.openwall.com/lists/oss-security/2014/06/26/19",
- "https://security-tracker.debian.org/tracker/CVE-2014-4660",
- "https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08",
- },
- },
- {
- ID: "CVE-2014-4678",
- Path: "2014/4xxx/CVE-2014-4678.json",
- BlobHash: "453d55a513a567b647daee742272a73d06d2bbb3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916",
- "https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ",
- "https://security-tracker.debian.org/tracker/CVE-2014-4678",
- "https://www.openwall.com/lists/oss-security/2014/06/26/30",
- "https://www.openwall.com/lists/oss-security/2014/07/02/2",
- "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678",
- "https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5",
- },
- },
- {
- ID: "CVE-2014-4966",
- Path: "2014/4xxx/CVE-2014-4966.json",
- BlobHash: "e3378a01598473a0e0ec5b3576a3893236d1951e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.ocert.org/advisories/ocert-2014-004.html",
- "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527",
- },
- },
- {
- ID: "CVE-2014-4967",
- Path: "2014/4xxx/CVE-2014-4967.json",
- BlobHash: "3db0b89320c00238e9ac985a46145a8735160af3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.ocert.org/advisories/ocert-2014-004.html",
- "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527",
- },
- },
- {
- ID: "CVE-2014-8178",
- Path: "2014/8xxx/CVE-2014-8178.json",
- BlobHash: "c402c99f5ad15d2bb92c0cc2a1d200c61e8b3f5c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html",
- "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html",
- "https://groups.google.com/forum/#!msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ",
- "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12",
- "https://www.docker.com/legal/docker-cve-database",
- },
- },
- {
- ID: "CVE-2014-8179",
- Path: "2014/8xxx/CVE-2014-8179.json",
- BlobHash: "e4d44d6ea12f93279a9dd5ff4f305b87d7ede7cb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html",
- "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html",
- "https://groups.google.com/forum/#!msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ",
- "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12",
- "https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/",
- "https://www.docker.com/legal/docker-cve-database",
- },
- },
- {
- ID: "CVE-2014-8682",
- Path: "2014/8xxx/CVE-2014-8682.json",
- BlobHash: "0f015f20fd4dd01c859293025b0380a7d64c38e1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.exploit-db.com/exploits/35238",
- "https://exchange.xforce.ibmcloud.com/vulnerabilities/98694",
- "http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html",
- "http://seclists.org/fulldisclosure/2014/Nov/33",
- "http://gogs.io/docs/intro/change_log.html",
- "http://www.securityfocus.com/archive/1/533995/100/0/threaded",
- "http://www.securityfocus.com/bid/71187",
- "https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d",
- },
- },
- {
- ID: "CVE-2014-9938",
- Path: "2014/9xxx/CVE-2014-9938.json",
- BlobHash: "9f74ca256c99ca814200cb62f3d5db211af77219",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/njhartwell/pw3nage",
- "https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f",
- "https://access.redhat.com/errata/RHSA-2017:2004",
- },
- },
- {
- ID: "CVE-2015-5237",
- Path: "2015/5xxx/CVE-2015-5237.json",
- BlobHash: "12f3e517111a864cdaf06708bca08b1beefd91a9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/google/protobuf/issues/760",
- "http://www.openwall.com/lists/oss-security/2015/08/27/2",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1256426",
- "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
- "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
- "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
- "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E",
- "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E",
- "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E",
- "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E",
- },
- },
- {
- ID: "CVE-2015-5250",
- Path: "2015/5xxx/CVE-2015-5250.json",
- BlobHash: "a35f3719a75df2faff6d9702be23fd2a0f9c727f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/openshift/origin/issues/4374",
- "https://access.redhat.com/errata/RHSA-2015:1736",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1259867",
- },
- },
- {
- ID: "CVE-2015-6240",
- Path: "2015/6xxx/CVE-2015-6240.json",
- BlobHash: "6e0f9763e63ce17393bedf56ba538cde7e73d35f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b",
- "http://www.openwall.com/lists/oss-security/2015/08/17/10",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1243468",
- "https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647",
- "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html",
- },
- },
- {
- ID: "CVE-2015-7082",
- Path: "2015/7xxx/CVE-2015-7082.json",
- BlobHash: "60475bed239cbaef4156695da083708a53b39c3c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://support.apple.com/HT205642",
- "http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html",
- "https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt",
- "http://www.securitytracker.com/id/1034340",
- },
- },
- {
- ID: "CVE-2015-7528",
- Path: "2015/7xxx/CVE-2015-7528.json",
- BlobHash: "41b1d383e7e18cf2d4c312efccb9f3ebd99dd891",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/openshift/origin/pull/6113",
- "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5",
- "http://rhn.redhat.com/errata/RHSA-2015-2615.html",
- "https://access.redhat.com/errata/RHSA-2015:2544",
- "https://github.com/kubernetes/kubernetes/pull/17886",
- },
- },
- {
- ID: "CVE-2015-7545",
- Path: "2015/7xxx/CVE-2015-7545.json",
- BlobHash: "f3e7d53c4da88c237f053e914c122c4b392d6450",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://rhn.redhat.com/errata/RHSA-2015-2515.html",
- "http://lists.opensuse.org/opensuse-updates/2015-11/msg00066.html",
- "https://security.gentoo.org/glsa/201605-01",
- "http://www.openwall.com/lists/oss-security/2015/12/08/5",
- "https://lkml.org/lkml/2015/10/5/683",
- "https://github.com/git/git/blob/master/Documentation/RelNotes/2.6.1.txt",
- "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
- "http://www.securitytracker.com/id/1034501",
- "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
- "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1269794",
- "https://github.com/git/git/blob/master/Documentation/RelNotes/2.3.10.txt",
- "http://www.ubuntu.com/usn/USN-2835-1",
- "https://kernel.googlesource.com/pub/scm/git/git/+/33cfccbbf35a56e190b79bdec5c85457c952a021",
- "https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt",
- "http://www.openwall.com/lists/oss-security/2015/12/11/7",
- "http://www.securityfocus.com/bid/78711",
- "http://www.openwall.com/lists/oss-security/2015/12/09/8",
- "https://github.com/git/git/blob/master/Documentation/RelNotes/2.4.10.txt",
- "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255",
- "http://www.debian.org/security/2016/dsa-3435",
- },
- },
- {
- ID: "CVE-2015-7561",
- Path: "2015/7xxx/CVE-2015-7561.json",
- BlobHash: "43b0e2034d6c4eb6d2701ef83d8fd26625e9f7fc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/pull/18909",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1291963",
- },
- },
- {
- ID: "CVE-2015-8222",
- Path: "2015/8xxx/CVE-2015-8222.json",
- BlobHash: "ae2fc7029a0c22b3dca5c4e94ee99991c5a561b6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1515689",
- "http://www.ubuntu.com/usn/USN-2809-1",
- "https://github.com/lxc/lxd/issues/1307",
- },
- },
- {
- ID: "CVE-2015-8945",
- Path: "2015/8xxx/CVE-2015-8945.json",
- BlobHash: "cfbcfd20b67906928751c09053531cd9f79a6000",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.openwall.com/lists/oss-security/2016/07/13/9",
- "http://www.securityfocus.com/bid/91776",
- "http://www.openwall.com/lists/oss-security/2016/07/13/10",
- "https://github.com/openshift/origin/issues/3951",
- },
- },
- {
- ID: "CVE-2015-9258",
- Path: "2015/9xxx/CVE-2015-9258.json",
- BlobHash: "3cb299ef650530e5b4fa3b8015b92ab1e97acc49",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://docs.docker.com/notary/changelog/",
- "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf",
- },
- },
- {
- ID: "CVE-2015-9259",
- Path: "2015/9xxx/CVE-2015-9259.json",
- BlobHash: "107d41dfd5a02a2db4210d326eef52762e6614eb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://docs.docker.com/notary/changelog/",
- "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf",
- },
- },
- {
- ID: "CVE-2015-9282",
- Path: "2015/9xxx/CVE-2015-9282.json",
- BlobHash: "583dfbf04222a32d8a542ff502b858a73e00c199",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/piechart-panel/pull/163",
- "https://github.com/grafana/grafana/issues/4117",
- "https://github.com/grafana/piechart-panel/issues/3",
- "https://padlock.argh.in/2019/02/05/exploiting-xss-grafana.html",
- },
- },
- {
- ID: "CVE-2016-0216",
- Path: "2016/0xxx/CVE-2016-0216.json",
- BlobHash: "ac9f59c6700576b5936dc014ce265ee0c9a41097",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.ibm.com/support/docview.wss?uid=swg21975358",
- "http://www.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_security_vulnerabilities_in_ibm_tivoli_storage_manager_fastback_cve_2016_0212_cve_2016_0213_cve_2016_0216",
- },
- },
- {
- ID: "CVE-2016-1133",
- Path: "2016/1xxx/CVE-2016-1133.json",
- BlobHash: "e8c8db08c23519674cff28190d7799f409074600",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/h2o/h2o/issues/682",
- "https://github.com/h2o/h2o/issues/684",
- "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000003",
- "http://jvn.jp/en/jp/JVN45928828/index.html",
- "https://h2o.examp1e.net/vulnerabilities.html#CVE-2016-1133",
- },
- },
- {
- ID: "CVE-2016-1544",
- Path: "2016/1xxx/CVE-2016-1544.json",
- BlobHash: "d441f5bd9f88bee233d06b76ebd092ac8ccccc7b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1308461",
- "https://github.com/nghttp2/nghttp2/releases/tag/v1.7.1",
- "https://github.com/nghttp2/nghttp2/compare/v1.7.0...v1.7.1",
- "https://security.gentoo.org/glsa/201612-13",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177666.html",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177308.html",
- },
- },
- {
- ID: "CVE-2016-1587",
- Path: "2016/1xxx/CVE-2016-1587.json",
- BlobHash: "d9e8ff0aad59fd3f73ea4387b62d42ba264e9f81",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/snapcore/snapweb/commit/3f4cf9403f7687fbc8e27c0e01b2cf6aa5e7e0d5",
- },
- },
- {
- ID: "CVE-2016-1905",
- Path: "2016/1xxx/CVE-2016-1905.json",
- BlobHash: "75a910c29b4ebf972c647ddc13c6f49d849be835",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/19479",
- "https://access.redhat.com/errata/RHSA-2016:0070",
- },
- },
- {
- ID: "CVE-2016-1906",
- Path: "2016/1xxx/CVE-2016-1906.json",
- BlobHash: "9241866e7adb1f68453b4c01c53f5f723d86365d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/openshift/origin/issues/6556",
- "https://github.com/openshift/origin/pull/6576",
- "https://access.redhat.com/errata/RHSA-2016:0070",
- "https://access.redhat.com/errata/RHSA-2016:0351",
- },
- },
- {
- ID: "CVE-2016-2160",
- Path: "2016/2xxx/CVE-2016-2160.json",
- BlobHash: "0c47ebe1754218401ccca83d9fc098ab2888c24a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/openshift/origin/pull/7864",
- "https://access.redhat.com/errata/RHSA-2016:1064",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1316127",
- },
- },
- {
- ID: "CVE-2016-2183",
- Path: "2016/2xxx/CVE-2016-2183.json",
- BlobHash: "a0a8a4df4906c4afe4e07f9cca42696252858f12",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://access.redhat.com/errata/RHSA-2017:3113",
- "http://rhn.redhat.com/errata/RHSA-2017-0338.html",
- "https://security.gentoo.org/glsa/201612-16",
- "https://access.redhat.com/errata/RHSA-2017:3240",
- "https://access.redhat.com/errata/RHSA-2017:2709",
- "http://www.securityfocus.com/bid/92630",
- "https://access.redhat.com/errata/RHSA-2017:3239",
- "https://security.gentoo.org/glsa/201701-65",
- "http://www.securitytracker.com/id/1036696",
- "https://security.gentoo.org/glsa/201707-01",
- "http://www.securityfocus.com/bid/95568",
- "https://access.redhat.com/errata/RHSA-2017:3114",
- "https://access.redhat.com/errata/RHSA-2017:1216",
- "https://access.redhat.com/errata/RHSA-2017:2710",
- "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html",
- "https://access.redhat.com/errata/RHSA-2018:2123",
- "http://rhn.redhat.com/errata/RHSA-2017-0337.html",
- "https://access.redhat.com/errata/RHSA-2017:2708",
- "http://rhn.redhat.com/errata/RHSA-2017-0336.html",
- "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html",
- "http://rhn.redhat.com/errata/RHSA-2017-0462.html",
- "https://access.redhat.com/errata/RHSA-2019:1245",
- "https://access.redhat.com/errata/RHSA-2019:2859",
- "https://access.redhat.com/errata/RHSA-2020:0451",
- "https://www.oracle.com/security-alerts/cpuapr2020.html",
- "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
- "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
- "https://www.oracle.com/security-alerts/cpujul2020.html",
- "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
- "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
- "https://www.oracle.com/security-alerts/cpujan2020.html",
- "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
- "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
- "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
- "https://www.tenable.com/security/tns-2016-20",
- "https://sweet32.info/",
- "http://www.splunk.com/view/SP-CAAAPUE",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1369383",
- "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us",
- "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/",
- "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
- "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403",
- "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
- "https://access.redhat.com/articles/2548661",
- "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
- "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue",
- "http://www.splunk.com/view/SP-CAAAPSV",
- "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415",
- "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
- "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633",
- "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
- "https://www.tenable.com/security/tns-2016-16",
- "https://www.sigsac.org/ccs/CCS2016/accepted-papers/",
- "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499",
- "https://www.tenable.com/security/tns-2016-21",
- "https://kc.mcafee.com/corporate/index?page=content&id=SB10171",
- "http://www-01.ibm.com/support/docview.wss?uid=swg21991482",
- "https://www.openssl.org/blog/blog/2016/08/24/sweet32/",
- "https://access.redhat.com/security/cve/cve-2016-2183",
- "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/",
- "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
- "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
- "https://security.netapp.com/advisory/ntap-20160915-0001/",
- "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
- "https://bto.bluecoat.com/security-advisory/sa133",
- "https://www.tenable.com/security/tns-2017-09",
- "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849",
- "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
- "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116",
- "https://security.netapp.com/advisory/ntap-20170119-0001/",
- "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984",
- "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/",
- "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008",
- "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697",
- "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
- "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
- "https://kc.mcafee.com/corporate/index?page=content&id=SB10310",
- "https://www.oracle.com/security-alerts/cpuoct2020.html",
- },
- },
- {
- ID: "CVE-2016-2315",
- Path: "2016/2xxx/CVE-2016-2315.json",
- BlobHash: "baa983753eeb8f4f588796fc6bb2a6da00b24638",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html",
- "http://www.debian.org/security/2016/dsa-3521",
- "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
- "https://security.gentoo.org/glsa/201605-01",
- "http://www.securitytracker.com/id/1035290",
- "http://www.securityfocus.com/bid/84355",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html",
- "http://pastebin.com/UX2P2jjg",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html",
- "http://www.openwall.com/lists/oss-security/2016/03/15/5",
- "http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html",
- "http://rhn.redhat.com/errata/RHSA-2016-0496.html",
- "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
- "https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305",
- "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60",
- "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html",
- "http://www.ubuntu.com/usn/USN-2938-1",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html",
- },
- },
- {
- ID: "CVE-2016-2324",
- Path: "2016/2xxx/CVE-2016-2324.json",
- BlobHash: "9e5d38706848fe52155db5714fce80caef9ce6f2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html",
- "http://www.debian.org/security/2016/dsa-3521",
- "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
- "https://security.gentoo.org/glsa/201605-01",
- "http://www.securitytracker.com/id/1035290",
- "http://www.securityfocus.com/bid/84355",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html",
- "http://pastebin.com/UX2P2jjg",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html",
- "http://www.openwall.com/lists/oss-security/2016/03/15/5",
- "http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html",
- "http://rhn.redhat.com/errata/RHSA-2016-0496.html",
- "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
- "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60",
- "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html",
- "http://www.ubuntu.com/usn/USN-2938-1",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html",
- "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html",
- },
- },
- {
- ID: "CVE-2016-3096",
- Path: "2016/3xxx/CVE-2016-3096.json",
- BlobHash: "281e6714266b6074e0d92811e7af8d9c3d959282",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1322925",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html",
- "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html",
- "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html",
- "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html",
- "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig",
- "https://security.gentoo.org/glsa/201607-14",
- "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0",
- "https://github.com/ansible/ansible-modules-extras/pull/1941",
- "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd",
- },
- },
- {
- ID: "CVE-2016-3711",
- Path: "2016/3xxx/CVE-2016-3711.json",
- BlobHash: "8115e08eb0b2daa8c0fc3a4f25d7ec056218bb0e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://access.redhat.com/errata/RHSA-2016:1064",
- "https://github.com/openshift/origin/pull/8334",
- },
- },
- {
- ID: "CVE-2016-4817",
- Path: "2016/4xxx/CVE-2016-4817.json",
- BlobHash: "43ee499860a7df5230da7220fdc287ed0a73ee96",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/h2o/h2o/commit/1c0808d580da09fdec5a9a74ff09e103ea058dd4",
- "http://jvn.jp/en/jp/JVN87859762/index.html",
- "https://github.com/h2o/h2o/pull/920",
- "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000091",
- },
- },
- {
- ID: "CVE-2016-4864",
- Path: "2016/4xxx/CVE-2016-4864.json",
- BlobHash: "db81b848bc530e5a932de1f97ee588da3ceed6e3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/h2o/h2o/issues/1077",
- "https://jvn.jp/en/jp/JVN94779084/index.html",
- },
- },
- {
- ID: "CVE-2016-6349",
- Path: "2016/6xxx/CVE-2016-6349.json",
- BlobHash: "026a929cc732d3e16f3707b0e77927431839df10",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.openwall.com/lists/oss-security/2016/07/26/9",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1360634",
- "http://www.openwall.com/lists/oss-security/2016/10/13/7",
- "https://github.com/projectatomic/oci-register-machine/pull/22",
- "http://www.securityfocus.com/bid/92143",
- },
- },
- {
- ID: "CVE-2016-6494",
- Path: "2016/6xxx/CVE-2016-6494.json",
- BlobHash: "58fb6d3b0cfbca0fc47b3d74bee4093d056e06bc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1362553",
- "http://www.openwall.com/lists/oss-security/2016/07/29/8",
- "https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0",
- "http://www.securityfocus.com/bid/92204",
- "https://jira.mongodb.org/browse/SERVER-25335",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/",
- "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908",
- "http://www.openwall.com/lists/oss-security/2016/07/29/4",
- },
- },
- {
- ID: "CVE-2016-7063",
- Path: "2016/7xxx/CVE-2016-7063.json",
- BlobHash: "0e23338923c32c85922d4e928bb484a8d85dd32d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6,",
- "https://lf.lc/CVE-2016-7063.txt",
- "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6",
- },
- },
- {
- ID: "CVE-2016-7064",
- Path: "2016/7xxx/CVE-2016-7064.json",
- BlobHash: "3d76d334ba98d7f5a2217446c7fc9ea78a9fed49",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://lf.lc/CVE-2016-7064.txt",
- "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6",
- },
- },
- {
- ID: "CVE-2016-7075",
- Path: "2016/7xxx/CVE-2016-7075.json",
- BlobHash: "f6822fb04347ec41f06e43ae10cc6c9e14752055",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/34517",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075",
- "https://access.redhat.com/errata/RHSA-2016:2064",
- },
- },
- {
- ID: "CVE-2016-7569",
- Path: "2016/7xxx/CVE-2016-7569.json",
- BlobHash: "a8f50811c4301d4f693d341f998650d54a710e4c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/appc/docker2aci/issues/201",
- "https://github.com/appc/docker2aci/releases/tag/v0.13.0",
- "http://www.openwall.com/lists/oss-security/2016/09/28/2",
- "http://www.openwall.com/lists/oss-security/2016/09/28/4",
- "http://www.securityfocus.com/bid/93194",
- },
- },
- {
- ID: "CVE-2016-7835",
- Path: "2016/7xxx/CVE-2016-7835.json",
- BlobHash: "7bd0c8f8398f8e219cfc5875e710825f9847ae0a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.securityfocus.com/bid/95061",
- "https://github.com/h2o/h2o/issues/1144",
- "https://jvn.jp/en/jp/JVN44566208/index.html",
- },
- },
- {
- ID: "CVE-2016-8579",
- Path: "2016/8xxx/CVE-2016-8579.json",
- BlobHash: "5a1e6220d014e3f9377352389fa43c63accb6625",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/appc/docker2aci/issues/203",
- "http://www.securityfocus.com/bid/93560",
- },
- },
- {
- ID: "CVE-2016-9274",
- Path: "2016/9xxx/CVE-2016-9274.json",
- BlobHash: "96470ffc56da89ea8fc11f458e71ef111ec5df1b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.securityfocus.com/bid/94289",
- "https://github.com/git-for-windows/git/issues/944",
- "https://www.youtube.com/watch?v=S7jOLv0sul0",
- },
- },
- {
- ID: "CVE-2016-9962",
- Path: "2016/9xxx/CVE-2016-9962.json",
- BlobHash: "c0f980f342321bb14cac1d5de7c6cf207e5c64b9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.securityfocus.com/bid/95361",
- "https://github.com/docker/docker/releases/tag/v1.12.6",
- "http://rhn.redhat.com/errata/RHSA-2017-0116.html",
- "http://seclists.org/fulldisclosure/2017/Jan/29",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/",
- "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6",
- "https://security.gentoo.org/glsa/201701-34",
- "http://rhn.redhat.com/errata/RHSA-2017-0123.html",
- "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5",
- "http://rhn.redhat.com/errata/RHSA-2017-0127.html",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/",
- "https://access.redhat.com/security/vulnerabilities/cve-2016-9962",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/",
- "http://www.securityfocus.com/archive/1/540001/100/0/threaded",
- "http://seclists.org/fulldisclosure/2017/Jan/21",
- },
- },
- {
- ID: "CVE-2017-1000056",
- Path: "2017/1000xxx/CVE-2017-1000056.json",
- BlobHash: "186cdca5f767cbd623a39f1b68889db80497e830",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/43459",
- },
- },
- {
- ID: "CVE-2017-1000069",
- Path: "2017/1000xxx/CVE-2017-1000069.json",
- BlobHash: "942314c0d69828503afd2d44f4db106c1d9a30b3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/bitly/oauth2_proxy/pull/360",
- },
- },
- {
- ID: "CVE-2017-1000070",
- Path: "2017/1000xxx/CVE-2017-1000070.json",
- BlobHash: "0e401cf5656d411d45e09c34c597b0f081a97387",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/bitly/oauth2_proxy/pull/359",
- "https://tools.ietf.org/html/rfc6819#section-5.2.3.5",
- },
- },
- {
- ID: "CVE-2017-1000420",
- Path: "2017/1000xxx/CVE-2017-1000420.json",
- BlobHash: "ec203dd2d562b299c55bc03e6b0faac0017424d1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/syncthing/syncthing/issues/4286",
- },
- },
- {
- ID: "CVE-2017-1000459",
- Path: "2017/1000xxx/CVE-2017-1000459.json",
- BlobHash: "e95287afe54b0c5f194f27d41bae9cd4c76cd6b3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/leanote/leanote/issues/676",
- },
- },
- {
- ID: "CVE-2017-1000492",
- Path: "2017/1000xxx/CVE-2017-1000492.json",
- BlobHash: "2d9e9e6b632c0519380b320d1fb3329d948014a7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/leanote/leanote/issues/695",
- "https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30",
- },
- },
- {
- ID: "CVE-2017-1002100",
- Path: "2017/1002xxx/CVE-2017-1002100.json",
- BlobHash: "fca5a4aa6327f1653b40a0a3c9b6ced4e696afac",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ",
- "https://github.com/kubernetes/kubernetes/issues/47611",
- },
- },
- {
- ID: "CVE-2017-1002101",
- Path: "2017/1002xxx/CVE-2017-1002101.json",
- BlobHash: "a8c2bdc2f9c60764e9f1881ec7b2d23aec704e94",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://access.redhat.com/errata/RHSA-2018:0475",
- "https://github.com/kubernetes/kubernetes/issues/60813",
- "https://github.com/bgeesaman/subpath-exploit/",
- "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html",
- },
- },
- {
- ID: "CVE-2017-1002102",
- Path: "2017/1002xxx/CVE-2017-1002102.json",
- BlobHash: "0cc34b8d285c1bcca9e23488088138fa92dd35d7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://access.redhat.com/errata/RHSA-2018:0475",
- "https://github.com/kubernetes/kubernetes/issues/60814",
- },
- },
- {
- ID: "CVE-2017-10868",
- Path: "2017/10xxx/CVE-2017-10868.json",
- BlobHash: "40c59280c218983748803e23264c99c42dad0bcf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/h2o/h2o/issues/1459",
- "https://jvn.jp/en/jp/JVN84182676/index.html",
- },
- },
- {
- ID: "CVE-2017-10869",
- Path: "2017/10xxx/CVE-2017-10869.json",
- BlobHash: "0009cbdc8d02be0391670e6bb017f95f533f59b6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/h2o/h2o/issues/1460",
- "https://jvn.jp/en/jp/JVN84182676/index.html",
- },
- },
- {
- ID: "CVE-2017-10872",
- Path: "2017/10xxx/CVE-2017-10872.json",
- BlobHash: "6d844466776fc894414a92d578ce5c84790e2b8b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/h2o/h2o/issues/1543",
- "https://jvn.jp/en/jp/JVN84182676/index.html",
- },
- },
- {
- ID: "CVE-2017-10908",
- Path: "2017/10xxx/CVE-2017-10908.json",
- BlobHash: "21924f0076822602a678bcbf7cd22669d4fd1a9e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/h2o/h2o/issues/1544",
- "https://jvn.jp/en/jp/JVN84182676/index.html",
- },
- },
- {
- ID: "CVE-2017-14178",
- Path: "2017/14xxx/CVE-2017-14178.json",
- BlobHash: "9b2bf5cbcc763d491a503ac41067282c665e9abc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14178.html",
- "https://launchpad.net/bugs/1730255",
- "https://github.com/snapcore/snapd/pull/4194",
- },
- },
- {
- ID: "CVE-2017-14623",
- Path: "2017/14xxx/CVE-2017-14623.json",
- BlobHash: "f524aeead96962abc23351d740022553e73757ad",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-ldap/ldap/pull/126",
- "https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66",
- },
- },
- {
- ID: "CVE-2017-14992",
- Path: "2017/14xxx/CVE-2017-14992.json",
- BlobHash: "366ff53d9a34d20004a471ca091b29cec6683a1c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/",
- "https://github.com/moby/moby/issues/35075",
- },
- },
- {
- ID: "CVE-2017-15104",
- Path: "2017/15xxx/CVE-2017-15104.json",
- BlobHash: "a7df93ede38ff481692b22f5712a90ee83b711cf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://access.redhat.com/errata/RHSA-2017:3481",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1510149",
- "https://access.redhat.com/security/cve/CVE-2017-15104",
- "https://github.com/heketi/heketi/releases/tag/v5.0.1",
- },
- },
- {
- ID: "CVE-2017-16539",
- Path: "2017/16xxx/CVE-2017-16539.json",
- BlobHash: "342b31363374a3a6d961be5d73aaeeb7744dbdd4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://marc.info/?l=linux-scsi&m=150985455801444&w=2",
- "https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1",
- "https://marc.info/?l=linux-scsi&m=150985062200941&w=2",
- "https://github.com/moby/moby/pull/35399",
- "https://twitter.com/ewindisch/status/926443521820774401",
- },
- },
- {
- ID: "CVE-2017-17697",
- Path: "2017/17xxx/CVE-2017-17697.json",
- BlobHash: "274e9aad2132a7c49c11a1d9265628c3f447edc7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/vmware/harbor/issues/3755",
- },
- },
- {
- ID: "CVE-2017-2428",
- Path: "2017/2xxx/CVE-2017-2428.json",
- BlobHash: "2d3da11d967f8a98955fa00d3b879bf3bf93d9ff",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.securityfocus.com/bid/97146",
- "https://support.apple.com/HT207601",
- "https://support.apple.com/HT207615",
- "http://www.securitytracker.com/id/1038138",
- "https://github.com/nghttp2/nghttp2/releases/tag/v1.17.0",
- "https://support.apple.com/HT207602",
- "https://support.apple.com/HT207617",
- },
- },
- {
- ID: "CVE-2017-7297",
- Path: "2017/7xxx/CVE-2017-7297.json",
- BlobHash: "80de817b1932c2418c6fc3627767d44227b54e48",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.securityfocus.com/bid/97180",
- "https://github.com/rancher/rancher/issues/8296",
- },
- },
- {
- ID: "CVE-2017-7481",
- Path: "2017/7xxx/CVE-2017-7481.json",
- BlobHash: "e2b8ae7ce6b93ece51f2ed17bb5113b55e8bbb6e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://access.redhat.com/errata/RHSA-2017:1599",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481",
- "https://access.redhat.com/errata/RHSA-2017:1334",
- "http://www.securityfocus.com/bid/98492",
- "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2",
- "https://access.redhat.com/errata/RHSA-2017:1244",
- "https://access.redhat.com/errata/RHSA-2017:1499",
- "https://access.redhat.com/errata/RHSA-2017:2524",
- "https://access.redhat.com/errata/RHSA-2017:1476",
- "https://usn.ubuntu.com/4072-1/",
- "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html",
- },
- },
- {
- ID: "CVE-2017-7550",
- Path: "2017/7xxx/CVE-2017-7550.json",
- BlobHash: "ad7744ea58016c1de5573869da0544f1d8e0b16c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1473645",
- "https://github.com/ansible/ansible/issues/30874",
- "https://access.redhat.com/errata/RHSA-2017:2966",
- },
- },
- {
- ID: "CVE-2017-7860",
- Path: "2017/7xxx/CVE-2017-7860.json",
- BlobHash: "13a2228e63f0f46795b242bd8cb4ad797cb9cbe2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=661",
- "http://www.securityfocus.com/bid/97695",
- "https://github.com/grpc/grpc/pull/9833",
- },
- },
- {
- ID: "CVE-2017-7861",
- Path: "2017/7xxx/CVE-2017-7861.json",
- BlobHash: "453130af5b5b8010111e42cc388fbc5f43aa889e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.securityfocus.com/bid/97694",
- "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=655",
- "https://github.com/grpc/grpc/pull/9833",
- },
- },
- {
- ID: "CVE-2017-8359",
- Path: "2017/8xxx/CVE-2017-8359.json",
- BlobHash: "5e8f0f8ef3da14ba375263bc03884a3410ac6fcb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=726",
- "http://www.securityfocus.com/bid/98280",
- "https://github.com/grpc/grpc/pull/10353",
- },
- },
- {
- ID: "CVE-2017-9431",
- Path: "2017/9xxx/CVE-2017-9431.json",
- BlobHash: "2d6834e7c3d19ddb7baffd0160fd61e30779fdf5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grpc/grpc/pull/10492",
- "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1018",
- },
- },
- {
- ID: "CVE-2018-0608",
- Path: "2018/0xxx/CVE-2018-0608.json",
- BlobHash: "045fec41d17861f86b541869d397c5e280854bb6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://jvn.jp/en/jp/JVN93226941/index.html",
- "https://github.com/h2o/h2o/issues/1775",
- },
- },
- {
- ID: "CVE-2018-1000400",
- Path: "2018/1000xxx/CVE-2018-1000400.json",
- BlobHash: "055327cc1b43bc98c8260ca9ca9e7f89c7ae1b78",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes-incubator/cri-o/pull/1558/files",
- "http://www.securityfocus.com/bid/104262",
- },
- },
- {
- ID: "CVE-2018-1000538",
- Path: "2018/1000xxx/CVE-2018-1000538.json",
- BlobHash: "4693085bc7714393c2fd0e1980970276c9b71687",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#diff-e8c3bc9bc83b5516d0cc806cd461d08bL220",
- "https://github.com/minio/minio/pull/5957",
- },
- },
- {
- ID: "CVE-2018-1000803",
- Path: "2018/1000xxx/CVE-2018-1000803.json",
- BlobHash: "bbc1d2ebc7f13f350461116c8aecfb6a0c37f33b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57",
- "https://github.com/go-gitea/gitea/pull/4664",
- },
- },
- {
- ID: "CVE-2018-1000816",
- Path: "2018/1000xxx/CVE-2018-1000816.json",
- BlobHash: "196777c6a21062d6742ad28759a97637e00fae1b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/issues/13667",
- },
- },
- {
- ID: "CVE-2018-1002100",
- Path: "2018/1002xxx/CVE-2018-1002100.json",
- BlobHash: "273200b8208ce84c1b7d42550668a98582c7b8ef",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/61297",
- "https://hansmi.ch/articles/2018-04-openshift-s2i-security",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1564305",
- },
- },
- {
- ID: "CVE-2018-1002101",
- Path: "2018/1002xxx/CVE-2018-1002101.json",
- BlobHash: "c2cd4cfd92f5f066c2bf9308363a395b2a8449fd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/65750",
- "http://www.securityfocus.com/bid/106238",
- "https://security.netapp.com/advisory/ntap-20190416-0008/",
- },
- },
- {
- ID: "CVE-2018-1002102",
- Path: "2018/1002xxx/CVE-2018-1002102.json",
- BlobHash: "96adf20e2429475ae67e72233f65159e2aad09a7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/85867",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q56CULSH7F7BC4NPS67ZS23ZCLL5TIVK/",
- },
- },
- {
- ID: "CVE-2018-1002103",
- Path: "2018/1002xxx/CVE-2018-1002103.json",
- BlobHash: "d1edbbcfd99863eb063b5d1f04ade5374143ac11",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/minikube/issues/3208",
- },
- },
- {
- ID: "CVE-2018-1002104",
- Path: "2018/1002xxx/CVE-2018-1002104.json",
- BlobHash: "1c10a1a861a08030cabafb1f0972a657871acf6c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/ingress-nginx/pull/3125",
- },
- },
- {
- ID: "CVE-2018-1002105",
- Path: "2018/1002xxx/CVE-2018-1002105.json",
- BlobHash: "153ef110d19435a06c78b5f7499c1b6c9a991723",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
- "https://www.exploit-db.com/exploits/46053/",
- "https://access.redhat.com/errata/RHSA-2018:3549",
- "https://access.redhat.com/errata/RHSA-2018:3752",
- "https://www.exploit-db.com/exploits/46052/",
- "https://access.redhat.com/errata/RHSA-2018:3624",
- "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do",
- "https://github.com/kubernetes/kubernetes/issues/71411",
- "https://access.redhat.com/errata/RHSA-2018:3742",
- "https://access.redhat.com/errata/RHSA-2018:3754",
- "https://access.redhat.com/errata/RHSA-2018:3537",
- "https://github.com/evict/poc_CVE-2018-1002105",
- "https://access.redhat.com/errata/RHSA-2018:3598",
- "https://access.redhat.com/errata/RHSA-2018:3551",
- "http://www.securityfocus.com/bid/106068",
- "https://security.netapp.com/advisory/ntap-20190416-0001/",
- "http://www.openwall.com/lists/oss-security/2019/06/28/2",
- "http://www.openwall.com/lists/oss-security/2019/07/06/3",
- "http://www.openwall.com/lists/oss-security/2019/07/06/4",
- "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html",
- },
- },
- {
- ID: "CVE-2018-1002207",
- Path: "2018/1002xxx/CVE-2018-1002207.json",
- BlobHash: "7a69b2918e654203b3d9cee5e6e57d3eda432b42",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://snyk.io/research/zip-slip-vulnerability",
- "https://github.com/snyk/zip-slip-vulnerability",
- "https://github.com/mholt/archiver/pull/65",
- "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3",
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071",
- },
- },
- {
- ID: "CVE-2018-10055",
- Path: "2018/10xxx/CVE-2018-10055.json",
- BlobHash: "bfd0b709d180b3fac635c4311cf647adedf2e831",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-006.md",
- },
- },
- {
- ID: "CVE-2018-10856",
- Path: "2018/10xxx/CVE-2018-10856.json",
- BlobHash: "fe414baee5a3a73b4ecc1a07731b0a58ef32e40f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856",
- "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24",
- "https://access.redhat.com/errata/RHSA-2018:2037",
- },
- },
- {
- ID: "CVE-2018-10892",
- Path: "2018/10xxx/CVE-2018-10892.json",
- BlobHash: "9a297de39e022e08c46b9f04c88f3327867b27aa",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/moby/moby/pull/37404",
- "https://access.redhat.com/errata/RHSA-2018:2729",
- "https://access.redhat.com/errata/RHSA-2018:2482",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892",
- "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
- "https://access.redhat.com/errata/RHBA-2018:2796",
- },
- },
- {
- ID: "CVE-2018-10937",
- Path: "2018/10xxx/CVE-2018-10937.json",
- BlobHash: "261e46299b2721df16561fae93500096b92c25a6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937",
- "http://www.securityfocus.com/bid/105190",
- "https://github.com/openshift/console/pull/461",
- "https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c",
- },
- },
- {
- ID: "CVE-2018-1098",
- Path: "2018/1xxx/CVE-2018-1098.json",
- BlobHash: "01249fce90e1e575fce9c7ab134de1591496b169",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1552714",
- "https://github.com/coreos/etcd/issues/9353",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/",
- },
- },
- {
- ID: "CVE-2018-1099",
- Path: "2018/1xxx/CVE-2018-1099.json",
- BlobHash: "1a69ba6fc3592810102632fdd4a8e7aed9f6b1cb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1552717",
- "https://github.com/coreos/etcd/issues/9353",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/",
- },
- },
- {
- ID: "CVE-2018-12099",
- Path: "2018/12xxx/CVE-2018-12099.json",
- BlobHash: "6b867dd20b28bc782c927bdcb6c8164529d1e0bf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/pull/11813",
- "https://github.com/grafana/grafana/releases/tag/v5.2.0-beta1",
- "https://security.netapp.com/advisory/ntap-20190416-0004/",
- },
- },
- {
- ID: "CVE-2018-12608",
- Path: "2018/12xxx/CVE-2018-12608.json",
- BlobHash: "04e2d2cfa0ade3aa12257cb6f58974336446df17",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/moby/moby/pull/33182",
- },
- },
- {
- ID: "CVE-2018-12678",
- Path: "2018/12xxx/CVE-2018-12678.json",
- BlobHash: "fdc164ad2138c176976779e1ffaaf333eed7a191",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/portainer/portainer/pull/1979",
- "https://github.com/portainer/portainer/releases/tag/1.18.0",
- },
- },
- {
- ID: "CVE-2018-12976",
- Path: "2018/12xxx/CVE-2018-12976.json",
- BlobHash: "6a92a4c19239879e39ebc5154d61f738960426c9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/forum/#!msg/golang-announce/4rpTbfzYB1k/no6MEwlQAwAJ",
- "https://github.com/golang/gddo/commit/daffe1f90ec57f8ed69464f9094753fc6452e983",
- },
- },
- {
- ID: "CVE-2018-14474",
- Path: "2018/14xxx/CVE-2018-14474.json",
- BlobHash: "d1a361cbe7eb0eb35921ab6cd10e2a51faffd079",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa",
- },
- },
- {
- ID: "CVE-2018-15178",
- Path: "2018/15xxx/CVE-2018-15178.json",
- BlobHash: "a57c17640dc4de6fa83a45e5ef93f9431abf4c92",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gogs/gogs/issues/5364",
- "https://github.com/gogs/gogs/pull/5365",
- },
- },
- {
- ID: "CVE-2018-15192",
- Path: "2018/15xxx/CVE-2018-15192.json",
- BlobHash: "e94118c0b7ae432eba835137ddaca3f65be53a52",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gogs/gogs/issues/5366",
- "https://github.com/go-gitea/gitea/issues/4624",
- },
- },
- {
- ID: "CVE-2018-15193",
- Path: "2018/15xxx/CVE-2018-15193.json",
- BlobHash: "0da82c7f418abe22cf2aee3964211d3d3966cfd5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gogs/gogs/issues/5367",
- },
- },
- {
- ID: "CVE-2018-15598",
- Path: "2018/15xxx/CVE-2018-15598.json",
- BlobHash: "edb153e30e0b8b71c8fc3857fcd7ab3b989802da",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containous/traefik/pull/3790",
- "https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b",
- "https://github.com/containous/traefik/releases/tag/v1.6.6",
- "https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1",
- },
- },
- {
- ID: "CVE-2018-15664",
- Path: "2018/15xxx/CVE-2018-15664.json",
- BlobHash: "cd288bf64f1c706476bbdda4277d751f029d2e06",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.suse.com/show_bug.cgi?id=1096726",
- "https://github.com/moby/moby/pull/39252",
- "http://www.openwall.com/lists/oss-security/2019/05/28/1",
- "http://www.securityfocus.com/bid/108507",
- "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html",
- "https://usn.ubuntu.com/4048-1/",
- "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664",
- "https://access.redhat.com/errata/RHSA-2019:1910",
- "http://www.openwall.com/lists/oss-security/2019/08/21/1",
- "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html",
- },
- },
- {
- ID: "CVE-2018-15747",
- Path: "2018/15xxx/CVE-2018-15747.json",
- BlobHash: "abb866308a8fdcfcf8d915e56024d8bdb9bf9521",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/prasmussen/glot-code-runner/issues/15",
- },
- },
- {
- ID: "CVE-2018-15869",
- Path: "2018/15xxx/CVE-2018-15869.json",
- BlobHash: "bddc4e3d6a904e86f183f314f744743ea14ad283",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.securityfocus.com/bid/105172",
- "https://github.com/hashicorp/packer/issues/6584",
- },
- },
- {
- ID: "CVE-2018-16316",
- Path: "2018/16xxx/CVE-2018-16316.json",
- BlobHash: "53d8827f84704705acf59957d84f0979be815f38",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/portainer/portainer/commit/1ad150c99460a35224d6adfe48ddda9ee056b7d2",
- },
- },
- {
- ID: "CVE-2018-16359",
- Path: "2018/16xxx/CVE-2018-16359.json",
- BlobHash: "c42eb49fc474c15d577dbc3ccc64de8164e152bd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugs.chromium.org/p/project-zero/issues/detail?id=1632",
- "https://github.com/google/gvisor/commit/001a4c2493b13a43d62c7511fb509a959ae4abc2",
- },
- },
- {
- ID: "CVE-2018-16398",
- Path: "2018/16xxx/CVE-2018-16398.json",
- BlobHash: "232319722bf894c43c9d7d8affffff8161b0dd2a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/twistlock/authz/issues/50",
- "https://github.com/twistlock/authz/issues/51",
- },
- },
- {
- ID: "CVE-2018-16409",
- Path: "2018/16xxx/CVE-2018-16409.json",
- BlobHash: "39f379ecda7f8971a7ca7e02925776cd65515f98",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gogs/gogs/issues/5372",
- },
- },
- {
- ID: "CVE-2018-16733",
- Path: "2018/16xxx/CVE-2018-16733.json",
- BlobHash: "2c31ccc6fc823bcdc7ad873e55ab4cfa8bfc226a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ethereum/go-ethereum/commit/106d196ec4a6451efedc60ab15957f231fa85639",
- },
- },
- {
- ID: "CVE-2018-16859",
- Path: "2018/16xxx/CVE-2018-16859.json",
- BlobHash: "678f6a27e55ee773abf1427413a47e878fbe8ae8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/pull/49142",
- "https://access.redhat.com/errata/RHSA-2018:3770",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859",
- "https://access.redhat.com/errata/RHSA-2018:3771",
- "http://www.securityfocus.com/bid/106004",
- "https://access.redhat.com/errata/RHSA-2018:3773",
- "https://access.redhat.com/errata/RHSA-2018:3772",
- "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
- "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html",
- "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html",
- },
- },
- {
- ID: "CVE-2018-16876",
- Path: "2018/16xxx/CVE-2018-16876.json",
- BlobHash: "5380288314b1345acd95ec6a54e23d564badb9ac",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://access.redhat.com/errata/RHSA-2018:3838",
- "https://access.redhat.com/errata/RHSA-2019:0564",
- "http://www.securityfocus.com/bid/106225",
- "https://access.redhat.com/errata/RHSA-2018:3836",
- "https://access.redhat.com/errata/RHSA-2018:3835",
- "https://github.com/ansible/ansible/pull/49569",
- "https://access.redhat.com/errata/RHSA-2018:3837",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876",
- "https://www.debian.org/security/2019/dsa-4396",
- "https://access.redhat.com/errata/RHSA-2019:0590",
- "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
- "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html",
- "https://usn.ubuntu.com/4072-1/",
- "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html",
- },
- },
- {
- ID: "CVE-2018-17031",
- Path: "2018/17xxx/CVE-2018-17031.json",
- BlobHash: "7bab8a1dc52969e53cac17f0637c761926dc26a8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gogs/gogs/issues/5397",
- },
- },
- {
- ID: "CVE-2018-17456",
- Path: "2018/17xxx/CVE-2018-17456.json",
- BlobHash: "5335a4699d4dcd8179960df573f4745a593613d4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.exploit-db.com/exploits/45631/",
- "http://www.securityfocus.com/bid/105523",
- "http://www.securitytracker.com/id/1041811",
- "https://www.debian.org/security/2018/dsa-4311",
- "https://access.redhat.com/errata/RHSA-2018:3505",
- "https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404",
- "https://www.exploit-db.com/exploits/45548/",
- "https://access.redhat.com/errata/RHSA-2018:3541",
- "https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46",
- "https://access.redhat.com/errata/RHSA-2018:3408",
- "https://marc.info/?l=git&m=153875888916397&w=2",
- "https://www.openwall.com/lists/oss-security/2018/10/06/3",
- "https://usn.ubuntu.com/3791-1/",
- "https://seclists.org/bugtraq/2019/Mar/30",
- "http://www.securityfocus.com/bid/107511",
- "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html",
- "https://access.redhat.com/errata/RHSA-2020:0316",
- "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html",
- },
- },
- {
- ID: "CVE-2018-17572",
- Path: "2018/17xxx/CVE-2018-17572.json",
- BlobHash: "e91cbd3483163459057b92a35e691421d94c1118",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48",
- "https://github.com/influxdata/influxdb/releases/tag/v0.9.6",
- },
- },
- {
- ID: "CVE-2018-18264",
- Path: "2018/18xxx/CVE-2018-18264.json",
- BlobHash: "9d1fca97635951f2ed39a0f726787f404f1a339b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/",
- "http://www.securityfocus.com/bid/106493",
- "https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI",
- "https://github.com/kubernetes/dashboard/releases/tag/v1.10.1",
- "https://github.com/kubernetes/dashboard/pull/3400",
- "https://github.com/kubernetes/dashboard/pull/3289",
- },
- },
- {
- ID: "CVE-2018-18553",
- Path: "2018/18xxx/CVE-2018-18553.json",
- BlobHash: "f0cced225e5b727eee78018a67090affecf7c7ae",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/leanote/leanote/issues/822",
- },
- },
- {
- ID: "CVE-2018-18623",
- Path: "2018/18xxx/CVE-2018-18623.json",
- BlobHash: "59f314eb5b689b83359e92d05d8df451707f8eca",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/pull/11813",
- "https://security.netapp.com/advisory/ntap-20200608-0008/",
- },
- },
- {
- ID: "CVE-2018-18624",
- Path: "2018/18xxx/CVE-2018-18624.json",
- BlobHash: "774fe9ebe536fc3fc5e5f20b188595ac44c80084",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/pull/11813",
- "https://security.netapp.com/advisory/ntap-20200608-0008/",
- },
- },
- {
- ID: "CVE-2018-18625",
- Path: "2018/18xxx/CVE-2018-18625.json",
- BlobHash: "e427129bbe49ac34bfec64e93c5235be9cb906b3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/pull/11813",
- "https://security.netapp.com/advisory/ntap-20200608-0008/",
- },
- },
- {
- ID: "CVE-2018-18925",
- Path: "2018/18xxx/CVE-2018-18925.json",
- BlobHash: "094fea40676b8ff3b0f8f28ce482c38bfa9c0dc8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gogs/gogs/issues/5469",
- },
- },
- {
- ID: "CVE-2018-18926",
- Path: "2018/18xxx/CVE-2018-18926.json",
- BlobHash: "9f8984abcd9be9d1192ec0eb53771cedeb0ccb7e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/issues/5140",
- },
- },
- {
- ID: "CVE-2018-19114",
- Path: "2018/19xxx/CVE-2018-19114.json",
- BlobHash: "76e9d3b69b0961db9efaf478f1666d2518cdce18",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/lifei6671/mindoc/issues/384",
- },
- },
- {
- ID: "CVE-2018-19148",
- Path: "2018/19xxx/CVE-2018-19148.json",
- BlobHash: "5230ee0573997298a29e85e471f230e9ee5ee320",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/mholt/caddy/pull/2015",
- "https://github.com/mholt/caddy/issues/1303",
- "https://github.com/mholt/caddy/issues/2334",
- },
- },
- {
- ID: "CVE-2018-19184",
- Path: "2018/19xxx/CVE-2018-19184.json",
- BlobHash: "ae25d83c06c8683e86c63fbed23c14fad844bca6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ethereum/go-ethereum/issues/18069",
- },
- },
- {
- ID: "CVE-2018-19295",
- Path: "2018/19xxx/CVE-2018-19295.json",
- BlobHash: "17864661bfc1bde9f3b20836ec844f88c0c00d2a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/sylabs/singularity/releases/tag/2.6.1",
- },
- },
- {
- ID: "CVE-2018-19333",
- Path: "2018/19xxx/CVE-2018-19333.json",
- BlobHash: "c234aa4daf9af3a2c9119b1da9ea3f33b467067d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://justi.cz/security/2018/11/14/gvisor-lpe.html",
- "https://github.com/google/gvisor/commit/0e277a39c8b6f905e289b75e8ad0594e6b3562ca",
- },
- },
- {
- ID: "CVE-2018-19367",
- Path: "2018/19xxx/CVE-2018-19367.json",
- BlobHash: "a3340712dbc79533ebb2e6332efd6314c6325cc8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/lichti/shodan-portainer/",
- "https://github.com/portainer/portainer/issues/2475",
- },
- },
- {
- ID: "CVE-2018-19466",
- Path: "2018/19xxx/CVE-2018-19466.json",
- BlobHash: "06c52909067b881c6cef8398f6f7eb99d81a99e0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/portainer/portainer/pull/2488",
- "https://github.com/portainer/portainer/releases",
- "https://github.com/MauroEldritch/lempo",
- },
- },
- {
- ID: "CVE-2018-19653",
- Path: "2018/19xxx/CVE-2018-19653.json",
- BlobHash: "7c7de73314eb58e4e50ff65a3f93c8e97e0001e6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I",
- "https://github.com/hashicorp/consul/pull/5069",
- },
- },
- {
- ID: "CVE-2018-19786",
- Path: "2018/19xxx/CVE-2018-19786.json",
- BlobHash: "44fc7dda05c3e2fddb648168a0287f4345aeeadb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018",
- },
- },
- {
- ID: "CVE-2018-19793",
- Path: "2018/19xxx/CVE-2018-19793.json",
- BlobHash: "52f5a3da668af5c966cdaba22f3c98998a424994",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/iwannay/jiacrontab/issues/28",
- },
- },
- {
- ID: "CVE-2018-20303",
- Path: "2018/20xxx/CVE-2018-20303.json",
- BlobHash: "2779443b720a0c9de37b3f3f9e3e11d9a551758d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce",
- "https://pentesterlab.com/exercises/cve-2018-18925/",
- "https://github.com/gogs/gogs/issues/5558",
- },
- },
- {
- ID: "CVE-2018-20421",
- Path: "2018/20xxx/CVE-2018-20421.json",
- BlobHash: "44708b3178d64441e737723c276c09be2a68458c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ethereum/go-ethereum/issues/18289",
- },
- },
- {
- ID: "CVE-2018-20699",
- Path: "2018/20xxx/CVE-2018-20699.json",
- BlobHash: "dacf7cf3d7d29ae5e23e75ba7131ec150742a6aa",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/docker/engine/pull/70",
- "https://github.com/moby/moby/pull/37967",
- "https://access.redhat.com/errata/RHSA-2019:0487",
- },
- },
- {
- ID: "CVE-2018-20744",
- Path: "2018/20xxx/CVE-2018-20744.json",
- BlobHash: "1cefda4afbed2d638e20c35d2c933d0b5f040517",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.securityfocus.com/bid/106834",
- "https://github.com/rs/cors/issues/55",
- "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf",
- },
- },
- {
- ID: "CVE-2018-21034",
- Path: "2018/21xxx/CVE-2018-21034.json",
- BlobHash: "56d67bbf8f84d7891fe18cb9e5e4ccf57d2c950f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399",
- "https://github.com/argoproj/argo-cd/issues/470",
- "https://github.com/argoproj/argo-cd/pull/3088",
- "https://www.soluble.ai/blog/argo-cves-2020",
- },
- },
- {
- ID: "CVE-2018-21233",
- Path: "2018/21xxx/CVE-2018-21233.json",
- BlobHash: "9937c0c3e6b76e59e2ca443213aff777788924a4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md",
- "https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433",
- },
- },
- {
- ID: "CVE-2018-7575",
- Path: "2018/7xxx/CVE-2018-7575.json",
- BlobHash: "9343295dfee30eb28e116826e8850d64aabf441a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-004.md",
- },
- },
- {
- ID: "CVE-2018-7576",
- Path: "2018/7xxx/CVE-2018-7576.json",
- BlobHash: "2453c5b8afea3b098674f54d18903bead7dd5f7a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-002.md",
- },
- },
- {
- ID: "CVE-2018-7577",
- Path: "2018/7xxx/CVE-2018-7577.json",
- BlobHash: "8157d1ce7a37342f460099bf7dbf3a5a99b1f91b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md",
- },
- },
- {
- ID: "CVE-2018-8825",
- Path: "2018/8xxx/CVE-2018-8825.json",
- BlobHash: "17abad64af8aa7178a1f18c852d2ead398d566ca",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md",
- },
- },
- {
- ID: "CVE-2018-9057",
- Path: "2018/9xxx/CVE-2018-9057.json",
- BlobHash: "b752bd349b89c035a8dfe9beb1e00500b3eabe64",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/terraform-providers/terraform-provider-aws/pull/3934",
- },
- },
- {
- ID: "CVE-2019-1000002",
- Path: "2019/1000xxx/CVE-2019-1000002.json",
- BlobHash: "025ede9d25a3d3f4675742a15bf6613c65329185",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/pull/5631",
- },
- },
- {
- ID: "CVE-2019-1002100",
- Path: "2019/1002xxx/CVE-2019-1002100.json",
- BlobHash: "e0b89cbfecc6bda0ddc9328c14c464d0f530d569",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.securityfocus.com/bid/107290",
- "https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g",
- "https://github.com/kubernetes/kubernetes/issues/74534",
- "https://security.netapp.com/advisory/ntap-20190416-0002/",
- "https://access.redhat.com/errata/RHSA-2019:1851",
- "https://access.redhat.com/errata/RHSA-2019:3239",
- },
- },
- {
- ID: "CVE-2019-1002101",
- Path: "2019/1002xxx/CVE-2019-1002101.json",
- BlobHash: "fc334f7e1f3d69f0a0aa7f96aeb508e914eb608e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/pull/75037",
- "http://www.securityfocus.com/bid/107652",
- "https://access.redhat.com/errata/RHBA-2019:0620",
- "https://access.redhat.com/errata/RHBA-2019:0619",
- "https://access.redhat.com/errata/RHBA-2019:0636",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/",
- "http://www.openwall.com/lists/oss-security/2019/06/21/1",
- "http://www.openwall.com/lists/oss-security/2019/08/05/5",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/",
- "https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/",
- },
- },
- {
- ID: "CVE-2019-1010003",
- Path: "2019/1010xxx/CVE-2019-1010003.json",
- BlobHash: "42d5629bcde21ead9f2a00a657cac5e87d417353",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/leanote/leanote/issues/719",
- },
- },
- {
- ID: "CVE-2019-1010261",
- Path: "2019/1010xxx/CVE-2019-1010261.json",
- BlobHash: "f3831638d12b38f33ea883beef62a45010809b5c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/pull/5905",
- },
- },
- {
- ID: "CVE-2019-1010275",
- Path: "2019/1010xxx/CVE-2019-1010275.json",
- BlobHash: "fe4e49a7a24105b11d76a66df4c7b4d0b29326bf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/helm/helm/releases/tag/v2.7.2",
- "https://github.com/helm/helm/pull/3152",
- "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50",
- },
- },
- {
- ID: "CVE-2019-1010314",
- Path: "2019/1010xxx/CVE-2019-1010314.json",
- BlobHash: "ee33fb655d9cdb556729967d0e5795044a74797e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/releases",
- },
- },
- {
- ID: "CVE-2019-10152",
- Path: "2019/10xxx/CVE-2019-10152.json",
- BlobHash: "8caa697ce18f612e3f89e82105107920bc18512b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152",
- "https://github.com/containers/libpod/issues/3211",
- "https://github.com/containers/libpod/pull/3214",
- "https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140",
- "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html",
- },
- },
- {
- ID: "CVE-2019-10156",
- Path: "2019/10xxx/CVE-2019-10156.json",
- BlobHash: "9bca6bd659046577d701e51ccbb3e127e06ff77d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156",
- "https://github.com/ansible/ansible/pull/57188",
- "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html",
- "https://access.redhat.com/errata/RHSA-2019:3744",
- "https://access.redhat.com/errata/RHSA-2019:3789",
- "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html",
- },
- },
- {
- ID: "CVE-2019-10165",
- Path: "2019/10xxx/CVE-2019-10165.json",
- BlobHash: "ebeba6c38254ff460ab6b1a5da153d9c47c9407a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10165",
- "https://github.com/openshift/cluster-kube-apiserver-operator/pull/499/",
- "https://github.com/openshift/cluster-openshift-apiserver-operator/pull/205",
- },
- },
- {
- ID: "CVE-2019-10200",
- Path: "2019/10xxx/CVE-2019-10200.json",
- BlobHash: "dbc0d981d4cc09a63bde8bfd9c87f6a6b23f287d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1730161",
- "https://github.com/openshift/cluster-kube-apiserver-operator/pull/524",
- },
- },
- {
- ID: "CVE-2019-1020009",
- Path: "2019/1020xxx/CVE-2019-1020009.json",
- BlobHash: "1ae26a4c91f2bc53ee44fadd4374e20e2c72832a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kolide/fleet/security/advisories/GHSA-6g7f-8qm4-f7h8",
- },
- },
- {
- ID: "CVE-2019-1020014",
- Path: "2019/1020xxx/CVE-2019-1020014.json",
- BlobHash: "8ea048b124de215f7cae83a713d807802ad5ce13",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a",
- "https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3",
- "https://usn.ubuntu.com/4103-1/",
- "https://usn.ubuntu.com/4103-2/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73/",
- },
- },
- {
- ID: "CVE-2019-1020015",
- Path: "2019/1020xxx/CVE-2019-1020015.json",
- BlobHash: "83816b3b659ad58e520ed2e8a6927f856602c108",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hasura/graphql-engine/commit/f2f14e727b051e3003ba44b9b63eab8186b291ac",
- },
- },
- {
- ID: "CVE-2019-10217",
- Path: "2019/10xxx/CVE-2019-10217.json",
- BlobHash: "7fbf95dcee87cd58c34f9947cc3d51ebbc4c1e64",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217",
- "https://github.com/ansible/ansible/issues/56269",
- "https://github.com/ansible/ansible/pull/59427",
- "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html",
- },
- },
- {
- ID: "CVE-2019-10223",
- Path: "2019/10xxx/CVE-2019-10223.json",
- BlobHash: "f06bcfd6195f7257a34b188fd665a3b9cdfe61c6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.openwall.com/lists/oss-security/2019/08/15/8",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10223",
- "https://github.com/kubernetes/kube-state-metrics/releases/tag/v1.7.2",
- "https://www.openwall.com/lists/oss-security/2019/08/09/1",
- },
- },
- {
- ID: "CVE-2019-10743",
- Path: "2019/10xxx/CVE-2019-10743.json",
- BlobHash: "78dfc1f5c94cf1480c02ac5ef1f8c3bcaaedfa0b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://snyk.io/research/zip-slip-vulnerability",
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728,",
- "https://github.com/mholt/archiver/pull/169",
- },
- },
- {
- ID: "CVE-2019-11043",
- Path: "2019/11xxx/CVE-2019-11043.json",
- BlobHash: "efbcf584e1363faeb3eb773648d2ce43da0e9335",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/neex/phuip-fpizdam",
- "https://bugs.php.net/bug.php?id=78599",
- "https://usn.ubuntu.com/4166-1/",
- "https://www.debian.org/security/2019/dsa-4552",
- "https://www.debian.org/security/2019/dsa-4553",
- "https://usn.ubuntu.com/4166-2/",
- "https://support.f5.com/csp/article/K75408500?utm_source=f5support&utm_medium=RSS",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/",
- "https://security.netapp.com/advisory/ntap-20191031-0003/",
- "https://access.redhat.com/errata/RHSA-2019:3286",
- "https://access.redhat.com/errata/RHSA-2019:3287",
- "https://access.redhat.com/errata/RHSA-2019:3299",
- "https://access.redhat.com/errata/RHSA-2019:3300",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/",
- "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html",
- "https://access.redhat.com/errata/RHSA-2019:3724",
- "https://access.redhat.com/errata/RHSA-2019:3735",
- "https://access.redhat.com/errata/RHSA-2019:3736",
- "https://www.synology.com/security/advisory/Synology_SA_19_36",
- "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html",
- "https://support.apple.com/kb/HT210919",
- "https://seclists.org/bugtraq/2020/Jan/44",
- "http://seclists.org/fulldisclosure/2020/Jan/40",
- "https://access.redhat.com/errata/RHSA-2020:0322",
- "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html",
- },
- },
- {
- ID: "CVE-2019-11228",
- Path: "2019/11xxx/CVE-2019-11228.json",
- BlobHash: "91ad8aad6f9734cd90b3f06f6e2613b7154004e9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc3",
- "https://github.com/go-gitea/gitea/releases/tag/v1.7.6",
- },
- },
- {
- ID: "CVE-2019-11229",
- Path: "2019/11xxx/CVE-2019-11229.json",
- BlobHash: "7dc2899d18260f82d6cfa35ae699107ac55affc6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc3",
- "https://github.com/go-gitea/gitea/releases/tag/v1.7.6",
- "http://packetstormsecurity.com/files/160833/Gitea-1.7.5-Remote-Code-Execution.html",
- },
- },
- {
- ID: "CVE-2019-11243",
- Path: "2019/11xxx/CVE-2019-11243.json",
- BlobHash: "240224e18d72e19314d8e206100446f0a275b49e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/76797",
- "http://www.securityfocus.com/bid/108053",
- "https://security.netapp.com/advisory/ntap-20190509-0002/",
- },
- },
- {
- ID: "CVE-2019-11244",
- Path: "2019/11xxx/CVE-2019-11244.json",
- BlobHash: "ee426f62fc258992ee5c5add5afa24866183049f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/76676",
- "http://www.securityfocus.com/bid/108064",
- "https://security.netapp.com/advisory/ntap-20190509-0002/",
- "https://access.redhat.com/errata/RHSA-2019:3942",
- "https://access.redhat.com/errata/RHSA-2020:0020",
- "https://access.redhat.com/errata/RHSA-2020:0074",
- },
- },
- {
- ID: "CVE-2019-11245",
- Path: "2019/11xxx/CVE-2019-11245.json",
- BlobHash: "ada2d8773e54a20b336e667f6090b889da32e60e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/78308",
- "https://security.netapp.com/advisory/ntap-20190919-0003/",
- },
- },
- {
- ID: "CVE-2019-11246",
- Path: "2019/11xxx/CVE-2019-11246.json",
- BlobHash: "d77d041f1845f282f19721f1b2c7eb293aa8f7c3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/pull/76788",
- "https://groups.google.com/forum/#!topic/kubernetes-security-announce/NLs2TGbfPdo",
- "https://security.netapp.com/advisory/ntap-20190919-0003/",
- },
- },
- {
- ID: "CVE-2019-11247",
- Path: "2019/11xxx/CVE-2019-11247.json",
- BlobHash: "026587a117d05ad182dd6e2d9e96f2d0865cb2b9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/80983",
- "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ",
- "https://access.redhat.com/errata/RHSA-2019:2690",
- "https://security.netapp.com/advisory/ntap-20190919-0003/",
- "https://access.redhat.com/errata/RHBA-2019:2816",
- "https://access.redhat.com/errata/RHBA-2019:2824",
- "https://access.redhat.com/errata/RHSA-2019:2769",
- },
- },
- {
- ID: "CVE-2019-11248",
- Path: "2019/11xxx/CVE-2019-11248.json",
- BlobHash: "00d4505f9edf499002ad21d1106879358cd7299a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/81023",
- "https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ",
- "https://security.netapp.com/advisory/ntap-20190919-0003/",
- },
- },
- {
- ID: "CVE-2019-11249",
- Path: "2019/11xxx/CVE-2019-11249.json",
- BlobHash: "47f2be6cfd55d6f91c805f77435fea5eda2c972c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ",
- "https://github.com/kubernetes/kubernetes/issues/80984",
- "https://security.netapp.com/advisory/ntap-20190919-0003/",
- "https://access.redhat.com/errata/RHBA-2019:2816",
- "https://access.redhat.com/errata/RHBA-2019:2794",
- "https://access.redhat.com/errata/RHBA-2019:2824",
- "https://access.redhat.com/errata/RHSA-2019:3239",
- "https://access.redhat.com/errata/RHSA-2019:3811",
- },
- },
- {
- ID: "CVE-2019-11251",
- Path: "2019/11xxx/CVE-2019-11251.json",
- BlobHash: "4c8f81bc45c5b6ae61871ed463956147eb35057b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/87773",
- "https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ",
- },
- },
- {
- ID: "CVE-2019-11252",
- Path: "2019/11xxx/CVE-2019-11252.json",
- BlobHash: "92b566eb58a6bfab63e2bc67c35d85e6342ab81d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/pull/88684",
- },
- },
- {
- ID: "CVE-2019-11255",
- Path: "2019/11xxx/CVE-2019-11255.json",
- BlobHash: "a1bac48c650c8fc51190ab12dca53f9dad7dc2fb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/85233",
- "https://groups.google.com/forum/#!topic/kubernetes-security-announce/aXiYN0q4uIw",
- "https://access.redhat.com/errata/RHSA-2019:4099",
- "https://access.redhat.com/errata/RHSA-2019:4096",
- "https://access.redhat.com/errata/RHSA-2019:4054",
- "https://access.redhat.com/errata/RHSA-2019:4225",
- "https://security.netapp.com/advisory/ntap-20200810-0003/",
- },
- },
- {
- ID: "CVE-2019-11328",
- Path: "2019/11xxx/CVE-2019-11328.json",
- BlobHash: "e84895b0fa29fcacb03922f45e8a8917dba0d2a9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/sylabs/singularity/releases/tag/v3.2.0",
- "http://www.openwall.com/lists/oss-security/2019/05/16/1",
- "http://www.securityfocus.com/bid/108360",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2/",
- "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
- },
- },
- {
- ID: "CVE-2019-11405",
- Path: "2019/11xxx/CVE-2019-11405.json",
- BlobHash: "b428a95b1dec6aeb4a742a930834a5af2ae4e696",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/OpenAPITools/openapi-generator/issues/2253",
- "https://github.com/OpenAPITools/openapi-generator/pull/2248",
- "https://github.com/OpenAPITools/openapi-generator/pull/2697",
- },
- },
- {
- ID: "CVE-2019-11471",
- Path: "2019/11xxx/CVE-2019-11471.json",
- BlobHash: "2efee46b4fef111a80fbca929f440c6d1e99d951",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/strukturag/libheif/issues/123",
- "https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014",
- },
- },
- {
- ID: "CVE-2019-11502",
- Path: "2019/11xxx/CVE-2019-11502.json",
- BlobHash: "f2a4e1adde7ef761a7ce10889105fb109b82b80c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.openwall.com/lists/oss-security/2019/04/18/4",
- "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1",
- "http://www.openwall.com/lists/oss-security/2019/04/25/7",
- },
- },
- {
- ID: "CVE-2019-11503",
- Path: "2019/11xxx/CVE-2019-11503.json",
- BlobHash: "59e3c0411f4ccd201662e0650f62acd0f328bdd6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.openwall.com/lists/oss-security/2019/04/18/4",
- "https://github.com/snapcore/snapd/pull/6642",
- "http://www.openwall.com/lists/oss-security/2019/04/25/7",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VACEKVQ7UAZ32WO4ZKCFW6YOBSYJ76L/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPU6APEZHAA7N2AI57OT4J2P7NKHFOLM/",
- },
- },
- {
- ID: "CVE-2019-11576",
- Path: "2019/11xxx/CVE-2019-11576.json",
- BlobHash: "3b90488fb237206082010ff8265beab7ec0dcb8a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://blog.gitea.io/2019/04/gitea-1.8.0-is-released/",
- "https://github.com/go-gitea/gitea/pull/6674",
- },
- },
- {
- ID: "CVE-2019-11641",
- Path: "2019/11xxx/CVE-2019-11641.json",
- BlobHash: "d91faee964c8eee67eb31bbdfb95e258ecba0dbe",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/threatstream/agave/issues/1",
- },
- },
- {
- ID: "CVE-2019-11881",
- Path: "2019/11xxx/CVE-2019-11881.json",
- BlobHash: "ec2bf57ca5fd5f3c95d06c8fe5f052a9b2b5958a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/MauroEldritch/VanCleef",
- "https://github.com/rancher/rancher/issues/20216",
- },
- },
- {
- ID: "CVE-2019-11938",
- Path: "2019/11xxx/CVE-2019-11938.json",
- BlobHash: "0398da0e1431d14677d55020500d17943ef4fb93",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030",
- "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3",
- "https://www.facebook.com/security/advisories/cve-2019-11938",
- },
- },
- {
- ID: "CVE-2019-12291",
- Path: "2019/12xxx/CVE-2019-12291.json",
- BlobHash: "ff4c4bccd23c52a9d1034ef7218d31bafba28423",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/consul/issues/5888",
- },
- },
- {
- ID: "CVE-2019-12452",
- Path: "2019/12xxx/CVE-2019-12452.json",
- BlobHash: "3bfedf7f9b1c3dd830d1ab48ef930747ece63146",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containous/traefik/issues/4917",
- "https://github.com/containous/traefik/pull/4918",
- "https://docs.traefik.io/configuration/api/#security",
- },
- },
- {
- ID: "CVE-2019-12494",
- Path: "2019/12xxx/CVE-2019-12494.json",
- BlobHash: "258fadf0b886fa7a254e061157499782629f282f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gardener/vpn/issues/40",
- "https://github.com/gardener/gardener/pull/874",
- "https://groups.google.com/forum/#!topic/gardener/pH6dNIEhv-A",
- },
- },
- {
- ID: "CVE-2019-12618",
- Path: "2019/12xxx/CVE-2019-12618.json",
- BlobHash: "383b97a16200129465fb17e8585798806cdbe0ad",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/nomad",
- "https://github.com/hashicorp/nomad/issues/5783",
- "https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2",
- },
- },
- {
- ID: "CVE-2019-12995",
- Path: "2019/12xxx/CVE-2019-12995.json",
- BlobHash: "c026aab113dc55ebe03006aef81b4cc16296ebc7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://istio.io/about/notes/",
- "https://github.com/istio/istio/issues/15084",
- "https://github.com/istio/istio.io/pull/4555",
- },
- },
- {
- ID: "CVE-2019-12999",
- Path: "2019/12xxx/CVE-2019-12999.json",
- BlobHash: "e76cd1687069c4af03dba8a65ba9c448776f8467",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/lightningnetwork/lnd/commits/master",
- "https://github.com/lightningnetwork/lnd/releases/tag/v0.7.0-beta",
- "https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html",
- },
- },
- {
- ID: "CVE-2019-13068",
- Path: "2019/13xxx/CVE-2019-13068.json",
- BlobHash: "0a67265314aad32b9195fc1ecc63ecdbefff63a0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/issues/17718",
- "https://github.com/grafana/grafana/releases/tag/v6.2.5",
- "https://security.netapp.com/advisory/ntap-20190710-0001/",
- },
- },
- {
- ID: "CVE-2019-13126",
- Path: "2019/13xxx/CVE-2019-13126.json",
- BlobHash: "55b267640f33a4f3a1b70bfebd68b670a156af55",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/",
- "https://github.com/nats-io/nats-server/pull/1053",
- },
- },
- {
- ID: "CVE-2019-13139",
- Path: "2019/13xxx/CVE-2019-13139.json",
- BlobHash: "affbd0b23c6d4cf05cf0493a761621959e397d5d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/moby/moby/pull/38944",
- "https://docs.docker.com/engine/release-notes/#18094",
- "https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/",
- "https://www.debian.org/security/2019/dsa-4521",
- "https://security.netapp.com/advisory/ntap-20190910-0001/",
- "https://seclists.org/bugtraq/2019/Sep/21",
- "https://access.redhat.com/errata/RHBA-2019:3092",
- },
- },
- {
- ID: "CVE-2019-13915",
- Path: "2019/13xxx/CVE-2019-13915.json",
- BlobHash: "c28c5b8ac1b46a51ff649b09511457f9a062f05d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/b3log/wide/issues/355",
- },
- },
- {
- ID: "CVE-2019-14243",
- Path: "2019/14xxx/CVE-2019-14243.json",
- BlobHash: "3d6ca6baefdec4c629814fd8742cb6c70c524b05",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://caddy.community/t/dos-in-http-proxyprotocol-plugin/6014",
- "https://github.com/mastercactapus/proxyprotocol/issues/1",
- "https://github.com/mastercactapus/caddy-proxyprotocol/issues/8",
- "https://github.com/mastercactapus/proxyprotocol/compare/ef496d7...5c4a101",
- "https://github.com/mastercactapus/proxyprotocol/commit/5c4a101121fc3e868026189c7a73f7f19eef90ac",
- "https://github.com/mastercactapus/proxyprotocol/releases/tag/v0.0.2",
- },
- },
- {
- ID: "CVE-2019-14255",
- Path: "2019/14xxx/CVE-2019-14255.json",
- BlobHash: "080feaf39dde048b5eb8714ce9ceffe57771af2c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/cactus/go-camo/security/advisories/GHSA-xrmp-4542-q746",
- },
- },
- {
- ID: "CVE-2019-14271",
- Path: "2019/14xxx/CVE-2019-14271.json",
- BlobHash: "525144ea9bf237401b83dde566e97ee338088a56",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/moby/moby/issues/39449",
- "https://docs.docker.com/engine/release-notes/",
- "https://security.netapp.com/advisory/ntap-20190828-0003/",
- "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
- "https://www.debian.org/security/2019/dsa-4521",
- "https://seclists.org/bugtraq/2019/Sep/21",
- },
- },
- {
- ID: "CVE-2019-14544",
- Path: "2019/14xxx/CVE-2019-14544.json",
- BlobHash: "d44e03d3e369947b16ff48b95f754d0097b04422",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gogs/gogs/issues/5764",
- },
- },
- {
- ID: "CVE-2019-14846",
- Path: "2019/14xxx/CVE-2019-14846.json",
- BlobHash: "e4504fea8a94bc8abf1a26c600394ecb42552d4f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846",
- "https://github.com/ansible/ansible/pull/63366",
- "https://access.redhat.com/errata/RHSA-2019:3203",
- "https://access.redhat.com/errata/RHSA-2019:3202",
- "https://access.redhat.com/errata/RHSA-2019:3207",
- "https://access.redhat.com/errata/RHSA-2019:3201",
- "https://access.redhat.com/errata/RHSA-2020:0756",
- "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html",
- "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html",
- "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html",
- },
- },
- {
- ID: "CVE-2019-14864",
- Path: "2019/14xxx/CVE-2019-14864.json",
- BlobHash: "05c5029f208e31be80468e1b08210407c44a0b76",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864",
- "https://github.com/ansible/ansible/issues/63522",
- "https://github.com/ansible/ansible/pull/63527",
- "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html",
- },
- },
- {
- ID: "CVE-2019-14904",
- Path: "2019/14xxx/CVE-2019-14904.json",
- BlobHash: "79f65d4b41ccb1e253ab9a62354e27963949b935",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1776944",
- "https://github.com/ansible/ansible/pull/65686",
- "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html",
- },
- },
- {
- ID: "CVE-2019-14940",
- Path: "2019/14xxx/CVE-2019-14940.json",
- BlobHash: "795b8ab72afb7caeb2b9fcc94851e0881bfb2e7d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/spdk/spdk/releases/tag/v19.07",
- },
- },
- {
- ID: "CVE-2019-14993",
- Path: "2019/14xxx/CVE-2019-14993.json",
- BlobHash: "dcb624b1dd02901374a40c981cbf752d066361d0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://discuss.istio.io/t/upcoming-security-updates-in-istio-1-2-4-and-1-1-13/3383",
- "https://github.com/envoyproxy/envoy/issues/7728",
- "https://istio.io/blog/2019/istio-security-003-004/",
- "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86164",
- },
- },
- {
- ID: "CVE-2019-15043",
- Path: "2019/15xxx/CVE-2019-15043.json",
- BlobHash: "5d64b3160b773e51ecf38ba83cfffa33b3a0988c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://community.grafana.com/t/release-notes-v6-3-x/19202",
- "https://github.com/grafana/grafana/releases",
- "https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569",
- "https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RF5ARGYX3WYB7H2FDR7VAWTEQ27UX3FU/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UO4NBL7PKW4OSFRVZENGC42EWEJV2YAH/",
- "https://security.netapp.com/advisory/ntap-20191004-0004/",
- "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html",
- },
- },
- {
- ID: "CVE-2019-15119",
- Path: "2019/15xxx/CVE-2019-15119.json",
- BlobHash: "0afdb67cace7095df25df975e881acd7b2512bb3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/cnlh/nps/issues/176",
- "https://github.com/cnlh/nps/commit/7178b3380720e910d283036a8d39879a94105515",
- },
- },
- {
- ID: "CVE-2019-15225",
- Path: "2019/15xxx/CVE-2019-15225.json",
- BlobHash: "e4acf6d62c653e50bebe75585582a4c5ee8ab2a4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/issues/7728",
- },
- },
- {
- ID: "CVE-2019-15226",
- Path: "2019/15xxx/CVE-2019-15226.json",
- BlobHash: "d728ca5f8ba329e8d0d40bb6af1f115dfd186e04",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/commits/master",
- "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
- "https://github.com/envoyproxy/envoy/issues/8520",
- },
- },
- {
- ID: "CVE-2019-15562",
- Path: "2019/15xxx/CVE-2019-15562.json",
- BlobHash: "163789d5a1fd4f7430975ced3ca5b6ce4519089c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/jinzhu/gorm/releases/tag/v1.9.10",
- "https://github.com/go-gorm/gorm/pull/2519",
- "https://github.com/go-gorm/gorm/pull/2674",
- "https://github.com/go-gorm/gorm/issues/2517#issuecomment-638145427",
- },
- },
- {
- ID: "CVE-2019-15716",
- Path: "2019/15xxx/CVE-2019-15716.json",
- BlobHash: "7469952f2a930ae410f6a261b4551adc302a1b76",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/wtfutil/wtf/compare/v0.18.0...v0.19.0",
- "https://github.com/wtfutil/wtf/issues/517",
- "https://github.com/wtfutil/wtf/blob/67658e172c9470e93e4122d6e2c90d01db12b0ac/cfg/config_files.go#L71-L72",
- },
- },
- {
- ID: "CVE-2019-16060",
- Path: "2019/16xxx/CVE-2019-16060.json",
- BlobHash: "9c378b379f482d7725baafb194a1acade28a4bbd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/airbrake/airbrake-ruby/issues/468",
- },
- },
- {
- ID: "CVE-2019-16097",
- Path: "2019/16xxx/CVE-2019-16097.json",
- BlobHash: "4facc31796c17f1bb3e241cab3accb974b68c73f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517",
- "https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1",
- "https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/",
- "https://github.com/goharbor/harbor/releases/tag/v1.8.3",
- "https://github.com/goharbor/harbor/releases/tag/v1.7.6",
- "http://www.vmware.com/security/advisories/VMSA-2019-0015.html",
- },
- },
- {
- ID: "CVE-2019-16146",
- Path: "2019/16xxx/CVE-2019-16146.json",
- BlobHash: "f7415bce429210272f7f522d58dc0a5aa197a9d2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gophish/gophish/pull/1547",
- },
- },
- {
- ID: "CVE-2019-16214",
- Path: "2019/16xxx/CVE-2019-16214.json",
- BlobHash: "3c00f5013f369e52474a4b47c61c47dad3433c57",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://blog.openzeppelin.com/libra-vulnerability-summary/",
- "https://blog.openzeppelin.com/libra-vulnerability-release/",
- "https://github.com/libra/libra/commit/7efb0221989f17fdf7f8486730898ed947a1e19e",
- },
- },
- {
- ID: "CVE-2019-16355",
- Path: "2019/16xxx/CVE-2019-16355.json",
- BlobHash: "6c3717f918447251a41e2bf059f6aed70ef9e5bf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/astaxie/beego/issues/3763",
- },
- },
- {
- ID: "CVE-2019-16778",
- Path: "2019/16xxx/CVE-2019-16778.json",
- BlobHash: "79c8ece60183840c81f4be3dd5b3f0c34073cdd6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j",
- "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892",
- "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md",
- },
- },
- {
- ID: "CVE-2019-16919",
- Path: "2019/16xxx/CVE-2019-16919.json",
- BlobHash: "c83a62ca2397e93022bc1737ae1bb03add793d6f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://landscape.cncf.io/selected=harbor",
- "http://www.vmware.com/security/advisories/VMSA-2019-0016.html",
- "https://github.com/goharbor/harbor/security/advisories/GHSA-x2r2-w9c7-h624",
- },
- },
- {
- ID: "CVE-2019-18466",
- Path: "2019/18xxx/CVE-2019-18466.json",
- BlobHash: "e153cc928f291572de44893ea69a82169e3fd99a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1744588",
- "https://github.com/containers/libpod/issues/3829",
- "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e",
- "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0",
- "https://access.redhat.com/errata/RHSA-2019:4269",
- "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html",
- },
- },
- {
- ID: "CVE-2019-18657",
- Path: "2019/18xxx/CVE-2019-18657.json",
- BlobHash: "9dd98b50e92943e0863c8d1703dad082c14de3bc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ClickHouse/ClickHouse/pull/6466",
- "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md",
- "https://github.com/ClickHouse/ClickHouse/pull/7526/files",
- },
- },
- {
- ID: "CVE-2019-18801",
- Path: "2019/18xxx/CVE-2019-18801.json",
- BlobHash: "f32ec181fdf01f62dafabf2952f91bdde06b559c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/commits/master",
- "https://groups.google.com/forum/#!forum/envoy-users",
- "https://blog.envoyproxy.io",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp",
- "https://access.redhat.com/errata/RHSA-2019:4222",
- },
- },
- {
- ID: "CVE-2019-18802",
- Path: "2019/18xxx/CVE-2019-18802.json",
- BlobHash: "69c5764c6435584d082e1ebe62c8d77dafe9e038",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/commits/master",
- "https://groups.google.com/forum/#!forum/envoy-users",
- "https://blog.envoyproxy.io",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4",
- "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html",
- },
- },
- {
- ID: "CVE-2019-18817",
- Path: "2019/18xxx/CVE-2019-18817.json",
- BlobHash: "7e1cfb65da95dc7c8a0915cb6f3791112fe33299",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://istio.io/news/2019/announcing-1.3.5/",
- "https://github.com/istio/istio/issues/18229",
- },
- },
- {
- ID: "CVE-2019-18836",
- Path: "2019/18xxx/CVE-2019-18836.json",
- BlobHash: "7b94362aea5c82e2d167c886763553dabb569120",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/forum/#!forum/envoy-users",
- "https://blog.envoyproxy.io",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46",
- "https://github.com/istio/istio/issues/18229",
- },
- },
- {
- ID: "CVE-2019-18838",
- Path: "2019/18xxx/CVE-2019-18838.json",
- BlobHash: "45f3cb1518e31e5c0311ff0c8a07edea3650fba7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/commits/master",
- "https://groups.google.com/forum/#!forum/envoy-users",
- "https://blog.envoyproxy.io",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc",
- },
- },
- {
- ID: "CVE-2019-18923",
- Path: "2019/18xxx/CVE-2019-18923.json",
- BlobHash: "5ab89fec75b1e5e9fc68200be2ecf3d081ad3b3c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/cactus/go-camo/blob/505862f7bf14c8b6ff945734d5f3fdcd929e45dd/pkg/camo/proxy.go#L453-L460",
- "https://github.com/cactus/go-camo/security/advisories/GHSA-jg2r-qf99-4wvr",
- },
- },
- {
- ID: "CVE-2019-19023",
- Path: "2019/19xxx/CVE-2019-19023.json",
- BlobHash: "c65ec8265c7c221b10038390e54f83fb8fb57380",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/goharbor/harbor/security/advisories",
- "https://tanzu.vmware.com/security/cve-2019-19023",
- },
- },
- {
- ID: "CVE-2019-19025",
- Path: "2019/19xxx/CVE-2019-19025.json",
- BlobHash: "319b42d2220549d97aa1b196a71bf1af6443dedb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/goharbor/harbor/security/advisories",
- "https://tanzu.vmware.com/security/cve-2019-19025",
- "https://github.com/goharbor/harbor/security/advisories/GHSA-gcqm-v682-ccw6",
- },
- },
- {
- ID: "CVE-2019-19026",
- Path: "2019/19xxx/CVE-2019-19026.json",
- BlobHash: "2e2be398442b195e408aa00ef0c50504e1aafb4d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/goharbor/harbor/security/advisories",
- "https://tanzu.vmware.com/security/cve-2019-19026",
- "https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64",
- },
- },
- {
- ID: "CVE-2019-19029",
- Path: "2019/19xxx/CVE-2019-19029.json",
- BlobHash: "9388b463ac82baa9b6b4c6248f707695b541ce02",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/goharbor/harbor/security/advisories",
- "https://tanzu.vmware.com/security/cve-2019-19029",
- "https://github.com/goharbor/harbor/security/advisories/GHSA-qcfv-8v29-469w",
- },
- },
- {
- ID: "CVE-2019-19316",
- Path: "2019/19xxx/CVE-2019-19316.json",
- BlobHash: "99e80ea26c6c3f1a43ef4c11e5f52939348b3c5f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/terraform/security/advisories/GHSA-4rvg-555h-r626",
- },
- },
- {
- ID: "CVE-2019-19335",
- Path: "2019/19xxx/CVE-2019-19335.json",
- BlobHash: "e24b07367bb61f813bd8ad8e608a13068089b290",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335",
- },
- },
- {
- ID: "CVE-2019-19349",
- Path: "2019/19xxx/CVE-2019-19349.json",
- BlobHash: "81759decb9c3b14e63d99ec2c01550a77f193dd3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1793284",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
- },
- },
- {
- ID: "CVE-2019-19350",
- Path: "2019/19xxx/CVE-2019-19350.json",
- BlobHash: "be7fda55b07cb415a2c5f586189a00586cca7082",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1793283",
- },
- },
- {
- ID: "CVE-2019-19724",
- Path: "2019/19xxx/CVE-2019-19724.json",
- BlobHash: "159f7d803636dd2ef6313aa2471fa8dff9eb7f9d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/sylabs/singularity/releases/tag/v3.5.2",
- "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
- },
- },
- {
- ID: "CVE-2019-19922",
- Path: "2019/19xxx/CVE-2019-19922.json",
- BlobHash: "6daf82d954d5ad555580ded4e6b34216e5ab1fb2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9",
- "https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425",
- "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425",
- "https://relistan.com/the-kernel-may-be-slowing-down-your-app",
- "https://github.com/kubernetes/kubernetes/issues/67577",
- "https://usn.ubuntu.com/4226-1/",
- "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html",
- "https://security.netapp.com/advisory/ntap-20200204-0002/",
- },
- },
- {
- ID: "CVE-2019-20329",
- Path: "2019/20xxx/CVE-2019-20329.json",
- BlobHash: "ad4ce06fbbd574a6742e8d43184caf2e721de2de",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/open-lambda/open-lambda/issues/92",
- "https://github.com/open-lambda/open-lambda/blob/9f7f935195ca74700c60ebc1ecfdaefad40d144b/src/common/config.go#L135",
- "https://github.com/open-lambda/open-lambda/blob/9f7f935195ca74700c60ebc1ecfdaefad40d144b/src/server/lambdaServer.go#L92-L97",
- },
- },
- {
- ID: "CVE-2019-20372",
- Path: "2019/20xxx/CVE-2019-20372.json",
- BlobHash: "cb8234e84e0802f06ee40be40c766b10d17b0974",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf",
- "http://nginx.org/en/CHANGES",
- "https://duo.com/docs/dng-notes#version-1.5.4-january-2020",
- "https://github.com/kubernetes/ingress-nginx/pull/4859",
- "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e",
- "https://usn.ubuntu.com/4235-1/",
- "https://usn.ubuntu.com/4235-2/",
- "https://security.netapp.com/advisory/ntap-20200127-0003/",
- "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html",
- },
- },
- {
- ID: "CVE-2019-20377",
- Path: "2019/20xxx/CVE-2019-20377.json",
- BlobHash: "5ce3ea7ffb45e199b7fb3a9c26fa416c35433fa9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tophubs/TopList/issues/32",
- },
- },
- {
- ID: "CVE-2019-20894",
- Path: "2019/20xxx/CVE-2019-20894.json",
- BlobHash: "e2b7f6503920679af3592d2acaa6c3ef5b83baf7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containous/traefik/issues/5312",
- },
- },
- {
- ID: "CVE-2019-20933",
- Path: "2019/20xxx/CVE-2019-20933.json",
- BlobHash: "53d3419759649147083c4e39c29cb795407d6823",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/influxdata/influxdb/issues/12927",
- "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6",
- "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0",
- "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html",
- "https://www.debian.org/security/2021/dsa-4823",
- },
- },
- {
- ID: "CVE-2019-25014",
- Path: "2019/25xxx/CVE-2019-25014.json",
- BlobHash: "d4cc6a06989f1abc359b4c47bf3c807cc898a458",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/istio/istio/compare/1.4.2...1.5.0-alpha.0",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1919066",
- },
- },
- {
- ID: "CVE-2019-3552",
- Path: "2019/3xxx/CVE-2019-3552.json",
- BlobHash: "c40a70560ec0e411812acff3a1bada2ecb3ce47c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
- "http://www.securityfocus.com/bid/108279",
- "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",
- },
- },
- {
- ID: "CVE-2019-3553",
- Path: "2019/3xxx/CVE-2019-3553.json",
- BlobHash: "0d36004a8d58b25beb7a744d44fbcfb4c293deaf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351",
- "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6",
- "https://www.facebook.com/security/advisories/cve-2019-3553",
- },
- },
- {
- ID: "CVE-2019-3558",
- Path: "2019/3xxx/CVE-2019-3558.json",
- BlobHash: "0a56ef93e603a8315c031e2e2ae979339406e18c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
- "https://www.facebook.com/security/advisories/cve-2019-3558",
- "http://www.securityfocus.com/bid/108274",
- "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",
- },
- },
- {
- ID: "CVE-2019-3559",
- Path: "2019/3xxx/CVE-2019-3559.json",
- BlobHash: "044998de6792e20e43bdc95fe51c581edef9fdc5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943",
- "https://www.facebook.com/security/advisories/cve-2019-3559",
- "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",
- },
- },
- {
- ID: "CVE-2019-3565",
- Path: "2019/3xxx/CVE-2019-3565.json",
- BlobHash: "52d4975f9164deaf7c50b81b00f369d7def6e55f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64",
- "https://www.facebook.com/security/advisories/cve-2019-3565",
- "http://www.securityfocus.com/bid/108280",
- "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",
- },
- },
- {
- ID: "CVE-2019-3826",
- Path: "2019/3xxx/CVE-2019-3826.json",
- BlobHash: "7c4bf71bc274679b9929c35618ac44685eeb066d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826",
- "https://github.com/prometheus/prometheus/pull/5163",
- "https://github.com/prometheus/prometheus/commit/62e591f9",
- "https://access.redhat.com/errata/RHBA-2019:0327",
- "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E",
- "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E",
- "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E",
- "https://advisory.checkmarx.net/advisory/CX-2019-4297",
- },
- },
- {
- ID: "CVE-2019-3828",
- Path: "2019/3xxx/CVE-2019-3828.json",
- BlobHash: "ecf1efff5e523cf410bd7dad7d181a88090d7377",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/pull/52133",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828",
- "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
- "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html",
- "https://usn.ubuntu.com/4072-1/",
- "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html",
- "https://access.redhat.com/errata/RHSA-2019:3744",
- "https://access.redhat.com/errata/RHSA-2019:3789",
- },
- },
- {
- ID: "CVE-2019-3841",
- Path: "2019/3xxx/CVE-2019-3841.json",
- BlobHash: "fb2cd94717b5e0267890e50fa3f05139cadba555",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubevirt/containerized-data-importer/issues/678",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3841",
- },
- },
- {
- ID: "CVE-2019-3990",
- Path: "2019/3xxx/CVE-2019-3990.json",
- BlobHash: "b28380c71c2d5e8c495a466ffd1693fd702ff1a9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.tenable.com/security/research/tra-2019-50",
- "https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg",
- },
- },
- {
- ID: "CVE-2019-5736",
- Path: "2019/5xxx/CVE-2019-5736.json",
- BlobHash: "a70763471650d8005dfa3efbc0d8ccbe6540d2f7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d",
- "https://access.redhat.com/errata/RHSA-2019:0408",
- "https://github.com/rancher/runc-cve",
- "https://access.redhat.com/errata/RHSA-2019:0401",
- "https://github.com/docker/docker-ce/releases/tag/v18.09.2",
- "https://www.synology.com/security/advisory/Synology_SA_19_06",
- "https://security.netapp.com/advisory/ntap-20190307-0008/",
- "https://access.redhat.com/errata/RHSA-2019:0303",
- "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
- "https://github.com/q3k/cve-2019-5736-poc",
- "https://www.exploit-db.com/exploits/46359/",
- "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b",
- "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/",
- "https://www.openwall.com/lists/oss-security/2019/02/11/2",
- "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/",
- "https://access.redhat.com/security/cve/cve-2019-5736",
- "https://www.exploit-db.com/exploits/46369/",
- "https://access.redhat.com/errata/RHSA-2019:0304",
- "https://github.com/Frichetten/CVE-2019-5736-PoC",
- "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us",
- "https://brauner.github.io/2019/02/12/privileged-containers.html",
- "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/",
- "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc",
- "http://www.securityfocus.com/bid/106976",
- "https://access.redhat.com/security/vulnerabilities/runcescape",
- "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html",
- "https://bugzilla.suse.com/show_bug.cgi?id=1121967",
- "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
- "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E",
- "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706@%3Cuser.mesos.apache.org%3E",
- "http://www.openwall.com/lists/oss-security/2019/03/23/1",
- "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003",
- "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html",
- "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
- "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/",
- "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944",
- "https://access.redhat.com/errata/RHSA-2019:0975",
- "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/",
- "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/",
- "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e@%3Cdev.dlab.apache.org%3E",
- "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46@%3Cdev.dlab.apache.org%3E",
- "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html",
- "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
- "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html",
- "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html",
- "http://www.openwall.com/lists/oss-security/2019/06/28/2",
- "http://www.openwall.com/lists/oss-security/2019/07/06/3",
- "http://www.openwall.com/lists/oss-security/2019/07/06/4",
- "https://usn.ubuntu.com/4048-1/",
- "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/",
- "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3E",
- "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html",
- "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html",
- "http://www.openwall.com/lists/oss-security/2019/10/24/1",
- "http://www.openwall.com/lists/oss-security/2019/10/29/3",
- "https://security.gentoo.org/glsa/202003-21",
- "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587@%3Cdev.dlab.apache.org%3E",
- "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
- },
- },
- {
- ID: "CVE-2019-6035",
- Path: "2019/6xxx/CVE-2019-6035.json",
- BlobHash: "3c8c32ae22bd6815d0449ad9712f7f9174466a99",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/yahoo/athenz",
- "https://github.com/yahoo/athenz/pull/700",
- "http://jvn.jp/en/jp/JVN57070811/index.html",
- },
- },
- {
- ID: "CVE-2019-8336",
- Path: "2019/8xxx/CVE-2019-8336.json",
- BlobHash: "abe831f5016cc79fd871b617a7af877ee0b0a4a0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/consul/issues/5423",
- },
- },
- {
- ID: "CVE-2019-8400",
- Path: "2019/8xxx/CVE-2019-8400.json",
- BlobHash: "4b34b7a6ba89e99f7d3c8e07983001c666379f0d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk",
- "https://www.youtube.com/watch?v=RIyZLeKEC8E",
- "https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06",
- "https://hackerone.com/reports/456333",
- "https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3",
- },
- },
- {
- ID: "CVE-2019-9547",
- Path: "2019/9xxx/CVE-2019-9547.json",
- BlobHash: "a944bea3ea8cd2b38f441dd27151e01f83403424",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/spdk/spdk/releases/tag/v19.01",
- "https://github.com/spdk/spdk/commit/eca42c66092b9031711afe215fbc1891ee55f143",
- },
- },
- {
- ID: "CVE-2019-9635",
- Path: "2019/9xxx/CVE-2019-9635.json",
- BlobHash: "9d58ae865204551751290c66abbff27e40f4ecd4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-001.md",
- },
- },
- {
- ID: "CVE-2019-9764",
- Path: "2019/9xxx/CVE-2019-9764.json",
- BlobHash: "d7793034dbd0ce5a1900da4dee3aea04c8082989",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/consul/issues/5519",
- },
- },
- {
- ID: "CVE-2019-9900",
- Path: "2019/9xxx/CVE-2019-9900.json",
- BlobHash: "236cb5b5fc6add61e91d73d6cb274f965889b736",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://access.redhat.com/errata/RHSA-2019:0741",
- "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history",
- "https://github.com/envoyproxy/envoy/issues/6434",
- "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h",
- },
- },
- {
- ID: "CVE-2019-9901",
- Path: "2019/9xxx/CVE-2019-9901.json",
- BlobHash: "df957110c5812905fe08c8808751fddc18b66f32",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history",
- "https://github.com/envoyproxy/envoy/issues/6435",
- "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w",
- },
- },
- {
- ID: "CVE-2019-9946",
- Path: "2019/9xxx/CVE-2019-9946.json",
- BlobHash: "0fdd06a121187709d8e863358fbc539a51bfcbba",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272",
- "https://security.netapp.com/advisory/ntap-20190416-0002/",
- "https://access.redhat.com/errata/RHBA-2019:0862",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCN66VYB3XS76SYH567SO7N3I254JOCT/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGOOWAELGH3F7OXRBPH3HCNZELNLXYTW/",
- },
- },
- {
- ID: "CVE-2020-10660",
- Path: "2020/10xxx/CVE-2020-10660.json",
- BlobHash: "afe60fafe6b51c1e333bc6bf414cf05ab10d0d48",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/vault/",
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020",
- },
- },
- {
- ID: "CVE-2020-10661",
- Path: "2020/10xxx/CVE-2020-10661.json",
- BlobHash: "18b1302eca7464a23928bd9215e655cb1dc02056",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/vault/",
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020",
- },
- },
- {
- ID: "CVE-2020-10685",
- Path: "2020/10xxx/CVE-2020-10685.json",
- BlobHash: "bed787e624fb760bf7e3974a111b0aa030a5f20d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685",
- "https://github.com/ansible/ansible/pull/68433",
- "https://security.gentoo.org/glsa/202006-11",
- },
- },
- {
- ID: "CVE-2020-10691",
- Path: "2020/10xxx/CVE-2020-10691.json",
- BlobHash: "6c5d50dd00f6d10db0ec80c974927572cbb61de6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10691",
- "https://github.com/ansible/ansible/pull/68596",
- },
- },
- {
- ID: "CVE-2020-10696",
- Path: "2020/10xxx/CVE-2020-10696.json",
- BlobHash: "461bbeb746dd1ff55af64811a3893be09affe1df",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696",
- "https://github.com/containers/buildah/pull/2245",
- "https://access.redhat.com/security/cve/cve-2020-10696",
- },
- },
- {
- ID: "CVE-2020-10706",
- Path: "2020/10xxx/CVE-2020-10706.json",
- BlobHash: "997d4d69ee84e69e79ed69d294d6948ec6400695",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10706",
- },
- },
- {
- ID: "CVE-2020-10712",
- Path: "2020/10xxx/CVE-2020-10712.json",
- BlobHash: "8ac05635085e0b20cddadaa67975ff3963764488",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10712",
- },
- },
- {
- ID: "CVE-2020-10715",
- Path: "2020/10xxx/CVE-2020-10715.json",
- BlobHash: "b63d43881d1fba101f9b921b1f02e82baae4e90f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/openshift/origin-web-console/pull/3173",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1767665",
- },
- },
- {
- ID: "CVE-2020-10749",
- Path: "2020/10xxx/CVE-2020-10749.json",
- BlobHash: "8822dd27a56bcc2137fcdecb52aa167910a3fe59",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749",
- "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/",
- },
- },
- {
- ID: "CVE-2020-10750",
- Path: "2020/10xxx/CVE-2020-10750.json",
- BlobHash: "dfa783a0f815bd8b222cd3dcd2ecbafdd018dbfc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10750",
- "https://github.com/jaegertracing/jaeger/releases/tag/v1.18.1",
- },
- },
- {
- ID: "CVE-2020-10752",
- Path: "2020/10xxx/CVE-2020-10752.json",
- BlobHash: "19ebc5ac73d637204c098c0830ec8b4e4a5157bc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/openshift/origin/blob/master/vendor/k8s.io/kubernetes/staging/src/k8s.io/apiserver/pkg/server/filters/wrap.go#L39",
- "https://github.com/openshift/enhancements/pull/323",
- },
- },
- {
- ID: "CVE-2020-10763",
- Path: "2020/10xxx/CVE-2020-10763.json",
- BlobHash: "f11aba3a3166d14eb4f5d0aa25f1e14c6dc1a4f5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1845387",
- "https://github.com/heketi/heketi/releases/tag/v10.1.0",
- },
- },
- {
- ID: "CVE-2020-10944",
- Path: "2020/10xxx/CVE-2020-10944.json",
- BlobHash: "0fcfa628243c48bdb9c07e0ed2c83806793a2b47",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/nomad/issues/7468",
- },
- },
- {
- ID: "CVE-2020-11008",
- Path: "2020/11xxx/CVE-2020-11008.json",
- BlobHash: "49b7673095fcc8b089bff21bac55476915375266",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7",
- "https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q",
- "https://github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282",
- "https://security.gentoo.org/glsa/202004-13",
- "https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/",
- "https://usn.ubuntu.com/4334-1/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/",
- "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html",
- "https://support.apple.com/kb/HT211183",
- "http://seclists.org/fulldisclosure/2020/May/41",
- },
- },
- {
- ID: "CVE-2020-11012",
- Path: "2020/11xxx/CVE-2020-11012.json",
- BlobHash: "eda555e8b97f25306c94cfcb961ee6c97bc7005c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w",
- "https://github.com/minio/minio/pull/9422",
- "https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923",
- "https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z",
- },
- },
- {
- ID: "CVE-2020-11013",
- Path: "2020/11xxx/CVE-2020-11013.json",
- BlobHash: "094ee70f2f433077aaee4062ac5c12fb19dc8df2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8",
- "https://github.com/helm/helm/releases/tag/v3.2.0",
- },
- },
- {
- ID: "CVE-2020-11053",
- Path: "2020/11xxx/CVE-2020-11053.json",
- BlobHash: "35faf332602e9f8a188e8842e36b59318312184f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg",
- },
- },
- {
- ID: "CVE-2020-11080",
- Path: "2020/11xxx/CVE-2020-11080.json",
- BlobHash: "4fa5eac63a53a7eb9f7f4eea563e03111bac58e7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.debian.org/security/2020/dsa-4696",
- "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/",
- "https://www.oracle.com/security-alerts/cpujul2020.html",
- "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr",
- "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
- "https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394",
- "https://www.oracle.com/security-alerts/cpuoct2020.html",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/",
- "https://www.oracle.com/security-alerts/cpujan2021.html",
- },
- },
- {
- ID: "CVE-2020-11091",
- Path: "2020/11xxx/CVE-2020-11091.json",
- BlobHash: "e4d76ded9cbc0f4dfae213028ecfe4ff8003e0fb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/weaveworks/weave/security/advisories/GHSA-59qg-grp7-5r73",
- "https://github.com/weaveworks/weave/commit/15f21f1899060f7716c70a8555a084e836f39a60",
- },
- },
- {
- ID: "CVE-2020-11110",
- Path: "2020/11xxx/CVE-2020-11110.json",
- BlobHash: "3a67b7a18ba3de7f72afe992db666d0e7235ef6c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/blob/master/CHANGELOG.md",
- "https://security.netapp.com/advisory/ntap-20200810-0002/",
- },
- },
- {
- ID: "CVE-2020-11498",
- Path: "2020/11xxx/CVE-2020-11498.json",
- BlobHash: "2bfc8ec0f4298b3d984e25c885470da69e1e0314",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/slackhq/nebula/pull/191",
- "http://www.pwn3d.org/posts/7918501-slack-nebula-relative-path-bug-bounty-disclosure",
- },
- },
- {
- ID: "CVE-2020-11576",
- Path: "2020/11xxx/CVE-2020-11576.json",
- BlobHash: "f003dec53d4d2ef8de2dc76461a02cb5b3268a3d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/argoproj/argo-cd/pull/3215",
- "https://github.com/argoproj/argo-cd/commit/35a7350b7444bcaf53ee0bb11b9d8e3ae4b717a1",
- "https://www.soluble.ai/blog/argo-cves-2020",
- },
- },
- {
- ID: "CVE-2020-11710",
- Path: "2020/11xxx/CVE-2020-11710.json",
- BlobHash: "06704241be0913c4e32085f5fe9d42d3d02589f6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/Kong/kong",
- "https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611",
- "https://github.com/Kong/docker-kong/commit/dfa095cadf7e8309155be51982d8720daf32e31c",
- "https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949",
- },
- },
- {
- ID: "CVE-2020-11767",
- Path: "2020/11xxx/CVE-2020-11767.json",
- BlobHash: "2da1921971291d993c9d73746cef16d55339bc2f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5",
- "https://github.com/envoyproxy/envoy/issues/6767",
- "https://github.com/istio/istio/issues/9429",
- "https://github.com/istio/istio/issues/13589",
- },
- },
- {
- ID: "CVE-2020-12118",
- Path: "2020/12xxx/CVE-2020-12118.json",
- BlobHash: "625c805c88e57aafe0bfca5d2f8e5be9d5114990",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/binance-chain/tss-lib/pull/89",
- "https://github.com/binance-chain/tss-lib/releases/tag/v1.2.0",
- },
- },
- {
- ID: "CVE-2020-12245",
- Path: "2020/12xxx/CVE-2020-12245.json",
- BlobHash: "616c91ca3b57b2b744bd08a30ad12b9704199d15",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23",
- "https://community.grafana.com/t/release-notes-v6-7-x/27119",
- "https://github.com/grafana/grafana/pull/23816",
- "https://security.netapp.com/advisory/ntap-20200511-0001/",
- "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html",
- },
- },
- {
- ID: "CVE-2020-12278",
- Path: "2020/12xxx/CVE-2020-12278.json",
- BlobHash: "861d14b4598cc4348972ddad1a39a4b976945a7f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/git/git/security/advisories/GHSA-5wph-8frv-58vj",
- "https://github.com/libgit2/libgit2/releases/tag/v0.99.0",
- "https://github.com/libgit2/libgit2/releases/tag/v0.28.4",
- "https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01",
- "https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb",
- },
- },
- {
- ID: "CVE-2020-12279",
- Path: "2020/12xxx/CVE-2020-12279.json",
- BlobHash: "a9ca1a376635da8365a74526596e71051eaf85bc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/libgit2/libgit2/releases/tag/v0.99.0",
- "https://github.com/libgit2/libgit2/releases/tag/v0.28.4",
- "https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v",
- "https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4",
- },
- },
- {
- ID: "CVE-2020-12283",
- Path: "2020/12xxx/CVE-2020-12283.json",
- BlobHash: "c3d171533a26a23b619ad725f8fc12aec7637849",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/sourcegraph/sourcegraph/pull/10167",
- "https://github.com/sourcegraph/sourcegraph/compare/v3.15.0...v3.15.1",
- "https://github.com/sourcegraph/sourcegraph/commit/c0f48172e815c7f66471a38f0a06d1fc32a77a64",
- "https://github.com/sourcegraph/sourcegraph/blob/master/CHANGELOG.md",
- "https://securitylab.github.com/advisories/GHSL-2020-085-sourcegraph",
- },
- },
- {
- ID: "CVE-2020-12458",
- Path: "2020/12xxx/CVE-2020-12458.json",
- BlobHash: "cdec1bb3fb314b5c27d7374bad63975a26fa55e6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/issues/8283",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1827765",
- "https://access.redhat.com/security/cve/CVE-2020-12458",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/",
- "https://security.netapp.com/advisory/ntap-20200518-0001/",
- },
- },
- {
- ID: "CVE-2020-12459",
- Path: "2020/12xxx/CVE-2020-12459.json",
- BlobHash: "03485979cc6e5e9b2c6d6cfa0360fb3f3b6477f8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/issues/8283",
- "https://access.redhat.com/security/cve/CVE-2020-12459",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1829724",
- "https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/",
- "https://security.netapp.com/advisory/ntap-20200518-0004/",
- },
- },
- {
- ID: "CVE-2020-12603",
- Path: "2020/12xxx/CVE-2020-12603.json",
- BlobHash: "7921cd1fe37271cd23d6fbd97dd6bf8648a570d2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy-setec/issues/80",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6",
- },
- },
- {
- ID: "CVE-2020-12604",
- Path: "2020/12xxx/CVE-2020-12604.json",
- BlobHash: "306d21154935ffdff9526f480445a678a3466151",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/commits/master",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx",
- },
- },
- {
- ID: "CVE-2020-12605",
- Path: "2020/12xxx/CVE-2020-12605.json",
- BlobHash: "dc93e6a6f6445f141dd06a0440940375304156f1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy-setec/issues/137",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777",
- },
- },
- {
- ID: "CVE-2020-12757",
- Path: "2020/12xxx/CVE-2020-12757.json",
- BlobHash: "ac21b00cd3522a4933f9bf719e1c8260b985c974",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/vault/",
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020",
- },
- },
- {
- ID: "CVE-2020-12758",
- Path: "2020/12xxx/CVE-2020-12758.json",
- BlobHash: "b3e8bdddb005a15366c5a85809f500b72a463df2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md",
- "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md",
- "https://github.com/hashicorp/consul/pull/7783",
- },
- },
- {
- ID: "CVE-2020-12797",
- Path: "2020/12xxx/CVE-2020-12797.json",
- BlobHash: "db1a0c6081be54b27a441939d9628fa00abd7d79",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md",
- "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md",
- "https://github.com/hashicorp/consul/pull/8047",
- },
- },
- {
- ID: "CVE-2020-13170",
- Path: "2020/13xxx/CVE-2020-13170.json",
- BlobHash: "c5cfc8d95bd3b388fb13f5286707ec01ee3de264",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md",
- "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md",
- "https://github.com/hashicorp/consul/pull/8068",
- },
- },
- {
- ID: "CVE-2020-13223",
- Path: "2020/13xxx/CVE-2020-13223.json",
- BlobHash: "7b3e591fb1f19e2da0e1c47fd65218f1c28997b9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/vault/",
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020",
- },
- },
- {
- ID: "CVE-2020-13246",
- Path: "2020/13xxx/CVE-2020-13246.json",
- BlobHash: "9a649cb20e560e89d2bedf10e48c8d90282e74be",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/issues/10549",
- "https://github.com/go-gitea/gitea/pull/11438",
- "https://www.youtube.com/watch?v=DmVgADSVS88",
- },
- },
- {
- ID: "CVE-2020-13250",
- Path: "2020/13xxx/CVE-2020-13250.json",
- BlobHash: "90cd61a54bd8ca27ad801f95bab9250095ec68d0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/consul/pull/8023",
- "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md",
- "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md",
- },
- },
- {
- ID: "CVE-2020-13401",
- Path: "2020/13xxx/CVE-2020-13401.json",
- BlobHash: "5db4a90b1a48460ea29578043949b311359777e8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://docs.docker.com/engine/release-notes/",
- "http://www.openwall.com/lists/oss-security/2020/06/01/5",
- "https://github.com/docker/docker-ce/releases/tag/v19.03.11",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/",
- "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html",
- "https://www.debian.org/security/2020/dsa-4716",
- "https://security.netapp.com/advisory/ntap-20200717-0002/",
- "https://security.gentoo.org/glsa/202008-15",
- },
- },
- {
- ID: "CVE-2020-13430",
- Path: "2020/13xxx/CVE-2020-13430.json",
- BlobHash: "0196be588481d0cc2288cef28f8cb57f5417af3c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/releases/tag/v7.0.0",
- "https://github.com/grafana/grafana/pull/24539",
- "https://security.netapp.com/advisory/ntap-20200528-0003/",
- },
- },
- {
- ID: "CVE-2020-13449",
- Path: "2020/13xxx/CVE-2020-13449.json",
- BlobHash: "17a03c8be88615c863ac5cf82112d1e31a30d323",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/thecodingmachine/gotenberg/issues/199",
- "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
- },
- },
- {
- ID: "CVE-2020-13450",
- Path: "2020/13xxx/CVE-2020-13450.json",
- BlobHash: "96a4e9c87a8714691a5eab17acec86406aafeac6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/thecodingmachine/gotenberg/issues/199",
- "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
- },
- },
- {
- ID: "CVE-2020-13451",
- Path: "2020/13xxx/CVE-2020-13451.json",
- BlobHash: "1c80691154fe0a5f68df5e33af3919a910bfa597",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/thecodingmachine/gotenberg/issues/199",
- "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
- },
- },
- {
- ID: "CVE-2020-13452",
- Path: "2020/13xxx/CVE-2020-13452.json",
- BlobHash: "9ccd02a6b2b6b8f7156f996b71b11bdf8be4bdf5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/thecodingmachine/gotenberg/issues/199",
- "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
- },
- },
- {
- ID: "CVE-2020-13597",
- Path: "2020/13xxx/CVE-2020-13597.json",
- BlobHash: "9344e780825e6ee6ee9f002ff3bfca76bc8a298b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.projectcalico.org/security-bulletins/",
- "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8",
- "https://github.com/kubernetes/kubernetes/issues/91507",
- },
- },
- {
- ID: "CVE-2020-13788",
- Path: "2020/13xxx/CVE-2020-13788.json",
- BlobHash: "94dae312a3e1a91ed7bd20ef9ca4a81f3ae95583",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/goharbor/harbor/releases",
- "https://www.soluble.ai/blog/harbor-ssrf-cve-2020-13788",
- "https://www.youtube.com/watch?v=v8Isqy4yR3Q",
- },
- },
- {
- ID: "CVE-2020-13794",
- Path: "2020/13xxx/CVE-2020-13794.json",
- BlobHash: "cb3c9de369ff824af51b6b18346b3f1d21242fb0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/goharbor/harbor/releases",
- "https://github.com/goharbor/harbor/security/advisories/GHSA-q9p8-33wc-h432",
- "https://www.cybereagle.io/blog/cve-2020-13794/",
- },
- },
- {
- ID: "CVE-2020-14144",
- Path: "2020/14xxx/CVE-2020-14144.json",
- BlobHash: "45e745dadce235e2420c3eeead0b337d1df1ebed",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/releases",
- "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/",
- "https://github.com/go-gitea/gitea/pull/13058",
- "https://docs.gitlab.com/ee/administration/server_hooks.html",
- "https://docs.github.com/en/enterprise-server@2.19/admin/policies/creating-a-pre-receive-hook-script",
- "http://packetstormsecurity.com/files/162122/Gitea-Git-Hooks-Remote-Code-Execution.html",
- },
- },
- {
- ID: "CVE-2020-14306",
- Path: "2020/14xxx/CVE-2020-14306.json",
- BlobHash: "7bd070a5ed90353454650d9b7c884d02a8b6d18f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/maistra/istio-operator/pull/462",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1850380",
- },
- },
- {
- ID: "CVE-2020-14330",
- Path: "2020/14xxx/CVE-2020-14330.json",
- BlobHash: "03c537b1619b4365a94d10cf314fd180e9c06e7d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/issues/68400",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330",
- },
- },
- {
- ID: "CVE-2020-14332",
- Path: "2020/14xxx/CVE-2020-14332.json",
- BlobHash: "afb8d34597ddf56c910f3539ba26d6a12f0603b1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ansible/ansible/pull/71033",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332",
- },
- },
- {
- ID: "CVE-2020-14958",
- Path: "2020/14xxx/CVE-2020-14958.json",
- BlobHash: "cf7ec412d6f491b8a2fdf30518ad5fbf8135e8ce",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gogs/gogs/commit/82ff0c5852f29daa5f95d965fd50665581e7ea3c",
- "https://github.com/gogs/gogs/pull/5988",
- },
- },
- {
- ID: "CVE-2020-15104",
- Path: "2020/15xxx/CVE-2020-15104.json",
- BlobHash: "1edfac609c0401df144b93f68b5985348b82b10e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5f5-6qhq-hhrg",
- },
- },
- {
- ID: "CVE-2020-15112",
- Path: "2020/15xxx/CVE-2020-15112.json",
- BlobHash: "3d87891317ff107037bc0145194ab72df1890411",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "HasVuln",
- TriageStateReason: "GO-2020-0005",
- },
- {
- ID: "CVE-2020-15113",
- Path: "2020/15xxx/CVE-2020-15113.json",
- BlobHash: "9133c3be68ef84771bad74ec8770e1efff7bf0de",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/",
- },
- },
- {
- ID: "CVE-2020-15114",
- Path: "2020/15xxx/CVE-2020-15114.json",
- BlobHash: "e5fc68a458642e7cf17a7026f3c2f7c5abf88434",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/",
- },
- },
- {
- ID: "CVE-2020-15115",
- Path: "2020/15xxx/CVE-2020-15115.json",
- BlobHash: "f7eace29c0f83893a3d865628dd5733cdd72fd3d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/",
- },
- },
- {
- ID: "CVE-2020-15127",
- Path: "2020/15xxx/CVE-2020-15127.json",
- BlobHash: "56ec1fae6e4706da0e7d88f246be25d5e955d966",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/projectcontour/contour/security/advisories/GHSA-mjp8-x484-pm3r",
- "https://github.com/projectcontour/contour/releases/tag/v1.7.0",
- },
- },
- {
- ID: "CVE-2020-15129",
- Path: "2020/15xxx/CVE-2020-15129.json",
- BlobHash: "ce972aecfeb350c6d3a365b51401a16761b2e455",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp",
- "https://github.com/containous/traefik/releases/tag/v1.7.26",
- "https://github.com/containous/traefik/releases/tag/v2.2.8",
- "https://github.com/containous/traefik/releases/tag/v2.3.0-rc3",
- "https://github.com/containous/traefik/pull/7109",
- "https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2",
- },
- },
- {
- ID: "CVE-2020-15136",
- Path: "2020/15xxx/CVE-2020-15136.json",
- BlobHash: "8f347e8c68494ec8f12395fdb9a73e5b5fe8919c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q",
- "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/",
- },
- },
- {
- ID: "CVE-2020-15157",
- Path: "2020/15xxx/CVE-2020-15157.json",
- BlobHash: "97c472abe48bdb0b5bcfc9476e9e986ddece309d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c",
- "https://github.com/containerd/containerd/releases/tag/v1.2.14",
- "https://usn.ubuntu.com/4589-1/",
- "https://usn.ubuntu.com/4589-2/",
- "https://www.debian.org/security/2021/dsa-4865",
- },
- },
- {
- ID: "CVE-2020-15184",
- Path: "2020/15xxx/CVE-2020-15184.json",
- BlobHash: "75627eb4432e1e8e595ad18c122450db22d13d29",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776",
- "https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850",
- },
- },
- {
- ID: "CVE-2020-15185",
- Path: "2020/15xxx/CVE-2020-15185.json",
- BlobHash: "83e7748e619b25d85b7c23fe17b62b93fe5111bf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453",
- "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc",
- },
- },
- {
- ID: "CVE-2020-15186",
- Path: "2020/15xxx/CVE-2020-15186.json",
- BlobHash: "bc01ca56a8da6601e8566740fbe6f53a4d9d8215",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33",
- "https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542",
- },
- },
- {
- ID: "CVE-2020-15187",
- Path: "2020/15xxx/CVE-2020-15187.json",
- BlobHash: "ce64bf787d290e1867052ee17f87cd6ba392f3b0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j",
- "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b",
- },
- },
- {
- ID: "CVE-2020-15190",
- Path: "2020/15xxx/CVE-2020-15190.json",
- BlobHash: "69b59e5bf80856e0359142de61ca85efc130db3a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4",
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15191",
- Path: "2020/15xxx/CVE-2020-15191.json",
- BlobHash: "bdceab9a0ef2b19dfa872378bb9d67b57fe72da1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15192",
- Path: "2020/15xxx/CVE-2020-15192.json",
- BlobHash: "e84ea5377e0da66e43b115a03cceba37dc5222a7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15193",
- Path: "2020/15xxx/CVE-2020-15193.json",
- BlobHash: "2943e7e3b913448345f8107a34b3e69e4fbf7763",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v",
- "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15194",
- Path: "2020/15xxx/CVE-2020-15194.json",
- BlobHash: "c27861ebb39abe40817ae4993e4bd96d8f92c997",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15195",
- Path: "2020/15xxx/CVE-2020-15195.json",
- BlobHash: "09764b50866a76569b24649dee251a3e5e79adfa",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr",
- "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15196",
- Path: "2020/15xxx/CVE-2020-15196.json",
- BlobHash: "b7f3b2b6fb43fa1c289fa5b2046b571c3d35ac69",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pg59-2f92-5cph",
- },
- },
- {
- ID: "CVE-2020-15197",
- Path: "2020/15xxx/CVE-2020-15197.json",
- BlobHash: "eb8804b7987a100032e5f939859ca8a8ce6c4296",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qc53-44cj-vfvx",
- },
- },
- {
- ID: "CVE-2020-15198",
- Path: "2020/15xxx/CVE-2020-15198.json",
- BlobHash: "67f4566285f0919fbd89e2ea900c8282c60e63b1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jc87-6vpp-7ff3",
- },
- },
- {
- ID: "CVE-2020-15199",
- Path: "2020/15xxx/CVE-2020-15199.json",
- BlobHash: "2a6df28b3f1f02fab1823e37601a97fdf58a22c3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h",
- },
- },
- {
- ID: "CVE-2020-15200",
- Path: "2020/15xxx/CVE-2020-15200.json",
- BlobHash: "6a686cb7695ff2798e93514481122251bb966816",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x7rp-74x2-mjf3",
- "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
- },
- },
- {
- ID: "CVE-2020-15201",
- Path: "2020/15xxx/CVE-2020-15201.json",
- BlobHash: "a184d90bf2119a79767efc4adeadc88978aa81db",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4",
- },
- },
- {
- ID: "CVE-2020-15202",
- Path: "2020/15xxx/CVE-2020-15202.json",
- BlobHash: "8db71c4621f5a8621f59194d98202222e8f4f73e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4",
- "https://github.com/tensorflow/tensorflow/commit/27b417360cbd671ef55915e4bb6bb06af8b8a832",
- "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15203",
- Path: "2020/15xxx/CVE-2020-15203.json",
- BlobHash: "be6e48983405407b7a1a0c0449ab4bf524a4caf6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79",
- "https://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15204",
- Path: "2020/15xxx/CVE-2020-15204.json",
- BlobHash: "342980aa6ae1f5c0b07fb3b3d513414e09994127",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8",
- "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15205",
- Path: "2020/15xxx/CVE-2020-15205.json",
- BlobHash: "d11a5519a3651939a3798ff873794184a5f691ae",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46",
- "https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15206",
- Path: "2020/15xxx/CVE-2020-15206.json",
- BlobHash: "fe7b833644ef82b0add4530b2ab94ec513442fd2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w5gh-2wr2-pm6g",
- "https://github.com/tensorflow/tensorflow/commit/adf095206f25471e864a8e63a0f1caef53a0e3a6",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15207",
- Path: "2020/15xxx/CVE-2020-15207.json",
- BlobHash: "21067fd9482a3b523ceba1fb574224cb5e5dc478",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34",
- "https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15208",
- Path: "2020/15xxx/CVE-2020-15208.json",
- BlobHash: "fbfd53b8d4a5bea542c8e11dbad4cd0b029ab8c2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mxjj-953w-2c2v",
- "https://github.com/tensorflow/tensorflow/commit/8ee24e7949a203d234489f9da2c5bf45a7d5157d",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15209",
- Path: "2020/15xxx/CVE-2020-15209.json",
- BlobHash: "736967f1a08f3de2611a6c5211af41d59163ef52",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qh32-6jjc-qprm",
- "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15210",
- Path: "2020/15xxx/CVE-2020-15210.json",
- BlobHash: "e825062e26147ca204059d7d5770f588b0686443",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2",
- "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15211",
- Path: "2020/15xxx/CVE-2020-15211.json",
- BlobHash: "4526d71491a9bcf7f797020f1bebf47843074522",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45",
- "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9",
- "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0",
- "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162",
- "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f",
- "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35",
- "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
- },
- },
- {
- ID: "CVE-2020-15212",
- Path: "2020/15xxx/CVE-2020-15212.json",
- BlobHash: "72d1531ceaaf0863c6d6903a9d1f79da94ce8f76",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx2x-85gr-wrpq",
- },
- },
- {
- ID: "CVE-2020-15213",
- Path: "2020/15xxx/CVE-2020-15213.json",
- BlobHash: "922ec7d4d730ace15c0fe9983ee4e86692416c02",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hjmq-236j-8m87",
- },
- },
- {
- ID: "CVE-2020-15214",
- Path: "2020/15xxx/CVE-2020-15214.json",
- BlobHash: "ce9b6b29509589dc98577cf830707d730300fbe3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2cq-cprg-frvm",
- "https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a",
- },
- },
- {
- ID: "CVE-2020-15223",
- Path: "2020/15xxx/CVE-2020-15223.json",
- BlobHash: "83c8b4250af787675df5a0f49fc85d4346bd4a02",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm",
- "https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319",
- "https://tools.ietf.org/html/rfc7009#section-2.2.1",
- },
- },
- {
- ID: "CVE-2020-15233",
- Path: "2020/15xxx/CVE-2020-15233.json",
- BlobHash: "3e3a32a7abdd4d693415cab662f8f3a804d3016f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ory/fosite/commit/cdee51ebe721bfc8acca0fd0b86b030ca70867bf",
- "https://github.com/ory/fosite/security/advisories/GHSA-rfq3-w54c-f9q5",
- },
- },
- {
- ID: "CVE-2020-15234",
- Path: "2020/15xxx/CVE-2020-15234.json",
- BlobHash: "1e41a8769ee0a2dc219ea475a4496fa7f45b6a90",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ory/fosite/security/advisories/GHSA-grfp-q2mm-hfp6",
- "https://github.com/ory/fosite/commit/cdee51ebe721bfc8acca0fd0b86b030ca70867bf",
- },
- },
- {
- ID: "CVE-2020-15254",
- Path: "2020/15xxx/CVE-2020-15254.json",
- BlobHash: "8ee99b9d3ed4210fe22e38d0176770eb1539ad14",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx",
- "https://github.com/crossbeam-rs/crossbeam/issues/539",
- "https://github.com/crossbeam-rs/crossbeam/pull/533",
- "https://github.com/RustSec/advisory-db/pull/425",
- },
- },
- {
- ID: "CVE-2020-15257",
- Path: "2020/15xxx/CVE-2020-15257.json",
- BlobHash: "d3307806e58681229f67d2d1858ffce149a97ca4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4",
- "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad",
- "https://github.com/containerd/containerd/releases/tag/v1.4.3",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD/",
- "https://www.debian.org/security/2021/dsa-4865",
- },
- },
- {
- ID: "CVE-2020-15265",
- Path: "2020/15xxx/CVE-2020-15265.json",
- BlobHash: "eb0b70648f0fd52e57b8619ffee97256e5f8b7ae",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrfp-j2mp-hq9c",
- "https://github.com/tensorflow/tensorflow/issues/42105",
- "https://github.com/tensorflow/tensorflow/commit/eccb7ec454e6617738554a255d77f08e60ee0808",
- },
- },
- {
- ID: "CVE-2020-15266",
- Path: "2020/15xxx/CVE-2020-15266.json",
- BlobHash: "d4288afc8306d8d0da027ed34be7977ba9366b79",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc",
- "https://github.com/tensorflow/tensorflow/issues/42129",
- "https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845",
- },
- },
- {
- ID: "CVE-2020-15391",
- Path: "2020/15xxx/CVE-2020-15391.json",
- BlobHash: "86980a5a1174555d80467f60769a8329a7bbb7d9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/devspace-cloud/devspace/tags",
- "https://github.com/devspace-cloud/devspace/releases/tag/v4.14.0",
- },
- },
- {
- ID: "CVE-2020-16248",
- Path: "2020/16xxx/CVE-2020-16248.json",
- BlobHash: "444ddc83f5309e202900762cb040330d169e7178",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/prometheus/blackbox_exporter/issues/669",
- "https://prometheus.io/docs/operating/security/#exporters",
- "https://www.openwall.com/lists/oss-security/2020/08/08/3",
- "https://www.openwall.com/lists/oss-security/2020/08/08/12",
- "https://seclists.org/oss-sec/2020/q3/94",
- },
- },
- {
- ID: "CVE-2020-16250",
- Path: "2020/16xxx/CVE-2020-16250.json",
- BlobHash: "67ef5666d43aed3715f5944b1e7c544340c016da",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/vault/",
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151",
- "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html",
- },
- },
- {
- ID: "CVE-2020-16251",
- Path: "2020/16xxx/CVE-2020-16251.json",
- BlobHash: "86ec5dea5110b7393008bf3db623a1d0e3982144",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/vault/",
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151",
- "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html",
- },
- },
- {
- ID: "CVE-2020-16844",
- Path: "2020/16xxx/CVE-2020-16844.json",
- BlobHash: "11eeb4570be6985ee8f44d76e1c8aaf4ead9ef4a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/istio/istio/releases",
- "https://istio.io/latest/news/security/istio-security-2020-009/",
- },
- },
- {
- ID: "CVE-2020-1733",
- Path: "2020/1xxx/CVE-2020-1733.json",
- BlobHash: "7199fd13ae2ac658fb5a8ce1c28c710d568d2bf0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733",
- "https://github.com/ansible/ansible/issues/67791",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/",
- "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html",
- "https://security.gentoo.org/glsa/202006-11",
- },
- },
- {
- ID: "CVE-2020-1734",
- Path: "2020/1xxx/CVE-2020-1734.json",
- BlobHash: "8ed8e1886e0b26a4a6122a1caf005d3c203133af",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734",
- "https://github.com/ansible/ansible/issues/67792",
- },
- },
- {
- ID: "CVE-2020-1735",
- Path: "2020/1xxx/CVE-2020-1735.json",
- BlobHash: "372bedb4c5a9e911ad090add905c8034a7463b2d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735",
- "https://github.com/ansible/ansible/issues/67793",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/",
- "https://security.gentoo.org/glsa/202006-11",
- },
- },
- {
- ID: "CVE-2020-1736",
- Path: "2020/1xxx/CVE-2020-1736.json",
- BlobHash: "e64fe330f308fd24826ea5cd68cd82e3a6c91335",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736",
- "https://github.com/ansible/ansible/issues/67794",
- "https://security.gentoo.org/glsa/202006-11",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/",
- },
- },
- {
- ID: "CVE-2020-1737",
- Path: "2020/1xxx/CVE-2020-1737.json",
- BlobHash: "5de1c3fd61a11dce7e1bdc450f3ec4adb319de9b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737",
- "https://github.com/ansible/ansible/issues/67795",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/",
- "https://security.gentoo.org/glsa/202006-11",
- },
- },
- {
- ID: "CVE-2020-1738",
- Path: "2020/1xxx/CVE-2020-1738.json",
- BlobHash: "313a7e1e6ef581235ee7ab691dac6bf899e9cd58",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738",
- "https://github.com/ansible/ansible/issues/67796",
- "https://security.gentoo.org/glsa/202006-11",
- },
- },
- {
- ID: "CVE-2020-1739",
- Path: "2020/1xxx/CVE-2020-1739.json",
- BlobHash: "a8b8d6e63980a2416f6b982e5c2d1a9e32664ff1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739",
- "https://github.com/ansible/ansible/issues/67797",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/",
- "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html",
- },
- },
- {
- ID: "CVE-2020-1740",
- Path: "2020/1xxx/CVE-2020-1740.json",
- BlobHash: "f73ad4f77c6fa38f410216fc3edb4d294329d165",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740",
- "https://github.com/ansible/ansible/issues/67798",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/",
- "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html",
- "https://security.gentoo.org/glsa/202006-11",
- },
- },
- {
- ID: "CVE-2020-1746",
- Path: "2020/1xxx/CVE-2020-1746.json",
- BlobHash: "00b42e86162ea2dba91bd9be84113a850c6ec111",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746",
- "https://github.com/ansible/ansible/pull/67866",
- },
- },
- {
- ID: "CVE-2020-2023",
- Path: "2020/2xxx/CVE-2020-2023.json",
- BlobHash: "0a1db5ead568b7d0a196dce929750df98d16c45b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kata-containers/runtime/pull/2487",
- "https://github.com/kata-containers/runtime/pull/2477",
- "https://github.com/kata-containers/runtime/issues/2488",
- "https://github.com/kata-containers/agent/issues/791",
- "https://github.com/kata-containers/agent/pull/792",
- "https://github.com/kata-containers/runtime/releases/tag/1.11.1",
- "https://github.com/kata-containers/runtime/releases/tag/1.10.5",
- },
- },
- {
- ID: "CVE-2020-2024",
- Path: "2020/2xxx/CVE-2020-2024.json",
- BlobHash: "fabf6af796f277e2955effc7d02a09fb275163b0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kata-containers/runtime/issues/2474",
- "https://github.com/kata-containers/runtime/pull/2475",
- },
- },
- {
- ID: "CVE-2020-2025",
- Path: "2020/2xxx/CVE-2020-2025.json",
- BlobHash: "6f5a2fc978fbe50ed06ba771582f5c2ad128d624",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kata-containers/runtime/pull/2487",
- },
- },
- {
- ID: "CVE-2020-2026",
- Path: "2020/2xxx/CVE-2020-2026.json",
- BlobHash: "94164a6a0933d7d8d37c91606e6348ab38531df4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kata-containers/runtime/releases/tag/1.11.1",
- "https://github.com/kata-containers/runtime/releases/tag/1.10.5",
- "https://github.com/kata-containers/runtime/issues/2712",
- "https://github.com/kata-containers/runtime/pull/2713",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJAMOVB7DSOGX7J26QH5HZKU7GSSX2VU/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JPBKAQBF3OR72N55GWM2TDYQP2OHK6H/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6W5MKF7HSAIL2AX2BX6RV4WWVGUIKVLS/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWACJQSMY5BVDMVTF3FBN7HZSOSFOG3Q/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNJHSSPCKUGJDVXXIXK2JUWCRJDQX7CE/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P7FHA4AF6Y6PAVJBTTQPUEHXZQUOF3P/",
- },
- },
- {
- ID: "CVE-2020-24263",
- Path: "2020/24xxx/CVE-2020-24263.json",
- BlobHash: "4b9a720a4cf4500fc11fae2e4c17449e6bc7df51",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/portainer/portainer/issues/4105",
- },
- },
- {
- ID: "CVE-2020-24264",
- Path: "2020/24xxx/CVE-2020-24264.json",
- BlobHash: "61bfb8376f06cc89f44f5460415debdb2bd47fd2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/portainer/portainer/issues/4106",
- },
- },
- {
- ID: "CVE-2020-24303",
- Path: "2020/24xxx/CVE-2020-24303.json",
- BlobHash: "90f9c4a3f31035200ebc6c2f594dd761a91009d8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#710-beta-1-2020-07-01",
- "https://github.com/grafana/grafana/pull/25401",
- "https://security.netapp.com/advisory/ntap-20201123-0002/",
- },
- },
- {
- ID: "CVE-2020-24356",
- Path: "2020/24xxx/CVE-2020-24356.json",
- BlobHash: "e1f9f8f284db6f27fd4b52ec54b25b2a49052e22",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2",
- },
- },
- {
- ID: "CVE-2020-24359",
- Path: "2020/24xxx/CVE-2020-24359.json",
- BlobHash: "575a9c5a5878039671c9baceb3d8de46de7f0e0c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/vault-ssh-helper/releases",
- "https://github.com/hashicorp/vault-ssh-helper/blob/master/CHANGELOG.md#020-august-19-2020",
- },
- },
- {
- ID: "CVE-2020-24707",
- Path: "2020/24xxx/CVE-2020-24707.json",
- BlobHash: "cafc372f5eae3e28aa11e148374e4823749ac6f0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://herolab.usd.de/security-advisories/usd-2020-0052/",
- "https://github.com/gophish/gophish/releases/tag/v0.11.0",
- "https://github.com/gophish/gophish/commit/b25f5ac5e468f6730e377f43c7995e18f8fccc2b",
- },
- },
- {
- ID: "CVE-2020-24708",
- Path: "2020/24xxx/CVE-2020-24708.json",
- BlobHash: "f6cb45553b062072c6cf0243995699343c789e7b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://herolab.usd.de/security-advisories/usd-2020-0048/",
- "https://github.com/gophish/gophish/commit/90fed5a575628b89eaf941e1627b49e0f3693812",
- },
- },
- {
- ID: "CVE-2020-24710",
- Path: "2020/24xxx/CVE-2020-24710.json",
- BlobHash: "37cb54072a9dae2cfee50554f5716d3a588a2e28",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gophish/gophish/commit/e3352f481e94054ffe08494c9225d3878347b005",
- "https://herolab.usd.de/security-advisories/usd-2020-0054/",
- "https://github.com/gophish/gophish/releases/tag/v0.11.0",
- },
- },
- {
- ID: "CVE-2020-24711",
- Path: "2020/24xxx/CVE-2020-24711.json",
- BlobHash: "4013ba940157a966d1c21672ab6e4d7818764a44",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gophish/gophish/commit/6df62e85fd60f0931d3c8bfdb13b436a961bc9b6",
- "https://herolab.usd.de/security-advisories/usd-2020-0051/",
- "https://github.com/gophish/gophish/releases/tag/v0.11.0",
- },
- },
- {
- ID: "CVE-2020-24712",
- Path: "2020/24xxx/CVE-2020-24712.json",
- BlobHash: "2ba575c2bbebc92e9807e033c1e30b76161c5a06",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://herolab.usd.de/security-advisories/usd-2020-0050/",
- "https://github.com/gophish/gophish/commit/4e9b94b641755f359542b246cc0c555fa3bc6715",
- "https://github.com/gophish/gophish/releases/tag/v0.11.0",
- },
- },
- {
- ID: "CVE-2020-25017",
- Path: "2020/25xxx/CVE-2020-25017.json",
- BlobHash: "157895fb235bb1aef7aa2f399d9ec89b92a6fe87",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/forum/#!forum/envoy-security-announce",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w",
- },
- },
- {
- ID: "CVE-2020-25018",
- Path: "2020/25xxx/CVE-2020-25018.json",
- BlobHash: "3b6b864db078f49506cb0aa00c5ad652c5bd07ff",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/forum/#!forum/envoy-security-announce",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673",
- },
- },
- {
- ID: "CVE-2020-25201",
- Path: "2020/25xxx/CVE-2020-25201.json",
- BlobHash: "5cfc056da2d28378447d8e1b0f528249b754a894",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/consul",
- "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020",
- },
- },
- {
- ID: "CVE-2020-25816",
- Path: "2020/25xxx/CVE-2020-25816.json",
- BlobHash: "b9f2c10124187ed400868b40e08f8371f32ccd09",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/vault",
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154",
- },
- },
- {
- ID: "CVE-2020-25989",
- Path: "2020/25xxx/CVE-2020-25989.json",
- BlobHash: "1f9bfea839566f63aa9aaef6a175693c6cdd8818",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://vkas-afk.github.io/vuln-disclosures/",
- "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d",
- },
- },
- {
- ID: "CVE-2020-26222",
- Path: "2020/26xxx/CVE-2020-26222.json",
- BlobHash: "4e6dedb7c01b71049ec21c0001069ab5b077d3cc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/dependabot/dependabot-core/security/advisories/GHSA-23f7-99jx-m54r",
- "https://github.com/dependabot/dependabot-core/pull/2727",
- "https://github.com/dependabot/dependabot-core/commit/e089116abbe284425b976f7920e502b8e83a61b5",
- },
- },
- {
- ID: "CVE-2020-26240",
- Path: "2020/26xxx/CVE-2020-26240.json",
- BlobHash: "dd264dc92c67f3e2a52b2b0a337dd8de2415f6c5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://blog.ethereum.org/2020/11/12/geth_security_release/",
- "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p",
- "https://github.com/ethereum/go-ethereum/pull/21793",
- "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0",
- },
- },
- {
- ID: "CVE-2020-26241",
- Path: "2020/26xxx/CVE-2020-26241.json",
- BlobHash: "70211d0b60bab3fba1120796f7f8051b3ee177a8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://blog.ethereum.org/2020/11/12/geth_security_release/",
- "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf",
- },
- },
- {
- ID: "CVE-2020-26242",
- Path: "2020/26xxx/CVE-2020-26242.json",
- BlobHash: "8413421d6e4d08facc9ccf302d2b33fe405b8f14",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m",
- "https://blog.ethereum.org/2020/11/12/geth_security_release/",
- },
- },
- {
- ID: "CVE-2020-26265",
- Path: "2020/26xxx/CVE-2020-26265.json",
- BlobHash: "fb9e971c245f7ea0d776d8f1584a25eebdcba04e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4",
- "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20",
- },
- },
- {
- ID: "CVE-2020-26266",
- Path: "2020/26xxx/CVE-2020-26266.json",
- BlobHash: "71c06d936541d40401d37bc626cb652ceec868a4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhxx-j73r-qpm2",
- "https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2",
- },
- },
- {
- ID: "CVE-2020-26267",
- Path: "2020/26xxx/CVE-2020-26267.json",
- BlobHash: "6034efe677705536fb2d23af45620f5af263ad64",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7",
- "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae",
- },
- },
- {
- ID: "CVE-2020-26268",
- Path: "2020/26xxx/CVE-2020-26268.json",
- BlobHash: "758ba79802b734983f8a10eb3df449502f0ba4e2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-48c6",
- "https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7",
- },
- },
- {
- ID: "CVE-2020-26269",
- Path: "2020/26xxx/CVE-2020-26269.json",
- BlobHash: "85f41f33b7ab4ecc01bcbb33556101f9eec0ab6c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9jjw-hf72-3mxw",
- "https://github.com/tensorflow/tensorflow/commit/8b5b9dc96666a3a5d27fad7179ff215e3b74b67c",
- },
- },
- {
- ID: "CVE-2020-26270",
- Path: "2020/26xxx/CVE-2020-26270.json",
- BlobHash: "fbef802aec5e97c28eeb07e9aee1f9110ae1e6ea",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-v3gp",
- "https://github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa778c7fec7f16e3",
- },
- },
- {
- ID: "CVE-2020-26271",
- Path: "2020/26xxx/CVE-2020-26271.json",
- BlobHash: "3dcf78c8cb6f40cb585155336b39b21df483ce6e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q263-fvxm-m5mw",
- "https://github.com/tensorflow/tensorflow/commit/0cc38aaa4064fd9e79101994ce9872c6d91f816b",
- },
- },
- {
- ID: "CVE-2020-26276",
- Path: "2020/26xxx/CVE-2020-26276.json",
- BlobHash: "dc65453786272e4661ecf8295279ce7d01ad36e2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/fleetdm/fleet/security/advisories/GHSA-w3wf-cfx3-6gcx",
- "https://github.com/fleetdm/fleet/commit/57812a532e5f749c8e18c6f6a652eca65c083607",
- "https://github.com/fleetdm/fleet/blob/master/CHANGELOG.md#fleet-351-dec-14-2020",
- "https://github.com/mattermost/xml-roundtrip-validator",
- "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities",
- },
- },
- {
- ID: "CVE-2020-26277",
- Path: "2020/26xxx/CVE-2020-26277.json",
- BlobHash: "b16123a76d209bc0d2832d178c9e86c7d1cf801c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/datacharmer/dbdeployer/security/advisories/GHSA-47wr-426j-fr82",
- "https://github.com/datacharmer/dbdeployer/commit/548e256c1de2f99746e861454e7714ec6bc9bb10",
- },
- },
- {
- ID: "CVE-2020-26278",
- Path: "2020/26xxx/CVE-2020-26278.json",
- BlobHash: "9026560ef73c0d8c6eadb51b0aa99e880ab6114d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/weaveworks/weave/security/advisories/GHSA-pg3p-v8c6-c6h3",
- "https://github.com/weaveworks/weave/commit/a0ac81b3b4cae6d0dcaf3732fd91cedefc89f720",
- "https://github.com/weaveworks/weave/pull/3876",
- "https://github.com/weaveworks/weave/blob/master/CHANGELOG.md#release-280",
- },
- },
- {
- ID: "CVE-2020-26279",
- Path: "2020/26xxx/CVE-2020-26279.json",
- BlobHash: "512ba0677a38b40714593813bb912e6d9567522b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ipfs/go-ipfs/security/advisories/GHSA-27pv-q55r-222g",
- "https://github.com/ipfs/go-ipfs/commit/b7ddba7fe47dee5b1760b8ffe897908417e577b2",
- "https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227",
- },
- },
- {
- ID: "CVE-2020-26283",
- Path: "2020/26xxx/CVE-2020-26283.json",
- BlobHash: "9ea7890fad7ea4c6209896233e5a968cd908b1f1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm",
- "https://github.com/ipfs/go-ipfs/pull/7831",
- "https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a",
- },
- },
- {
- ID: "CVE-2020-26284",
- Path: "2020/26xxx/CVE-2020-26284.json",
- BlobHash: "98bae0cf7fdeb463685d52b5cc46eeb855d46356",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq",
- "https://github.com/golang/go/issues/38736",
- },
- },
- {
- ID: "CVE-2020-26290",
- Path: "2020/26xxx/CVE-2020-26290.json",
- BlobHash: "2ab920db8c88363ff231559d62b621b3fabaff46",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md",
- "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md",
- "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md",
- "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/",
- "https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5",
- "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7",
- "https://github.com/dexidp/dex/commit/324b1c886b407594196113a3dbddebe38eecd4e8",
- "https://github.com/dexidp/dex/releases/tag/v2.27.0",
- },
- },
- {
- ID: "CVE-2020-26294",
- Path: "2020/26xxx/CVE-2020-26294.json",
- BlobHash: "ef140bc7feed35de17a6846477303b646d766e03",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-vela/compiler/security/advisories/GHSA-gv2h-gf8m-r68j",
- "https://github.com/go-vela/compiler/commit/f1ace5f8a05c95c4d02264556e38a959ee2d9bda",
- "https://pkg.go.dev/github.com/go-vela/compiler/compiler",
- },
- },
- {
- ID: "CVE-2020-26521",
- Path: "2020/26xxx/CVE-2020-26521.json",
- BlobHash: "14607d51110f2f457003dd9f48388df6a06ff587",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/nats-io/nats-server/commits/master",
- "http://www.openwall.com/lists/oss-security/2020/11/02/2",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/",
- },
- },
- {
- ID: "CVE-2020-26892",
- Path: "2020/26xxx/CVE-2020-26892.json",
- BlobHash: "e7911516f50d1fe0a6074a2b936a2f262e5cf1b9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/nats-io/nats-server/commits/master",
- "https://www.openwall.com/lists/oss-security/2020/11/02/2",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/",
- },
- },
- {
- ID: "CVE-2020-27151",
- Path: "2020/27xxx/CVE-2020-27151.json",
- BlobHash: "b877ce39ae927cd03544372226921ac65b9593fd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugs.launchpad.net/katacontainers.io/+bug/1878234",
- "https://github.com/kata-containers/runtime/releases/tag/1.12.0",
- "https://github.com/kata-containers/runtime/releases/tag/1.11.5",
- "https://github.com/kata-containers/kata-containers/releases/tag/2.0.0",
- },
- },
- {
- ID: "CVE-2020-27195",
- Path: "2020/27xxx/CVE-2020-27195.json",
- BlobHash: "5662c3da9f2f20260a9e35d8123ea808136a6f9d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.nomadproject.io/downloads",
- "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020",
- },
- },
- {
- ID: "CVE-2020-27534",
- Path: "2020/27xxx/CVE-2020-27534.json",
- BlobHash: "060af0f2ca30afb26effcb2914e8e2b04ee2ede1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/moby/buildkit/pull/1462",
- "https://github.com/moby/moby/pull/40877",
- "http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes/",
- "https://golang.org/pkg/io/ioutil/#TempDir",
- "https://golang.org/pkg/os/#TempDir",
- },
- },
- {
- ID: "CVE-2020-27955",
- Path: "2020/27xxx/CVE-2020-27955.json",
- BlobHash: "12f3e2562af256a69a256d8150824fcf5fbb8aed",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://legalhackers.com",
- "https://exploitbox.io",
- "https://github.com/git-lfs/git-lfs/releases",
- "https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html",
- "http://seclists.org/fulldisclosure/2020/Nov/1",
- "http://packetstormsecurity.com/files/159923/git-lfs-Remote-Code-Execution.html",
- },
- },
- {
- ID: "CVE-2020-28053",
- Path: "2020/28xxx/CVE-2020-28053.json",
- BlobHash: "7db62ac6a3d54fd3f309bf11d3e50585d7824743",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/consul",
- "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020",
- },
- },
- {
- ID: "CVE-2020-28348",
- Path: "2020/28xxx/CVE-2020-28348.json",
- BlobHash: "56ff2fdda5c3c9577be61f5c5800787e61502dde",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/nomad/issues/9303",
- "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0128-november-10-2020",
- },
- },
- {
- ID: "CVE-2020-28349",
- Path: "2020/28xxx/CVE-2020-28349.json",
- BlobHash: "38ce17799f38d82bc9c424a3c6c7bcecdcd42de3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/brocaar/chirpstack-network-server/commit/f996bb0c6c85281b5658f59ff09db1b4a73db453",
- "https://github.com/brocaar/chirpstack-network-server/commit/874fc1a9b01045ebe8a340f0bb01ed19e8256e60",
- "https://www.cyberark.com/resources/threat-research-blog/lorawan-mqtt-what-to-know-when-securing-your-iot-network",
- },
- },
- {
- ID: "CVE-2020-28466",
- Path: "2020/28xxx/CVE-2020-28466.json",
- BlobHash: "c0a55f088ed15dc696fd1418cdb1975ef53cd29b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNATSIONATSSERVERSERVER-1042967",
- "https://github.com/nats-io/nats-server/pull/1731",
- "http://www.openwall.com/lists/oss-security/2021/03/16/1",
- "http://www.openwall.com/lists/oss-security/2021/03/16/2",
- },
- },
- {
- ID: "CVE-2020-28914",
- Path: "2020/28xxx/CVE-2020-28914.json",
- BlobHash: "48df1ceeff9786ddd4ab6046203782c765c0a05e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kata-containers/kata-containers/pull/1062",
- "https://github.com/kata-containers/runtime/pull/3042",
- "https://github.com/kata-containers/runtime/pull/3051",
- "https://github.com/kata-containers/runtime/releases/tag/1.12.0",
- "https://github.com/kata-containers/runtime/releases/tag/1.11.5",
- },
- },
- {
- ID: "CVE-2020-28924",
- Path: "2020/28xxx/CVE-2020-28924.json",
- BlobHash: "a62a46f6a8be3a0b924d00a575eb72eef15dddeb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://rclone.org/downloads/",
- "https://github.com/rclone/rclone/issues/4783",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD/",
- },
- },
- {
- ID: "CVE-2020-28991",
- Path: "2020/28xxx/CVE-2020-28991.json",
- BlobHash: "7e0fb248094364cd58c023bb7a43e7c0de3ba5df",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/pull/13525",
- "https://github.com/go-gitea/gitea/releases/tag/v1.12.6",
- },
- },
- {
- ID: "CVE-2020-29243",
- Path: "2020/29xxx/CVE-2020-29243.json",
- BlobHash: "9d858baedef0166d0f7a6a9ce17e7d74968f103d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "HasVuln",
- TriageStateReason: "GO-2021-0097",
- },
- {
- ID: "CVE-2020-29244",
- Path: "2020/29xxx/CVE-2020-29244.json",
- BlobHash: "a026e8fb7d2e485604f3ce6668e8cb6b30073df1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "HasVuln",
- TriageStateReason: "GO-2021-0097",
- },
- {
- ID: "CVE-2020-29245",
- Path: "2020/29xxx/CVE-2020-29245.json",
- BlobHash: "b3681813bc67a3ccab7454290f5c2cd4083868c8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "HasVuln",
- TriageStateReason: "GO-2021-0097",
- },
- {
- ID: "CVE-2020-29510",
- Path: "2020/29xxx/CVE-2020-29510.json",
- BlobHash: "2ce59f158faad4fbc86a583cf1131ef7d3e094ab",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md",
- "https://security.netapp.com/advisory/ntap-20210129-0006/",
- },
- },
- {
- ID: "CVE-2020-29511",
- Path: "2020/29xxx/CVE-2020-29511.json",
- BlobHash: "eca8fc190c7d851bb56638a547f8804f48cc8c5f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md",
- "https://security.netapp.com/advisory/ntap-20210129-0006/",
- },
- },
- {
- ID: "CVE-2020-29662",
- Path: "2020/29xxx/CVE-2020-29662.json",
- BlobHash: "6d64ebca8fe685276dba327d73690016907bc8e3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/goharbor/harbor/security/advisories/GHSA-38r5-34mr-mvm7",
- },
- },
- {
- ID: "CVE-2020-35137",
- Path: "2020/35xxx/CVE-2020-35137.json",
- BlobHash: "cb400a4dfb8408ca20df47336d3dbdb7cbc259fd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US",
- "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration",
- "https://github.com/optiv/rustyIron",
- },
- },
- {
- ID: "CVE-2020-35138",
- Path: "2020/35xxx/CVE-2020-35138.json",
- BlobHash: "f26259101699d38848e61ed9cc9b956ae6788e92",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US",
- "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration",
- "https://github.com/optiv/rustyIron",
- },
- },
- {
- ID: "CVE-2020-35177",
- Path: "2020/35xxx/CVE-2020-35177.json",
- BlobHash: "bbc0f5f57cd18b395d27eec0fcb4b3caf1d094ac",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161",
- "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984",
- },
- },
- {
- ID: "CVE-2020-35453",
- Path: "2020/35xxx/CVE-2020-35453.json",
- BlobHash: "54e12d4f10d80f858cc9495d0bcffd14dc988006",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161",
- "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983",
- },
- },
- {
- ID: "CVE-2020-35470",
- Path: "2020/35xxx/CVE-2020-35470.json",
- BlobHash: "b7f8e4eec6825f7f152847aeeaed65b6cd43896c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/issues/14087",
- "https://github.com/envoyproxy/envoy/pull/14131",
- "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1",
- },
- },
- {
- ID: "CVE-2020-35471",
- Path: "2020/35xxx/CVE-2020-35471.json",
- BlobHash: "ead021f3bfe67c6bbedba9a99f4616a7b580a41c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1",
- "https://github.com/envoyproxy/envoy/issues/14113",
- "https://github.com/envoyproxy/envoy/pull/14122",
- },
- },
- {
- ID: "CVE-2020-36066",
- Path: "2020/36xxx/CVE-2020-36066.json",
- BlobHash: "0fb58953eb66d8730856107ab395e845f2a59d15",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tidwall/gjson/issues/195",
- },
- },
- {
- ID: "CVE-2020-3996",
- Path: "2020/3xxx/CVE-2020-3996.json",
- BlobHash: "08041a31a48cd05b1378c05bd3348b71c0714010",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/vmware-tanzu/velero/security/advisories/GHSA-72xg-3mcq-52v4",
- },
- },
- {
- ID: "CVE-2020-4037",
- Path: "2020/4xxx/CVE-2020-4037.json",
- BlobHash: "5ea639ff7409d1b593eabbea5920d5c293596239",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv",
- "https://github.com/oauth2-proxy/oauth2-proxy/commit/ee5662e0f5001d76ec76562bb605abbd07c266a2",
- },
- },
- {
- ID: "CVE-2020-4053",
- Path: "2020/4xxx/CVE-2020-4053.json",
- BlobHash: "5f92c559cc9d64ddbb923d7b83c99e6a9082cf96",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f",
- "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688",
- "https://github.com/helm/helm/releases/tag/v3.2.4",
- },
- },
- {
- ID: "CVE-2020-5215",
- Path: "2020/5xxx/CVE-2020-5215.json",
- BlobHash: "21bd7f3fc3bc78cc6af900157836ba3aec7327e8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9",
- "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf",
- "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2",
- "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1",
- },
- },
- {
- ID: "CVE-2020-5233",
- Path: "2020/5xxx/CVE-2020-5233.json",
- BlobHash: "c9c511656cdfb0d8e1d4c4698c639e0d0e428c94",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv",
- "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2",
- "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0",
- },
- },
- {
- ID: "CVE-2020-5260",
- Path: "2020/5xxx/CVE-2020-5260.json",
- BlobHash: "fa891ab947bd850d7f63ffa253cc7d2c2d16a348",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q",
- "https://github.com/git/git/commit/9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b",
- "https://lore.kernel.org/git/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/",
- "https://www.debian.org/security/2020/dsa-4657",
- "https://lists.debian.org/debian-lts-announce/2020/04/msg00010.html",
- "http://www.openwall.com/lists/oss-security/2020/04/15/5",
- "http://packetstormsecurity.com/files/157250/Git-Credential-Helper-Protocol-Newline-Injection.html",
- "http://www.openwall.com/lists/oss-security/2020/04/15/6",
- "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00027.html",
- "https://support.apple.com/kb/HT211141",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPCEOIFLLEF24L6GLVJVFZX4CREDEHDF/",
- "http://www.openwall.com/lists/oss-security/2020/04/20/1",
- "https://security.gentoo.org/glsa/202004-13",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7TVS5UG6JD3MYIGSBKMIOS6AF7CR5IPI/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/",
- "https://usn.ubuntu.com/4329-1/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/",
- "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html",
- },
- },
- {
- ID: "CVE-2020-5300",
- Path: "2020/5xxx/CVE-2020-5300.json",
- BlobHash: "2804f2fbaa0be107dfd335b3149b46d324f82a3a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ory/hydra/security/advisories/GHSA-3p3g-vpw6-4w66",
- "https://github.com/ory/hydra/commit/700d17d3b7d507de1b1d459a7261d6fb2571ebe3",
- "https://github.com/ory/hydra/releases/tag/v1.4.0",
- },
- },
- {
- ID: "CVE-2020-5303",
- Path: "2020/5xxx/CVE-2020-5303.json",
- BlobHash: "b7c94fac03cbe007acc270ed36c755c6edbf329d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tendermint/tendermint/security/advisories/GHSA-v24h-pjjv-mcp6",
- "https://hackerone.com/reports/820317",
- "https://github.com/tendermint/tendermint/commit/e2d6859afd7dba4cf97c7f7d412e7d8fc908d1cd",
- },
- },
- {
- ID: "CVE-2020-5415",
- Path: "2020/5xxx/CVE-2020-5415.json",
- BlobHash: "95efec6f658a6b0ba8538d897802ddb37d6fc77e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj",
- "https://tanzu.vmware.com/security/cve-2020-5415",
- },
- },
- {
- ID: "CVE-2020-6016",
- Path: "2020/6xxx/CVE-2020-6016.json",
- BlobHash: "5c4c115c626c0fceebb52092447bb1b133f3b0dc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43",
- "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/",
- },
- },
- {
- ID: "CVE-2020-6017",
- Path: "2020/6xxx/CVE-2020-6017.json",
- BlobHash: "b0f37ea09fbfcb3024b2f02889f3145ffb16198b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43",
- "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/",
- },
- },
- {
- ID: "CVE-2020-6018",
- Path: "2020/6xxx/CVE-2020-6018.json",
- BlobHash: "580bdc2d931b6585f36933c58a8abf5f42c491fa",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ValveSoftware/GameNetworkingSockets/commit/bea84e2844b647532a9b7fbc3a6a8989d66e49e3",
- "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/",
- },
- },
- {
- ID: "CVE-2020-6019",
- Path: "2020/6xxx/CVE-2020-6019.json",
- BlobHash: "ab652b1e325affd6b88afcdea2ed653154102cff",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678",
- "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/",
- },
- },
- {
- ID: "CVE-2020-7218",
- Path: "2020/7xxx/CVE-2020-7218.json",
- BlobHash: "bd2d1e359653c01e1ab818d1cb726631146636fb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/nomad/",
- "https://github.com/hashicorp/nomad/issues/7002",
- },
- },
- {
- ID: "CVE-2020-7219",
- Path: "2020/7xxx/CVE-2020-7219.json",
- BlobHash: "8d5c10c0ed8d5c77da30e575f78c42c8bd95877d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/consul/",
- "https://github.com/hashicorp/consul/issues/7159",
- },
- },
- {
- ID: "CVE-2020-7220",
- Path: "2020/7xxx/CVE-2020-7220.json",
- BlobHash: "f66a4007b9c793f2bd539d184417a729ff9ba48d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/vault/",
- "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020",
- },
- },
- {
- ID: "CVE-2020-7665",
- Path: "2020/7xxx/CVE-2020-7665.json",
- BlobHash: "30a2a295432bb889b6d5c8e0a24dc350679c7ffc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGUZIP-570441",
- "https://github.com/u-root/u-root/pull/1817",
- },
- },
- {
- ID: "CVE-2020-7666",
- Path: "2020/7xxx/CVE-2020-7666.json",
- BlobHash: "2a020b03156e3b81a07beb40cdbfd2f6a9ad3da7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/u-root/u-root/pull/1817",
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGCPIO-570440",
- },
- },
- {
- ID: "CVE-2020-7669",
- Path: "2020/7xxx/CVE-2020-7669.json",
- BlobHash: "31d1031eb41e7a4b1d10ad12ab96dd32e07f2b51",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/u-root/u-root/pull/1817",
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGTARUTIL-570428",
- },
- },
- {
- ID: "CVE-2020-7955",
- Path: "2020/7xxx/CVE-2020-7955.json",
- BlobHash: "e13d278b5274372bf45362bb2c501689443de7ac",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/consul/",
- "https://github.com/hashicorp/consul/issues/7160",
- },
- },
- {
- ID: "CVE-2020-7956",
- Path: "2020/7xxx/CVE-2020-7956.json",
- BlobHash: "5bd4768bbc32b3cf56ebd583d10e05fb2dd502a4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/nomad/",
- "https://github.com/hashicorp/nomad/issues/7003",
- },
- },
- {
- ID: "CVE-2020-8551",
- Path: "2020/8xxx/CVE-2020-8551.json",
- BlobHash: "09ec4b0e62e1459c63bec75d9ec11f827f1a0156",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/89377",
- "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s",
- "https://security.netapp.com/advisory/ntap-20200413-0003/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/",
- },
- },
- {
- ID: "CVE-2020-8552",
- Path: "2020/8xxx/CVE-2020-8552.json",
- BlobHash: "0982590ec0d255381877b1e5b9bb7c068303cd08",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s",
- "https://github.com/kubernetes/kubernetes/issues/89378",
- "https://security.netapp.com/advisory/ntap-20200413-0003/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/",
- },
- },
- {
- ID: "CVE-2020-8553",
- Path: "2020/8xxx/CVE-2020-8553.json",
- BlobHash: "7a2e4a618c0752663f3226bd1fc449e1ff7b7466",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/ingress-nginx/issues/5126",
- },
- },
- {
- ID: "CVE-2020-8554",
- Path: "2020/8xxx/CVE-2020-8554.json",
- BlobHash: "e58456be0269d61b3b3993e128541e03877e05b4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8",
- "https://github.com/kubernetes/kubernetes/issues/97076",
- "https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E",
- "https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E",
- "https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E",
- "https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E",
- },
- },
- {
- ID: "CVE-2020-8555",
- Path: "2020/8xxx/CVE-2020-8555.json",
- BlobHash: "ffdef13b994f7ecc3e5ae844e868c5eade0ec3e7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.openwall.com/lists/oss-security/2020/06/01/4",
- "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion",
- "https://github.com/kubernetes/kubernetes/issues/91542",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/",
- "https://security.netapp.com/advisory/ntap-20200724-0005/",
- },
- },
- {
- ID: "CVE-2020-8557",
- Path: "2020/8xxx/CVE-2020-8557.json",
- BlobHash: "3c46c71bf16eb4e152d2b39490d1954c65d0159e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/93032",
- "https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ",
- "https://security.netapp.com/advisory/ntap-20200821-0002/",
- },
- },
- {
- ID: "CVE-2020-8558",
- Path: "2020/8xxx/CVE-2020-8558.json",
- BlobHash: "4c416416b21504042574609fff1d379779d4600d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/92315",
- "https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ",
- "https://security.netapp.com/advisory/ntap-20200821-0001/",
- },
- },
- {
- ID: "CVE-2020-8559",
- Path: "2020/8xxx/CVE-2020-8559.json",
- BlobHash: "603bddd77f4f116b070972262cbf19faf6c893f7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ",
- "https://github.com/kubernetes/kubernetes/issues/92914",
- "https://security.netapp.com/advisory/ntap-20200810-0004/",
- },
- },
- {
- ID: "CVE-2020-8563",
- Path: "2020/8xxx/CVE-2020-8563.json",
- BlobHash: "1ba7a7715ba9b749e94cc5b2eb0048b52e7d1011",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kubernetes/kubernetes/issues/95621",
- "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ",
- "https://security.netapp.com/advisory/ntap-20210122-0006/",
- },
- },
- {
- ID: "CVE-2020-8566",
- Path: "2020/8xxx/CVE-2020-8566.json",
- BlobHash: "c5e81c9e5a057e9840a14221d3df018be34e3b32",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ",
- "https://github.com/kubernetes/kubernetes/issues/95624",
- "https://security.netapp.com/advisory/ntap-20210122-0006/",
- },
- },
- {
- ID: "CVE-2020-8569",
- Path: "2020/8xxx/CVE-2020-8569.json",
- BlobHash: "5f0759887fb13de6d35b124c55bc2eabacbf00c8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU",
- "https://github.com/kubernetes-csi/external-snapshotter/issues/380",
- },
- },
- {
- ID: "CVE-2020-8595",
- Path: "2020/8xxx/CVE-2020-8595.json",
- BlobHash: "6071d2ddeaf2d2d89ed12edc7a5de18009f7fc17",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/istio/istio/commits/master",
- "https://istio.io/news/security/",
- "https://access.redhat.com/errata/RHSA-2020:0477",
- "https://access.redhat.com/security/cve/cve-2020-8595",
- "https://istio.io/news/security/istio-security-2020-001/",
- "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8595",
- },
- },
- {
- ID: "CVE-2020-8659",
- Path: "2020/8xxx/CVE-2020-8659.json",
- BlobHash: "b0dc65fdeb534c984ec215f2f4327eab9c2ae3db",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv",
- "https://access.redhat.com/errata/RHSA-2020:0734",
- },
- },
- {
- ID: "CVE-2020-8660",
- Path: "2020/8xxx/CVE-2020-8660.json",
- BlobHash: "acddebf5b2fc96e6a2f4a3e0fad2421f0657275b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx",
- "https://access.redhat.com/errata/RHSA-2020:0734",
- },
- },
- {
- ID: "CVE-2020-8661",
- Path: "2020/8xxx/CVE-2020-8661.json",
- BlobHash: "14e31e81f1b7bf25da58aaf52bc420301fa3bda9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7",
- "https://access.redhat.com/errata/RHSA-2020:0734",
- },
- },
- {
- ID: "CVE-2020-8663",
- Path: "2020/8xxx/CVE-2020-8663.json",
- BlobHash: "1aa92bbeb6c1f17c2c5475fb42bc4a3bbcdbb6f0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997",
- },
- },
- {
- ID: "CVE-2020-8664",
- Path: "2020/8xxx/CVE-2020-8664.json",
- BlobHash: "85aeb8e32d460e381a7464d2daadd6bb84a64875",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8",
- "https://access.redhat.com/errata/RHSA-2020:0734",
- },
- },
- {
- ID: "CVE-2020-8826",
- Path: "2020/8xxx/CVE-2020-8826.json",
- BlobHash: "62b21aea4341b73f8faf0ad7961ceb31958fb441",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/argoproj/argo/releases",
- "https://www.soluble.ai/blog/argo-cves-2020",
- "https://argoproj.github.io/argo-cd/security_considerations/",
- },
- },
- {
- ID: "CVE-2020-8827",
- Path: "2020/8xxx/CVE-2020-8827.json",
- BlobHash: "b0c1ff33bfdd649b6987e035775afcf826972a36",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/argoproj/argo/releases",
- "https://www.soluble.ai/blog/argo-cves-2020",
- "https://argoproj.github.io/argo-cd/security_considerations/",
- "https://argoproj.github.io/argo-cd/operator-manual/user-management/#disable-admin-user",
- },
- },
- {
- ID: "CVE-2020-8828",
- Path: "2020/8xxx/CVE-2020-8828.json",
- BlobHash: "21fe5b894a68ece2ed54cc4c6497129f02c0b5b0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/argoproj/argo/releases",
- "https://www.soluble.ai/blog/argo-cves-2020",
- "https://argoproj.github.io/argo-cd/security_considerations/",
- },
- },
- {
- ID: "CVE-2020-8843",
- Path: "2020/8xxx/CVE-2020-8843.json",
- BlobHash: "7266cfa62b86bdb3fa3967b3b1383aed8f77f204",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/istio/istio/commits/master",
- "https://istio.io/news/security/",
- "https://istio.io/news/security/istio-security-2020-002/",
- },
- },
- {
- ID: "CVE-2020-8927",
- Path: "2020/8xxx/CVE-2020-8927.json",
- BlobHash: "a74b79d653c28d5411481b759920e926d3f116fb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/google/brotli/releases/tag/v1.0.9",
- "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
- "https://usn.ubuntu.com/4568-1/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
- "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
- "https://www.debian.org/security/2020/dsa-4801",
- },
- },
- {
- ID: "CVE-2020-8929",
- Path: "2020/8xxx/CVE-2020-8929.json",
- BlobHash: "6687103ed33ba44db734d45dc9bf83a6755bdbfd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899",
- "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r",
- },
- },
- {
- ID: "CVE-2020-9321",
- Path: "2020/9xxx/CVE-2020-9321.json",
- BlobHash: "7dd986987adca8f06cae07dbb79ffad46e10f31c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containous/traefik/pull/6281",
- "https://github.com/containous/traefik/releases/tag/v2.1.4",
- },
- },
- {
- ID: "CVE-2020-9329",
- Path: "2020/9xxx/CVE-2020-9329.json",
- BlobHash: "77443824e256f2f79f659817791d65215d19cc72",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gogs/gogs/issues/5926",
- },
- },
- {
- ID: "CVE-2021-20198",
- Path: "2021/20xxx/CVE-2021-20198.json",
- BlobHash: "36f39b7dec6ed1972bb53296ee4ead1810c35b04",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1920764",
- },
- },
- {
- ID: "CVE-2021-20199",
- Path: "2021/20xxx/CVE-2021-20199.json",
- BlobHash: "036706579ffcc0f5251f5fe77e2b1497e13fa85b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1919050",
- "https://github.com/containers/podman/issues/5138",
- "https://github.com/rootless-containers/rootlesskit/pull/206",
- "https://github.com/containers/podman/pull/9052",
- },
- },
- {
- ID: "CVE-2021-20218",
- Path: "2021/20xxx/CVE-2021-20218.json",
- BlobHash: "41e4faa44f343eac8722b74e31baee7f9a3b6f87",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1923405",
- "https://github.com/fabric8io/kubernetes-client/issues/2715",
- },
- },
- {
- ID: "CVE-2021-20291",
- Path: "2021/20xxx/CVE-2021-20291.json",
- BlobHash: "50e725a2db767f452cefbf2eb01028a24fa5603f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1939485",
- },
- },
- {
- ID: "CVE-2021-21271",
- Path: "2021/21xxx/CVE-2021-21271.json",
- BlobHash: "978caf2547d11f0b49d2089bb10582324287eb96",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tendermint/tendermint/security/advisories/GHSA-p658-8693-mhvg",
- "https://github.com/tendermint/tendermint/blob/v0.34.3/CHANGELOG.md#v0.34.3",
- "https://github.com/tendermint/tendermint/commit/a2a6852ab99e4a0f9e79f0ea8c1726e262e25c76",
- },
- },
- {
- ID: "CVE-2021-21284",
- Path: "2021/21xxx/CVE-2021-21284.json",
- BlobHash: "30c62672c6ef54c5784409a23208fc40197b4f49",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://docs.docker.com/engine/release-notes/#20103",
- "https://github.com/moby/moby/releases/tag/v20.10.3",
- "https://github.com/moby/moby/releases/tag/v19.03.15",
- "https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc",
- "https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c",
- "https://security.netapp.com/advisory/ntap-20210226-0005/",
- "https://www.debian.org/security/2021/dsa-4865",
- },
- },
- {
- ID: "CVE-2021-21285",
- Path: "2021/21xxx/CVE-2021-21285.json",
- BlobHash: "86f5c8e875762d39fc91eadd1f304afcf3d5dcf3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8",
- "https://docs.docker.com/engine/release-notes/#20103",
- "https://github.com/moby/moby/releases/tag/v20.10.3",
- "https://github.com/moby/moby/releases/tag/v19.03.15",
- "https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30",
- "https://security.netapp.com/advisory/ntap-20210226-0005/",
- "https://www.debian.org/security/2021/dsa-4865",
- },
- },
- {
- ID: "CVE-2021-21287",
- Path: "2021/21xxx/CVE-2021-21287.json",
- BlobHash: "15436dba58b58830e5fbe2e705ec4288af28b3dc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q",
- "https://github.com/minio/minio/pull/11337",
- "https://github.com/minio/minio/commit/eb6871ecd960d570f70698877209e6db181bf276",
- "https://github.com/minio/minio/releases/tag/RELEASE.2021-01-30T00-20-58Z",
- },
- },
- {
- ID: "CVE-2021-21291",
- Path: "2021/21xxx/CVE-2021-21291.json",
- BlobHash: "f881d6472d7fa68fb4553fddccc75150413a0097",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-4mf2-f3wh-gvf2",
- "https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.0.0",
- "https://pkg.go.dev/github.com/oauth2-proxy/oauth2-proxy/v7",
- "https://github.com/oauth2-proxy/oauth2-proxy/commit/780ae4f3c99b579cb2ea9845121caebb6192f725",
- },
- },
- {
- ID: "CVE-2021-21296",
- Path: "2021/21xxx/CVE-2021-21296.json",
- BlobHash: "c89066f834f7df81387343c61b002a63cb6e2224",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/fleetdm/fleet/security/advisories/GHSA-xwh8-9p3f-3x45",
- "https://www.npmjs.com/package/fleetctl",
- "https://github.com/fleetdm/fleet/commit/f68f4238e83b45b2164e4ed05df14af0f06eaf40",
- },
- },
- {
- ID: "CVE-2021-21300",
- Path: "2021/21xxx/CVE-2021-21300.json",
- BlobHash: "f2dafbd39d2eadea6c56513663a4d296f475a47c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm",
- "https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/",
- "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks",
- "https://git-scm.com/docs/gitattributes#_filter",
- "https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592",
- "http://www.openwall.com/lists/oss-security/2021/03/09/3",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCLJJLKKMS5WRFO6C475AOUZTWQLIARX/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LMXX2POK5X576BSDWSXGU7EIK6I72ERU/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBPNGLQSYJHLZZ37BO42YY6S5OTIF4L4/",
- },
- },
- {
- ID: "CVE-2021-21303",
- Path: "2021/21xxx/CVE-2021-21303.json",
- BlobHash: "d11843a853e5e85164821385ed91a62834180092",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx",
- "https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a",
- "https://github.com/helm/helm/releases/tag/v3.5.2",
- },
- },
- {
- ID: "CVE-2021-21334",
- Path: "2021/21xxx/CVE-2021-21334.json",
- BlobHash: "be2655d8200ac614b22315b90181f6c5cbc7c756",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4",
- "https://github.com/containerd/containerd/releases/tag/v1.4.4",
- "https://github.com/containerd/containerd/releases/tag/v1.3.10",
- "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/",
- },
- },
- {
- ID: "CVE-2021-21362",
- Path: "2021/21xxx/CVE-2021-21362.json",
- BlobHash: "303ed59cb9f1685d2e51e0fb37de0b61f43a9315",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/minio/minio/security/advisories/GHSA-hq5j-6r98-9m8v",
- "https://github.com/minio/minio/pull/11682",
- "https://github.com/minio/minio/commit/039f59b552319fcc2f83631bb421a7d4b82bc482",
- "https://github.com/minio/minio/releases/tag/RELEASE.2021-03-04T00-53-13Z",
- },
- },
- {
- ID: "CVE-2021-21363",
- Path: "2021/21xxx/CVE-2021-21363.json",
- BlobHash: "b0697dcfd6d2cb36677757a058c46f5a4e40a15e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j",
- "https://github.com/swagger-api/swagger-codegen/commit/987ea7a30b463cc239580d6ad166c707ae942a89",
- },
- },
- {
- ID: "CVE-2021-21364",
- Path: "2021/21xxx/CVE-2021-21364.json",
- BlobHash: "2b47524049b50602bc70e72913bc6c20ac7387a3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-hpv8-9rq5-hq7w",
- "https://github.com/swagger-api/swagger-codegen/commit/35adbd552d5f99b3ff1e0e59da228becc85190f2",
- },
- },
- {
- ID: "CVE-2021-21378",
- Path: "2021/21xxx/CVE-2021-21378.json",
- BlobHash: "f0d766bee258a38351382e41af42da47c96492fe",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27",
- "https://github.com/envoyproxy/envoy/pull/15194",
- "https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a",
- },
- },
- {
- ID: "CVE-2021-21390",
- Path: "2021/21xxx/CVE-2021-21390.json",
- BlobHash: "1f0ffef9cc992a8bbc3e15668c9380b016ea9df1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/minio/minio/security/advisories/GHSA-xr7r-7gpj-5pgp",
- "https://github.com/minio/minio/pull/11801",
- "https://github.com/minio/minio/commit/e197800f9055489415b53cf137e31e194aaf7ba0",
- },
- },
- {
- ID: "CVE-2021-21404",
- Path: "2021/21xxx/CVE-2021-21404.json",
- BlobHash: "f52a011c5031b91375d3cbe7e8f0c5d640502144",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h",
- "https://pkg.go.dev/github.com/syncthing/syncthing",
- "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97",
- "https://github.com/syncthing/syncthing/releases/tag/v1.15.0",
- },
- },
- {
- ID: "CVE-2021-21411",
- Path: "2021/21xxx/CVE-2021-21411.json",
- BlobHash: "c0e226682ede3fdfde49ddb7b94e3bf0bbb2e61e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://pkg.go.dev/github.com/oauth2-proxy/oauth2-proxy/v7",
- "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-652x-m2gr-hppm",
- "https://github.com/oauth2-proxy/oauth2-proxy/commit/0279fa7dff1752f1710707dbd1ffac839de8bbfc",
- "https://docs.gitlab.com/ee/user/group/",
- "https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.1.0",
- },
- },
- {
- ID: "CVE-2021-21432",
- Path: "2021/21xxx/CVE-2021-21432.json",
- BlobHash: "328bc5221f5d982efa361723e742526ab53427f3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-vela/server/security/advisories/GHSA-8j3f-mhq8-gmh4",
- "https://pkg.go.dev/github.com/go-vela/server",
- "https://github.com/go-vela/server/releases/tag/v0.7.5",
- "https://github.com/go-vela/server/pull/337",
- "https://github.com/go-vela/server/commit/cb4352918b8ecace9fe969b90404d337b0744d46",
- },
- },
- {
- ID: "CVE-2021-22538",
- Path: "2021/22xxx/CVE-2021-22538.json",
- BlobHash: "c99e02a596b7de10c88315315d804d33285e634a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-5v95-v8c8-3rh6",
- "https://github.com/google/exposure-notifications-verification-server/commit/eb8cf40b12dbe79304f1133c06fb73419383cd95",
- "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.23.1",
- "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.24.0",
- },
- },
- {
- ID: "CVE-2021-23345",
- Path: "2021/23xxx/CVE-2021-23345.json",
- BlobHash: "f7fdaec22b9dac4f5cc50dd383427ec611a1004c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTHECODINGMACHINEGOTENBERG-1062043",
- "https://github.com/thecodingmachine/gotenberg/issues/261",
- },
- },
- {
- ID: "CVE-2021-23347",
- Path: "2021/23xxx/CVE-2021-23347.json",
- BlobHash: "346f5ec02402d7dadbb69d56467fd57fca40f8b3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDCMD-1078291",
- "https://github.com/argoproj/argo-cd/pull/5563",
- },
- },
- {
- ID: "CVE-2021-23351",
- Path: "2021/23xxx/CVE-2021-23351.json",
- BlobHash: "568be6cfe865f943f6f8a45058ef7a74f01148f8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1081577",
- "https://github.com/pires/go-proxyproto/pull/71",
- "https://github.com/pires/go-proxyproto/issues/69",
- "https://github.com/pires/go-proxyproto/commit/7f48261db810703d173f27f3309a808cc2b49b8b",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BNVGJMVI3ZTZ675EFPUHPGXCKCGSX46/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36IBVOZXRTWM7MGTRUTOM56P5RR74VU/",
- },
- },
- {
- ID: "CVE-2021-23357",
- Path: "2021/23xxx/CVE-2021-23357.json",
- BlobHash: "a9678541d5fe167a1c9825bb4883b056590461e2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKGATEWAY-1078516",
- "https://github.com/TykTechnologies/tyk/issues/3390",
- },
- },
- {
- ID: "CVE-2021-23827",
- Path: "2021/23xxx/CVE-2021-23827.json",
- BlobHash: "a2578d805be173c453968081730d81ccbe16bad6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/keybase/client/releases",
- "https://johnjhacking.com/blog/cve-2021-23827/",
- "https://hackerone.com/reports/1074930",
- },
- },
- {
- ID: "CVE-2021-25313",
- Path: "2021/25xxx/CVE-2021-25313.json",
- BlobHash: "760454b213f7a9c1ca5721635a73f847ec06099d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.suse.com/show_bug.cgi?id=1181852",
- "https://github.com/rancher/rancher/issues/31583",
- "https://github.com/rancher/rancher/releases/tag/v2.5.6",
- },
- },
- {
- ID: "CVE-2021-25834",
- Path: "2021/25xxx/CVE-2021-25834.json",
- BlobHash: "4a088aef94c3ce4b3667a8296db56f974a47331b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/cosmos/ethermint/issues/686",
- },
- },
- {
- ID: "CVE-2021-25835",
- Path: "2021/25xxx/CVE-2021-25835.json",
- BlobHash: "bd2490d03a0accbf294384a5d0c4b7f46f442ac6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/cosmos/ethermint/issues/687",
- "https://github.com/cosmos/ethermint/pull/692",
- },
- },
- {
- ID: "CVE-2021-25836",
- Path: "2021/25xxx/CVE-2021-25836.json",
- BlobHash: "784031dd9a871068b40d967d146de12606c8f1e0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/cosmos/ethermint/issues/667#issuecomment-759284303",
- },
- },
- {
- ID: "CVE-2021-25837",
- Path: "2021/25xxx/CVE-2021-25837.json",
- BlobHash: "6a11801aae616e08a19eb9f38a88f5e4da0277bb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/cosmos/ethermint/issues/667#issuecomment-759284107",
- },
- },
- {
- ID: "CVE-2021-26921",
- Path: "2021/26xxx/CVE-2021-26921.json",
- BlobHash: "d4787d5df538c35322c74936a787102399c24a75",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4",
- "https://github.com/argoproj/argo-cd/commit/f5b0db240b4e3abf18e97f6fd99096b4f9e94dc5",
- "https://github.com/argoproj/argo-cd/security/advisories/GHSA-9h6w-j7w4-jr52",
- },
- },
- {
- ID: "CVE-2021-26923",
- Path: "2021/26xxx/CVE-2021-26923.json",
- BlobHash: "f0bd85a75f16cca777a0476a3094fe70784cdf9b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4",
- "https://github.com/argoproj/argo-cd/security/advisories/GHSA-pfgj-mh5m-2p48",
- },
- },
- {
- ID: "CVE-2021-26924",
- Path: "2021/26xxx/CVE-2021-26924.json",
- BlobHash: "d29ca782e39d26dc2c068caf8012236a5b847f89",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4",
- "https://github.com/argoproj/argo-cd/security/advisories/GHSA-pg99-h5gc-446r",
- },
- },
- {
- ID: "CVE-2021-27098",
- Path: "2021/27xxx/CVE-2021-27098.json",
- BlobHash: "539f3f2377b46e2dad9e378e4db48c3aa819cba0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/spiffe/spire/security/advisories/GHSA-h746-rm5q-8mgq",
- },
- },
- {
- ID: "CVE-2021-27099",
- Path: "2021/27xxx/CVE-2021-27099.json",
- BlobHash: "c005ee5a8bac6d91625b5111c4516391cb7e0796",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/spiffe/spire/security/advisories/GHSA-q7gm-mjrg-44h9",
- },
- },
- {
- ID: "CVE-2021-27358",
- Path: "2021/27xxx/CVE-2021-27358.json",
- BlobHash: "aba8205fd68a792685ad77217a278384c8b9e8b4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/blob/master/CHANGELOG.md",
- "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/",
- "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17",
- },
- },
- {
- ID: "CVE-2021-27375",
- Path: "2021/27xxx/CVE-2021-27375.json",
- BlobHash: "a9b8cf26eb914e7056badec571dfbb318272579e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/traefik/traefik/pull/7904",
- "https://github.com/traefik/traefik/releases/tag/v2.4.5",
- },
- },
- {
- ID: "CVE-2021-27935",
- Path: "2021/27xxx/CVE-2021-27935.json",
- BlobHash: "f1fbf363fc76f87dfc5d3205c1e371aef24f938d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/AdguardTeam/AdGuardHome/issues/2470",
- },
- },
- {
- ID: "CVE-2021-27940",
- Path: "2021/27xxx/CVE-2021-27940.json",
- BlobHash: "35ea4e985c93d6d8449ba1e50766b39aa0857c96",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/openark/orchestrator/pull/1313",
- "https://github.com/openark/orchestrator/releases/tag/v3.2.4",
- "https://www.youtube.com/watch?v=DOYm0DIS3Us",
- },
- },
- {
- ID: "CVE-2021-28361",
- Path: "2021/28xxx/CVE-2021-28361.json",
- BlobHash: "0de97584b55224ffd84e0c77080e3cd75432f3b9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/spdk/spdk/releases/tag/v21.01.1",
- },
- },
- {
- ID: "CVE-2021-28378",
- Path: "2021/28xxx/CVE-2021-28378.json",
- BlobHash: "c5c41d55d5713b680020faad631c31040d381508",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/pull/14898",
- "https://blog.gitea.io/2021/03/gitea-1.13.4-is-released/",
- },
- },
- {
- ID: "CVE-2021-28681",
- Path: "2021/28xxx/CVE-2021-28681.json",
- BlobHash: "ffd61ae772a9228c6b39b632a1a1efb42b539f55",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/pion/webrtc/issues/1708",
- "https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p",
- },
- },
- {
- ID: "CVE-2021-28954",
- Path: "2021/28xxx/CVE-2021-28954.json",
- BlobHash: "c96faf1a3c298a8d302bde4a33e53922056325b4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/chriswalz/bit/releases/tag/v1.0.5",
- "https://vuln.ryotak.me/advisories/17",
- },
- },
- {
- ID: "CVE-2021-28955",
- Path: "2021/28xxx/CVE-2021-28955.json",
- BlobHash: "7c3869ed9845a4062e9529893144b191b8842cb2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/MichaelMure/git-bug/security/advisories/GHSA-m898-h4pm-pqfr",
- "https://vuln.ryotak.me/advisories/18",
- },
- },
- {
- ID: "CVE-2021-29136",
- Path: "2021/29xxx/CVE-2021-29136.json",
- BlobHash: "942c7f190f4df5dbbe3e0e0f766c8c177b3f4eb3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "http://www.openwall.com/lists/oss-security/2021/04/06/2",
- "https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v",
- "https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57",
- },
- },
- {
- ID: "CVE-2021-29271",
- Path: "2021/29xxx/CVE-2021-29271.json",
- BlobHash: "0296f139e8bb821d7e853cd0196bda02c3eac2d3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/umputun/remark42/compare/v1.6.0...v1.6.1",
- "https://vuln.ryotak.me/advisories/19",
- },
- },
- {
- ID: "CVE-2021-29272",
- Path: "2021/29xxx/CVE-2021-29272.json",
- BlobHash: "49dbdd5ac9bf867a0115a5892116495ab83509a3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5",
- "https://vuln.ryotak.me/advisories/4",
- },
- },
- {
- ID: "CVE-2021-29417",
- Path: "2021/29xxx/CVE-2021-29417.json",
- BlobHash: "899a3cfaae898f0f4490c3eae0dbd9ffee040d3a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/liamg/gitjacker/releases/tag/v0.1.0",
- "https://github.com/liamg/gitjacker/compare/v0.0.3...v0.1.0",
- "https://vuln.ryotak.me/advisories/5",
- },
- },
- {
- ID: "CVE-2021-29651",
- Path: "2021/29xxx/CVE-2021-29651.json",
- BlobHash: "072c610f315a16d8ff3e37bbaa92b0f9bd65d8a6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/pomerium/pomerium/security/advisories/GHSA-35vc-w93w-75c2",
- },
- },
- {
- ID: "CVE-2021-29652",
- Path: "2021/29xxx/CVE-2021-29652.json",
- BlobHash: "9d55b7d4d0a1750890880ca5070f0aaaa74bf3f4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/pomerium/pomerium/security/advisories/GHSA-fv82-r8qv-ch4v",
- },
- },
- {
- ID: "CVE-2021-3344",
- Path: "2021/3xxx/CVE-2021-3344.json",
- BlobHash: "05e0c6e64ea180e7ff2b4bc93696d1d430e4dcb2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1921450",
- },
- },
- {
- ID: "CVE-2021-3382",
- Path: "2021/3xxx/CVE-2021-3382.json",
- BlobHash: "6dbdcf6d4e58c1264b1b9066295ed35e61e9ffb0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/go-gitea/gitea/pull/14390",
- },
- },
- {
- ID: "CVE-2021-3391",
- Path: "2021/3xxx/CVE-2021-3391.json",
- BlobHash: "047ec1a6d8af1ac4b251c1c4dbbdaf209178a92e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.mobileiron.com/en/blog/mobileiron-security-updates-available",
- "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration",
- "https://github.com/optiv/rustyIron",
- },
- },
- {
- ID: "CVE-2020-27847",
- Path: "2020/27xxx/CVE-2020-27847.json",
- BlobHash: "7a69948e5eed4bfed39f606583914f2983ea3007",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1907732",
- "https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5",
- },
- },
- {
- ID: "CVE-2020-7731",
- Path: "2020/7xxx/CVE-2020-7731.json",
- BlobHash: "84d3ee645657f3058b9e470f634c775105214c73",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302",
- "https://github.com/russellhaering/gosaml2/issues/59",
- },
- },
- {
- ID: "CVE-2020-28851",
- Path: "2020/28xxx/CVE-2020-28851.json",
- BlobHash: "236c70a1561d1bb784e225ed716d42127133b482",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/golang/go/issues/42535",
- "https://security.netapp.com/advisory/ntap-20210212-0004/",
- },
- },
- {
- ID: "CVE-2020-28852",
- Path: "2020/28xxx/CVE-2020-28852.json",
- BlobHash: "1c5f2daee464e715687e3423febc10cd4c76d1f5",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/golang/go/issues/42536",
- "https://security.netapp.com/advisory/ntap-20210212-0004/",
- },
- },
- {
- ID: "CVE-2020-10729",
- Path: "2020/10xxx/CVE-2020-10729.json",
- BlobHash: "8b8bbd0c954d31aa029e8cd777837545d31a2bcd",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1831089",
- "https://github.com/ansible/ansible/issues/34144",
- "https://www.debian.org/security/2021/dsa-4950",
- },
- },
- {
- ID: "CVE-2020-10808",
- Path: "2020/10xxx/CVE-2020-10808.json",
- BlobHash: "1554aedd6d7c7fc2d8d957e056697277433c61d1",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://forum.vestacp.com/viewforum.php?f=25",
- "https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/",
- "https://github.com/rapid7/metasploit-framework/pull/13094",
- "http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html",
- "http://packetstormsecurity.com/files/157219/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html",
- },
- },
- {
- ID: "CVE-2020-18032",
- Path: "2020/18xxx/CVE-2020-18032.json",
- BlobHash: "dfa390b301a1064a8d54bbf703d5c4fc2333ac08",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://gitlab.com/graphviz/graphviz/-/issues/1700",
- "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html",
- "https://www.debian.org/security/2021/dsa-4914",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5PQPHJHPU46FK3R5XBP3XDT4X37HMPC/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGY2IGARE6RZHTF2UEZEWLMQCDILFK6A/",
- "https://security.gentoo.org/glsa/202107-04",
- },
- },
- {
- ID: "CVE-2020-19498",
- Path: "2020/19xxx/CVE-2020-19498.json",
- BlobHash: "86e6073863789e332b09d507a6a0b7e093ff5ba7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/strukturag/libheif/issues/139",
- "https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58",
- },
- },
- {
- ID: "CVE-2020-19499",
- Path: "2020/19xxx/CVE-2020-19499.json",
- BlobHash: "61b2beb78d46027d5d8d0d1ecca33b3f47839e83",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/strukturag/libheif/issues/138",
- "https://github.com/strukturag/libheif/commit/f7399b62d7fbc596f1b2871578c1d2053bedf1dd",
- },
- },
- {
- ID: "CVE-2020-23109",
- Path: "2020/23xxx/CVE-2020-23109.json",
- BlobHash: "16426b7912aff0b364acd86087ed330d21124483",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/strukturag/libheif/issues/207",
- },
- },
- {
- ID: "CVE-2020-27386",
- Path: "2020/27xxx/CVE-2020-27386.json",
- BlobHash: "715de3dfd05b255dd650df3bc91759ce4f7c2f39",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9",
- "https://blog.vonahi.io/whats-in-a-re-name/",
- "https://github.com/rapid7/metasploit-framework/pull/14339",
- "http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html",
- },
- },
- {
- ID: "CVE-2020-27387",
- Path: "2020/27xxx/CVE-2020-27387.json",
- BlobHash: "0ede9f0de5e4debb19ecab0331853c154b4ad049",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/pull/14340",
- "https://github.com/ttimot24/HorizontCMS/commit/436b5ab679fd27afa3d99c023dbe103113da4fee",
- "https://blog.vonahi.io/whats-in-a-re-name/",
- "http://packetstormsecurity.com/files/160046/HorizontCMS-1.0.0-beta-Shell-Upload.html",
- },
- },
- {
- ID: "CVE-2020-28347",
- Path: "2020/28xxx/CVE-2020-28347.json",
- BlobHash: "7f354a67a4870f4d85a347abf84ab56da3fd58f0",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/minesweeper.md",
- "https://github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tokyo2020/minesweeper.md",
- "https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/lao_bomb/lao_bomb.md",
- "https://github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tokyo2019/lao_bomb.md",
- "https://github.com/rapid7/metasploit-framework/pull/14365",
- },
- },
- {
- ID: "CVE-2020-36404",
- Path: "2020/36xxx/CVE-2020-36404.json",
- BlobHash: "f20fd0cf59912c175ecd89557c8c1a20c376a333",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22371",
- "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/keystone/OSV-2020-1506.yaml",
- "https://github.com/keystone-engine/keystone/releases",
- },
- },
- {
- ID: "CVE-2020-36405",
- Path: "2020/36xxx/CVE-2020-36405.json",
- BlobHash: "28b6333bb289776801f79406e4c5bd9433e880e0",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/keystone-engine/keystone/releases",
- "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22850",
- "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/keystone/OSV-2020-789.yaml",
- },
- },
- {
- ID: "CVE-2020-7350",
- Path: "2020/7xxx/CVE-2020-7350.json",
- BlobHash: "072675947597475cae1d47440cc4ad3245282780",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/issues/13026",
- },
- },
- {
- ID: "CVE-2020-7351",
- Path: "2020/7xxx/CVE-2020-7351.json",
- BlobHash: "8b20736854df0eac414d609e20a23f91bdae0e62",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/pull/13353",
- "http://packetstormsecurity.com/files/157565/TrixBox-CE-2.8.0.4-Command-Execution.html",
- },
- },
- {
- ID: "CVE-2020-7352",
- Path: "2020/7xxx/CVE-2020-7352.json",
- BlobHash: "e7019c4b50cc9a18967414c1695f0b37352b3bf2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/pull/13444",
- "https://www.positronsecurity.com/blog/2020-04-28-gog-galaxy-client-local-privilege-escalation/",
- },
- },
- {
- ID: "CVE-2020-7356",
- Path: "2020/7xxx/CVE-2020-7356.json",
- BlobHash: "89e3ebe9096a8b3ac10e60ab873580fd1f659f41",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php",
- "https://github.com/rapid7/metasploit-framework/pull/13607",
- },
- },
- {
- ID: "CVE-2020-7357",
- Path: "2020/7xxx/CVE-2020-7357.json",
- BlobHash: "827862988ec5b4edb609c43508dcb99e60f440c7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/pull/13607",
- "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php",
- "https://exchange.xforce.ibmcloud.com/vulnerabilities/182925",
- },
- },
- {
- ID: "CVE-2020-7361",
- Path: "2020/7xxx/CVE-2020-7361.json",
- BlobHash: "b553d9e6918e5e35ea7c2260bb8492cb7a5ee0d5",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/pull/13828",
- },
- },
- {
- ID: "CVE-2020-7373",
- Path: "2020/7xxx/CVE-2020-7373.json",
- BlobHash: "9daec6d1ef7d7a68d907ad25009d745995d0fb8b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/",
- "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch",
- "https://seclists.org/fulldisclosure/2020/Aug/5",
- "https://github.com/rapid7/metasploit-framework/pull/13970",
- },
- },
- {
- ID: "CVE-2020-7374",
- Path: "2020/7xxx/CVE-2020-7374.json",
- BlobHash: "50f8d93bd534eca7a19b71f5382b45bd9edf2184",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/pull/13517",
- },
- },
- {
- ID: "CVE-2020-7376",
- Path: "2020/7xxx/CVE-2020-7376.json",
- BlobHash: "b02deb95087b967deecf7d38798c5911b83fac9b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/issues/14008",
- },
- },
- {
- ID: "CVE-2020-7377",
- Path: "2020/7xxx/CVE-2020-7377.json",
- BlobHash: "c0445d606b0d11cd189e76b89becf639d8759b33",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/issues/14015",
- },
- },
- {
- ID: "CVE-2020-7384",
- Path: "2020/7xxx/CVE-2020-7384.json",
- BlobHash: "4298e0db8998a490bb824c59441bc7717a386d1d",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/pull/14288",
- "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html",
- "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html",
- },
- },
- {
- ID: "CVE-2020-7385",
- Path: "2020/7xxx/CVE-2020-7385.json",
- BlobHash: "80d92ca5cd5254a78026a9a0d88cc472ce0c380a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/pull/14300",
- "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/",
- "https://github.com/rapid7/metasploit-framework/pull/14335",
- },
- },
- {
- ID: "CVE-2021-20178",
- Path: "2021/20xxx/CVE-2021-20178.json",
- BlobHash: "50b35aeab3824833e3271f70c8065c7c7c68bc4a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/",
- "https://bugzilla.redhat.com/show_bug.cgi?id=1914774",
- "https://github.com/ansible-collections/community.general/pull/1635,",
- "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,",
- },
- },
- {
- ID: "CVE-2021-20228",
- Path: "2021/20xxx/CVE-2021-20228.json",
- BlobHash: "cd16c86e6dd40578a8eb273de4b4a2b752c446b6",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1925002",
- "https://github.com/ansible/ansible/pull/73487",
- "https://www.debian.org/security/2021/dsa-4950",
- },
- },
- {
- ID: "CVE-2021-20286",
- Path: "2021/20xxx/CVE-2021-20286.json",
- BlobHash: "f1c6ebcd7aeb537284708fed9791c0f7d20700d0",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://bugzilla.redhat.com/show_bug.cgi?id=1934727",
- "https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0",
- },
- },
- {
- ID: "CVE-2021-21414",
- Path: "2021/21xxx/CVE-2021-21414.json",
- BlobHash: "80520aea5534460effceda3272091a7a1ce37066",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/prisma/prisma/security/advisories/GHSA-pxcc-hj8w-fmm7",
- "https://github.com/prisma/prisma/pull/6245",
- "https://security.netapp.com/advisory/ntap-20210618-0003/",
- },
- },
- {
- ID: "CVE-2021-21428",
- Path: "2021/21xxx/CVE-2021-21428.json",
- BlobHash: "1fe1a051cdba682862d01218f90bd6ae83911fc4",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-23x4-m842-fmwf",
- "https://github.com/OpenAPITools/openapi-generator/pull/8788",
- },
- },
- {
- ID: "CVE-2021-21429",
- Path: "2021/21xxx/CVE-2021-21429.json",
- BlobHash: "92e421921a0eee55d318ba39498d378b847b9380",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-867q-77cc-98mv",
- "https://github.com/OpenAPITools/openapi-generator/pull/8795",
- },
- },
- {
- ID: "CVE-2021-21430",
- Path: "2021/21xxx/CVE-2021-21430.json",
- BlobHash: "3e236e275cd4665795513a982cd0e610a2ab9ba7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-cqxr-xf2w-943w",
- "https://github.com/OpenAPITools/openapi-generator/pull/8791",
- "https://github.com/OpenAPITools/openapi-generator/pull/8787",
- },
- },
- {
- ID: "CVE-2021-24028",
- Path: "2021/24xxx/CVE-2021-24028.json",
- BlobHash: "f818ce5d6b9e8059a0e1e29f95a73d3181a3e9c7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339",
- "https://www.facebook.com/security/advisories/cve-2021-24028",
- },
- },
- {
- ID: "CVE-2021-28682",
- Path: "2021/28xxx/CVE-2021-28682.json",
- BlobHash: "5da720ae6746d42843b2017842fc160a900ee904",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/releases",
- "https://blog.envoyproxy.io",
- "https://github.com/envoyproxy/envoy/blob/15e3b9dbcc9aaa9d391fa8033904aad1ea1ae70d/api/envoy/api/v2/cluster.proto#L36",
- },
- },
- {
- ID: "CVE-2021-28683",
- Path: "2021/28xxx/CVE-2021-28683.json",
- BlobHash: "ad0312f4c9586388b57cf8913e479143479c4245",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/releases",
- "https://blog.envoyproxy.io",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg",
- },
- },
- {
- ID: "CVE-2021-29133",
- Path: "2021/29xxx/CVE-2021-29133.json",
- BlobHash: "62bf66f86b66abb05496ed7c8b1aaf7790c86302",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/rapid7/metasploit-framework/pull/14833",
- "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12539",
- "https://twitter.com/steaIth/status/1364940271054712842",
- "https://github.com/rapid7/metasploit-framework/pull/14833/commits/5bf6b2d094deb22fa8183ce161b90cbe4fd40a70",
- },
- },
- {
- ID: "CVE-2021-29258",
- Path: "2021/29xxx/CVE-2021-29258.json",
- BlobHash: "8bcb6f82b7662b63fd0a7a483b3782a9ebede6ce",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://blog.envoyproxy.io",
- "https://github.com/envoyproxy/envoy-setec/pull/230",
- "https://github.com/envoyproxy/envoy/releases/tag/v1.14.0",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg",
- },
- },
- {
- ID: "CVE-2021-29492",
- Path: "2021/29xxx/CVE-2021-29492.json",
- BlobHash: "d79a2d53d94c9cafa72549ee521b32f8752aa38f",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf",
- },
- },
- {
- ID: "CVE-2021-32777",
- Path: "2021/32xxx/CVE-2021-32777.json",
- BlobHash: "e4dfaf518c221d984e013e1b1d0ea947d3a8af5a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h",
- "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
- },
- },
- {
- ID: "CVE-2021-32778",
- Path: "2021/32xxx/CVE-2021-32778.json",
- BlobHash: "2c24f3a23493dd734db2db4404ef653bbe493e21",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc",
- },
- },
- {
- ID: "CVE-2021-32779",
- Path: "2021/32xxx/CVE-2021-32779.json",
- BlobHash: "e485a50765f62cfec6883c9373b0d95fae72b6a5",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9",
- },
- },
- {
- ID: "CVE-2021-32780",
- Path: "2021/32xxx/CVE-2021-32780.json",
- BlobHash: "85bbb6610a44fe89836be60f9b870847bf6c5414",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8",
- },
- },
- {
- ID: "CVE-2021-32781",
- Path: "2021/32xxx/CVE-2021-32781.json",
- BlobHash: "73d368a39f8ffb2ef9a9bd18b558a6b17a3836f3",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv",
- },
- },
- {
- ID: "CVE-2021-32810",
- Path: "2021/32xxx/CVE-2021-32810.json",
- BlobHash: "fa6df001b0ffc0ee223cff322ae170e7e4a83c85",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/",
- },
- },
- {
- ID: "CVE-2021-36753",
- Path: "2021/36xxx/CVE-2021-36753.json",
- BlobHash: "803ea8792bf35d2561f847100bc95e2a4b1a201f",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/sharkdp/bat/releases/tag/v0.18.2",
- "https://github.com/sharkdp/bat/pull/1724",
- "https://github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956",
- "https://vuln.ryotak.me/advisories/53",
- },
- },
- {
- ID: "CVE-2021-36979",
- Path: "2021/36xxx/CVE-2021-36979.json",
- BlobHash: "0109f84612789077ebc45dadecb42733a511436a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unicorn/OSV-2020-2305.yaml",
- "https://github.com/unicorn-engine/unicorn/commit/bf1713d9e011b55ca1f502a6779fc4722b4bb077",
- "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30391",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZ6LOCJXHQVU6SCJLFDJINBOVJYYENLX/",
- },
- },
- {
- ID: "CVE-2021-39204",
- Path: "2021/39xxx/CVE-2021-39204.json",
- BlobHash: "c31bab15245849dd6d7a376d51ca2ae738088740",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc",
- "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r",
- },
- },
- {
- ID: "CVE-2021-39206",
- Path: "2021/39xxx/CVE-2021-39206.json",
- BlobHash: "c24982e6d4d40e56c77c8ccba12ff2e8ff56a2e3",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h",
- "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ",
- "https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm",
- },
- },
- {
- ID: "CVE-2021-40330",
- Path: "2021/40xxx/CVE-2021-40330.json",
- BlobHash: "714eaaec31d0b5e6a49bb8eed8aeebdbc926411e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473",
- "https://github.com/git/git/compare/v2.30.0...v2.30.1",
- },
- },
- {
- ID: "CVE-2021-42840",
- Path: "2021/42xxx/CVE-2021-42840.json",
- BlobHash: "3199db8c5c41f5f9cf7af06983c63480219de0ad",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_19",
- "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/linux/http/suitecrm_log_file_rce.rb",
- "https://suitecrm.com/time-to-upgrade-suitecrm-7-11-19-7-10-30-lts-released/",
- "https://theyhack.me/SuiteCRM-RCE-2/",
- },
- },
- {
- ID: "CVE-2021-29923",
- Path: "2021/29xxx/CVE-2021-29923.json",
- BlobHash: "dab85989329b57c06e385579c44efb6cfc300e43",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://golang.org/pkg/net/#ParseCIDR",
- "https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis",
- "https://github.com/golang/go/issues/43389",
- "https://github.com/golang/go/issues/30999",
- "https://go-review.googlesource.com/c/go/+/325829/",
- "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-016.md",
- },
- },
- {
- ID: "CVE-2020-13310",
- Path: "2020/13xxx/CVE-2020-13310.json",
- BlobHash: "7cd357bf2c1460f3b80fe135424f6a8411ef2f13",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/25857",
- "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26819",
- "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13310.json",
- },
- },
- {
- ID: "CVE-2020-13327",
- Path: "2020/13xxx/CVE-2020-13327.json",
- BlobHash: "3fc59d299603ae42a7165cc5a3debc87b2b7002f",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833",
- "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json",
- },
- },
- {
- ID: "CVE-2020-13347",
- Path: "2020/13xxx/CVE-2020-13347.json",
- BlobHash: "2e453e6a559269ae47d324b14d9aaae11b3f351b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725",
- "https://hackerone.com/reports/955016",
- "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13347.json",
- },
- },
- {
- ID: "CVE-2020-13353",
- Path: "2020/13xxx/CVE-2020-13353.json",
- BlobHash: "911fa5d5929386aee980fa3187448a9053a786df",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://gitlab.com/gitlab-org/gitaly/-/issues/2882",
- "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13353.json",
- },
- },
- {
- ID: "CVE-2020-13845",
- Path: "2020/13xxx/CVE-2020-13845.json",
- BlobHash: "313900e146d8d42def520ab271a1b3d78d62301c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://medium.com/sylabs",
- "https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html",
- },
- },
- {
- ID: "CVE-2020-13846",
- Path: "2020/13xxx/CVE-2020-13846.json",
- BlobHash: "9caeed25e378f0e8d425f90bb19fe518f3b3a899",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://medium.com/sylabs",
- "https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html",
- },
- },
- {
- ID: "CVE-2020-13847",
- Path: "2020/13xxx/CVE-2020-13847.json",
- BlobHash: "82d6c63dc2d47ae8754b463988aa605284accd1c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://medium.com/sylabs",
- "https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html",
- },
- },
- {
- ID: "CVE-2020-14160",
- Path: "2020/14xxx/CVE-2020-14160.json",
- BlobHash: "51eb7d117e7bd980078a7f2a088d95f9105964e7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/thecodingmachine/gotenberg/releases",
- "https://github.com/gotenberg/gotenberg/pull/319",
- "https://github.com/gotenberg/gotenberg/issues/215",
- },
- },
- {
- ID: "CVE-2020-14161",
- Path: "2020/14xxx/CVE-2020-14161.json",
- BlobHash: "8f72b91defab16b58752054a16ae449ebc1e02a7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/thecodingmachine/gotenberg/releases",
- "https://github.com/gotenberg/gotenberg/pull/319",
- "https://github.com/gotenberg/gotenberg/issues/215",
- },
- },
- {
- ID: "CVE-2020-15167",
- Path: "2020/15xxx/CVE-2020-15167.json",
- BlobHash: "159a98e2ec15033ac2dff0974f08c3c99e21cb60",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw",
- },
- },
- {
- ID: "CVE-2020-15229",
- Path: "2020/15xxx/CVE-2020-15229.json",
- BlobHash: "e7356211754fca1064f13e28d59f1c001a02a81e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9",
- "https://github.com/hpcng/singularity/blob/v3.6.4/CHANGELOG.md#security-related-fixes",
- "https://github.com/hpcng/singularity/pull/5611",
- "https://github.com/hpcng/singularity/commit/eba3dea260b117198fdb6faf41f2482ab2f8d53e",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00071.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00070.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00009.html",
- },
- },
- {
- ID: "CVE-2020-24130",
- Path: "2020/24xxx/CVE-2020-24130.json",
- BlobHash: "8f737e195225cf0bb2de6bf71dc3bf9feb11b760",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ponzu-cms/ponzu/issues/352",
- },
- },
- {
- ID: "CVE-2020-25039",
- Path: "2020/25xxx/CVE-2020-25039.json",
- BlobHash: "e965e78bee0c636576ba83f71a25fcb3a0181d3b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://medium.com/sylabs",
- "https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7",
- "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html",
- },
- },
- {
- ID: "CVE-2020-25040",
- Path: "2020/25xxx/CVE-2020-25040.json",
- BlobHash: "50f05f51bb6868732e263eff7b722f00da7bbd73",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://medium.com/sylabs",
- "https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762",
- "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html",
- "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html",
- },
- },
- {
- ID: "CVE-2020-26213",
- Path: "2020/26xxx/CVE-2020-26213.json",
- BlobHash: "20029afa2dd5b4fbf4c5490e84f286a2659db36a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf",
- "https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e",
- },
- },
- {
- ID: "CVE-2020-27519",
- Path: "2020/27xxx/CVE-2020-27519.json",
- BlobHash: "f0c95b5e1dd505ed2db06446781ed10393e20685",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/pritunl/pritunl-client-electron/commit/c0aeb159351e5e99d752c27b87133eca299bdfce",
- "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e",
- "https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e#diff-5c6a264bee3576f2a147b8db70332e9a16dd43d073782cf6d32a372abb22b899",
- },
- },
- {
- ID: "CVE-2020-28366",
- Path: "2020/28xxx/CVE-2020-28366.json",
- BlobHash: "6991618a3e0e5c49ef2ef9f453da30bb0779e265",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E",
- "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM",
- "https://github.com/golang/go/issues/42559",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/",
- "https://security.netapp.com/advisory/ntap-20201202-0004/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/",
- },
- },
- {
- ID: "CVE-2020-28367",
- Path: "2020/28xxx/CVE-2020-28367.json",
- BlobHash: "cd73325803765fa1c55de87365a65f199a74c866",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E",
- "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM",
- "https://github.com/golang/go/issues/42556",
- "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/",
- "https://security.netapp.com/advisory/ntap-20201202-0004/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/",
- },
- },
- {
- ID: "CVE-2020-8561",
- Path: "2020/8xxx/CVE-2020-8561.json",
- BlobHash: "ca573e983eedfed22be7e1a98a59adf2cf9cd50c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY",
- "https://github.com/kubernetes/kubernetes/issues/104720",
- "https://security.netapp.com/advisory/ntap-20211014-0002/",
- },
- },
- {
- ID: "CVE-2021-21405",
- Path: "2021/21xxx/CVE-2021-21405.json",
- BlobHash: "e50c2ee4ba2140aa0bfaa9e546009e4ac8ff8de2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh",
- "https://github.com/filecoin-project/lotus/pull/5393",
- "https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754",
- },
- },
- {
- ID: "CVE-2021-22171",
- Path: "2021/22xxx/CVE-2021-22171.json",
- BlobHash: "ee360b2a23c43ae3ebb32b598a41b50effec89c1",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://gitlab.com/gitlab-org/gitlab-pages/-/issues/262",
- "https://hackerone.com/reports/718460",
- "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22171.json",
- },
- },
- {
- ID: "CVE-2021-23135",
- Path: "2021/23xxx/CVE-2021-23135.json",
- BlobHash: "cee4ec6914399f20ea06d886b121240ef93f8540",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/argoproj/argo-cd/security/advisories/GHSA-fp89-h8pj-8894",
- },
- },
- {
- ID: "CVE-2021-23365",
- Path: "2021/23xxx/CVE-2021-23365.json",
- BlobHash: "45c75417820cd9b136d5b6bf1edf878195f74e94",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720",
- "https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1",
- "https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0",
- "https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0",
- "https://github.com/TykTechnologies/tyk-identity-broker/pull/147",
- },
- },
- {
- ID: "CVE-2021-25735",
- Path: "2021/25xxx/CVE-2021-25735.json",
- BlobHash: "3f5c4b437b8a9310c213dffe734c9337ba9a7576",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y",
- "https://github.com/kubernetes/kubernetes/issues/100096",
- },
- },
- {
- ID: "CVE-2021-25737",
- Path: "2021/25xxx/CVE-2021-25737.json",
- BlobHash: "a6b8bfd7fca6a044b0c10610f92893f8f69379c8",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY",
- "https://github.com/kubernetes/kubernetes/issues/102106",
- "https://security.netapp.com/advisory/ntap-20211004-0004/",
- },
- },
- {
- ID: "CVE-2021-25740",
- Path: "2021/25xxx/CVE-2021-25740.json",
- BlobHash: "e874709f3750d1c9268d336c394782938c48c4bf",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE",
- "https://github.com/kubernetes/kubernetes/issues/103675",
- "https://security.netapp.com/advisory/ntap-20211014-0001/",
- },
- },
- {
- ID: "CVE-2021-25741",
- Path: "2021/25xxx/CVE-2021-25741.json",
- BlobHash: "cac9e5adfb3e98a5c5c54a252162bc8b3ada6766",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s",
- "https://github.com/kubernetes/kubernetes/issues/104980",
- "https://security.netapp.com/advisory/ntap-20211008-0006/",
- },
- },
- {
- ID: "CVE-2021-25742",
- Path: "2021/25xxx/CVE-2021-25742.json",
- BlobHash: "699711e000a62d13a49883b05ef2b44e28cc4f29",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY",
- "https://github.com/kubernetes/ingress-nginx/issues/7837",
- },
- },
- {
- ID: "CVE-2021-25938",
- Path: "2021/25xxx/CVE-2021-25938.json",
- BlobHash: "d5637fccdb0180cd9374f04cdbb946dd234cfa96",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25938",
- "https://github.com/arangodb/arangodb/commit/3e486b9bc33cc97e92645dd279899000e57f61f4",
- },
- },
- {
- ID: "CVE-2021-28484",
- Path: "2021/28xxx/CVE-2021-28484.json",
- BlobHash: "8fcc74408f9fff2820874075922283099d7f4410",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/Yubico/yubihsm-connector/releases",
- "https://www.yubico.com/support/security-advisories/ysa-2021-02/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7Q2KGXSPQEEONAWMFZRVH2TXWX3QPCQ/",
- },
- },
- {
- ID: "CVE-2021-29453",
- Path: "2021/29xxx/CVE-2021-29453.json",
- BlobHash: "8044d8edbac082ac621b8508d44f6c7247b72832",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h",
- "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1&ordering=last_updated",
- "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7",
- },
- },
- {
- ID: "CVE-2021-29456",
- Path: "2021/29xxx/CVE-2021-29456.json",
- BlobHash: "2485e06666aae92f966d08281365f8416a6c4246",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/authelia/authelia/security/advisories/GHSA-36f2-fcrx-fp4j",
- },
- },
- {
- ID: "CVE-2021-29499",
- Path: "2021/29xxx/CVE-2021-29499.json",
- BlobHash: "e683e6ade287e30bec69fe6c4573b4f84f310445",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg",
- },
- },
- {
- ID: "CVE-2021-29622",
- Path: "2021/29xxx/CVE-2021-29622.json",
- BlobHash: "22e401d7a48e58d80e5e93f518bdf3a302bd2260",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7",
- "https://github.com/prometheus/prometheus/releases/tag/v2.26.1",
- "https://github.com/prometheus/prometheus/releases/tag/v2.27.1",
- },
- },
- {
- ID: "CVE-2021-30465",
- Path: "2021/30xxx/CVE-2021-30465.json",
- BlobHash: "b2b45802777545ebcb2fef020e36c662610d597e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/opencontainers/runc/releases",
- "http://www.openwall.com/lists/oss-security/2021/05/19/2",
- "http://www.openwall.com/lists/oss-security/2021/05/19/2",
- "https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/",
- "https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f",
- "https://bugzilla.opensuse.org/show_bug.cgi?id=1185405",
- "https://security.netapp.com/advisory/ntap-20210708-0003/",
- "https://security.gentoo.org/glsa/202107-26",
- },
- },
- {
- ID: "CVE-2021-30476",
- Path: "2021/30xxx/CVE-2021-30476.json",
- BlobHash: "63d79129b97316fe9215582418c27fa025dd8b85",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/hashicorp/terraform-provider-vault/issues/996",
- "https://discuss.hashicorp.com/t/hcsec-2021-11-terraform-s-vault-provider-did-not-correctly-configure-bound-labels-for-gcp-auth/23464/2",
- },
- },
- {
- ID: "CVE-2021-31232",
- Path: "2021/31xxx/CVE-2021-31232.json",
- BlobHash: "0570a0ea0701c0633dda797b1621f39253bc8d9a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://community.grafana.com/c/security-announcements",
- "https://github.com/cortexproject/cortex",
- "https://github.com/cortexproject/cortex/pull/4129/files",
- "https://lists.cncf.io/g/cortex-users/message/50",
- },
- },
- {
- ID: "CVE-2021-31856",
- Path: "2021/31xxx/CVE-2021-31856.json",
- BlobHash: "5acbf03a44123d8658d593d0eeb77a2c55ffca66",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://meshery.io",
- "https://github.com/layer5io/meshery/pull/2745",
- },
- },
- {
- ID: "CVE-2021-32574",
- Path: "2021/32xxx/CVE-2021-32574.json",
- BlobHash: "605868ceccc4470e014b25dbae4699e72a4d1981",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/consul",
- "https://github.com/hashicorp/consul/releases/tag/v1.10.1",
- "https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856",
- },
- },
- {
- ID: "CVE-2021-32635",
- Path: "2021/32xxx/CVE-2021-32635.json",
- BlobHash: "56b7204981e734a6855cfbc04c297fbac7fe3044",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/sylabs/singularity/security/advisories/GHSA-5mv9-q7fq-9394",
- "https://github.com/sylabs/singularity/releases/tag/v3.7.4",
- "https://security.gentoo.org/glsa/202107-50",
- },
- },
- {
- ID: "CVE-2021-32637",
- Path: "2021/32xxx/CVE-2021-32637.json",
- BlobHash: "fe6638d9fa572c51137cd56d822d9ce0485d302b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/authelia/authelia/security/advisories/GHSA-68wm-pfjf-wqp6",
- "https://github.com/authelia/authelia/commit/c62dbd43d6e69ae81530e7c4f8763857f8ff1dda",
- },
- },
- {
- ID: "CVE-2021-32690",
- Path: "2021/32xxx/CVE-2021-32690.json",
- BlobHash: "883bf8bc3e58c594c5985f5ae4b3072ddcae73cc",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf",
- "https://github.com/helm/helm/releases/tag/v3.6.1",
- },
- },
- {
- ID: "CVE-2021-32699",
- Path: "2021/32xxx/CVE-2021-32699.json",
- BlobHash: "944ca62f5ac741204313067ab60820f0d472fa6e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/pterodactyl/wings/security/advisories/GHSA-jj6m-r8jc-2gp7",
- "https://github.com/pterodactyl/wings/commit/e0078eee0a71d61573a94c75e6efcad069d78de3",
- },
- },
- {
- ID: "CVE-2021-32701",
- Path: "2021/32xxx/CVE-2021-32701.json",
- BlobHash: "15008d02418867070e9fc905f95ae1fb42cba49e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr",
- "https://github.com/ory/oathkeeper/pull/424",
- "https://github.com/ory/oathkeeper/commit/1f9f625c1a49e134ae2299ee95b8cf158feec932",
- },
- },
- {
- ID: "CVE-2021-32753",
- Path: "2021/32xxx/CVE-2021-32753.json",
- BlobHash: "7b93f19ea0987ced2c4b529037587002ccdb0343",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/edgexfoundry/edgex-go/security/advisories/GHSA-xph4-vmcc-52gh",
- "https://docs.konghq.com/hub/kong-inc/oauth2/#create-a-consumer",
- },
- },
- {
- ID: "CVE-2021-32760",
- Path: "2021/32xxx/CVE-2021-32760.json",
- BlobHash: "279418d78ca95f250eeba875782939e42c7768e4",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w",
- "https://github.com/containerd/containerd/releases/tag/v1.4.8",
- "https://github.com/containerd/containerd/releases/tag/v1.5.4",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/",
- },
- },
- {
- ID: "CVE-2021-32783",
- Path: "2021/32xxx/CVE-2021-32783.json",
- BlobHash: "a553d154d3e283d95c36ba1b7f30ba81986f3e66",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc",
- "https://github.com/projectcontour/contour/commit/b53a5c4fd927f4ea2c6cf02f1359d8e28bef852e",
- "https://github.com/projectcontour/contour/releases/tag/v1.17.1",
- },
- },
- {
- ID: "CVE-2021-32787",
- Path: "2021/32xxx/CVE-2021-32787.json",
- BlobHash: "111c9aac564a691e9f0f3566014d9c42772bdfda",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-mq5p-477h-xgwv",
- "https://github.com/sourcegraph/sourcegraph/commit/6e51f4546368d959a1f9f173d16e5f20c55deb56",
- },
- },
- {
- ID: "CVE-2021-32813",
- Path: "2021/32xxx/CVE-2021-32813.json",
- BlobHash: "87595735b655c68d591273e6c074c1c9849f5c82",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg",
- "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9",
- "https://github.com/traefik/traefik/releases/tag/v2.4.13",
- },
- },
- {
- ID: "CVE-2021-32825",
- Path: "2021/32xxx/CVE-2021-32825.json",
- BlobHash: "10172d66709a990388265b554b15055cc5805c84",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://securitylab.github.com/advisories/GHSL-2020-258-zipslip-bblfshd/",
- "https://github.com/bblfsh/bblfshd/pull/341",
- "https://github.com/bblfsh/bblfshd/commit/4265465b9b6fb5663c30ee43806126012066aad4",
- },
- },
- {
- ID: "CVE-2021-33359",
- Path: "2021/33xxx/CVE-2021-33359.json",
- BlobHash: "cbaa0c546331dd81b5ad92df3916c4fba0196538",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://twitter.com/leonjza/status/1395283512433971202?s=19",
- "https://github.com/sensepost/gowitness/releases/tag/2.3.6",
- },
- },
- {
- ID: "CVE-2021-33496",
- Path: "2021/33xxx/CVE-2021-33496.json",
- BlobHash: "55e30234009babb3188900f48b274637bc73f933",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/dutchcoders/transfer.sh/releases/tag/v1.2.4",
- "https://github.com/dutchcoders/transfer.sh/commit/9df18fdc69de2e71f30d8c1e6bfab2fda2e52eb4",
- "https://vuln.ryotak.me/advisories/43",
- "https://github.com/dutchcoders/transfer.sh/pull/373",
- "https://github.com/dutchcoders/transfer.sh/releases/tag/v1.2.4",
- },
- },
- {
- ID: "CVE-2021-33497",
- Path: "2021/33xxx/CVE-2021-33497.json",
- BlobHash: "3949236218b74996c901e31fe55ab91baf3630e1",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/dutchcoders/transfer.sh/releases/tag/v1.2.4",
- "https://github.com/dutchcoders/transfer.sh/pull/373",
- "https://github.com/dutchcoders/transfer.sh/releases/tag/v1.2.4",
- "https://vuln.ryotak.me/advisories/44",
- },
- },
- {
- ID: "CVE-2021-33708",
- Path: "2021/33xxx/CVE-2021-33708.json",
- BlobHash: "57c373130cbb668146555d7756e86f8b076314b6",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/kyma-project/kyma/security/advisories/GHSA-f2jp-5gj4-q9c9",
- },
- },
- {
- ID: "CVE-2021-34824",
- Path: "2021/34xxx/CVE-2021-34824.json",
- BlobHash: "8f2ff5b0bd5379d457c80ccc26c7b808c27690f7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/istio/istio/releases",
- "https://istio.io/latest/news/security/istio-security-2021-007",
- },
- },
- {
- ID: "CVE-2021-35206",
- Path: "2021/35xxx/CVE-2021-35206.json",
- BlobHash: "7ef18a1f48caf3f6166b1695aa95c45d96952937",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gitpod-io/gitpod/pull/2879",
- "https://github.com/gitpod-io/gitpod/pull/2879#issuecomment-865662372",
- "https://github.com/gitpod-io/gitpod/pull/4567",
- "https://www.gitpod.io/changelog",
- "https://github.com/gitpod-io/gitpod/blob/main/CHANGELOG.md",
- "https://github.com/gitpod-io/gitpod/commit/8ca431f86ae3a6f9a17afcfed51cdd065fcff1a5",
- "https://github.com/gitpod-io/gitpod/compare/0.6.0-beta5...0.6.0",
- "https://github.com/gitpod-io/gitpod/pull/4567/commits/f78b7d18e509e28e71b65bbd4dfd52c16ca57c18",
- },
- },
- {
- ID: "CVE-2021-36156",
- Path: "2021/36xxx/CVE-2021-36156.json",
- BlobHash: "9d0d0ef84b543b266a69e02aa00ff7ba29809c7f",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/loki/pull/4020#issue-694377133",
- "https://github.com/grafana/loki/releases/tag/v2.3.0",
- },
- },
- {
- ID: "CVE-2021-36157",
- Path: "2021/36xxx/CVE-2021-36157.json",
- BlobHash: "ec95fdaef628a0297c479358998c88ea12f2c603",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://grafana.com/docs/grafana/latest/release-notes/",
- "https://github.com/cortexproject/cortex/pull/4375",
- },
- },
- {
- ID: "CVE-2021-3619",
- Path: "2021/3xxx/CVE-2021-3619.json",
- BlobHash: "c859a1ac13dbac52ee0092a7d5d64fae2395fe21",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/Velocidex/velociraptor/pull/1118",
- "https://github.com/Velocidex/velociraptor/releases/tag/v0.6.0",
- },
- },
- {
- ID: "CVE-2021-36213",
- Path: "2021/36xxx/CVE-2021-36213.json",
- BlobHash: "18ed08f2a33af3a0f6b947e379938ddb12921a61",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://www.hashicorp.com/blog/category/consul",
- "https://github.com/hashicorp/consul/releases/tag/v1.10.1",
- "https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855",
- },
- },
- {
- ID: "CVE-2021-36371",
- Path: "2021/36xxx/CVE-2021-36371.json",
- BlobHash: "066ff55a14fccd1ecc0e8474d6af1f87d92a42e2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/emissary-ingress/emissary/issues/3340",
- "https://github.com/emissary-ingress/emissary/releases/tag/v2.0.0-ea",
- },
- },
- {
- ID: "CVE-2021-37794",
- Path: "2021/37xxx/CVE-2021-37794.json",
- BlobHash: "179935f10dc1958e8dd81d2e266e80ca0977bc5a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/filebrowser/filebrowser",
- "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c",
- "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd",
- },
- },
- {
- ID: "CVE-2021-37914",
- Path: "2021/37xxx/CVE-2021-37914.json",
- BlobHash: "67d450b953010ee669b4fd40a861228bd139043e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/argoproj/argo-workflows/issues/6441",
- "https://github.com/argoproj/argo-workflows/pull/6442",
- },
- },
- {
- ID: "CVE-2021-38197",
- Path: "2021/38xxx/CVE-2021-38197.json",
- BlobHash: "2f4735c4baaa366f46e2b8c2779900aff4c8039e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gen2brain/go-unarr/issues/21",
- },
- },
- {
- ID: "CVE-2021-38599",
- Path: "2021/38xxx/CVE-2021-38599.json",
- BlobHash: "ea12d5bb450569cc84f0582b1199fa9c08ef2933",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/wal-g/wal-g/pull/1062",
- "https://github.com/wal-g/wal-g/commit/cadf598e1c2a345915a21a44518c5a4d5401e2e3",
- },
- },
- {
- ID: "CVE-2021-39155",
- Path: "2021/39xxx/CVE-2021-39155.json",
- BlobHash: "778d2ac7f21017002c54664bf333cd33da164475",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/istio/istio/security/advisories/GHSA-7774-7vr3-cc8j",
- "https://datatracker.ietf.org/doc/html/rfc4343",
- },
- },
- {
- ID: "CVE-2021-39156",
- Path: "2021/39xxx/CVE-2021-39156.json",
- BlobHash: "e310b27a1b9721d7b7fbe895a58dd5cf4a8b21be",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/istio/istio/security/advisories/GHSA-hqxw-mm44-gc4r",
- "https://istio.io/latest/news/security/istio-security-2021-008",
- },
- },
- {
- ID: "CVE-2021-39162",
- Path: "2021/39xxx/CVE-2021-39162.json",
- BlobHash: "b9cdd71f685a644e41ea3daf957e183f291ec42b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ",
- "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv",
- "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8",
- },
- },
- {
- ID: "CVE-2021-39226",
- Path: "2021/39xxx/CVE-2021-39226.json",
- BlobHash: "fb2769bb898a587471b696a0834dd8804ca67ec8",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9",
- "https://github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269",
- "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11/",
- "https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/",
- "http://www.openwall.com/lists/oss-security/2021/10/05/4",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG/",
- "https://security.netapp.com/advisory/ntap-20211029-0008/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT/",
- },
- },
- {
- ID: "CVE-2021-39391",
- Path: "2021/39xxx/CVE-2021-39391.json",
- BlobHash: "8402a2f31728ba6755cceff3699544d9f08d01bf",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/beego/beego",
- "https://github.com/beego/beego/issues/4727",
- },
- },
- {
- ID: "CVE-2021-41087",
- Path: "2021/41xxx/CVE-2021-41087.json",
- BlobHash: "8ab85481712fba4381a88a864b705486f0e7b914",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/in-toto/in-toto-golang/security/advisories/GHSA-vrxp-mg9f-hwf3",
- "https://github.com/in-toto/in-toto-golang/commit/f2c57d1e0f15e3ffbeac531829c696b72ecc4290",
- },
- },
- {
- ID: "CVE-2021-41088",
- Path: "2021/41xxx/CVE-2021-41088.json",
- BlobHash: "6f2897cf788d501820cc75ce512ffa5ebd4c9400",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r",
- "https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5",
- },
- },
- {
- ID: "CVE-2021-41089",
- Path: "2021/41xxx/CVE-2021-41089.json",
- BlobHash: "8e3dd2218832af1569b7578dc4e23e1fd56f1784",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4",
- "https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/",
- },
- },
- {
- ID: "CVE-2021-41091",
- Path: "2021/41xxx/CVE-2021-41091.json",
- BlobHash: "23cf8221c5b8adfa5057d8bcdd8cc757a907200a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558",
- "https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/",
- },
- },
- {
- ID: "CVE-2021-41092",
- Path: "2021/41xxx/CVE-2021-41092.json",
- BlobHash: "3528357553b0533d45be6aa0c13fd83715e0bb15",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v",
- "https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/",
- },
- },
- {
- ID: "CVE-2021-41103",
- Path: "2021/41xxx/CVE-2021-41103.json",
- BlobHash: "24f2712dc073ec3fee0753bc409cbaeea0fe2fa6",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq",
- "https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/",
- "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/",
- },
- },
- {
- ID: "CVE-2021-41137",
- Path: "2021/41xxx/CVE-2021-41137.json",
- BlobHash: "1433feb43b40beaffc27093e708bcb272437ddbf",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c",
- "https://github.com/minio/minio/pull/13388",
- "https://github.com/minio/minio/pull/13422",
- "https://github.com/minio/minio/commit/415bbc74aacd53a120e54a663e941b1809982dbd",
- },
- },
- {
- ID: "CVE-2021-41174",
- Path: "2021/41xxx/CVE-2021-41174.json",
- BlobHash: "a84c9346b2b0e88a6f206b9fa612a7f506da8ea3",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8",
- "https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912",
- "https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82",
- "https://github.com/grafana/grafana/commit/fb85ed691290d211a5baa44d9a641ab137f0de88",
- },
- },
- {
- ID: "CVE-2021-41232",
- Path: "2021/41xxx/CVE-2021-41232.json",
- BlobHash: "03cbc34ec7c53dff3e4573006562c694508825de",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj",
- "https://github.com/github/securitylab/issues/464#issuecomment-957094994",
- "https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1",
- },
- },
- {
- ID: "CVE-2021-41323",
- Path: "2021/41xxx/CVE-2021-41323.json",
- BlobHash: "76168e1c24904e7374c083aa32f9e8c8a475e16b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212",
- "https://github.com/pydio/cells/releases/tag/v2.2.12",
- "https://charonv.net/Pydio-Broken-Access-Control/",
- },
- },
- {
- ID: "CVE-2021-41324",
- Path: "2021/41xxx/CVE-2021-41324.json",
- BlobHash: "b2ba9608b619b4ce47e5bf2239d1482a1b680265",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212",
- "https://github.com/pydio/cells/releases/tag/v2.2.12",
- "https://charonv.net/Pydio-Broken-Access-Control/",
- },
- },
- {
- ID: "CVE-2021-41325",
- Path: "2021/41xxx/CVE-2021-41325.json",
- BlobHash: "c7c2ac019e227d233f5733f17e4f6abc99cc17ef",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212",
- "https://github.com/pydio/cells/releases/tag/v2.2.12",
- "https://charonv.net/Pydio-Broken-Access-Control/",
- },
- },
- {
- ID: "CVE-2021-41393",
- Path: "2021/41xxx/CVE-2021-41393.json",
- BlobHash: "9865ab8e9aac1d03024f5a1305c9d80c79735543",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gravitational/teleport/releases/tag/v4.4.11",
- "https://github.com/gravitational/teleport/releases/tag/v5.2.4",
- "https://github.com/gravitational/teleport/releases/tag/v6.2.12",
- "https://github.com/gravitational/teleport/releases/tag/v7.1.1",
- },
- },
- {
- ID: "CVE-2021-41394",
- Path: "2021/41xxx/CVE-2021-41394.json",
- BlobHash: "5dc255b26a37d4389ea61aec66232093a9ea20a9",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gravitational/teleport/releases/tag/v4.4.11",
- "https://github.com/gravitational/teleport/releases/tag/v5.2.4",
- "https://github.com/gravitational/teleport/releases/tag/v6.2.12",
- "https://github.com/gravitational/teleport/releases/tag/v7.1.1",
- },
- },
- {
- ID: "CVE-2021-41395",
- Path: "2021/41xxx/CVE-2021-41395.json",
- BlobHash: "e58a6e110d9acd93706bab3e7a5e9fc665bd656c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/gravitational/teleport/releases/tag/v6.2.12",
- "https://github.com/gravitational/teleport/releases/tag/v7.1.1",
- },
- },
- {
- ID: "CVE-2021-41593",
- Path: "2021/41xxx/CVE-2021-41593.json",
- BlobHash: "0108f99fc4ed25f3acd954bf4830add92437717d",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html",
- "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing",
- "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html",
- "https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta",
- "https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md",
- "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003264.html",
- },
- },
- {
- ID: "CVE-2021-42650",
- Path: "2021/42xxx/CVE-2021-42650.json",
- BlobHash: "de895b4af7f1f60675ebaff00f41d347ccd85dbf",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/portainer/portainer/pull/5766",
- "https://github.com/purple-WL/Security-vulnerability/blob/main/Portainer%20Custom%20Templates%20xss",
- },
- },
- {
- ID: "CVE-2020-22741",
- Path: "2020/22xxx/CVE-2020-22741.json",
- BlobHash: "17a8a16d638c7fecf8cf2b1ae0f561c7dd582a8c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/xuperchain/xuperchain/issues/782",
- },
- },
- {
- ID: "CVE-2020-26772",
- Path: "2020/26xxx/CVE-2020-26772.json",
- BlobHash: "e0f30b99bb5f1c8434c9d77e29de8a7af01d3a70",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://blog.csdn.net/qq_33020901/article/details/108938473",
- "https://github.com/george518/PPGo_Job/issues/56",
- },
- },
- {
- ID: "CVE-2021-36605",
- Path: "2021/36xxx/CVE-2021-36605.json",
- BlobHash: "3a4475f7ccdeb8c589d017cf0af793f99242fb73",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/3xxx/engineercms/issues/52",
- },
- },
- {
- ID: "CVE-2021-29512",
- Path: "2021/29xxx/CVE-2021-29512.json",
- BlobHash: "d6e37e85c6fc99c4ca1b8783754af95861152e47",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4278-2v5v-65r4",
- "https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5",
- },
- },
- {
- ID: "CVE-2021-29513",
- Path: "2021/29xxx/CVE-2021-29513.json",
- BlobHash: "b40c2f218ef427a889e4d69a4f5d31d4485f23ff",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-452g-f7fp-9jf7",
- "https://github.com/tensorflow/tensorflow/commit/030af767d357d1b4088c4a25c72cb3906abac489",
- },
- },
- {
- ID: "CVE-2021-29514",
- Path: "2021/29xxx/CVE-2021-29514.json",
- BlobHash: "907b3b927cc76e65000fc552f45161519daba0e7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8h46-5m9h-7553",
- },
- },
- {
- ID: "CVE-2021-29515",
- Path: "2021/29xxx/CVE-2021-29515.json",
- BlobHash: "feeffaad27b478e59e542d1c25929a8f7daabba0",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hc6c-75p4-hmq4",
- "https://github.com/tensorflow/tensorflow/commit/a7116dd3913c4a4afd2a3a938573aa7c785fdfc6",
- },
- },
- {
- ID: "CVE-2021-29516",
- Path: "2021/29xxx/CVE-2021-29516.json",
- BlobHash: "c7a5d39f721434da563c41e71e82dd12a97d002d",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84mw-34w6-2q43",
- "https://github.com/tensorflow/tensorflow/commit/b055b9c474cd376259dde8779908f9eeaf097d93",
- },
- },
- {
- ID: "CVE-2021-29517",
- Path: "2021/29xxx/CVE-2021-29517.json",
- BlobHash: "9044b124a3c891b1c2727fa4c5ae64369b6641de",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-772p-x54p-hjrv",
- "https://github.com/tensorflow/tensorflow/commit/799f835a3dfa00a4d852defa29b15841eea9d64f",
- },
- },
- {
- ID: "CVE-2021-29518",
- Path: "2021/29xxx/CVE-2021-29518.json",
- BlobHash: "edf330bec1460bd7b97a1448601ecc61e72ca3d5",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-62gx-355r-9fhg",
- "https://github.com/tensorflow/tensorflow/commit/ff70c47a396ef1e3cb73c90513da4f5cb71bebba",
- },
- },
- {
- ID: "CVE-2021-29519",
- Path: "2021/29xxx/CVE-2021-29519.json",
- BlobHash: "d8ce4f463a1928d3856b5c21ac33f2967b931ccf",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-772j-h9xw-ffp5",
- "https://github.com/tensorflow/tensorflow/commit/b1cc5e5a50e7cee09f2c6eb48eb40ee9c4125025",
- },
- },
- {
- ID: "CVE-2021-29520",
- Path: "2021/29xxx/CVE-2021-29520.json",
- BlobHash: "8e8eeeafa130eae4cc4fa854fe9869d9b330de51",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-qrj6-9pfm",
- "https://github.com/tensorflow/tensorflow/commit/8f37b52e1320d8d72a9529b2468277791a261197",
- },
- },
- {
- ID: "CVE-2021-29521",
- Path: "2021/29xxx/CVE-2021-29521.json",
- BlobHash: "b4d1224e91843e21cee7034ae037f6eb0ed89ae0",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hr84-fqvp-48mm",
- "https://github.com/tensorflow/tensorflow/commit/c57c0b9f3a4f8684f3489dd9a9ec627ad8b599f5",
- },
- },
- {
- ID: "CVE-2021-29522",
- Path: "2021/29xxx/CVE-2021-29522.json",
- BlobHash: "613cf3544ea55dea68762ff606a0a0fe2be713d6",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c968-pq7h-7fxv",
- "https://github.com/tensorflow/tensorflow/commit/311403edbc9816df80274bd1ea8b3c0c0f22c3fa",
- },
- },
- {
- ID: "CVE-2021-29523",
- Path: "2021/29xxx/CVE-2021-29523.json",
- BlobHash: "0a9365651a2953dcb31e256e98421c46698da88c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/commit/69c68ecbb24dff3fa0e46da0d16c821a2dd22d7c",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2cpx-427x-q2c6",
- },
- },
- {
- ID: "CVE-2021-29524",
- Path: "2021/29xxx/CVE-2021-29524.json",
- BlobHash: "09e4340b482cf99aa88475160f8808385e1f7b6e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r4pj-74mg-8868",
- "https://github.com/tensorflow/tensorflow/commit/fca9874a9b42a2134f907d2fb46ab774a831404a",
- },
- },
- {
- ID: "CVE-2021-29525",
- Path: "2021/29xxx/CVE-2021-29525.json",
- BlobHash: "4c007083fd949bc16a7d956cd5b4ebd59805b0f8",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xm2v-8rrw-w9pm",
- "https://github.com/tensorflow/tensorflow/commit/2be2cdf3a123e231b16f766aa0e27d56b4606535",
- },
- },
- {
- ID: "CVE-2021-29526",
- Path: "2021/29xxx/CVE-2021-29526.json",
- BlobHash: "e4214aa6a6d3f55a6699455f2a793115ddda0252",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4vf2-4xcg-65cx",
- "https://github.com/tensorflow/tensorflow/commit/b12aa1d44352de21d1a6faaf04172d8c2508b42b",
- },
- },
- {
- ID: "CVE-2021-29527",
- Path: "2021/29xxx/CVE-2021-29527.json",
- BlobHash: "d83ee6a1f382bf2d88f00f72adc569fc6519b47f",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4g7-fvjj-prg8",
- "https://github.com/tensorflow/tensorflow/commit/cfa91be9863a91d5105a3b4941096044ab32036b",
- },
- },
- {
- ID: "CVE-2021-29528",
- Path: "2021/29xxx/CVE-2021-29528.json",
- BlobHash: "ebd673c1fdd2c123136a295e63837d19e7626787",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6f84-42vf-ppwp",
- "https://github.com/tensorflow/tensorflow/commit/a1b11d2fdd1e51bfe18bb1ede804f60abfa92da6",
- },
- },
- {
- ID: "CVE-2021-29529",
- Path: "2021/29xxx/CVE-2021-29529.json",
- BlobHash: "8f8a8074e92fd2c1c388377f0591c9ddd9b28329",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jfp7-4j67-8r3q",
- "https://github.com/tensorflow/tensorflow/commit/f851613f8f0fb0c838d160ced13c134f778e3ce7",
- },
- },
- {
- ID: "CVE-2021-29530",
- Path: "2021/29xxx/CVE-2021-29530.json",
- BlobHash: "6a8b488f15bf381aa64cdf94466b11110772c938",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xcwj-wfcm-m23c",
- "https://github.com/tensorflow/tensorflow/commit/e6a7c7cc18c3aaad1ae0872cb0a959f5c923d2bd",
- },
- },
- {
- ID: "CVE-2021-29531",
- Path: "2021/29xxx/CVE-2021-29531.json",
- BlobHash: "bbec5ff60ac68f7b13039cba3d6d870f96b93576",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3qxp-qjq7-w4hf",
- "https://github.com/tensorflow/tensorflow/commit/26eb323554ffccd173e8a79a8c05c15b685ae4d1",
- },
- },
- {
- ID: "CVE-2021-29532",
- Path: "2021/29xxx/CVE-2021-29532.json",
- BlobHash: "6fcaa0ed779ac36651d046e32d29fee644d02496",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j47f-4232-hvv8",
- "https://github.com/tensorflow/tensorflow/commit/44b7f486c0143f68b56c34e2d01e146ee445134a",
- },
- },
- {
- ID: "CVE-2021-29533",
- Path: "2021/29xxx/CVE-2021-29533.json",
- BlobHash: "244c43c12320c7de97bfa4b4ed52ee2d5794e600",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-393f-2jr3-cp69",
- "https://github.com/tensorflow/tensorflow/commit/b432a38fe0e1b4b904a6c222cbce794c39703e87",
- },
- },
- {
- ID: "CVE-2021-29534",
- Path: "2021/29xxx/CVE-2021-29534.json",
- BlobHash: "52fdf7f05575153c665f453423222806e3e7e970",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6j9c-grc6-5m6g",
- "https://github.com/tensorflow/tensorflow/commit/69c68ecbb24dff3fa0e46da0d16c821a2dd22d7c",
- },
- },
- {
- ID: "CVE-2021-29535",
- Path: "2021/29xxx/CVE-2021-29535.json",
- BlobHash: "91d6fb959bd7a5c037c2b169ffcd1420eb20ea3a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m3f9-w3p3-p669",
- "https://github.com/tensorflow/tensorflow/commit/efea03b38fb8d3b81762237dc85e579cc5fc6e87",
- },
- },
- {
- ID: "CVE-2021-29536",
- Path: "2021/29xxx/CVE-2021-29536.json",
- BlobHash: "430c9c3c5477fff74322d8e8c5a574f68652c540",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2gfx-95x2-5v3x",
- "https://github.com/tensorflow/tensorflow/commit/a324ac84e573fba362a5e53d4e74d5de6729933e",
- },
- },
- {
- ID: "CVE-2021-29537",
- Path: "2021/29xxx/CVE-2021-29537.json",
- BlobHash: "f754c501a6fcad326b673e5de9289bd7b654da60",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8c89-2vwr-chcq",
- "https://github.com/tensorflow/tensorflow/commit/f6c40f0c6cbf00d46c7717a26419f2062f2f8694",
- },
- },
- {
- ID: "CVE-2021-29538",
- Path: "2021/29xxx/CVE-2021-29538.json",
- BlobHash: "a848d84ad1d8c48ebdda72e0c811b8cdffddb641",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/commit/c570e2ecfc822941335ad48f6e10df4e21f11c96",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8qc-5fqr-52fp",
- },
- },
- {
- ID: "CVE-2021-29539",
- Path: "2021/29xxx/CVE-2021-29539.json",
- BlobHash: "feaa24124f2a327837220f7b2ac4c98dd3f4fb7d",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g4h2-gqm3-c9wq",
- "https://github.com/tensorflow/tensorflow/commit/4f663d4b8f0bec1b48da6fa091a7d29609980fa4",
- },
- },
- {
- ID: "CVE-2021-29540",
- Path: "2021/29xxx/CVE-2021-29540.json",
- BlobHash: "9fe58121bca85e1dbbebc3e10919e4865b6909b8",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xgc3-m89p-vr3x",
- "https://github.com/tensorflow/tensorflow/commit/c570e2ecfc822941335ad48f6e10df4e21f11c96",
- },
- },
- {
- ID: "CVE-2021-29541",
- Path: "2021/29xxx/CVE-2021-29541.json",
- BlobHash: "83fbdac4e2e69ae2d67e2e937adc61321d91bb65",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/commit/ba424dd8f16f7110eea526a8086f1a155f14f22b",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xqfj-35wv-m3cr",
- },
- },
- {
- ID: "CVE-2021-29542",
- Path: "2021/29xxx/CVE-2021-29542.json",
- BlobHash: "54718986fb88454c9b59e6f9fa30dd951c5bff84",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hrh-9vmp-2jgg",
- "https://github.com/tensorflow/tensorflow/commit/ba424dd8f16f7110eea526a8086f1a155f14f22b",
- },
- },
- {
- ID: "CVE-2021-29543",
- Path: "2021/29xxx/CVE-2021-29543.json",
- BlobHash: "cc3d1929ae017ce0551d7f840d27d864b0f0dafe",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fphq-gw9m-ghrv",
- "https://github.com/tensorflow/tensorflow/commit/ea3b43e98c32c97b35d52b4c66f9107452ca8fb2",
- },
- },
- {
- ID: "CVE-2021-29544",
- Path: "2021/29xxx/CVE-2021-29544.json",
- BlobHash: "ca70a941303006c4db20d3333c140bd3e11cfceb",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6g85-3hm8-83f9",
- "https://github.com/tensorflow/tensorflow/commit/20431e9044cf2ad3c0323c34888b192f3289af6b",
- },
- },
- {
- ID: "CVE-2021-29545",
- Path: "2021/29xxx/CVE-2021-29545.json",
- BlobHash: "a558f828e7960dfd95b529fdbab51a30696cfbfe",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hmg3-c7xj-6qwm",
- "https://github.com/tensorflow/tensorflow/commit/1e922ccdf6bf46a3a52641f99fd47d54c1decd13",
- },
- },
- {
- ID: "CVE-2021-29546",
- Path: "2021/29xxx/CVE-2021-29546.json",
- BlobHash: "812fe128e8c730dcea94bfc1fb8424ba1de13bf6",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m34j-p8rj-wjxq",
- "https://github.com/tensorflow/tensorflow/commit/67784700869470d65d5f2ef20aeb5e97c31673cb",
- },
- },
- {
- ID: "CVE-2021-29547",
- Path: "2021/29xxx/CVE-2021-29547.json",
- BlobHash: "cef8f6591c8c4767aa6869c9ea549d1df8a9f2da",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj",
- },
- },
- {
- ID: "CVE-2021-29548",
- Path: "2021/29xxx/CVE-2021-29548.json",
- BlobHash: "e184a6051dd7981e993b9f78599dc7f4359fbb83",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p45v-v4pw-77jr",
- "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b",
- },
- },
- {
- ID: "CVE-2021-29549",
- Path: "2021/29xxx/CVE-2021-29549.json",
- BlobHash: "61b2d062b7507d90fd96de42b405648f7853e5b2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x83m-p7pv-ch8v",
- "https://github.com/tensorflow/tensorflow/commit/744009c9e5cc5d0447f0dc39d055f917e1fd9e16",
- },
- },
- {
- ID: "CVE-2021-29550",
- Path: "2021/29xxx/CVE-2021-29550.json",
- BlobHash: "8b975b4bbd8e96a0dab6939db81b4a7aacc50667",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f78g-q7r4-9wcv",
- "https://github.com/tensorflow/tensorflow/commit/548b5eaf23685d86f722233d8fbc21d0a4aecb96",
- },
- },
- {
- ID: "CVE-2021-29551",
- Path: "2021/29xxx/CVE-2021-29551.json",
- BlobHash: "d9fb2bab29f75dc872f0132190d91c048abf0c85",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vqw6-72r7-fgw7",
- "https://github.com/tensorflow/tensorflow/commit/480641e3599775a8895254ffbc0fc45621334f68",
- },
- },
- {
- ID: "CVE-2021-29552",
- Path: "2021/29xxx/CVE-2021-29552.json",
- BlobHash: "b07a085222a4ec2cd3852741690b45f422957f9f",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jhq9-wm9m-cf89",
- "https://github.com/tensorflow/tensorflow/commit/704866eabe03a9aeda044ec91a8d0c83fc1ebdbe",
- },
- },
- {
- ID: "CVE-2021-29553",
- Path: "2021/29xxx/CVE-2021-29553.json",
- BlobHash: "cc358ef3ab08e9c89277bf8aaf6c4bf9ff6a5dd1",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h9px-9vqg-222h",
- "https://github.com/tensorflow/tensorflow/commit/99085e8ff02c3763a0ec2263e44daec416f6a387",
- },
- },
- {
- ID: "CVE-2021-29554",
- Path: "2021/29xxx/CVE-2021-29554.json",
- BlobHash: "1bf60b933dc236f19a6f262c9008cdf35537b7ae",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qg48-85hg-mqc5",
- "https://github.com/tensorflow/tensorflow/commit/da5ff2daf618591f64b2b62d9d9803951b945e9f",
- },
- },
- {
- ID: "CVE-2021-29555",
- Path: "2021/29xxx/CVE-2021-29555.json",
- BlobHash: "89e484b63783545640e868517a5d1ef0e34a581a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r35g-4525-29fq",
- "https://github.com/tensorflow/tensorflow/commit/1a2a87229d1d61e23a39373777c056161eb4084d",
- },
- },
- {
- ID: "CVE-2021-29556",
- Path: "2021/29xxx/CVE-2021-29556.json",
- BlobHash: "db95a56db0e2845b31c922f8aa9b56e81803e469",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxqh-cfjm-fp93",
- "https://github.com/tensorflow/tensorflow/commit/4071d8e2f6c45c1955a811fee757ca2adbe462c1",
- },
- },
- {
- ID: "CVE-2021-29557",
- Path: "2021/29xxx/CVE-2021-29557.json",
- BlobHash: "00a26a931147ce6115a22bc9324f9124df72d3f2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xw93-v57j-fcgh",
- "https://github.com/tensorflow/tensorflow/commit/7f283ff806b2031f407db64c4d3edcda8fb9f9f5",
- },
- },
- {
- ID: "CVE-2021-29558",
- Path: "2021/29xxx/CVE-2021-29558.json",
- BlobHash: "d7bed6991573c8f0227a4dd25761fee10dfce0f4",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mqh2-9wrp-vx84",
- "https://github.com/tensorflow/tensorflow/commit/8ba6fa29cd8bf9cef9b718dc31c78c73081f5b31",
- },
- },
- {
- ID: "CVE-2021-29559",
- Path: "2021/29xxx/CVE-2021-29559.json",
- BlobHash: "6bb39bbf2760f41364710d3d97d3f1828b2626c7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-59q2-x2qc-4c97",
- "https://github.com/tensorflow/tensorflow/commit/51300ba1cc2f487aefec6e6631fef03b0e08b298",
- },
- },
- {
- ID: "CVE-2021-29560",
- Path: "2021/29xxx/CVE-2021-29560.json",
- BlobHash: "ea466060122200e9cc43087a99a9ed55e6872c3f",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8gv3-57p6-g35r",
- "https://github.com/tensorflow/tensorflow/commit/a84358aa12f0b1518e606095ab9cfddbf597c121",
- },
- },
- {
- ID: "CVE-2021-29561",
- Path: "2021/29xxx/CVE-2021-29561.json",
- BlobHash: "bb649b997a0674820579f6682e2b3aa5905c2aaf",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gvm4-h8j3-rjrq",
- "https://github.com/tensorflow/tensorflow/commit/77dd114513d7796e1e2b8aece214a380af26fbf4",
- },
- },
- {
- ID: "CVE-2021-29562",
- Path: "2021/29xxx/CVE-2021-29562.json",
- BlobHash: "c1b815a1debff0b736205f1f88b2e1049ec8bf3c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-36vm-xw34-x4pj",
- "https://github.com/tensorflow/tensorflow/commit/1c56f53be0b722ca657cbc7df461ed676c8642a2",
- },
- },
- {
- ID: "CVE-2021-29563",
- Path: "2021/29xxx/CVE-2021-29563.json",
- BlobHash: "daf9d9cbd19c00c23b40e472e8614e4c7f3b236f",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ph87-fvjr-v33w",
- "https://github.com/tensorflow/tensorflow/commit/31bd5026304677faa8a0b77602c6154171b9aec1",
- },
- },
- {
- ID: "CVE-2021-29564",
- Path: "2021/29xxx/CVE-2021-29564.json",
- BlobHash: "23b658554754ad3b117456656f07dde3e578c77b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75f6-78jr-4656",
- "https://github.com/tensorflow/tensorflow/commit/f4c364a5d6880557f6f5b6eb5cee2c407f0186b3",
- },
- },
- {
- ID: "CVE-2021-29565",
- Path: "2021/29xxx/CVE-2021-29565.json",
- BlobHash: "605b7080ef5b3992d4045708aca4fc5198d2c2bc",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6pg-pjwc-j585",
- "https://github.com/tensorflow/tensorflow/commit/faa76f39014ed3b5e2c158593b1335522e573c7f",
- },
- },
- {
- ID: "CVE-2021-29566",
- Path: "2021/29xxx/CVE-2021-29566.json",
- BlobHash: "018777dc337a63d7c07b36c6a535768fd141b6f0",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pvrc-hg3f-58r6",
- "https://github.com/tensorflow/tensorflow/commit/3f6fe4dfef6f57e768260b48166c27d148f3015f",
- },
- },
- {
- ID: "CVE-2021-29567",
- Path: "2021/29xxx/CVE-2021-29567.json",
- BlobHash: "20fc4b1dd8fd7adbe8710f1cb47ed32eebd7987a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wp3c-xw9g-gpcg",
- "https://github.com/tensorflow/tensorflow/commit/7ae2af34087fb4b5c8915279efd03da3b81028bc",
- },
- },
- {
- ID: "CVE-2021-29568",
- Path: "2021/29xxx/CVE-2021-29568.json",
- BlobHash: "17e1e6fe5eb841b33b1278aae17befc915f7defb",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4p4p-www8-8fv9",
- "https://github.com/tensorflow/tensorflow/commit/5e52ef5a461570cfb68f3bdbbebfe972cb4e0fd8",
- },
- },
- {
- ID: "CVE-2021-29569",
- Path: "2021/29xxx/CVE-2021-29569.json",
- BlobHash: "7d5078b73f60cef8d56ae260f352f6e9504cfb49",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3h8m-483j-7xxm",
- "https://github.com/tensorflow/tensorflow/commit/ef0c008ee84bad91ec6725ddc42091e19a30cf0e",
- },
- },
- {
- ID: "CVE-2021-29570",
- Path: "2021/29xxx/CVE-2021-29570.json",
- BlobHash: "6710b283c7706f3ab9f31db4a5d9b93deff374c7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-545v-42p7-98fq",
- "https://github.com/tensorflow/tensorflow/commit/dcd7867de0fea4b72a2b34bd41eb74548dc23886",
- },
- },
- {
- ID: "CVE-2021-29571",
- Path: "2021/29xxx/CVE-2021-29571.json",
- BlobHash: "8334da93ae1e275e2278aee6e4c936bec2058d83",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-whr9-vfh2-7hm6",
- "https://github.com/tensorflow/tensorflow/commit/79865b542f9ffdc9caeb255631f7c56f1d4b6517",
- },
- },
- {
- ID: "CVE-2021-29572",
- Path: "2021/29xxx/CVE-2021-29572.json",
- BlobHash: "576c27d216f71b9fb9f5977519fad1e217d41c51",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5gqf-456p-4836",
- "https://github.com/tensorflow/tensorflow/commit/f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb",
- },
- },
- {
- ID: "CVE-2021-29573",
- Path: "2021/29xxx/CVE-2021-29573.json",
- BlobHash: "9ca2bbf85750438ed5af84390eb8e622cd3638ec",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vpm-rcf4-9wqw",
- "https://github.com/tensorflow/tensorflow/commit/376c352a37ce5a68b721406dc7e77ac4b6cf483d",
- },
- },
- {
- ID: "CVE-2021-29574",
- Path: "2021/29xxx/CVE-2021-29574.json",
- BlobHash: "676e075619c1d86bd2720c1cf6f5ae10f34b0af1",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828x-qc2p-wprq",
- "https://github.com/tensorflow/tensorflow/commit/a3d9f9be9ac2296615644061b40cefcee341dcc4",
- },
- },
- {
- ID: "CVE-2021-29575",
- Path: "2021/29xxx/CVE-2021-29575.json",
- BlobHash: "03929785f3eae3eba20c727b0ff37d1475ccb4b2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6qgm-fv6v-rfpv",
- "https://github.com/tensorflow/tensorflow/commit/ecf768cbe50cedc0a45ce1ee223146a3d3d26d23",
- },
- },
- {
- ID: "CVE-2021-29576",
- Path: "2021/29xxx/CVE-2021-29576.json",
- BlobHash: "e8501aad3d36177b585041115f20b7410dd827c2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7cqx-92hp-x6wh",
- "https://github.com/tensorflow/tensorflow/commit/63c6a29d0f2d692b247f7bf81f8732d6442fad09",
- },
- },
- {
- ID: "CVE-2021-29577",
- Path: "2021/29xxx/CVE-2021-29577.json",
- BlobHash: "790874e4d36ec5ebab8d2cbd7318001aa4ad2852",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6r6-84gr-92rm",
- "https://github.com/tensorflow/tensorflow/commit/6fc9141f42f6a72180ecd24021c3e6b36165fe0d",
- },
- },
- {
- ID: "CVE-2021-29578",
- Path: "2021/29xxx/CVE-2021-29578.json",
- BlobHash: "07e565e419a645ac0bb8c972f3e04d30260827dc",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6f89-8j54-29xf",
- "https://github.com/tensorflow/tensorflow/commit/12c727cee857fa19be717f336943d95fca4ffe4f",
- },
- },
- {
- ID: "CVE-2021-29579",
- Path: "2021/29xxx/CVE-2021-29579.json",
- BlobHash: "7da3aa035fb9463c2891c3fa4d588caef4e7dedf",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79fv-9865-4qcv",
- "https://github.com/tensorflow/tensorflow/commit/a74768f8e4efbda4def9f16ee7e13cf3922ac5f7",
- },
- },
- {
- ID: "CVE-2021-29580",
- Path: "2021/29xxx/CVE-2021-29580.json",
- BlobHash: "42174dc544c40ce3900880f92e4f22a002d5a93a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x8h6-xgqx-jqgp",
- "https://github.com/tensorflow/tensorflow/commit/32fdcbff9d06d010d908fcc4bd4b36eb3ce15925",
- },
- },
- {
- ID: "CVE-2021-29581",
- Path: "2021/29xxx/CVE-2021-29581.json",
- BlobHash: "896bb2bbff62b72522073498333c51ce5b23217b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq2r-5xvm-3hc3",
- "https://github.com/tensorflow/tensorflow/commit/b1b323042264740c398140da32e93fb9c2c9f33e",
- },
- },
- {
- ID: "CVE-2021-29582",
- Path: "2021/29xxx/CVE-2021-29582.json",
- BlobHash: "30eb7f7d1b7ae8f7853c07894fb7d07161b77e63",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c45w-2wxr-pp53",
- "https://github.com/tensorflow/tensorflow/commit/5899741d0421391ca878da47907b1452f06aaf1b",
- },
- },
- {
- ID: "CVE-2021-29583",
- Path: "2021/29xxx/CVE-2021-29583.json",
- BlobHash: "cada79f1166ff259518f2ce0b0bd9d10f08a24d8",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9xh4-23q4-v6wr",
- "https://github.com/tensorflow/tensorflow/commit/6972f9dfe325636b3db4e0bc517ee22a159365c0",
- },
- },
- {
- ID: "CVE-2021-29584",
- Path: "2021/29xxx/CVE-2021-29584.json",
- BlobHash: "411f168303620b72dc2e96c398c9c005c3e55e60",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvjm-fvxx-q3hv",
- "https://github.com/tensorflow/tensorflow/commit/4c0ee937c0f61c4fc5f5d32d9bb4c67428012a60",
- },
- },
- {
- ID: "CVE-2021-29585",
- Path: "2021/29xxx/CVE-2021-29585.json",
- BlobHash: "092ad17aa4c388a0cf0ccfc42122c41f7e1037d1",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv78-g7wq-mhp4",
- "https://github.com/tensorflow/tensorflow/commit/49847ae69a4e1a97ae7f2db5e217c77721e37948",
- },
- },
- {
- ID: "CVE-2021-29586",
- Path: "2021/29xxx/CVE-2021-29586.json",
- BlobHash: "86208a653e96c775fc4551103644b8322ce3c8b2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-26j7-6w8w-7922",
- "https://github.com/tensorflow/tensorflow/commit/5f7975d09eac0f10ed8a17dbb6f5964977725adc",
- },
- },
- {
- ID: "CVE-2021-29587",
- Path: "2021/29xxx/CVE-2021-29587.json",
- BlobHash: "32c075877856de15928be18c5f725d5e73b39aa0",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j7rm-8ww4-xx2g",
- "https://github.com/tensorflow/tensorflow/commit/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7",
- },
- },
- {
- ID: "CVE-2021-29588",
- Path: "2021/29xxx/CVE-2021-29588.json",
- BlobHash: "73f9aab3668378186ad5a0a4c561f6e744d08408",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vfr4-x8j2-3rf9",
- "https://github.com/tensorflow/tensorflow/commit/801c1c6be5324219689c98e1bd3e0ca365ee834d",
- },
- },
- {
- ID: "CVE-2021-29589",
- Path: "2021/29xxx/CVE-2021-29589.json",
- BlobHash: "a409873b2509b56e14c76eb8b84d365fd097b8a3",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3w67-q784-6w7c",
- "https://github.com/tensorflow/tensorflow/commit/8e45822aa0b9f5df4b4c64f221e64dc930a70a9d",
- },
- },
- {
- ID: "CVE-2021-29590",
- Path: "2021/29xxx/CVE-2021-29590.json",
- BlobHash: "c9d29feab97ef2bcc5149244107e1868151bc8c9",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x6-8c7m-hv3f",
- "https://github.com/tensorflow/tensorflow/commit/953f28dca13c92839ba389c055587cfe6c723578",
- },
- },
- {
- ID: "CVE-2021-29591",
- Path: "2021/29xxx/CVE-2021-29591.json",
- BlobHash: "ea918f39028b1559391fb481cc1b0a7ee8dbb68c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cwv3-863g-39vx",
- "https://github.com/tensorflow/tensorflow/commit/9c1dc920d8ffb4893d6c9d27d1f039607b326743",
- "https://github.com/tensorflow/tensorflow/commit/c6173f5fe66cdbab74f4f869311fe6aae2ba35f4",
- },
- },
- {
- ID: "CVE-2021-29592",
- Path: "2021/29xxx/CVE-2021-29592.json",
- BlobHash: "9a9027d9d3296aa9e5876b72b6416e31ec03847b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjr8-m8g8-p6wv",
- "https://github.com/tensorflow/tensorflow/commit/f8378920345f4f4604202d4ab15ef64b2aceaa16",
- },
- },
- {
- ID: "CVE-2021-29593",
- Path: "2021/29xxx/CVE-2021-29593.json",
- BlobHash: "23d9dfd1e9a9a69465c09ad45346c3e851089159",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cfx7-2xpc-8w4h",
- "https://github.com/tensorflow/tensorflow/commit/2c74674348a4708ced58ad6eb1b23354df8ee044",
- },
- },
- {
- ID: "CVE-2021-29594",
- Path: "2021/29xxx/CVE-2021-29594.json",
- BlobHash: "927ce5d1aa3354f1880a4bf85180a345ec412819",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3qgw-p4fm-x7gf",
- "https://github.com/tensorflow/tensorflow/commit/ff489d95a9006be080ad14feb378f2b4dac35552",
- },
- },
- {
- ID: "CVE-2021-29595",
- Path: "2021/29xxx/CVE-2021-29595.json",
- BlobHash: "8bc6dadc43651587cd2d848ebbede2d22042c716",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vf94-36g5-69v8",
- "https://github.com/tensorflow/tensorflow/commit/106d8f4fb89335a2c52d7c895b7a7485465ca8d9",
- },
- },
- {
- ID: "CVE-2021-29596",
- Path: "2021/29xxx/CVE-2021-29596.json",
- BlobHash: "252008bf8dfeca66e21912aeb30254a7630d6759",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4vrf-ff7v-hpgr",
- "https://github.com/tensorflow/tensorflow/commit/f61c57bd425878be108ec787f4d96390579fb83e",
- },
- },
- {
- ID: "CVE-2021-29597",
- Path: "2021/29xxx/CVE-2021-29597.json",
- BlobHash: "044c8f8d3c64a0e16b27c433aa1560bde992c33f",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v52p-hfjf-wg88",
- "https://github.com/tensorflow/tensorflow/commit/6d36ba65577006affb272335b7c1abd829010708",
- },
- },
- {
- ID: "CVE-2021-29598",
- Path: "2021/29xxx/CVE-2021-29598.json",
- BlobHash: "8703f6776bf85dbcdf56dc10b3da4ac2803d9531",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pmpr-55fj-r229",
- "https://github.com/tensorflow/tensorflow/commit/6841e522a3e7d48706a02e8819836e809f738682",
- },
- },
- {
- ID: "CVE-2021-29599",
- Path: "2021/29xxx/CVE-2021-29599.json",
- BlobHash: "a7ce0f45810e5806239f2bb7357876df3b868d94",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-97wf-p777-86jq",
- "https://github.com/tensorflow/tensorflow/commit/b22786e7e9b7bdb6a56936ff29cc7e9968d7bc1d",
- },
- },
- {
- ID: "CVE-2021-29600",
- Path: "2021/29xxx/CVE-2021-29600.json",
- BlobHash: "7a69da1d5f48547e46485d1d89f46039ac78b052",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8qh-3xrq-c825",
- "https://github.com/tensorflow/tensorflow/commit/3ebedd7e345453d68e279cfc3e4072648e5e12e5",
- },
- },
- {
- ID: "CVE-2021-29601",
- Path: "2021/29xxx/CVE-2021-29601.json",
- BlobHash: "9955f1e6d5462d38683b3645c5bc26db02f1c81c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c84-4hx6-xmm4",
- "https://github.com/tensorflow/tensorflow/commit/4253f96a58486ffe84b61c0415bb234a4632ee73",
- },
- },
- {
- ID: "CVE-2021-29602",
- Path: "2021/29xxx/CVE-2021-29602.json",
- BlobHash: "88714048b3c1aaf959706978c10b42c559d098b4",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rf3h-xgv5-2q39",
- "https://github.com/tensorflow/tensorflow/commit/cbda3c6b2dbbd3fbdc482ff8c0170a78ec2e97d0",
- },
- },
- {
- ID: "CVE-2021-29603",
- Path: "2021/29xxx/CVE-2021-29603.json",
- BlobHash: "63a4c7de6a98c91263eec5f432bb0cc5bd908ca6",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-crch-j389-5f84",
- "https://github.com/tensorflow/tensorflow/commit/c59c37e7b2d563967da813fa50fe20b21f4da683",
- },
- },
- {
- ID: "CVE-2021-29604",
- Path: "2021/29xxx/CVE-2021-29604.json",
- BlobHash: "656211ab32662fa19a060b02f7ac050dd0649428",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rm6-75mf-7r7r",
- "https://github.com/tensorflow/tensorflow/commit/5117e0851348065ed59c991562c0ec80d9193db2",
- },
- },
- {
- ID: "CVE-2021-29605",
- Path: "2021/29xxx/CVE-2021-29605.json",
- BlobHash: "959de6436d664e7aff72d6a4e010fe81d1d2305b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jf7h-7m85-w2v2",
- "https://github.com/tensorflow/tensorflow/commit/7c8cc4ec69cd348e44ad6a2699057ca88faad3e5",
- },
- },
- {
- ID: "CVE-2021-29606",
- Path: "2021/29xxx/CVE-2021-29606.json",
- BlobHash: "d8af5922c85bff86069b1454a1060edfb0fe63a9",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h4pc-gx2w-f2xv",
- "https://github.com/tensorflow/tensorflow/commit/ae2daeb45abfe2c6dda539cf8d0d6f653d3ef412",
- },
- },
- {
- ID: "CVE-2021-29607",
- Path: "2021/29xxx/CVE-2021-29607.json",
- BlobHash: "615e3e396f6d850a833a5e8e6e00b36a082a2e8c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/commit/ba6822bd7b7324ba201a28b2f278c29a98edbef2",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gv26-jpj9-c8gq",
- "https://github.com/tensorflow/tensorflow/commit/f6fde895ef9c77d848061c0517f19d0ec2682f3a",
- },
- },
- {
- ID: "CVE-2021-29608",
- Path: "2021/29xxx/CVE-2021-29608.json",
- BlobHash: "997dd422884a2cbf7c1889388bc2766e2f9004a7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rgvq-pcvf-hx75",
- "https://github.com/tensorflow/tensorflow/commit/b761c9b652af2107cfbc33efd19be0ce41daa33e",
- "https://github.com/tensorflow/tensorflow/commit/c4d7afb6a5986b04505aca4466ae1951686c80f6",
- "https://github.com/tensorflow/tensorflow/commit/f94ef358bb3e91d517446454edff6535bcfe8e4a",
- },
- },
- {
- ID: "CVE-2021-29609",
- Path: "2021/29xxx/CVE-2021-29609.json",
- BlobHash: "70f717e91875c62d884503429208fb857ab8c30d",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cjc7-49v2-jp64",
- "https://github.com/tensorflow/tensorflow/commit/41727ff06111117bdf86b37db198217fd7a143cc",
- "https://github.com/tensorflow/tensorflow/commit/6fd02f44810754ae7481838b6a67c5df7f909ca3",
- },
- },
- {
- ID: "CVE-2021-29610",
- Path: "2021/29xxx/CVE-2021-29610.json",
- BlobHash: "ef31fbfaa08f1be4fb5100e6f73254a31beccae2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mq5c-prh3-3f3h",
- "https://github.com/tensorflow/tensorflow/commit/c5b0d5f8ac19888e46ca14b0e27562e7fbbee9a9",
- },
- },
- {
- ID: "CVE-2021-29611",
- Path: "2021/29xxx/CVE-2021-29611.json",
- BlobHash: "29c72b3c6512b55a2650f36ee8addfc880cb1d40",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9rpc-5v9q-5r7f",
- "https://github.com/tensorflow/tensorflow/commit/1d04d7d93f4ed3854abf75d6b712d72c3f70d6b6",
- },
- },
- {
- ID: "CVE-2021-29612",
- Path: "2021/29xxx/CVE-2021-29612.json",
- BlobHash: "520b9cdb93048d8d34a48eae19331546a7ce83a1",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2xgj-xhgf-ggjv",
- "https://github.com/tensorflow/tensorflow/commit/0ab290774f91a23bebe30a358fde4e53ab4876a0",
- "https://github.com/tensorflow/tensorflow/commit/ba6822bd7b7324ba201a28b2f278c29a98edbef2",
- },
- },
- {
- ID: "CVE-2021-29613",
- Path: "2021/29xxx/CVE-2021-29613.json",
- BlobHash: "79023aac17a09c17f749296fc0687939d3d81e91",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vvg4-vgrv-xfr7",
- "https://github.com/tensorflow/tensorflow/commit/14607c0707040d775e06b6817325640cb4b5864c",
- "https://github.com/tensorflow/tensorflow/commit/4504a081af71514bb1828048363e6540f797005b",
- },
- },
- {
- ID: "CVE-2021-29614",
- Path: "2021/29xxx/CVE-2021-29614.json",
- BlobHash: "df13f08859f7c29646973ad4ca747e4ab667f76b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8pmx-p244-g88h",
- "https://github.com/tensorflow/tensorflow/commit/698e01511f62a3c185754db78ebce0eee1f0184d",
- },
- },
- {
- ID: "CVE-2021-29615",
- Path: "2021/29xxx/CVE-2021-29615.json",
- BlobHash: "0963835c888a38e7773d332457a7968962080c7b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qw5h-7f53-xrp6",
- "https://github.com/tensorflow/tensorflow/commit/e07e1c3d26492c06f078c7e5bf2d138043e199c1",
- },
- },
- {
- ID: "CVE-2021-29616",
- Path: "2021/29xxx/CVE-2021-29616.json",
- BlobHash: "97eeefaff3d7fee7feb382eb513ccd5c072bf955",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvv-7x94-7vq8",
- "https://github.com/tensorflow/tensorflow/commit/e6340f0665d53716ef3197ada88936c2a5f7a2d3",
- },
- },
- {
- ID: "CVE-2021-29617",
- Path: "2021/29xxx/CVE-2021-29617.json",
- BlobHash: "cf369cb48b679bf74801bf95e2deecce20e9648b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mmq6-q8r3-48fm",
- "https://github.com/tensorflow/tensorflow/commit/890f7164b70354c57d40eda52dcdd7658677c09f",
- "https://github.com/tensorflow/issues/46900",
- "https://github.com/tensorflow/issues/46974",
- },
- },
- {
- ID: "CVE-2021-29618",
- Path: "2021/29xxx/CVE-2021-29618.json",
- BlobHash: "f099ec467b6196f7301c8ccfff0a0c58ba891b98",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xqfj-cr6q-pc8w",
- "https://github.com/tensorflow/tensorflow/commit/1dc6a7ce6e0b3e27a7ae650bfc05b195ca793f88",
- "https://github.com/tensorflow/issues/42105",
- "https://github.com/tensorflow/issues/46973",
- },
- },
- {
- ID: "CVE-2021-29619",
- Path: "2021/29xxx/CVE-2021-29619.json",
- BlobHash: "8e4413cb2d59e0cf8deccdc6af62c5072f25614b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wvjw-p9f5-vq28",
- "https://github.com/tensorflow/tensorflow/commit/82e6203221865de4008445b13c69b6826d2b28d9",
- },
- },
- {
- ID: "CVE-2021-35958",
- Path: "2021/35xxx/CVE-2021-35958.json",
- BlobHash: "781fe32b0a3bbe547577f053cc71f5e463b5a5df",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://vuln.ryotak.me/advisories/52",
- "https://github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/utils/data_utils.py#L137",
- "https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall",
- "https://keras.io/api/",
- "https://github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/README.md",
- },
- },
- {
- ID: "CVE-2021-37635",
- Path: "2021/37xxx/CVE-2021-37635.json",
- BlobHash: "642c89c869189f919f43c736f25e3f05959212d2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cgfm-62j4-v4rf",
- "https://github.com/tensorflow/tensorflow/commit/87158f43f05f2720a374f3e6d22a7aaa3a33f750",
- },
- },
- {
- ID: "CVE-2021-37636",
- Path: "2021/37xxx/CVE-2021-37636.json",
- BlobHash: "de0aa160d1b38af958f3c3bfd214a00d834a347d",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hp4c-x6r7-6555",
- "https://github.com/tensorflow/tensorflow/commit/d9204be9f49520cdaaeb2541d1dc5187b23f31d9",
- },
- },
- {
- ID: "CVE-2021-37637",
- Path: "2021/37xxx/CVE-2021-37637.json",
- BlobHash: "bed8385118bd1bb0c50f85adf8f096ed4c1dc8da",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9qf-r67m-p7cg",
- "https://github.com/tensorflow/tensorflow/commit/5dc7f6981fdaf74c8c5be41f393df705841fb7c5",
- },
- },
- {
- ID: "CVE-2021-37638",
- Path: "2021/37xxx/CVE-2021-37638.json",
- BlobHash: "9e0c47ded28ee3c2f274c439a6822e3eb455b394",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hwr7-8gxx-fj5p",
- "https://github.com/tensorflow/tensorflow/commit/301ae88b331d37a2a16159b65b255f4f9eb39314",
- },
- },
- {
- ID: "CVE-2021-37639",
- Path: "2021/37xxx/CVE-2021-37639.json",
- BlobHash: "f959718f4e03dafefc0a7ab56dc20257f1528d6b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh6x-4whr-2qv4",
- "https://github.com/tensorflow/tensorflow/commit/9e82dce6e6bd1f36a57e08fa85af213e2b2f2622",
- },
- },
- {
- ID: "CVE-2021-37640",
- Path: "2021/37xxx/CVE-2021-37640.json",
- BlobHash: "deeb75c61f29cac413427342d130b9e716eab9b8",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-95xm-g58g-3p88",
- "https://github.com/tensorflow/tensorflow/commit/4923de56ec94fff7770df259ab7f2288a74feb41",
- },
- },
- {
- ID: "CVE-2021-37641",
- Path: "2021/37xxx/CVE-2021-37641.json",
- BlobHash: "da8307da4d5e92de3a30314680cda76894ea1dc8",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c8h-vvrj-w2p8",
- "https://github.com/tensorflow/tensorflow/commit/a2b743f6017d7b97af1fe49087ae15f0ac634373",
- },
- },
- {
- ID: "CVE-2021-37642",
- Path: "2021/37xxx/CVE-2021-37642.json",
- BlobHash: "1b47df79e705a83c8c8907285af89f96b1c92fc2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ch4f-829c-v5pw",
- "https://github.com/tensorflow/tensorflow/commit/4aacb30888638da75023e6601149415b39763d76",
- },
- },
- {
- ID: "CVE-2021-37643",
- Path: "2021/37xxx/CVE-2021-37643.json",
- BlobHash: "349f28ad92eca81909c6e02dab860df6ee4f1a19",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fcwc-p4fc-c5cc",
- "https://github.com/tensorflow/tensorflow/commit/482da92095c4d48f8784b1f00dda4f81c28d2988",
- },
- },
- {
- ID: "CVE-2021-37644",
- Path: "2021/37xxx/CVE-2021-37644.json",
- BlobHash: "a2a4d98164afe8b1713ad0962b34149ad5477aa3",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27j5-4p9v-pp67",
- "https://github.com/tensorflow/tensorflow/commit/8a6e874437670045e6c7dc6154c7412b4a2135e2",
- },
- },
- {
- ID: "CVE-2021-37645",
- Path: "2021/37xxx/CVE-2021-37645.json",
- BlobHash: "8b3ac954d72e386d875b471611072e0461a4a3e8",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9w2p-5mgw-p94c",
- "https://github.com/tensorflow/tensorflow/commit/96f364a1ca3009f98980021c4b32be5fdcca33a1",
- },
- },
- {
- ID: "CVE-2021-37646",
- Path: "2021/37xxx/CVE-2021-37646.json",
- BlobHash: "4744e500007686a1653aec62c747f3fc6f91a02b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6jh-7gv5-28vg",
- "https://github.com/tensorflow/tensorflow/commit/c283e542a3f422420cfdb332414543b62fc4e4a5",
- },
- },
- {
- ID: "CVE-2021-37647",
- Path: "2021/37xxx/CVE-2021-37647.json",
- BlobHash: "4996c5c7827304203d7cd963bfa11c30db4b4286",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c5x2-p679-95wc",
- "https://github.com/tensorflow/tensorflow/commit/02cc160e29d20631de3859c6653184e3f876b9d7",
- },
- },
- {
- ID: "CVE-2021-37648",
- Path: "2021/37xxx/CVE-2021-37648.json",
- BlobHash: "2d9bf48b1f668d2a91c8ae1637772a231b6c3f61",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wp77-4gmm-7cq8",
- "https://github.com/tensorflow/tensorflow/commit/9728c60e136912a12d99ca56e106b7cce7af5986",
- },
- },
- {
- ID: "CVE-2021-37649",
- Path: "2021/37xxx/CVE-2021-37649.json",
- BlobHash: "6302db09d66e8e9f0eb8b8119f0e32e089170307",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gv8-p3vj-pxvr",
- "https://github.com/tensorflow/tensorflow/commit/7bdf50bb4f5c54a4997c379092888546c97c3ebd",
- },
- },
- {
- ID: "CVE-2021-37650",
- Path: "2021/37xxx/CVE-2021-37650.json",
- BlobHash: "a071c2a3edbf5e10d1379ce15fd666534d7ef9e3",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f8h4-7rgh-q2gm",
- "https://github.com/tensorflow/tensorflow/commit/e0b6e58c328059829c3eb968136f17aa72b6c876",
- },
- },
- {
- ID: "CVE-2021-37651",
- Path: "2021/37xxx/CVE-2021-37651.json",
- BlobHash: "24d164737bd72c4b4b23b36d0243d88d007068f7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hpv4-7p9c-mvfr",
- "https://github.com/tensorflow/tensorflow/commit/0f931751fb20f565c4e94aa6df58d54a003cdb30",
- },
- },
- {
- ID: "CVE-2021-37652",
- Path: "2021/37xxx/CVE-2021-37652.json",
- BlobHash: "edd7e795fa78b7b4e87f25a90c499b785b855c88",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m7fm-4jfh-jrg6",
- "https://github.com/tensorflow/tensorflow/commit/5ecec9c6fbdbc6be03295685190a45e7eee726ab",
- },
- },
- {
- ID: "CVE-2021-37653",
- Path: "2021/37xxx/CVE-2021-37653.json",
- BlobHash: "45a0708102c02f0475e71e2d559877f439751bdb",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjj8-32p7-h289",
- "https://github.com/tensorflow/tensorflow/commit/ac117ee8a8ea57b73d34665cdf00ef3303bc0b11",
- },
- },
- {
- ID: "CVE-2021-37654",
- Path: "2021/37xxx/CVE-2021-37654.json",
- BlobHash: "be1c6edd99673cd4cb58d63e49e073b2a737d6f7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r8p-fg3c-wcj4",
- "https://github.com/tensorflow/tensorflow/commit/bc9c546ce7015c57c2f15c168b3d9201de679a1d",
- },
- },
- {
- ID: "CVE-2021-37655",
- Path: "2021/37xxx/CVE-2021-37655.json",
- BlobHash: "eb38f095e0bbc39e0de6919d9fbf78a9202b00d7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7fvx-3jfc-2cpc",
- "https://github.com/tensorflow/tensorflow/commit/01cff3f986259d661103412a20745928c727326f",
- },
- },
- {
- ID: "CVE-2021-37656",
- Path: "2021/37xxx/CVE-2021-37656.json",
- BlobHash: "4edd74f0dc0535de474e9e3a49da8513347cc9ef",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4xfp-4pfp-89wg",
- "https://github.com/tensorflow/tensorflow/commit/1071f554dbd09f7e101324d366eec5f4fe5a3ece",
- },
- },
- {
- ID: "CVE-2021-37657",
- Path: "2021/37xxx/CVE-2021-37657.json",
- BlobHash: "c41a47d9966732c98e90a7cd187d8c1252ec7206",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5xwc-mrhx-5g3m",
- "https://github.com/tensorflow/tensorflow/commit/f2a673bd34f0d64b8e40a551ac78989d16daad09",
- },
- },
- {
- ID: "CVE-2021-37658",
- Path: "2021/37xxx/CVE-2021-37658.json",
- BlobHash: "a153ce709c052950f7fccbfb3c4fc134cb7b4933",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6p5r-g9mq-ggh2",
- "https://github.com/tensorflow/tensorflow/commit/ff8894044dfae5568ecbf2ed514c1a37dc394f1b",
- },
- },
- {
- ID: "CVE-2021-37659",
- Path: "2021/37xxx/CVE-2021-37659.json",
- BlobHash: "c3dce61c71ea715d4d6352eaec5de9a093416553",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q3g3-h9r4-prrc",
- "https://github.com/tensorflow/tensorflow/commit/93f428fd1768df147171ed674fee1fc5ab8309ec",
- },
- },
- {
- ID: "CVE-2021-37660",
- Path: "2021/37xxx/CVE-2021-37660.json",
- BlobHash: "5cf3141539b063216ea99b91253e037f9136d6ae",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cm5x-837x-jf3c",
- "https://github.com/tensorflow/tensorflow/commit/e86605c0a336c088b638da02135ea6f9f6753618",
- },
- },
- {
- ID: "CVE-2021-37661",
- Path: "2021/37xxx/CVE-2021-37661.json",
- BlobHash: "75bf5f046f02d9e67cabfa626e79be0f6a60cf3b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf88-j2mg-cc82",
- "https://github.com/tensorflow/tensorflow/commit/8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992",
- },
- },
- {
- ID: "CVE-2021-37662",
- Path: "2021/37xxx/CVE-2021-37662.json",
- BlobHash: "c014bc54e2b0a3a67db648db2962b67b9becbcd4",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f5cx-5wr3-5qrc",
- "https://github.com/tensorflow/tensorflow/commit/429f009d2b2c09028647dd4bb7b3f6f414bbaad7",
- "https://github.com/tensorflow/tensorflow/commit/9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad",
- },
- },
- {
- ID: "CVE-2021-37663",
- Path: "2021/37xxx/CVE-2021-37663.json",
- BlobHash: "7b34ff40488cc06dd61a2e15f26b4665f8647124",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j",
- "https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708",
- },
- },
- {
- ID: "CVE-2021-37664",
- Path: "2021/37xxx/CVE-2021-37664.json",
- BlobHash: "d90c85af0faa5884b8d548f366cd91a6c06d71a4",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r4c4-5fpq-56wg",
- "https://github.com/tensorflow/tensorflow/commit/e84c975313e8e8e38bb2ea118196369c45c51378",
- },
- },
- {
- ID: "CVE-2021-37665",
- Path: "2021/37xxx/CVE-2021-37665.json",
- BlobHash: "d00cde4daf50fb2a31058baf2759d7d3cefcd550",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp",
- "https://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9",
- "https://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69",
- },
- },
- {
- ID: "CVE-2021-37666",
- Path: "2021/37xxx/CVE-2021-37666.json",
- BlobHash: "0642a21b40f51d16ea8eb33fe24c7f9902f1719e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w4xf-2pqw-5mq7",
- "https://github.com/tensorflow/tensorflow/commit/be7a4de6adfbd303ce08be4332554dff70362612",
- },
- },
- {
- ID: "CVE-2021-37667",
- Path: "2021/37xxx/CVE-2021-37667.json",
- BlobHash: "5befd6bfdae686bace9f983a82add5104c5959cc",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w74j-v8xh-3w5h",
- "https://github.com/tensorflow/tensorflow/commit/2e0ee46f1a47675152d3d865797a18358881d7a6",
- },
- },
- {
- ID: "CVE-2021-37668",
- Path: "2021/37xxx/CVE-2021-37668.json",
- BlobHash: "ad453d9228771dd404b0ed316cd6346961f69e8a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5",
- "https://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233",
- },
- },
- {
- ID: "CVE-2021-37669",
- Path: "2021/37xxx/CVE-2021-37669.json",
- BlobHash: "ced9b164192b78bfbd1e5ec3bbe23a12c2f46d23",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c",
- "https://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d",
- "https://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58",
- },
- },
- {
- ID: "CVE-2021-37670",
- Path: "2021/37xxx/CVE-2021-37670.json",
- BlobHash: "00f1a3bce81be2901c86359ae9d96f4fd43a89fd",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7",
- "https://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38",
- },
- },
- {
- ID: "CVE-2021-37671",
- Path: "2021/37xxx/CVE-2021-37671.json",
- BlobHash: "3dbe46f6de616076fe72b0e09207f20f8fa51625",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h",
- "https://github.com/tensorflow/tensorflow/commit/532f5c5a547126c634fefd43bbad1dc6417678ac",
- },
- },
- {
- ID: "CVE-2021-37672",
- Path: "2021/37xxx/CVE-2021-37672.json",
- BlobHash: "cf98b0683ecfbe85966628ed47dbdde7a82df1a9",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7",
- "https://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6",
- },
- },
- {
- ID: "CVE-2021-37673",
- Path: "2021/37xxx/CVE-2021-37673.json",
- BlobHash: "3f8c0d7bb418069e4c6cf4c602d4954d068ca49e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg",
- "https://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d",
- },
- },
- {
- ID: "CVE-2021-37674",
- Path: "2021/37xxx/CVE-2021-37674.json",
- BlobHash: "18fd81f627c00355c8500acdca215038b15eeb0d",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7ghq-fvr3-pj2x",
- "https://github.com/tensorflow/tensorflow/commit/136b51f10903e044308cf77117c0ed9871350475",
- "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-068.md",
- },
- },
- {
- ID: "CVE-2021-37675",
- Path: "2021/37xxx/CVE-2021-37675.json",
- BlobHash: "da173290531fd5520d10dcccdb97e64f96042cba",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c8h-2mv3-49ww",
- "https://github.com/tensorflow/tensorflow/commit/8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4",
- },
- },
- {
- ID: "CVE-2021-37676",
- Path: "2021/37xxx/CVE-2021-37676.json",
- BlobHash: "77dff7969871db4fc359119e9c6c39edd52a6a18",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v768-w7m9-2vmm",
- "https://github.com/tensorflow/tensorflow/commit/578e634b4f1c1c684d4b4294f9e5281b2133b3ed",
- },
- },
- {
- ID: "CVE-2021-37677",
- Path: "2021/37xxx/CVE-2021-37677.json",
- BlobHash: "3dc38e667d94f0d9cc448fb89a7d279f36a2036e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qfpc-5pjr-mh26",
- "https://github.com/tensorflow/tensorflow/commit/da857cfa0fde8f79ad0afdbc94e88b5d4bbec764",
- },
- },
- {
- ID: "CVE-2021-37678",
- Path: "2021/37xxx/CVE-2021-37678.json",
- BlobHash: "330dd1e8e59321e4f77199d35901951139850e4e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r",
- "https://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012",
- },
- },
- {
- ID: "CVE-2021-37679",
- Path: "2021/37xxx/CVE-2021-37679.json",
- BlobHash: "1e85bf10695dab7ea5a4278e2b32dfeebf353b0c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g8wg-cjwc-xhhp",
- "https://github.com/tensorflow/tensorflow/commit/4e2565483d0ffcadc719bd44893fb7f609bb5f12",
- },
- },
- {
- ID: "CVE-2021-37680",
- Path: "2021/37xxx/CVE-2021-37680.json",
- BlobHash: "3fd7bbd6bf43ed7e17c92c767bb9c107b8d236aa",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cfpj-3q4c-jhvr",
- "https://github.com/tensorflow/tensorflow/commit/718721986aa137691ee23f03638867151f74935f",
- },
- },
- {
- ID: "CVE-2021-37681",
- Path: "2021/37xxx/CVE-2021-37681.json",
- BlobHash: "9c0ddf576f9b3df3d43f2d61c5639c984a09ed06",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7xwj-5r4v-429p",
- "https://github.com/tensorflow/tensorflow/commit/5b048e87e4e55990dae6b547add4dae59f4e1c76",
- },
- },
- {
- ID: "CVE-2021-37682",
- Path: "2021/37xxx/CVE-2021-37682.json",
- BlobHash: "109cde8be690d3c506d1f46ad023fe82284befed",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw",
- "https://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5",
- "https://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887",
- "https://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538",
- },
- },
- {
- ID: "CVE-2021-37683",
- Path: "2021/37xxx/CVE-2021-37683.json",
- BlobHash: "045db36608dd334a6c877390e2f5df022e534857",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rhrq-64mq-hf9h",
- "https://github.com/tensorflow/tensorflow/commit/1e206baedf8bef0334cca3eb92bab134ef525a28",
- },
- },
- {
- ID: "CVE-2021-37684",
- Path: "2021/37xxx/CVE-2021-37684.json",
- BlobHash: "86cdcabb766cf7ea1ab0e0c0498c5e14778d7ccf",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q7f7-544h-67h9",
- },
- },
- {
- ID: "CVE-2021-37685",
- Path: "2021/37xxx/CVE-2021-37685.json",
- BlobHash: "4a07f76988235fb0ada03ced9dc039efd3dfb12b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c545-c4f9-rf6v",
- "https://github.com/tensorflow/tensorflow/commit/d94ffe08a65400f898241c0374e9edc6fa8ed257",
- },
- },
- {
- ID: "CVE-2021-37686",
- Path: "2021/37xxx/CVE-2021-37686.json",
- BlobHash: "0b6c6ab7b37e76b62a039fa4385c42136364d89c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mhhc-q96p-mfm9",
- "https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695",
- },
- },
- {
- ID: "CVE-2021-37687",
- Path: "2021/37xxx/CVE-2021-37687.json",
- BlobHash: "ebe88f94f13b110e4ab62bc121435bca02fe3236",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jwf9-w5xm-f437",
- "https://github.com/tensorflow/tensorflow/commit/bb6a0383ed553c286f87ca88c207f6774d5c4a8f",
- "https://github.com/tensorflow/tensorflow/commit/eb921122119a6b6e470ee98b89e65d721663179d",
- },
- },
- {
- ID: "CVE-2021-37688",
- Path: "2021/37xxx/CVE-2021-37688.json",
- BlobHash: "04ceb89bdcca04ada2e1bd8e8610485b5914405c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vcjj-9vg7-vf68",
- "https://github.com/tensorflow/tensorflow/commit/15691e456c7dc9bd6be203b09765b063bf4a380c",
- },
- },
- {
- ID: "CVE-2021-37689",
- Path: "2021/37xxx/CVE-2021-37689.json",
- BlobHash: "e6b5df4b16b1dd1379c4932526a7780daad60b2b",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wf5p-c75w-w3wh",
- "https://github.com/tensorflow/tensorflow/commit/d6b57f461b39fd1aa8c1b870f1b974aac3554955",
- },
- },
- {
- ID: "CVE-2021-37690",
- Path: "2021/37xxx/CVE-2021-37690.json",
- BlobHash: "c946682d7f40b599bfebf87b2f295fcd26626411",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3hxh-8cp2-g4hg",
- "https://github.com/tensorflow/tensorflow/commit/ee119d4a498979525046fba1c3dd3f13a039fbb1",
- },
- },
- {
- ID: "CVE-2021-37691",
- Path: "2021/37xxx/CVE-2021-37691.json",
- BlobHash: "8e78b8b987c6d1a20cde572e800e403d409addc1",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27qf-jwm8-g7f3",
- "https://github.com/tensorflow/tensorflow/commit/0575b640091680cfb70f4dd93e70658de43b94f9",
- },
- },
- {
- ID: "CVE-2021-37692",
- Path: "2021/37xxx/CVE-2021-37692.json",
- BlobHash: "08838dcccbbbfc26b59b2e3d28aa3c8cd5769903",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cmgw-8vpc-rc59",
- "https://github.com/tensorflow/tensorflow/pull/50508",
- "https://github.com/tensorflow/tensorflow/commit/8721ba96e5760c229217b594f6d2ba332beedf22",
- },
- },
- {
- ID: "CVE-2021-41195",
- Path: "2021/41xxx/CVE-2021-41195.json",
- BlobHash: "e92f78f1ee3c559fa82ee81b7d9acc207a0158d8",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cq76-mxrc-vchh",
- "https://github.com/tensorflow/tensorflow/issues/46888",
- "https://github.com/tensorflow/tensorflow/pull/51733",
- "https://github.com/tensorflow/tensorflow/commit/e9c81c1e1a9cd8dd31f4e83676cab61b60658429",
- },
- },
- {
- ID: "CVE-2021-41196",
- Path: "2021/41xxx/CVE-2021-41196.json",
- BlobHash: "1a95356814aa34a21ce55b972e41ec956742478c",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8",
- "https://github.com/tensorflow/tensorflow/issues/51936",
- "https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b",
- },
- },
- {
- ID: "CVE-2021-41197",
- Path: "2021/41xxx/CVE-2021-41197.json",
- BlobHash: "d7e5aa3ce04c6fe031e85a42fa0606938a97c8d6",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p",
- "https://github.com/tensorflow/tensorflow/issues/46890",
- "https://github.com/tensorflow/tensorflow/issues/51908",
- "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85",
- "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf",
- "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15",
- },
- },
- {
- ID: "CVE-2021-41198",
- Path: "2021/41xxx/CVE-2021-41198.json",
- BlobHash: "fa197f8d57cb70c762060020bcc0f74f7a66c24a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p25-55c9-h58q",
- "https://github.com/tensorflow/tensorflow/issues/46911",
- "https://github.com/tensorflow/tensorflow/commit/9294094df6fea79271778eb7e7ae1bad8b5ef98f",
- },
- },
- {
- ID: "CVE-2021-41199",
- Path: "2021/41xxx/CVE-2021-41199.json",
- BlobHash: "e86f15f0f69b8ad5bc9646bbe0d5edf3a7ea6732",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm",
- "https://github.com/tensorflow/tensorflow/issues/46914",
- "https://github.com/tensorflow/tensorflow/commit/e5272d4204ff5b46136a1ef1204fc00597e21837",
- },
- },
- {
- ID: "CVE-2021-41200",
- Path: "2021/41xxx/CVE-2021-41200.json",
- BlobHash: "2b92f54aac84403691c7b68587e025b3e22a1ec4",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh8h-7j2j-qv4f",
- "https://github.com/tensorflow/tensorflow/issues/46909",
- "https://github.com/tensorflow/tensorflow/commit/874bda09e6702cd50bac90b453b50bcc65b2769e",
- },
- },
- {
- ID: "CVE-2021-41201",
- Path: "2021/41xxx/CVE-2021-41201.json",
- BlobHash: "1303d512b7b88291b717cbba085d077ed9984dad",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm",
- "https://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6",
- },
- },
- {
- ID: "CVE-2021-41202",
- Path: "2021/41xxx/CVE-2021-41202.json",
- BlobHash: "67260d92c87a3ae53101a4d68e14ce109fbebb2d",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx",
- "https://github.com/tensorflow/tensorflow/issues/46889",
- "https://github.com/tensorflow/tensorflow/issues/46912",
- "https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94",
- "https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899",
- },
- },
- {
- ID: "CVE-2021-41203",
- Path: "2021/41xxx/CVE-2021-41203.json",
- BlobHash: "102d48cc1ee147c3c3cf3d60d43f3a4983e6d0f7",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2",
- "https://github.com/tensorflow/tensorflow/commit/368af875869a204b4ac552b9ddda59f6a46a56ec",
- "https://github.com/tensorflow/tensorflow/commit/abcced051cb1bd8fb05046ac3b6023a7ebcc4578",
- "https://github.com/tensorflow/tensorflow/commit/b619c6f865715ca3b15ef1842b5b95edbaa710ad",
- "https://github.com/tensorflow/tensorflow/commit/e8dc63704c88007ee4713076605c90188d66f3d2",
- },
- },
- {
- ID: "CVE-2021-41204",
- Path: "2021/41xxx/CVE-2021-41204.json",
- BlobHash: "571c0e1bc2d31dbbc05feeae0648b33d16d96054",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x",
- "https://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659",
- },
- },
- {
- ID: "CVE-2021-41205",
- Path: "2021/41xxx/CVE-2021-41205.json",
- BlobHash: "c0f10ab88eee56e0aea968f4e07fe450b48cf798",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f",
- "https://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d",
- },
- },
- {
- ID: "CVE-2021-41206",
- Path: "2021/41xxx/CVE-2021-41206.json",
- BlobHash: "3d54d810d0e5b37210acd68aad4810d935f19107",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69",
- "https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4",
- "https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07",
- "https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d",
- "https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a",
- "https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261",
- "https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904",
- },
- },
- {
- ID: "CVE-2021-41207",
- Path: "2021/41xxx/CVE-2021-41207.json",
- BlobHash: "fa1051c54a52ca44a08d33cd4d82f947aa09c925",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h",
- },
- },
- {
- ID: "CVE-2021-41208",
- Path: "2021/41xxx/CVE-2021-41208.json",
- BlobHash: "4f252abee49ce00acb427fb4e55c7b5a10e598e5",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88",
- "https://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c",
- },
- },
- {
- ID: "CVE-2021-41209",
- Path: "2021/41xxx/CVE-2021-41209.json",
- BlobHash: "b43d692231c102fe2f05c2eb8079595464d4e7e1",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6",
- "https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235",
- },
- },
- {
- ID: "CVE-2021-41210",
- Path: "2021/41xxx/CVE-2021-41210.json",
- BlobHash: "c0298e2202c14bcead40ae8050af3249443c2e75",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc",
- "https://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2",
- },
- },
- {
- ID: "CVE-2021-41211",
- Path: "2021/41xxx/CVE-2021-41211.json",
- BlobHash: "3570ae9b84c641ee011c8d0427761a70b6a81df3",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvgx-3v3q-m36c",
- "https://github.com/tensorflow/tensorflow/commit/a0d64445116c43cf46a5666bd4eee28e7a82f244",
- },
- },
- {
- ID: "CVE-2021-41212",
- Path: "2021/41xxx/CVE-2021-41212.json",
- BlobHash: "860bf94c111913f6e7ff52bb1e804d1d39df1f77",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g",
- "https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8",
- },
- },
- {
- ID: "CVE-2021-41213",
- Path: "2021/41xxx/CVE-2021-41213.json",
- BlobHash: "f34bf7f8d4203c8d61f1a3dc20fad6be6de5d751",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf",
- "https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7",
- },
- },
- {
- ID: "CVE-2021-41214",
- Path: "2021/41xxx/CVE-2021-41214.json",
- BlobHash: "d1709a96071c4bce502bec2d04327829b215fa86",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8",
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v",
- },
- },
- {
- ID: "CVE-2021-41215",
- Path: "2021/41xxx/CVE-2021-41215.json",
- BlobHash: "0057873c0f537daa0f9c853ed4d11bf4ac8fe0d9",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r",
- "https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850",
- },
- },
- {
- ID: "CVE-2021-41216",
- Path: "2021/41xxx/CVE-2021-41216.json",
- BlobHash: "9371bcec59f2f4f8c1c361f3169b4508d417a6cb",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9",
- "https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14",
- },
- },
- {
- ID: "CVE-2021-41217",
- Path: "2021/41xxx/CVE-2021-41217.json",
- BlobHash: "56b688e85d30362d699d530309d4f5ddc0ab3179",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq",
- "https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff",
- },
- },
- {
- ID: "CVE-2021-41218",
- Path: "2021/41xxx/CVE-2021-41218.json",
- BlobHash: "aa9d42c74cb8ceae6a2bfaa8be6f0338e14ce559",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273",
- "https://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc",
- },
- },
- {
- ID: "CVE-2021-41219",
- Path: "2021/41xxx/CVE-2021-41219.json",
- BlobHash: "7d7729c55b029cc4d77ca0b5af7cc5c925ed53f2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x",
- "https://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae",
- },
- },
- {
- ID: "CVE-2021-41220",
- Path: "2021/41xxx/CVE-2021-41220.json",
- BlobHash: "173b397e148ab86cbf839b7bff3a4b3c1b6edb11",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gpfh-jvf9-7wg5",
- "https://github.com/tensorflow/tensorflow/commit/ca38dab9d3ee66c5de06f11af9a4b1200da5ef75",
- },
- },
- {
- ID: "CVE-2021-41221",
- Path: "2021/41xxx/CVE-2021-41221.json",
- BlobHash: "f187e9cd068385fbdfe324f18d05064c3bf3cfa1",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx",
- "https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6",
- },
- },
- {
- ID: "CVE-2021-41222",
- Path: "2021/41xxx/CVE-2021-41222.json",
- BlobHash: "e955ef931fe19e2615b821cf97becd8396918750",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6",
- "https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6",
- },
- },
- {
- ID: "CVE-2021-41223",
- Path: "2021/41xxx/CVE-2021-41223.json",
- BlobHash: "5c5e6aaf5a8acbdddfec06ba9c7f4912e2b5951a",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr",
- "https://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda",
- },
- },
- {
- ID: "CVE-2021-41224",
- Path: "2021/41xxx/CVE-2021-41224.json",
- BlobHash: "cae7338931654c4d45e62e8fed8a72a6f1655828",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v",
- "https://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b",
- },
- },
- {
- ID: "CVE-2021-41225",
- Path: "2021/41xxx/CVE-2021-41225.json",
- BlobHash: "0c755722793d71a42d45d70a8dcd12ae39fe06af",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw",
- "https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3",
- },
- },
- {
- ID: "CVE-2021-41226",
- Path: "2021/41xxx/CVE-2021-41226.json",
- BlobHash: "3a08efb5369f6eeb43b311bfa8cb7d8163c84b9e",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8",
- "https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba",
- },
- },
- {
- ID: "CVE-2021-41227",
- Path: "2021/41xxx/CVE-2021-41227.json",
- BlobHash: "3566a9b05b4cbaa8555d8e813deac09c6fae74d2",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7",
- "https://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b",
- "https://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585",
- },
- },
- {
- ID: "CVE-2021-41228",
- Path: "2021/41xxx/CVE-2021-41228.json",
- BlobHash: "8a7dfd9a7d0c57f66ced89ffa083b4411129a933",
- CommitHash: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- ReferenceURLs: []string{
- "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v",
- "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
- },
- },
-}
diff --git a/srv/internal/worker/false_positives.go b/srv/internal/worker/false_positives.go
deleted file mode 100644
index 86a3eac..0000000
--- a/srv/internal/worker/false_positives.go
+++ /dev/null
@@ -1,52 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package worker
-
-import (
- "context"
-
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/worker/store"
-)
-
-func InsertFalsePositives(ctx context.Context, st store.Store) (err error) {
- defer derrors.Wrap(&err, "InsertFalsePositives")
-
- for i := 0; i < len(falsePositives); i += maxTransactionWrites {
- j := i + maxTransactionWrites
- if j >= len(falsePositives) {
- j = len(falsePositives)
- }
- err := st.RunTransaction(ctx, func(ctx context.Context, tx store.Transaction) error {
- for _, cr := range falsePositives[i:j] {
- if err := tx.CreateCVERecord(cr); err != nil {
- return err
- }
- }
- return nil
- })
- if err != nil {
- return err
- }
- }
- return nil
-}
-
-// falsePositivesInserted reports whether the list of false positives has been
-// added to the store.
-func falsePositivesInserted(ctx context.Context, st store.Store) (bool, error) {
- // Check the first and last IDs. See gen_false_positives.go for the list.
- ids := []string{"CVE-2013-2124", "CVE-2021-3391"}
- for _, id := range ids {
- cr, err := st.GetCVERecord(ctx, id)
- if err != nil {
- return false, err
- }
- if cr == nil {
- return false, nil
- }
- }
- return true, nil
-}
diff --git a/srv/internal/worker/false_positives_test.go b/srv/internal/worker/false_positives_test.go
deleted file mode 100644
index 58051c1..0000000
--- a/srv/internal/worker/false_positives_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package worker
-
-import (
- "context"
- "testing"
-
- "github.com/google/go-cmp/cmp"
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/worker/store"
-)
-
-func TestInsertFalsePositives(t *testing.T) {
- mstore := store.NewMemStore()
- if err := InsertFalsePositives(context.Background(), mstore); err != nil {
- t.Fatal(err)
- }
- // Spot-check a couple of records.
- const commitHash = "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a"
- got := mstore.CVERecords()
- for _, want := range []*store.CVERecord{
- {
- ID: "CVE-2016-0216",
- Path: "2016/0xxx/CVE-2016-0216.json",
- CommitHash: commitHash,
- BlobHash: "ac9f59c6700576b5936dc014ce265ee0c9a41097",
- CVEState: cveschema.StatePublic,
- TriageState: store.TriageStateFalsePositive,
- ReferenceURLs: []string{
- "http://www.ibm.com/support/docview.wss?uid=swg21975358",
- "http://www.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_security_vulnerabilities_in_ibm_tivoli_storage_manager_fastback_cve_2016_0212_cve_2016_0213_cve_2016_0216",
- },
- },
- {
- ID: "CVE-2020-15112",
- Path: "2020/15xxx/CVE-2020-15112.json",
- CommitHash: commitHash,
- BlobHash: "3d87891317ff107037bc0145194ab72df1890411",
- CVEState: cveschema.StatePublic,
- TriageState: store.TriageStateHasVuln,
- TriageStateReason: "GO-2020-0005",
- },
- } {
- if diff := cmp.Diff(want, got[want.ID]); diff != "" {
- t.Errorf("mismatch (-want, +got):\n%s", diff)
- }
- }
-}
diff --git a/srv/internal/worker/gen_false_positives.go b/srv/internal/worker/gen_false_positives.go
deleted file mode 100644
index 85dc2d5..0000000
--- a/srv/internal/worker/gen_false_positives.go
+++ /dev/null
@@ -1,343 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Program to generate false-positive CVE records.
-
-// This requires a local copy of the cvelist repo:
-// git clone https://github.com/CVEProject/cvelist
-//
-// You may also have to "go get github.com/jba/printsrc",
-// because go mod tidy removes it.
-//
-// Then run this program with the path to the repo as argument.
-
-//go:build ignore
-// +build ignore
-
-package main
-
-import (
- "bytes"
- "fmt"
- "go/format"
- "io/ioutil"
- "log"
- "os"
- "strings"
- "text/template"
-
- "github.com/go-git/go-git/v5"
- "github.com/go-git/go-git/v5/plumbing"
- "github.com/jba/printsrc"
- "golang.org/x/vuln/srv/internal/gitrepo"
- "golang.org/x/vuln/srv/internal/worker"
- "golang.org/x/vuln/srv/internal/worker/store"
-)
-
-// The CVEs marked "false-positive" in triaged-cve-list and elswhere, including
-// both true false positives and CVEs that are covered by a Go vulndb report.
-var falsePositiveIDs = []struct {
- source string
- commit string
- ids []string
-}{
- {
- source: "triaged-cve-list file in this repo",
- // Last commit to github.com/CVEProject/cvelist on April 12, 2021.
- // The triaged-cve-list file was last edited the next day.
- commit: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- ids: []string{
- "CVE-2013-2124", "CVE-2013-2233", "CVE-2014-0177", "CVE-2014-3498", "CVE-2014-3971",
- "CVE-2014-4657", "CVE-2014-4658", "CVE-2014-4659", "CVE-2014-4660", "CVE-2014-4678",
- "CVE-2014-4966", "CVE-2014-4967", "CVE-2014-8178", "CVE-2014-8179", "CVE-2014-8682",
- "CVE-2014-9938", "CVE-2015-5237", "CVE-2015-5250", "CVE-2015-6240", "CVE-2015-7082",
- "CVE-2015-7528", "CVE-2015-7545", "CVE-2015-7561", "CVE-2015-8222", "CVE-2015-8945",
- "CVE-2015-9258", "CVE-2015-9259", "CVE-2015-9282", "CVE-2016-0216", "CVE-2016-1133",
- "CVE-2016-1544", "CVE-2016-1587", "CVE-2016-1905", "CVE-2016-1906", "CVE-2016-2160",
- "CVE-2016-2183", "CVE-2016-2315", "CVE-2016-2324", "CVE-2016-3096", "CVE-2016-3711",
- "CVE-2016-4817", "CVE-2016-4864", "CVE-2016-6349", "CVE-2016-6494", "CVE-2016-7063",
- "CVE-2016-7064", "CVE-2016-7075", "CVE-2016-7569", "CVE-2016-7835", "CVE-2016-8579",
- "CVE-2016-9274", "CVE-2016-9962", "CVE-2017-1000056", "CVE-2017-1000069", "CVE-2017-1000070",
- "CVE-2017-1000420", "CVE-2017-1000459", "CVE-2017-1000492", "CVE-2017-1002100", "CVE-2017-1002101",
- "CVE-2017-1002102", "CVE-2017-10868", "CVE-2017-10869", "CVE-2017-10872", "CVE-2017-10908",
- "CVE-2017-14178", "CVE-2017-14623", "CVE-2017-14992", "CVE-2017-15104", "CVE-2017-16539",
- "CVE-2017-17697", "CVE-2017-2428", "CVE-2017-7297", "CVE-2017-7481", "CVE-2017-7550",
- "CVE-2017-7860", "CVE-2017-7861", "CVE-2017-8359", "CVE-2017-9431", "CVE-2018-0608",
- "CVE-2018-1000400", "CVE-2018-1000538", "CVE-2018-1000803", "CVE-2018-1000816", "CVE-2018-1002100",
- "CVE-2018-1002101", "CVE-2018-1002102", "CVE-2018-1002103", "CVE-2018-1002104", "CVE-2018-1002105",
- "CVE-2018-1002207", "CVE-2018-10055", "CVE-2018-10856", "CVE-2018-10892", "CVE-2018-10937",
- "CVE-2018-1098", "CVE-2018-1099", "CVE-2018-12099", "CVE-2018-12608", "CVE-2018-12678",
- "CVE-2018-12976", "CVE-2018-14474", "CVE-2018-15178", "CVE-2018-15192", "CVE-2018-15193",
- "CVE-2018-15598", "CVE-2018-15664", "CVE-2018-15747", "CVE-2018-15869", "CVE-2018-16316",
- "CVE-2018-16359", "CVE-2018-16398", "CVE-2018-16409", "CVE-2018-16733", "CVE-2018-16859",
- "CVE-2018-16876", "CVE-2018-17031", "CVE-2018-17456", "CVE-2018-17572", "CVE-2018-18264",
- "CVE-2018-18553", "CVE-2018-18623", "CVE-2018-18624", "CVE-2018-18625", "CVE-2018-18925",
- "CVE-2018-18926", "CVE-2018-19114", "CVE-2018-19148", "CVE-2018-19184", "CVE-2018-19295",
- "CVE-2018-19333", "CVE-2018-19367", "CVE-2018-19466", "CVE-2018-19653", "CVE-2018-19786",
- "CVE-2018-19793", "CVE-2018-20303", "CVE-2018-20421", "CVE-2018-20699", "CVE-2018-20744",
- "CVE-2018-21034", "CVE-2018-21233", "CVE-2018-7575", "CVE-2018-7576", "CVE-2018-7577",
- "CVE-2018-8825", "CVE-2018-9057", "CVE-2019-1000002", "CVE-2019-1002100", "CVE-2019-1002101",
- "CVE-2019-1010003", "CVE-2019-1010261", "CVE-2019-1010275", "CVE-2019-1010314", "CVE-2019-10152",
- "CVE-2019-10156", "CVE-2019-10165", "CVE-2019-10200", "CVE-2019-1020009", "CVE-2019-1020014",
- "CVE-2019-1020015", "CVE-2019-10217", "CVE-2019-10223", "CVE-2019-10743", "CVE-2019-11043",
- "CVE-2019-11228", "CVE-2019-11229", "CVE-2019-11243", "CVE-2019-11244", "CVE-2019-11245",
- "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249", "CVE-2019-11251",
- "CVE-2019-11252", "CVE-2019-11255", "CVE-2019-11328", "CVE-2019-11405", "CVE-2019-11471",
- "CVE-2019-11502", "CVE-2019-11503", "CVE-2019-11576", "CVE-2019-11641", "CVE-2019-11881",
- "CVE-2019-11938", "CVE-2019-12291", "CVE-2019-12452", "CVE-2019-12494", "CVE-2019-12618",
- "CVE-2019-12995", "CVE-2019-12999", "CVE-2019-13068", "CVE-2019-13126", "CVE-2019-13139",
- "CVE-2019-13915", "CVE-2019-14243", "CVE-2019-14255", "CVE-2019-14271", "CVE-2019-14544",
- "CVE-2019-14846", "CVE-2019-14864", "CVE-2019-14904", "CVE-2019-14940", "CVE-2019-14993",
- "CVE-2019-15043", "CVE-2019-15119", "CVE-2019-15225", "CVE-2019-15226", "CVE-2019-15562",
- "CVE-2019-15716", "CVE-2019-16060", "CVE-2019-16097", "CVE-2019-16146", "CVE-2019-16214",
- "CVE-2019-16355", "CVE-2019-16778", "CVE-2019-16919", "CVE-2019-18466", "CVE-2019-18657",
- "CVE-2019-18801", "CVE-2019-18802", "CVE-2019-18817", "CVE-2019-18836", "CVE-2019-18838",
- "CVE-2019-18923", "CVE-2019-19023", "CVE-2019-19025", "CVE-2019-19026", "CVE-2019-19029",
- "CVE-2019-19316", "CVE-2019-19335", "CVE-2019-19349", "CVE-2019-19350", "CVE-2019-19724",
- "CVE-2019-19922", "CVE-2019-20329", "CVE-2019-20372", "CVE-2019-20377", "CVE-2019-20894",
- "CVE-2019-20933", "CVE-2019-25014", "CVE-2019-3552", "CVE-2019-3553", "CVE-2019-3558",
- "CVE-2019-3559", "CVE-2019-3565", "CVE-2019-3826", "CVE-2019-3828", "CVE-2019-3841",
- "CVE-2019-3990", "CVE-2019-5736", "CVE-2019-6035", "CVE-2019-8336", "CVE-2019-8400",
- "CVE-2019-9547", "CVE-2019-9635", "CVE-2019-9764", "CVE-2019-9900", "CVE-2019-9901",
- "CVE-2019-9946", "CVE-2020-10660", "CVE-2020-10661", "CVE-2020-10685", "CVE-2020-10691",
- "CVE-2020-10696", "CVE-2020-10706", "CVE-2020-10712", "CVE-2020-10715", "CVE-2020-10749",
- "CVE-2020-10750", "CVE-2020-10752", "CVE-2020-10763", "CVE-2020-10944", "CVE-2020-11008",
- "CVE-2020-11012", "CVE-2020-11013", "CVE-2020-11053", "CVE-2020-11080", "CVE-2020-11091",
- "CVE-2020-11110", "CVE-2020-11498", "CVE-2020-11576", "CVE-2020-11710", "CVE-2020-11767",
- "CVE-2020-12118", "CVE-2020-12245", "CVE-2020-12278", "CVE-2020-12279", "CVE-2020-12283",
- "CVE-2020-12458", "CVE-2020-12459", "CVE-2020-12603", "CVE-2020-12604", "CVE-2020-12605",
- "CVE-2020-12757", "CVE-2020-12758", "CVE-2020-12797", "CVE-2020-13170", "CVE-2020-13223",
- "CVE-2020-13246", "CVE-2020-13250", "CVE-2020-13401", "CVE-2020-13430", "CVE-2020-13449",
- "CVE-2020-13450", "CVE-2020-13451", "CVE-2020-13452", "CVE-2020-13597", "CVE-2020-13788",
- "CVE-2020-13794", "CVE-2020-14144", "CVE-2020-14306", "CVE-2020-14330", "CVE-2020-14332",
- "CVE-2020-14958", "CVE-2020-15104", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-15114",
- "CVE-2020-15115", "CVE-2020-15127", "CVE-2020-15129", "CVE-2020-15136", "CVE-2020-15157",
- "CVE-2020-15184", "CVE-2020-15185", "CVE-2020-15186", "CVE-2020-15187", "CVE-2020-15190",
- "CVE-2020-15191", "CVE-2020-15192", "CVE-2020-15193", "CVE-2020-15194", "CVE-2020-15195",
- "CVE-2020-15196", "CVE-2020-15197", "CVE-2020-15198", "CVE-2020-15199", "CVE-2020-15200",
- "CVE-2020-15201", "CVE-2020-15202", "CVE-2020-15203", "CVE-2020-15204", "CVE-2020-15205",
- "CVE-2020-15206", "CVE-2020-15207", "CVE-2020-15208", "CVE-2020-15209", "CVE-2020-15210",
- "CVE-2020-15211", "CVE-2020-15212", "CVE-2020-15213", "CVE-2020-15214", "CVE-2020-15223",
- "CVE-2020-15233", "CVE-2020-15234", "CVE-2020-15254", "CVE-2020-15257", "CVE-2020-15265",
- "CVE-2020-15266", "CVE-2020-15391", "CVE-2020-16248", "CVE-2020-16250", "CVE-2020-16251",
- "CVE-2020-16844", "CVE-2020-1733", "CVE-2020-1734", "CVE-2020-1735", "CVE-2020-1736",
- "CVE-2020-1737", "CVE-2020-1738", "CVE-2020-1739", "CVE-2020-1740", "CVE-2020-1746",
- "CVE-2020-2023", "CVE-2020-2024", "CVE-2020-2025", "CVE-2020-2026", "CVE-2020-24263",
- "CVE-2020-24264", "CVE-2020-24303", "CVE-2020-24356", "CVE-2020-24359", "CVE-2020-24707",
- "CVE-2020-24708", "CVE-2020-24710", "CVE-2020-24711", "CVE-2020-24712", "CVE-2020-25017",
- "CVE-2020-25018", "CVE-2020-25201", "CVE-2020-25816", "CVE-2020-25989", "CVE-2020-26222",
- "CVE-2020-26240", "CVE-2020-26241", "CVE-2020-26242", "CVE-2020-26265", "CVE-2020-26266",
- "CVE-2020-26267", "CVE-2020-26268", "CVE-2020-26269", "CVE-2020-26270", "CVE-2020-26271",
- "CVE-2020-26276", "CVE-2020-26277", "CVE-2020-26278", "CVE-2020-26279", "CVE-2020-26283",
- "CVE-2020-26284", "CVE-2020-26290", "CVE-2020-26294", "CVE-2020-26521", "CVE-2020-26892",
- "CVE-2020-27151", "CVE-2020-27195", "CVE-2020-27534", "CVE-2020-27955", "CVE-2020-28053",
- "CVE-2020-28348", "CVE-2020-28349", "CVE-2020-28466", "CVE-2020-28914", "CVE-2020-28924",
- "CVE-2020-28991", "CVE-2020-29243", "CVE-2020-29244", "CVE-2020-29245", "CVE-2020-29510",
- "CVE-2020-29511", "CVE-2020-29662", "CVE-2020-35137", "CVE-2020-35138", "CVE-2020-35177",
- "CVE-2020-35453", "CVE-2020-35470", "CVE-2020-35471", "CVE-2020-36066", "CVE-2020-3996",
- "CVE-2020-4037", "CVE-2020-4053", "CVE-2020-5215", "CVE-2020-5233", "CVE-2020-5260",
- "CVE-2020-5300", "CVE-2020-5303", "CVE-2020-5415", "CVE-2020-6016", "CVE-2020-6017",
- "CVE-2020-6018", "CVE-2020-6019", "CVE-2020-7218", "CVE-2020-7219", "CVE-2020-7220",
- "CVE-2020-7665", "CVE-2020-7666", "CVE-2020-7669", "CVE-2020-7955", "CVE-2020-7956",
- "CVE-2020-8551", "CVE-2020-8552", "CVE-2020-8553", "CVE-2020-8554", "CVE-2020-8555",
- "CVE-2020-8557", "CVE-2020-8558", "CVE-2020-8559", "CVE-2020-8563", "CVE-2020-8566",
- "CVE-2020-8569", "CVE-2020-8595", "CVE-2020-8659", "CVE-2020-8660", "CVE-2020-8661",
- "CVE-2020-8663", "CVE-2020-8664", "CVE-2020-8826", "CVE-2020-8827", "CVE-2020-8828",
- "CVE-2020-8843", "CVE-2020-8927", "CVE-2020-8929", "CVE-2020-9321", "CVE-2020-9329",
- "CVE-2021-20198", "CVE-2021-20199", "CVE-2021-20218", "CVE-2021-20291", "CVE-2021-21271",
- "CVE-2021-21284", "CVE-2021-21285", "CVE-2021-21287", "CVE-2021-21291", "CVE-2021-21296",
- "CVE-2021-21300", "CVE-2021-21303", "CVE-2021-21334", "CVE-2021-21362", "CVE-2021-21363",
- "CVE-2021-21364", "CVE-2021-21378", "CVE-2021-21390", "CVE-2021-21404", "CVE-2021-21411",
- "CVE-2021-21432", "CVE-2021-22538", "CVE-2021-23345", "CVE-2021-23347", "CVE-2021-23351",
- "CVE-2021-23357", "CVE-2021-23827", "CVE-2021-25313", "CVE-2021-25834", "CVE-2021-25835",
- "CVE-2021-25836", "CVE-2021-25837", "CVE-2021-26921", "CVE-2021-26923", "CVE-2021-26924",
- "CVE-2021-27098", "CVE-2021-27099", "CVE-2021-27358", "CVE-2021-27375", "CVE-2021-27935",
- "CVE-2021-27940", "CVE-2021-28361", "CVE-2021-28378", "CVE-2021-28681", "CVE-2021-28954",
- "CVE-2021-28955", "CVE-2021-29136", "CVE-2021-29271", "CVE-2021-29272", "CVE-2021-29417",
- "CVE-2021-29651", "CVE-2021-29652", "CVE-2021-3344", "CVE-2021-3382", "CVE-2021-3391",
- },
- },
- {
- source: "internal doc of Nov 7, 2021",
- commit: "f2e420732374f84baa2c4a5b7a84be9ff7e46f88",
- ids: []string{
- "CVE-2020-27847", "CVE-2020-7731", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-10729",
- "CVE-2020-10808", "CVE-2020-18032", "CVE-2020-19498", "CVE-2020-19499", "CVE-2020-23109",
- "CVE-2020-27386", "CVE-2020-27387", "CVE-2020-28347", "CVE-2020-36404", "CVE-2020-36405",
- "CVE-2020-7350", "CVE-2020-7351", "CVE-2020-7352", "CVE-2020-7356", "CVE-2020-7357",
- "CVE-2020-7361", "CVE-2020-7373", "CVE-2020-7374", "CVE-2020-7376", "CVE-2020-7377",
- "CVE-2020-7384", "CVE-2020-7385", "CVE-2021-20178", "CVE-2021-20228", "CVE-2021-20286",
- "CVE-2021-21414", "CVE-2021-21428", "CVE-2021-21429", "CVE-2021-21430", "CVE-2021-24028",
- "CVE-2021-28682", "CVE-2021-28683", "CVE-2021-29133", "CVE-2021-29258", "CVE-2021-29492",
- "CVE-2021-32777", "CVE-2021-32778", "CVE-2021-32779", "CVE-2021-32780", "CVE-2021-32781",
- "CVE-2021-32810", "CVE-2021-36753", "CVE-2021-36979", "CVE-2021-39204", "CVE-2021-39206",
- "CVE-2021-40330", "CVE-2021-42840", "CVE-2021-29923", "CVE-2020-13310", "CVE-2020-13327",
- "CVE-2020-13347", "CVE-2020-13353", "CVE-2020-13845", "CVE-2020-13846", "CVE-2020-13847",
- "CVE-2020-14160", "CVE-2020-14161", "CVE-2020-15167", "CVE-2020-15229", "CVE-2020-24130",
- "CVE-2020-25039", "CVE-2020-25040", "CVE-2020-26213", "CVE-2020-27519", "CVE-2020-28366",
- "CVE-2020-28367", "CVE-2020-8561", "CVE-2021-21405", "CVE-2021-22171", "CVE-2021-23135",
- "CVE-2021-23365", "CVE-2021-25735", "CVE-2021-25737", "CVE-2021-25740", "CVE-2021-25741",
- "CVE-2021-25742", "CVE-2021-25938", "CVE-2021-28484", "CVE-2021-29453", "CVE-2021-29456",
- "CVE-2021-29499", "CVE-2021-29622", "CVE-2021-30465", "CVE-2021-30476", "CVE-2021-31232",
- "CVE-2021-31856", "CVE-2021-32574", "CVE-2021-32635", "CVE-2021-32637", "CVE-2021-32690",
- "CVE-2021-32699", "CVE-2021-32701", "CVE-2021-32753", "CVE-2021-32760", "CVE-2021-32783",
- "CVE-2021-32787", "CVE-2021-32813", "CVE-2021-32825", "CVE-2021-33359", "CVE-2021-33496",
- "CVE-2021-33497", "CVE-2021-33708", "CVE-2021-34824", "CVE-2021-35206", "CVE-2021-36156",
- "CVE-2021-36157", "CVE-2021-3619", "CVE-2021-36213", "CVE-2021-36371", "CVE-2021-37794",
- "CVE-2021-37914", "CVE-2021-38197", "CVE-2021-38599", "CVE-2021-39155", "CVE-2021-39156",
- "CVE-2021-39162", "CVE-2021-39226", "CVE-2021-39391", "CVE-2021-41087", "CVE-2021-41088",
- "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103", "CVE-2021-41137",
- "CVE-2021-41174", "CVE-2021-41232", "CVE-2021-41323", "CVE-2021-41324", "CVE-2021-41325",
- "CVE-2021-41393", "CVE-2021-41394", "CVE-2021-41395", "CVE-2021-41593", "CVE-2021-42650",
- "CVE-2020-22741", "CVE-2020-26772", "CVE-2021-36605", "CVE-2021-29512", "CVE-2021-29513",
- "CVE-2021-29514", "CVE-2021-29515", "CVE-2021-29516", "CVE-2021-29517", "CVE-2021-29518",
- "CVE-2021-29519", "CVE-2021-29520", "CVE-2021-29521", "CVE-2021-29522", "CVE-2021-29523",
- "CVE-2021-29524", "CVE-2021-29525", "CVE-2021-29526", "CVE-2021-29527", "CVE-2021-29528",
- "CVE-2021-29529", "CVE-2021-29530", "CVE-2021-29531", "CVE-2021-29532", "CVE-2021-29533",
- "CVE-2021-29534", "CVE-2021-29535", "CVE-2021-29536", "CVE-2021-29537", "CVE-2021-29538",
- "CVE-2021-29539", "CVE-2021-29540", "CVE-2021-29541", "CVE-2021-29542", "CVE-2021-29543",
- "CVE-2021-29544", "CVE-2021-29545", "CVE-2021-29546", "CVE-2021-29547", "CVE-2021-29548",
- "CVE-2021-29549", "CVE-2021-29550", "CVE-2021-29551", "CVE-2021-29552", "CVE-2021-29553",
- "CVE-2021-29554", "CVE-2021-29555", "CVE-2021-29556", "CVE-2021-29557", "CVE-2021-29558",
- "CVE-2021-29559", "CVE-2021-29560", "CVE-2021-29561", "CVE-2021-29562", "CVE-2021-29563",
- "CVE-2021-29564", "CVE-2021-29565", "CVE-2021-29566", "CVE-2021-29567", "CVE-2021-29568",
- "CVE-2021-29569", "CVE-2021-29570", "CVE-2021-29571", "CVE-2021-29572", "CVE-2021-29573",
- "CVE-2021-29574", "CVE-2021-29575", "CVE-2021-29576", "CVE-2021-29577", "CVE-2021-29578",
- "CVE-2021-29579", "CVE-2021-29580", "CVE-2021-29581", "CVE-2021-29582", "CVE-2021-29583",
- "CVE-2021-29584", "CVE-2021-29585", "CVE-2021-29586", "CVE-2021-29587", "CVE-2021-29588",
- "CVE-2021-29589", "CVE-2021-29590", "CVE-2021-29591", "CVE-2021-29592", "CVE-2021-29593",
- "CVE-2021-29594", "CVE-2021-29595", "CVE-2021-29596", "CVE-2021-29597", "CVE-2021-29598",
- "CVE-2021-29599", "CVE-2021-29600", "CVE-2021-29601", "CVE-2021-29602", "CVE-2021-29603",
- "CVE-2021-29604", "CVE-2021-29605", "CVE-2021-29606", "CVE-2021-29607", "CVE-2021-29608",
- "CVE-2021-29609", "CVE-2021-29610", "CVE-2021-29611", "CVE-2021-29612", "CVE-2021-29613",
- "CVE-2021-29614", "CVE-2021-29615", "CVE-2021-29616", "CVE-2021-29617", "CVE-2021-29618",
- "CVE-2021-29619", "CVE-2021-35958", "CVE-2021-37635", "CVE-2021-37636", "CVE-2021-37637",
- "CVE-2021-37638", "CVE-2021-37639", "CVE-2021-37640", "CVE-2021-37641", "CVE-2021-37642",
- "CVE-2021-37643", "CVE-2021-37644", "CVE-2021-37645", "CVE-2021-37646", "CVE-2021-37647",
- "CVE-2021-37648", "CVE-2021-37649", "CVE-2021-37650", "CVE-2021-37651", "CVE-2021-37652",
- "CVE-2021-37653", "CVE-2021-37654", "CVE-2021-37655", "CVE-2021-37656", "CVE-2021-37657",
- "CVE-2021-37658", "CVE-2021-37659", "CVE-2021-37660", "CVE-2021-37661", "CVE-2021-37662",
- "CVE-2021-37663", "CVE-2021-37664", "CVE-2021-37665", "CVE-2021-37666", "CVE-2021-37667",
- "CVE-2021-37668", "CVE-2021-37669", "CVE-2021-37670", "CVE-2021-37671", "CVE-2021-37672",
- "CVE-2021-37673", "CVE-2021-37674", "CVE-2021-37675", "CVE-2021-37676", "CVE-2021-37677",
- "CVE-2021-37678", "CVE-2021-37679", "CVE-2021-37680", "CVE-2021-37681", "CVE-2021-37682",
- "CVE-2021-37683", "CVE-2021-37684", "CVE-2021-37685", "CVE-2021-37686", "CVE-2021-37687",
- "CVE-2021-37688", "CVE-2021-37689", "CVE-2021-37690", "CVE-2021-37691", "CVE-2021-37692",
- "CVE-2021-41195", "CVE-2021-41196", "CVE-2021-41197", "CVE-2021-41198", "CVE-2021-41199",
- "CVE-2021-41200", "CVE-2021-41201", "CVE-2021-41202", "CVE-2021-41203", "CVE-2021-41204",
- "CVE-2021-41205", "CVE-2021-41206", "CVE-2021-41207", "CVE-2021-41208", "CVE-2021-41209",
- "CVE-2021-41210", "CVE-2021-41211", "CVE-2021-41212", "CVE-2021-41213", "CVE-2021-41214",
- "CVE-2021-41215", "CVE-2021-41216", "CVE-2021-41217", "CVE-2021-41218", "CVE-2021-41219",
- "CVE-2021-41220", "CVE-2021-41221", "CVE-2021-41222", "CVE-2021-41223", "CVE-2021-41224",
- "CVE-2021-41225", "CVE-2021-41226", "CVE-2021-41227", "CVE-2021-41228",
- },
- },
-}
-
-// IDs that are covered by a Go vuln report, and the report ID.
-var coveredIDs = map[string]string{
- "CVE-2020-15112": "GO-2020-0005",
- "CVE-2020-29243": "GO-2021-0097",
- "CVE-2020-29244": "GO-2021-0097",
- "CVE-2020-29245": "GO-2021-0097",
-}
-
-func main() {
- if len(os.Args) < 2 {
- log.Fatal("usage: gen_false_positives PATH_TO_LOCAL_REPO")
- }
- if err := run(os.Args[1]); err != nil {
- log.Fatal(err)
- }
-}
-
-func run(repoPath string) error {
- printer := printsrc.NewPrinter("golang.org/x/vuln/srv/internal/worker")
- tmpl, err := template.New("").
- Funcs(template.FuncMap{"src": printer.Sprint}).
- Parse(fileTemplate)
- if err != nil {
- return err
- }
- repo, err := gitrepo.Open(repoPath)
- if err != nil {
- return err
- }
- crs, err := buildCVERecords(repo)
- if err != nil {
- return err
- }
- var buf bytes.Buffer
- if err := tmpl.Execute(&buf, crs); err != nil {
- return err
- }
- src, err := format.Source(buf.Bytes())
- if err != nil {
- return err
- }
- return ioutil.WriteFile("false_positive_records.gen.go", src, 0644)
-}
-
-func buildCVERecords(repo *git.Repository) ([]*store.CVERecord, error) {
- var crs []*store.CVERecord
- for _, spec := range falsePositiveIDs {
- commit, err := repo.CommitObject(plumbing.NewHash(spec.commit))
- if err != nil {
- return nil, err
- }
- for _, id := range spec.ids {
- path := idToPath(id)
- cve, blobHash, err := worker.ReadCVEAtPath(commit, path)
- if err != nil {
- return nil, err
- }
- if cve.ID != id {
- return nil, fmt.Errorf("ID at path %s is %s", path, cve.ID)
- }
- cr := store.NewCVERecord(cve, path, blobHash)
- cr.CommitHash = spec.commit
- if reportID := coveredIDs[id]; reportID != "" {
- cr.TriageState = store.TriageStateHasVuln
- cr.TriageStateReason = reportID
- } else {
- cr.TriageState = store.TriageStateFalsePositive
- for _, r := range cve.References.Data {
- if r.URL != "" {
- cr.ReferenceURLs = append(cr.ReferenceURLs, r.URL)
- }
- }
- }
- crs = append(crs, cr)
- }
- }
- return crs, nil
-}
-
-func idToPath(id string) string {
- words := strings.Split(id, "-")
- year := words[1]
- num := []byte(words[2])
- // Last three digits of number replaced by 'x'.
- for i := 1; i <= 3; i++ {
- num[len(num)-i] = 'x'
- }
- for len(num) < 4 {
- num = append([]byte{'0'}, num...)
- }
- return fmt.Sprintf("%s/%s/%s.json", year, num, id)
-}
-
-var fileTemplate = `
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Code generated by gen_false_positives.go; DO NOT EDIT.
-
-package worker
-
-import "golang.org/x/vuln/srv/internal/worker/store"
-
-var falsePositives = {{. | src}}
-`
diff --git a/srv/internal/worker/issues.go b/srv/internal/worker/issues.go
deleted file mode 100644
index 1b8703d..0000000
--- a/srv/internal/worker/issues.go
+++ /dev/null
@@ -1,105 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package worker
-
-import (
- "context"
- "fmt"
-
- "github.com/google/go-github/github"
- "golang.org/x/oauth2"
- "golang.org/x/vuln/srv/internal"
- "golang.org/x/vuln/srv/internal/derrors"
-)
-
-type Issue struct {
- Title string
- Body string
- Labels []string
-}
-
-type IssueClient interface {
- // Destination describes where issues will be created.
- Destination() string
-
- // Reference returns a string that refers to the issue with number.
- Reference(number int) string
-
- // IssueExists reports whether an issue with the given ID exists.
- IssueExists(ctx context.Context, number int) (bool, error)
-
- // CreateIssue creates a new issue.
- CreateIssue(ctx context.Context, iss *Issue) (number int, err error)
-}
-
-// ParseGithubRepo parses a string of the form owner/repo.
-func ParseGithubRepo(s string) (owner, repoName string, err error) {
- var found bool
- owner, repoName, found = internal.Cut(s, "/")
- if !found {
- return "", "", fmt.Errorf("%q is not in the form owner/repo", s)
- }
- return owner, repoName, nil
-}
-
-type githubIssueClient struct {
- client *github.Client
- owner string
- repo string
-}
-
-// NewGithubIssueClient creates an IssueClient that will create issues in
-// the a GitHub repo.
-// A GitHub access token is required to create issues.
-func NewGithubIssueClient(owner, repo, accessToken string) *githubIssueClient {
- ts := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: accessToken})
- tc := oauth2.NewClient(context.Background(), ts)
- return &githubIssueClient{
- client: github.NewClient(tc),
- owner: owner,
- repo: repo,
- }
-}
-
-// Destination implements IssueClient.Destination.
-func (c *githubIssueClient) Destination() string {
- return fmt.Sprintf("https://github.com/%s/%s", c.owner, c.repo)
-}
-
-// Reference implements IssueClient.Reference.
-func (c *githubIssueClient) Reference(num int) string {
- return fmt.Sprintf("%s/issues/%d", c.Destination(), num)
-}
-
-// IssueExists implements IssueClient.IssueExists.
-func (c *githubIssueClient) IssueExists(ctx context.Context, number int) (_ bool, err error) {
- defer derrors.Wrap(&err, "IssueExists(%d)", number)
-
- iss, _, err := c.client.Issues.Get(ctx, c.owner, c.repo, number)
- if err != nil {
- return false, err
- }
- if iss != nil {
- fmt.Printf("ID = %d, Number = %d\n", iss.GetID(), iss.GetNumber())
- return true, nil
- }
- return false, nil
-}
-
-// CreateIssue implements IssueClient.CreateIssue.
-func (c *githubIssueClient) CreateIssue(ctx context.Context, iss *Issue) (number int, err error) {
- defer derrors.Wrap(&err, "CreateIssue(%s)", iss.Title)
-
- req := &github.IssueRequest{
- Title: &iss.Title,
- Body: &iss.Body,
- Labels: &iss.Labels,
- }
- giss, _, err := c.client.Issues.Create(ctx, c.owner, c.repo, req)
- if err != nil {
- return 0, err
- }
- return giss.GetNumber(), nil
-}
diff --git a/srv/internal/worker/issues_test.go b/srv/internal/worker/issues_test.go
deleted file mode 100644
index 749c1b3..0000000
--- a/srv/internal/worker/issues_test.go
+++ /dev/null
@@ -1,99 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.17
-// +build go1.17
-
-package worker
-
-import (
- "context"
- "flag"
- "fmt"
- "io/ioutil"
- "strings"
- "testing"
-)
-
-var (
- githubRepo = flag.String("repo", "", "GitHub repo (in form owner/repo) to test issues")
- githubTokenFile = flag.String("ghtokenfile", "", "path to file containing GitHub access token")
-)
-
-func TestIssueClient(t *testing.T) {
- t.Run("fake", func(t *testing.T) {
- testIssueClient(t, newFakeIssueClient())
- })
- t.Run("github", func(t *testing.T) {
- if *githubRepo == "" {
- t.Skip("skipping: no -repo flag")
- }
- owner, repo, err := ParseGithubRepo(*githubRepo)
- if err != nil {
- t.Fatal(err)
- }
- if *githubTokenFile == "" {
- t.Fatal("need -ghtokenfile")
- }
- data, err := ioutil.ReadFile(*githubTokenFile)
- if err != nil {
- t.Fatal(err)
- }
- token := strings.TrimSpace(string(data))
- testIssueClient(t, NewGithubIssueClient(owner, repo, token))
- })
-}
-
-func testIssueClient(t *testing.T, c IssueClient) {
- ctx := context.Background()
- iss := &Issue{
- Title: "vuln worker test",
- Body: "test of go.googlesource.com/vuln/srv/internal/worker",
- Labels: []string{"testing"},
- }
- num, err := c.CreateIssue(ctx, iss)
- if err != nil {
- t.Fatal(err)
- }
- gotExists, err := c.IssueExists(ctx, num)
- if err != nil {
- t.Fatal(err)
- }
- if !gotExists {
- t.Error("created issue doesn't exist")
- }
-}
-
-type fakeIssueClient struct {
- nextID int
- issues map[int]*Issue
-}
-
-func newFakeIssueClient() *fakeIssueClient {
- return &fakeIssueClient{
- nextID: 1,
- issues: map[int]*Issue{},
- }
-}
-
-func (c *fakeIssueClient) Destination() string {
- return "in memory"
-}
-
-func (c *fakeIssueClient) Reference(num int) string {
- return fmt.Sprintf("inMemory#%d", num)
-}
-
-func (c *fakeIssueClient) IssueExists(_ context.Context, number int) (bool, error) {
- _, ok := c.issues[number]
- return ok, nil
-}
-
-func (c *fakeIssueClient) CreateIssue(_ context.Context, iss *Issue) (number int, err error) {
- number = c.nextID
- c.nextID++
- copy := *iss
- c.issues[number] = ©
- return number, nil
-}
diff --git a/srv/internal/worker/log/log.go b/srv/internal/worker/log/log.go
deleted file mode 100644
index de0883c..0000000
--- a/srv/internal/worker/log/log.go
+++ /dev/null
@@ -1,100 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package log implements event handlers for logging.
-package log
-
-import (
- "context"
- "fmt"
- "io"
- "os"
- "strings"
- "sync"
-
- "golang.org/x/exp/event"
- "golang.org/x/exp/event/severity"
-)
-
-func WithLineLogger(ctx context.Context) context.Context {
- return event.WithExporter(ctx, event.NewExporter(&lineHandler{w: os.Stderr}, nil))
-}
-
-// lineHandler writes log events one per line in an easy-to-read format:
-// time level message label1=value1 label2=value2 ...
-type lineHandler struct {
- mu sync.Mutex // ensure a log line is not interrupted
- w io.Writer
-}
-
-// Event implements event.Handler.Event for log events.
-func (h *lineHandler) Event(ctx context.Context, ev *event.Event) context.Context {
- if ev.Kind != event.LogKind {
- return ctx
- }
- h.mu.Lock()
- defer h.mu.Unlock()
-
- var msg, level string
- var others []string
- for _, lab := range ev.Labels {
- switch lab.Name {
- case "msg":
- msg = lab.String()
- case "level":
- level = strings.ToUpper(lab.String())
- default:
- others = append(others, fmt.Sprintf("%s=%s", lab.Name, lab.String()))
- }
- }
- var s string
- if len(others) > 0 {
- s = " " + strings.Join(others, " ")
- }
- if level != "" {
- level = " " + level
- }
- fmt.Fprintf(h.w, "%s%s %s%s\n", ev.At.Format("2006/01/02 15:04:05"), level, msg, s)
- return ctx
-}
-
-// Debug emits one log event at the Debug severity.
-func Debug(ctx context.Context, message string, labels ...event.Label) {
- event.Log(ctx, message, append(labels, severity.Debug.Label())...)
-}
-
-// Info emits one log event at the Info severity.
-func Info(ctx context.Context, message string, labels ...event.Label) {
- event.Log(ctx, message, append(labels, severity.Info.Label())...)
-}
-
-// Warning emits one log event at the Warning severity.
-func Warning(ctx context.Context, message string, labels ...event.Label) {
- event.Log(ctx, message, append(labels, severity.Warning.Label())...)
-}
-
-// Error emits one log event at the Error severity.
-func Error(ctx context.Context, message string, labels ...event.Label) {
- event.Log(ctx, message, append(labels, severity.Error.Label())...)
-}
-
-// Debugf logs a formatted message with no labels at the Debug severity.
-func Debugf(ctx context.Context, format string, args ...interface{}) {
- Debug(ctx, fmt.Sprintf(format, args...))
-}
-
-// Infof logs a formatted message with no labels at the Info severity.
-func Infof(ctx context.Context, format string, args ...interface{}) {
- Info(ctx, fmt.Sprintf(format, args...))
-}
-
-// Warningf logs a formatted message with no labels at the Warning severity.
-func Warningf(ctx context.Context, format string, args ...interface{}) {
- Warning(ctx, fmt.Sprintf(format, args...))
-}
-
-// Errorf logs a formatted message with no labels at the Error severity.
-func Errorf(ctx context.Context, format string, args ...interface{}) {
- Error(ctx, fmt.Sprintf(format, args...))
-}
diff --git a/srv/internal/worker/paths.go b/srv/internal/worker/paths.go
deleted file mode 100644
index 7f2c7eb..0000000
--- a/srv/internal/worker/paths.go
+++ /dev/null
@@ -1,247 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package worker
-
-import (
- "path"
- "regexp"
- "strings"
-
- "golang.org/x/mod/module"
-)
-
-// vcsHostWithThreeElementRepoName returns true when the hostname
-// has three elements like hostname/account/project.
-func vcsHostWithThreeElementRepoName(hostname string) bool {
- switch hostname {
- case
- "git.sr.ht",
- "gitea.com",
- "gitee.com",
- "gitlab.com",
- "hg.sr.ht",
- "bitbucket.org",
- "github.com",
- "golang.org",
- "launchpad.net":
- return true
- default:
- return false
- }
-}
-
-// negativePrefixPatterns is a list of glob patterns that describe prefixes of
-// potential module paths that are known not to be modules. These are turned
-// into regexps below and checked against each module path before calling
-// pkgsite. This can speed up triage because pkgsite requests are throttled.
-var negativePrefixPatterns = []string{
- "*.blogspot.com",
- "*.blogspot.dk",
- "*.readthedocs.org",
- "*.slashdot.org",
- "advisories.mageia.org",
- "archives.neohapsis.com",
- "arstechnica.com/security",
- "blog.python.org",
- "blogs.oracle.com",
- "blogs.technet.com",
- "bugs.*",
- "bugzilla.*",
- "cert.uni-stuttgart.de/archive",
- "community.rapid7.com/community/*/blog",
- "cr.yp.to/talks",
- "crbug.com",
- "dev2dev.bea.com/pub/advisory",
- "developer.mozilla.org/docs",
- "developer.mozilla.org/en-US/docs",
- "docs.google.com",
- "docs.microsoft.com",
- "downloads.securityfocus.com/vulnerabilities",
- "drupal.org/node",
- "erpscan.com/advisories",
- "exchange.xforce.ibmcloud.com",
- "fedoranews.org",
- "ftp.caldera.com/pub/security",
- "ftp.netbsd.org/pub",
- "ftp.sco.com/pub",
- "github.com/*/*/blob",
- "github.com/*/*/commit",
- "github.com/*/*/issues",
- "groups.google.com",
- "helpx.adobe.com/security",
- "hg.openjdk.java.net",
- "ics-cert.us-cert.gov",
- "issues.apache.org",
- "issues.rpath.com",
- "java.net",
- "jira.*",
- "jvn.jp",
- "jvndb.jvn.jp",
- "krebsonsecurity.com",
- "labs.mwrinfosecurity.com/advisories",
- "lists.*/archive",
- "lists.*/archives",
- "lists.*/pipermail",
- "lists.apache.org",
- "lists.apple.com",
- "lists.debian.org",
- "lists.mysql.com",
- "lists.opensuse.org",
- "lists.ubuntu.com",
- "mail-archives.*",
- "mail.*.org/archive",
- "mail.*.org/archives",
- "mail.*/pipermail",
- "mailman.*.org/archives",
- "mailman.*.org/pipermail",
- "nodesecurity.io/advisories",
- "online.securityfocus.com/advisories",
- "openwall.com/lists",
- "oss.oracle.com/pipermail",
- "osvdb.org",
- "owncloud.org/about/security",
- "packetstormsecurity.com/files",
- "patches.sgi.com/support/free/security/advisories",
- "plus.google.com",
- "puppetlabs.com/security",
- "raw.github.com",
- "rhn.redhat.com/errata",
- "seclists.org",
- "secunia.com/advisories",
- "secunia.com/secunia_research",
- "security.e-matters.de/advisories",
- "security.gentoo.org/glsa",
- "securityreason.com/securityalert",
- "securityreason.com/securityalert/",
- "securityresponse.symantec.com",
- "securitytracker.com/alerts",
- "service.sap.com",
- "subversion.apache.org/security",
- "technet.microsoft.com/en-us/security",
- "technet.microsoft.com/security",
- "tools.cisco.com/security/center",
- "twitter.com",
- "ubuntu.com/usn",
- "usn.ubuntu.com",
- "www.adobe.com/support",
- "www.adobe.com/support/security",
- "www.atstake.com/research/advisories",
- "www.bugzilla.org/security",
- "www.cert.org/advisories",
- "www.ciac.org/ciac/bulletins",
- "www.cisco.com/warp/public/707",
- "www.coresecurity.com/advisories",
- "www.debian.org/security",
- "www.derkeiler.com/Mailing-Lists",
- "www.drupal.org/node",
- "www.exploit-db.com",
- "www.gentoo.org/security",
- "www.htbridge.com/advisory",
- "www.ibm.com/developerworks/java",
- "www.iss.net/security_center",
- "www.kb.cert.org",
- "www.kde.org/info/security",
- "www.kernel.org/pub",
- "www.kernel.org/pub/linux/kernel/v3*/ChangeLog*",
- "www.linux-mandrake.com/en/security",
- "www.linuxsecurity.com/advisories",
- "www.microsoft.com/technet/security",
- "www.mozilla.org/security",
- "www.netvigilance.com/advisory*",
- "www.novell.com/linux/security",
- "www.openwall.com/lists",
- "www.oracle.com/technetwork",
- "www.osvdb.org",
- "www.phpmyadmin.net/home_page/security",
- "www.portcullis-security.com/security-research-and-downloads",
- "www.postgresql.org/docs",
- "www.red-database-security.com/advisory",
- "www.redhat.com/archives",
- "www.redhat.com/support/errata",
- "www.samba.org/samba/security",
- "www.secunia.com/advisories",
- "www.securiteam.com/exploits",
- "www.securiteam.com/securitynews",
- "www.securiteam.com/unixfocus",
- "www.securiteam.com/windowsntfocus",
- "www.security-assessment.com/files",
- "www.securityfocus.com",
- "www.securitytracker.com",
- "www.sophos.com/en-us/support",
- "www.suse.com/support",
- "www.symantec.com/avcenter/security",
- "www.trustix.org/errata",
- "www.ubuntu.com/usn",
- "www.us-cert.gov/cas",
- "www.us-cert.gov/ncas",
- "www.us.debian.org/security",
- "www.vmware.com/security/advisories",
- "www.vupen.com/english/advisories",
- "www.wireshark.org/security",
- "www.zerodayinitiative.com/advisories",
- "xforce.iss.net/alerts",
- "zerodayinitiative.com/advisories",
-}
-
-var negativeRegexps []*regexp.Regexp
-
-func init() {
- rep := strings.NewReplacer(".", `\.`, "*", `[^/]*`)
- for _, pat := range negativePrefixPatterns {
- r := "^" + rep.Replace(pat) + "($|/)"
- negativeRegexps = append(negativeRegexps, regexp.MustCompile(r))
- }
-}
-
-// matchesNegativeRegexp reports whether s matches any element of negativeRegexps.
-func matchesNegativeRegexp(s string) bool {
- for _, nr := range negativeRegexps {
- if nr.MatchString(s) {
- return true
- }
- }
- return false
-}
-
-// candidateModulePaths returns the potential module paths that could contain
-// the fullPath, from longest to shortest. It returns nil if no valid module
-// paths can be constructed.
-func candidateModulePaths(fullPath string) []string {
- if matchesNegativeRegexp(fullPath) {
- return nil
- }
- if stdlibContains(fullPath) {
- if err := module.CheckImportPath(fullPath); err != nil {
- return nil
- }
- return []string{"std"}
- }
- var r []string
- for p := fullPath; p != "." && p != "/"; p = path.Dir(p) {
- if err := module.CheckPath(p); err != nil {
- continue
- }
- r = append(r, p)
- }
- if len(r) == 0 {
- return nil
- }
- if !vcsHostWithThreeElementRepoName(r[len(r)-1]) {
- return r
- }
- if len(r) < 3 {
- return nil
- }
- return r[:len(r)-2]
-}
-
-// stdlibContains reports whether the given import path could be part of the Go standard library,
-// by reporting whether the first component lacks a '.'.
-func stdlibContains(path string) bool {
- if i := strings.IndexByte(path, '/'); i != -1 {
- path = path[:i]
- }
- return !strings.Contains(path, ".")
-}
diff --git a/srv/internal/worker/paths_test.go b/srv/internal/worker/paths_test.go
deleted file mode 100644
index ce027e8..0000000
--- a/srv/internal/worker/paths_test.go
+++ /dev/null
@@ -1,79 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.17
-// +build go1.17
-
-package worker
-
-import (
- "testing"
-
- "github.com/google/go-cmp/cmp"
-)
-
-func TestCandidateModulePaths(t *testing.T) {
- for _, test := range []struct {
- in string
- want []string
- }{
- {"", nil},
- {".", nil},
- {"///foo", nil},
- {"github.com/google", nil},
- {"std", []string{"std"}},
- {"encoding/json", []string{"std"}},
- {
- "example.com/green/eggs/and/ham",
- []string{
- "example.com/green/eggs/and/ham",
- "example.com/green/eggs/and",
- "example.com/green/eggs",
- "example.com/green",
- "example.com",
- },
- },
- {
- "github.com/google/go-cmp/cmp",
- []string{"github.com/google/go-cmp/cmp", "github.com/google/go-cmp"},
- },
- {
- "bitbucket.org/ok/sure/no$dollars/allowed",
- []string{"bitbucket.org/ok/sure"},
- },
- {
- // A module path cannot end in "v1".
- "k8s.io/klog/v1",
- []string{"k8s.io/klog", "k8s.io"},
- },
- } {
- got := candidateModulePaths(test.in)
- if !cmp.Equal(got, test.want) {
- t.Errorf("%q: got %v, want %v", test.in, got, test.want)
- }
- }
-}
-
-func TestMatchesNegativeRegexp(t *testing.T) {
- for _, test := range []struct {
- in string
- want bool
- }{
- {"groups.google.com", true},
- {"groupsgooglecom", false},
- {"groups.google.com/foo", true},
- {"groups.google.comics.org", false},
- {"some/groups.google.com", false},
- {"lists.ubuntu.com", true},
- {"lists.ubuntu.com/pipermail", true},
- {"bugzilla.anything.org", true},
- {"github.com/evacchi/flatpress/issues/14", true},
- {"github.com/evacchi/issues/14", false},
- } {
- got := matchesNegativeRegexp(test.in)
- if got != test.want {
- t.Errorf("%s: got %t, want %t", test.in, got, test.want)
- }
- }
-}
diff --git a/srv/internal/worker/repo_test.go b/srv/internal/worker/repo_test.go
deleted file mode 100644
index 9bbbb75..0000000
--- a/srv/internal/worker/repo_test.go
+++ /dev/null
@@ -1,90 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.17
-// +build go1.17
-
-package worker
-
-import (
- "testing"
- "time"
-
- "github.com/go-git/go-billy/v5/memfs"
- "github.com/go-git/go-git/v5"
- "github.com/go-git/go-git/v5/plumbing"
- "github.com/go-git/go-git/v5/plumbing/object"
- "github.com/go-git/go-git/v5/storage/memory"
- "golang.org/x/tools/txtar"
- "golang.org/x/vuln/srv/internal/derrors"
-)
-
-// readTxtarRepo converts a txtar file to a single-commit
-// repo.
-func readTxtarRepo(filename string, now time.Time) (_ *git.Repository, err error) {
- defer derrors.Wrap(&err, "readTxtarRepo(%q)", filename)
-
- mfs := memfs.New()
- ar, err := txtar.ParseFile(filename)
- if err != nil {
- return nil, err
- }
- for _, f := range ar.Files {
- file, err := mfs.Create(f.Name)
- if err != nil {
- return nil, err
- }
- if _, err := file.Write(f.Data); err != nil {
- return nil, err
- }
- if err := file.Close(); err != nil {
- return nil, err
- }
- }
-
- repo, err := git.Init(memory.NewStorage(), mfs)
- if err != nil {
- return nil, err
- }
- wt, err := repo.Worktree()
- if err != nil {
- return nil, err
- }
- for _, f := range ar.Files {
- if _, err := wt.Add(f.Name); err != nil {
- return nil, err
- }
- }
- _, err = wt.Commit("", &git.CommitOptions{All: true, Author: &object.Signature{
- Name: "Joe Random",
- Email: "joe@example.com",
- When: now,
- }})
- if err != nil {
- return nil, err
- }
- return repo, nil
-}
-
-// headCommit returns the commit at the repo HEAD.
-func headCommit(t *testing.T, repo *git.Repository) *object.Commit {
- h, err := headHash(repo)
- if err != nil {
- t.Fatal(err)
- }
- commit, err := repo.CommitObject(h)
- if err != nil {
- t.Fatal(err)
- }
- return commit
-}
-
-// headHash returns the hash of the repo's HEAD.
-func headHash(repo *git.Repository) (plumbing.Hash, error) {
- ref, err := repo.Reference(plumbing.HEAD, true)
- if err != nil {
- return plumbing.ZeroHash, err
- }
- return ref.Hash(), nil
-}
diff --git a/srv/internal/worker/server.go b/srv/internal/worker/server.go
deleted file mode 100644
index 515eba9..0000000
--- a/srv/internal/worker/server.go
+++ /dev/null
@@ -1,297 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package worker
-
-import (
- "bytes"
- "context"
- "errors"
- "fmt"
- "io"
- "net/http"
- "os"
- "path/filepath"
- "strconv"
- "time"
-
- "cloud.google.com/go/errorreporting"
- "github.com/google/safehtml/template"
- "golang.org/x/exp/event"
- "golang.org/x/sync/errgroup"
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/gitrepo"
- "golang.org/x/vuln/srv/internal/worker/log"
- "golang.org/x/vuln/srv/internal/worker/store"
-)
-
-const pkgsiteURL = "https://pkg.go.dev"
-
-var staticPath = template.TrustedSourceFromConstant("internal/worker/static")
-
-type Server struct {
- cfg Config
- indexTemplate *template.Template
- issueClient IssueClient
-}
-
-func NewServer(ctx context.Context, cfg Config) (_ *Server, err error) {
- defer derrors.Wrap(&err, "NewServer(%q)", cfg.Namespace)
-
- s := &Server{cfg: cfg}
-
- if cfg.UseErrorReporting {
- reportingClient, err := errorreporting.NewClient(ctx, cfg.Project, errorreporting.Config{
- ServiceName: serviceID,
- OnError: func(err error) {
- log.Errorf(ctx, "Error reporting failed: %v", err)
- },
- })
- if err != nil {
- return nil, err
- }
- derrors.SetReportingClient(reportingClient)
- }
-
- if cfg.IssueRepo != "" {
- owner, repoName, err := ParseGithubRepo(cfg.IssueRepo)
- if err != nil {
- return nil, err
- }
- s.issueClient = NewGithubIssueClient(owner, repoName, cfg.GitHubAccessToken)
- log.Info(ctx, "issue creation enabled", event.String("repo", cfg.IssueRepo))
- } else {
- log.Info(ctx, "issue creation disabled")
- }
-
- s.indexTemplate, err = parseTemplate(staticPath, template.TrustedSourceFromConstant("index.tmpl"))
- if err != nil {
- return nil, err
- }
- s.handle(ctx, "/", s.indexPage)
- http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir(staticPath.String()))))
- s.handle(ctx, "/favicon.ico", func(w http.ResponseWriter, r *http.Request) error {
- http.ServeFile(w, r, filepath.Join(staticPath.String(), "favicon.ico"))
- return nil
- })
-
- // update: Update the DB from the cvelist repo head and decide which CVEs need issues.
- s.handle(ctx, "/update", s.handleUpdate)
- // issues: File issues on GitHub for CVEs that need them.
- s.handle(ctx, "/issues", s.handleIssues)
- // update-and-issues: do update followed by issues.
- s.handle(ctx, "/update-and-issues", s.handleUpdateAndIssues)
- return s, nil
-}
-
-func (s *Server) handle(ctx context.Context, pattern string, handler func(w http.ResponseWriter, r *http.Request) error) {
- http.HandleFunc(pattern, func(w http.ResponseWriter, r *http.Request) {
- start := time.Now()
- traceID := r.Header.Get("X-Cloud-Trace-Context")
-
- log.Info(ctx, "request start",
- event.Value("url", r.URL),
- event.String("traceID", traceID))
-
- r = r.WithContext(log.WithLineLogger(r.Context()))
- w2 := &responseWriter{ResponseWriter: w}
- if err := handler(w2, r); err != nil {
- s.serveError(ctx, w2, r, err)
- }
-
- log.Info(ctx, "request end",
- event.Value("traceID", traceID),
- event.Duration("latency", time.Since(start)),
- event.Int64("status", translateStatus(w2.status)))
- })
-}
-
-type serverError struct {
- status int // HTTP status code
- err error // wrapped error
-}
-
-func (s *serverError) Error() string {
- return fmt.Sprintf("%d (%s): %v", s.status, http.StatusText(s.status), s.err)
-}
-
-func (s *Server) serveError(ctx context.Context, w http.ResponseWriter, _ *http.Request, err error) {
- serr, ok := err.(*serverError)
- if !ok {
- serr = &serverError{status: http.StatusInternalServerError, err: err}
- }
- if serr.status == http.StatusInternalServerError {
- log.Error(ctx, serr.err.Error())
- } else {
- log.Infof(ctx, "returning %d (%s) for error %v", serr.status, http.StatusText(serr.status), err)
- }
- http.Error(w, serr.err.Error(), serr.status)
-}
-
-type responseWriter struct {
- http.ResponseWriter
- status int
-}
-
-func (rw *responseWriter) WriteHeader(code int) {
- rw.status = code
- rw.ResponseWriter.WriteHeader(code)
-}
-
-func translateStatus(code int) int64 {
- if code == 0 {
- return http.StatusOK
- }
- return int64(code)
-}
-
-// Parse a template.
-func parseTemplate(staticPath, filename template.TrustedSource) (*template.Template, error) {
- if staticPath.String() == "" {
- return nil, nil
- }
- templatePath := template.TrustedSourceJoin(staticPath, filename)
- return template.New(filename.String()).Funcs(template.FuncMap{
- "timefmt": FormatTime,
- }).ParseFilesFromTrustedSources(templatePath)
-}
-
-var locNewYork *time.Location
-
-func init() {
- var err error
- locNewYork, err = time.LoadLocation("America/New_York")
- if err != nil {
- log.Errorf(context.Background(), "time.LoadLocation: %v", err)
- os.Exit(1)
- }
-}
-
-func FormatTime(t time.Time) string {
- if t.IsZero() {
- return "-"
- }
- return t.In(locNewYork).Format("2006-01-02 15:04:05")
-}
-
-func renderPage(ctx context.Context, w http.ResponseWriter, page interface{}, tmpl *template.Template) (err error) {
- defer derrors.Wrap(&err, "renderPage")
-
- var buf bytes.Buffer
- if err := tmpl.Execute(&buf, page); err != nil {
- return err
- }
- if _, err := io.Copy(w, &buf); err != nil {
- log.Error(ctx, "copying buffer to ResponseWriter", event.Value("error", err))
- return err
- }
- return nil
-}
-
-type indexPage struct {
- CVEListRepoURL string
- Namespace string
- Updates []*store.CommitUpdateRecord
- CVEsNeedingIssue []*store.CVERecord
- CVEsUpdatedSince []*store.CVERecord
-}
-
-func (s *Server) indexPage(w http.ResponseWriter, r *http.Request) error {
-
- var (
- updates []*store.CommitUpdateRecord
- needingIssue, updatedSince []*store.CVERecord
- )
-
- g, ctx := errgroup.WithContext(r.Context())
- g.Go(func() error {
- var err error
- updates, err = s.cfg.Store.ListCommitUpdateRecords(ctx, 10)
- return err
- })
- g.Go(func() error {
- var err error
- needingIssue, err = s.cfg.Store.ListCVERecordsWithTriageState(ctx, store.TriageStateNeedsIssue)
- return err
- })
- g.Go(func() error {
- var err error
- updatedSince, err = s.cfg.Store.ListCVERecordsWithTriageState(ctx, store.TriageStateUpdatedSinceIssueCreation)
- return err
- })
- if err := g.Wait(); err != nil {
- return err
- }
-
- page := indexPage{
- CVEListRepoURL: gitrepo.CVEListRepoURL,
- Namespace: s.cfg.Namespace,
- Updates: updates,
- CVEsNeedingIssue: needingIssue,
- CVEsUpdatedSince: updatedSince,
- }
- return renderPage(r.Context(), w, page, s.indexTemplate)
-}
-
-func (s *Server) handleUpdate(w http.ResponseWriter, r *http.Request) error {
- err := s.doUpdate(r)
- if err == nil {
- fmt.Fprintf(w, "Update succeeded.\n")
- }
- return err
-}
-
-func (s *Server) doUpdate(r *http.Request) error {
- if r.Method != http.MethodPost {
- return &serverError{
- status: http.StatusMethodNotAllowed,
- err: fmt.Errorf("%s required", http.MethodPost),
- }
- }
- force := false
- if f := r.FormValue("force"); f == "true" {
- force = true
- }
- err := UpdateCommit(r.Context(), gitrepo.CVEListRepoURL, "HEAD", s.cfg.Store, pkgsiteURL, force)
- if cerr := new(CheckUpdateError); errors.As(err, &cerr) {
- return fmt.Errorf("%w; use /update?force=true to override", cerr)
- }
- return err
-}
-
-func (s *Server) handleIssues(w http.ResponseWriter, r *http.Request) error {
- if r.Method != http.MethodPost {
- return &serverError{
- status: http.StatusMethodNotAllowed,
- err: fmt.Errorf("%s required", http.MethodPost),
- }
- }
- if s.issueClient == nil {
- return &serverError{
- status: http.StatusPreconditionFailed,
- err: errors.New("issue creation disabled"),
- }
- }
- // Unless explicitly asked to, don't create more than a few issues.
- limit := 10
- if sl := r.FormValue("limit"); sl != "" {
- var err error
- limit, err = strconv.Atoi(sl)
- if err != nil {
- return &serverError{
- status: http.StatusBadRequest,
- err: fmt.Errorf("parsing limit query param: %w", err),
- }
- }
- }
- log.Info(r.Context(), "creating issues", event.Int64("limit", int64(limit)))
- return CreateIssues(r.Context(), s.cfg.Store, s.issueClient, limit)
-}
-
-func (s *Server) handleUpdateAndIssues(w http.ResponseWriter, r *http.Request) error {
- if err := s.doUpdate(r); err != nil {
- return err
- }
- return s.handleIssues(w, r)
-}
diff --git a/srv/internal/worker/server_test.go b/srv/internal/worker/server_test.go
deleted file mode 100644
index 9a54dcf..0000000
--- a/srv/internal/worker/server_test.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// The android builder doesn't copy the static directory (or anything but testdata).
-//go:build !android && go1.17
-// +build !android,go1.17
-
-package worker
-
-import (
- "testing"
-
- "github.com/google/safehtml/template"
- "github.com/jba/templatecheck"
-)
-
-func TestTemplates(t *testing.T) {
- // Check parsed templates.
- staticPath := template.TrustedSourceFromConstant("static")
- index, err := parseTemplate(staticPath, template.TrustedSourceFromConstant("index.tmpl"))
- if err != nil {
- t.Fatal(err)
- }
- if err := templatecheck.CheckSafe(index, indexPage{}); err != nil {
- t.Error(err)
- }
-}
diff --git a/srv/internal/worker/static/favicon.ico b/srv/internal/worker/static/favicon.ico
deleted file mode 100644
index 43dc397..0000000
--- a/srv/internal/worker/static/favicon.ico
+++ /dev/null
Binary files differ
diff --git a/srv/internal/worker/static/index.tmpl b/srv/internal/worker/static/index.tmpl
deleted file mode 100644
index f06c48c..0000000
--- a/srv/internal/worker/static/index.tmpl
+++ /dev/null
@@ -1,74 +0,0 @@
-<!--
- Copyright 2021 The Go Authors. All rights reserved.
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
--->
-
-<!DOCTYPE html>
-<html lang="en">
-<meta charset="utf-8">
-<link href="/static/worker.css" rel="stylesheet">
-<title>{{.Namespace}} Vuln Worker</title>
-
-<body>
- <h1>{{.Namespace}} Vuln Worker</h1>
- <p>All times in America/New_York.</p>
-
-
- <h2>Recent Updates</h2>
- {{with .Updates}}
- <table>
- <tr>
- <th>Started</th><th>Ended</th><th>Commit</th><th>Processed</th><th>Added</th><th>Modified</th><th>Error</th>
- </tr>
- {{range .}}
- <tr>
- <td>{{.StartedAt | timefmt}}</td>
- <td>{{.EndedAt | timefmt}}</td>
- <td><a href="{{$.CVEListRepoURL}}/tree/{{.CommitHash}}">{{.CommitHash}}</a></td>
- <td>{{.NumProcessed}}/{{.NumTotal}}</td>
- <td>{{.NumAdded}}</td>
- <td>{{.NumModified}}</td>
- <td>{{.Error}}</td>
- </tr>
- {{end}}
- </table>
- {{else}}
- No updates.
- {{end}}
-
- <h2>CVEs Needing Issue</h2>
- <p>{{len .CVEsNeedingIssue}} records.</p>
- <table>
- <tr>
- <th>ID</th><th>Reason</th>
- </tr>
- {{range .CVEsNeedingIssue}}
- <tr>
- <td><a href="{{$.CVEListRepoURL}}/tree/{{.CommitHash}}/{{.Path}}">{{.ID}}</a></td>
- <td>{{.TriageState}}</td>
- <td>{{.TriageStateReason}}</td>
- </tr>
- {{end}}
- </table>
-
- <h2>CVEs Updated Since Issue Created</h2>
- <p>{{len .CVEsUpdatedSince}} records.</p>
- <table>
- <tr>
- <th>ID</th><th>Reason</th><th>Issue</th><th>Issue Created</th>
- </tr>
- {{range .CVEsUpdatedSince}}
- <tr>
- <td><a href="{{$.CVEListRepoURL}}/tree/{{.CommitHash}}/{{.Path}}">{{.ID}}</a></td>
- <td>{{.TriageState}}</td>
- <td>{{.TriageStateReason}}</td>
- <td>{{.IssueReference}}</td>
- <td>{{.IssueCreatedAt | timefmt}}</td>
- </tr>
- {{end}}
- </table>
-
-</body>
-</html>
-
diff --git a/srv/internal/worker/static/worker.css b/srv/internal/worker/static/worker.css
deleted file mode 100644
index 81a9f72..0000000
--- a/srv/internal/worker/static/worker.css
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2021 The Go Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style
- * license that can be found in the LICENSE file.
- */
-
-:root {
- --white: #eee;
- --gray: #ccc;
- --red: red;
-}
-
-body {
- font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen', 'Ubuntu',
- 'Helvetica Neue', Arial, sans-serif;
-}
-label {
- display: inline-block;
- text-align: right;
- width: 12.5rem;
-}
-input {
- width: 12.5rem;
-}
-button {
- background-color: var(--white);
- border: 0.0625rem solid var(--gray);
- border-radius: 0.125rem;
- width: 16rem;
-}
-table {
- border-spacing: 0.625rem 0.125rem;
- font-size: 0.75rem;
- padding: 0.1875rem 0 0.125rem 0;
-}
-td {
- border-top: 0.0625rem solid var(--gray);
-}
diff --git a/srv/internal/worker/store/fire_store.go b/srv/internal/worker/store/fire_store.go
deleted file mode 100644
index 2ec6a01..0000000
--- a/srv/internal/worker/store/fire_store.go
+++ /dev/null
@@ -1,298 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package store
-
-import (
- "context"
- "errors"
- "fmt"
- "strings"
-
- "cloud.google.com/go/firestore"
- "golang.org/x/vuln/srv/internal/derrors"
- "google.golang.org/api/iterator"
- "google.golang.org/grpc/codes"
- "google.golang.org/grpc/status"
-)
-
-// FireStore is a Store implemented with Google Cloud Firestore.
-//
-// A Firestore DB is a set of documents. Each document has its own unique ID
-// (primary key). Documents are grouped into collections, and each document can
-// have sub-collections. A document can be referred to by a path of the form
-// top-level-collection/doc/sub-collection/doc/...
-//
-// In this layout, there is a single top-level collection called Namespaces,
-// with documents for each development environment. Within each namespace, there
-// are some collections:
-// - CVEs for CVERecords
-// - CommitUpdates for CommitUpdateRecords
-// - DirHashes for directory hashes
-type FireStore struct {
- namespace string
- client *firestore.Client
- nsDoc *firestore.DocumentRef
-}
-
-const (
- namespaceCollection = "Namespaces"
- updateCollection = "Updates"
- cveCollection = "CVEs"
- dirHashCollection = "DirHashes"
-)
-
-// NewFireStore creates a new FireStore, backed by a client to Firestore. Since
-// each project can have only one Firestore database, callers must provide a
-// non-empty namespace to distinguish different virtual databases (e.g. prod and
-// testing).
-func NewFireStore(ctx context.Context, projectID, namespace string) (_ *FireStore, err error) {
- defer derrors.Wrap(&err, "NewFireStore(%q, %q)", projectID, namespace)
-
- if namespace == "" {
- return nil, errors.New("empty namespace")
- }
- client, err := firestore.NewClient(ctx, projectID)
- if err != nil {
- return nil, err
- }
- return &FireStore{
- namespace: namespace,
- client: client,
- nsDoc: client.Collection(namespaceCollection).Doc(namespace),
- }, nil
-}
-
-// CreateCommitUpdateRecord implements Store.CreateCommitUpdateRecord.
-// On successful return, r.ID is set to the record's ID.
-func (fs *FireStore) CreateCommitUpdateRecord(ctx context.Context, r *CommitUpdateRecord) (err error) {
- defer derrors.Wrap(&err, "CreateCommitUpdateRecord()")
-
- docref := fs.nsDoc.Collection(updateCollection).NewDoc()
- if _, err := docref.Create(ctx, r); err != nil {
- return err
- }
- r.ID = docref.ID
- return nil
-}
-
-// SetCommitUpdateRecord implements Store.SetCommitUpdateRecord.
-func (fs *FireStore) SetCommitUpdateRecord(ctx context.Context, r *CommitUpdateRecord) (err error) {
- defer derrors.Wrap(&err, "SetCommitUpdateRecord(%q)", r.ID)
-
- if r.ID == "" {
- return errors.New("missing ID")
- }
- _, err = fs.nsDoc.Collection(updateCollection).Doc(r.ID).Set(ctx, r)
- return err
-}
-
-// GetCVERecord implements store.GetCVERecord.
-func (fs *FireStore) GetCVERecord(ctx context.Context, id string) (_ *CVERecord, err error) {
- defer derrors.Wrap(&err, "GetCVERecord(%q)", id)
-
- docsnap, err := fs.cveRecordRef(id).Get(ctx)
- if status.Code(err) == codes.NotFound {
- return nil, nil
- }
- var cr CVERecord
- if err := docsnap.DataTo(&cr); err != nil {
- return nil, err
- }
- return &cr, nil
-}
-
-// ListCommitUpdateRecords implements Store.ListCommitUpdateRecords.
-func (fs *FireStore) ListCommitUpdateRecords(ctx context.Context, limit int) ([]*CommitUpdateRecord, error) {
- var urs []*CommitUpdateRecord
- q := fs.nsDoc.Collection(updateCollection).OrderBy("StartedAt", firestore.Desc)
- if limit > 0 {
- q = q.Limit(limit)
- }
- iter := q.Documents(ctx)
- for {
- docsnap, err := iter.Next()
- if err == iterator.Done {
- break
- }
- if err != nil {
- return nil, err
- }
- var ur CommitUpdateRecord
- if err := docsnap.DataTo(&ur); err != nil {
- return nil, err
- }
- ur.ID = docsnap.Ref.ID
- urs = append(urs, &ur)
- }
- return urs, nil
-}
-
-type dirHash struct {
- Hash string
-}
-
-// ListCVERecordsWithTriageState implements Store.ListCVERecordsWithTriageState.
-func (fs *FireStore) ListCVERecordsWithTriageState(ctx context.Context, ts TriageState) (_ []*CVERecord, err error) {
- defer derrors.Wrap(&err, "ListCVERecordsWithTriageState(%s)", ts)
-
- q := fs.nsDoc.Collection(cveCollection).Where("TriageState", "==", ts).OrderBy("ID", firestore.Asc)
- docsnaps, err := q.Documents(ctx).GetAll()
- if err != nil {
- return nil, err
- }
- return docsnapsToCVERecords(docsnaps)
-}
-
-// dirHashRef returns a DocumentRef for the directory dir.
-func (s *FireStore) dirHashRef(dir string) *firestore.DocumentRef {
- // Firestore IDs cannot contain slashes.
- // Do something simple and readable to fix that.
- id := strings.ReplaceAll(dir, "/", "|")
- return s.nsDoc.Collection(dirHashCollection).Doc(id)
-}
-
-// GetDirectoryHash implements Transaction.GetDirectoryHash.
-func (fs *FireStore) GetDirectoryHash(ctx context.Context, dir string) (_ string, err error) {
- defer derrors.Wrap(&err, "GetDirectoryHash(%s)", dir)
-
- ds, err := fs.dirHashRef(dir).Get(ctx)
- if err != nil {
- if status.Code(err) == codes.NotFound {
- return "", nil
- }
- return "", err
- }
- data, err := ds.DataAt("Hash")
- if err != nil {
- return "", err
- }
- hash, ok := data.(string)
- if !ok {
- return "", fmt.Errorf("hash data for %s is not a string", dir)
- }
- return hash, nil
-}
-
-// SetDirectoryHash implements Transaction.SetDirectoryHash.
-func (fs *FireStore) SetDirectoryHash(ctx context.Context, dir, hash string) error {
- _, err := fs.dirHashRef(dir).Set(ctx, dirHash{Hash: hash})
- return err
-}
-
-// RunTransaction implements Store.RunTransaction.
-func (fs *FireStore) RunTransaction(ctx context.Context, f func(context.Context, Transaction) error) error {
- return fs.client.RunTransaction(ctx,
- func(ctx context.Context, tx *firestore.Transaction) error {
- return f(ctx, &fsTransaction{fs, tx})
- })
-}
-
-// cveRecordRef returns a DocumentRef to the CVERecord with id.
-func (fs *FireStore) cveRecordRef(id string) *firestore.DocumentRef {
- return fs.nsDoc.Collection(cveCollection).Doc(id)
-}
-
-// fsTransaction implements Transaction
-type fsTransaction struct {
- s *FireStore
- t *firestore.Transaction
-}
-
-// CreateCVERecord implements Transaction.CreateCVERecord.
-func (tx *fsTransaction) CreateCVERecord(r *CVERecord) (err error) {
- defer derrors.Wrap(&err, "FireStore.CreateCVERecord(%s)", r.ID)
-
- if err := r.Validate(); err != nil {
- return err
- }
- return tx.t.Create(tx.s.cveRecordRef(r.ID), r)
-}
-
-// SetCVERecord implements Transaction.SetCVERecord.
-func (tx *fsTransaction) SetCVERecord(r *CVERecord) (err error) {
- defer derrors.Wrap(&err, "SetCVERecord(%s)", r.ID)
-
- if err := r.Validate(); err != nil {
- return err
- }
- return tx.t.Set(tx.s.cveRecordRef(r.ID), r)
-}
-
-// GetCVERecords implements Transaction.GetCVERecords.
-func (tx *fsTransaction) GetCVERecords(startID, endID string) (_ []*CVERecord, err error) {
- defer derrors.Wrap(&err, "GetCVERecords(%s, %s)", startID, endID)
-
- q := tx.s.nsDoc.Collection(cveCollection).
- OrderBy(firestore.DocumentID, firestore.Asc).
- StartAt(startID).
- EndAt(endID)
- iter := tx.t.Documents(q)
- docsnaps, err := iter.GetAll()
- if err != nil {
- return nil, err
- }
- return docsnapsToCVERecords(docsnaps)
-}
-
-func docsnapsToCVERecords(docsnaps []*firestore.DocumentSnapshot) ([]*CVERecord, error) {
- var crs []*CVERecord
- for _, ds := range docsnaps {
- var cr CVERecord
- if err := ds.DataTo(&cr); err != nil {
- return nil, err
- }
- crs = append(crs, &cr)
- }
- return crs, nil
-}
-
-// Clear removes all documents in the namespace.
-func (s *FireStore) Clear(ctx context.Context) (err error) {
- defer derrors.Wrap(&err, "Clear")
-
- collrefs, err := s.nsDoc.Collections(ctx).GetAll()
- if err != nil {
- return err
- }
- for _, cr := range collrefs {
- if err := deleteCollection(ctx, s.client, cr, 100); err != nil {
- return err
- }
- }
- return nil
-}
-
-// Copied from https://cloud.google.com/firestore/docs/samples/firestore-data-delete-collection.
-func deleteCollection(ctx context.Context, client *firestore.Client, ref *firestore.CollectionRef, batchSize int) error {
- for {
- // Get a batch of documents
- iter := ref.Limit(batchSize).Documents(ctx)
- numDeleted := 0
-
- // Iterate through the documents, adding a delete operation for each one
- // to a WriteBatch.
- batch := client.Batch()
- for {
- doc, err := iter.Next()
- if err == iterator.Done {
- break
- }
- if err != nil {
- return err
- }
- batch.Delete(doc.Ref)
- numDeleted++
- }
-
- // If there are no documents to delete, the process is over.
- if numDeleted == 0 {
- return nil
- }
-
- if _, err := batch.Commit(ctx); err != nil {
- return err
- }
- }
-}
diff --git a/srv/internal/worker/store/fire_store_test.go b/srv/internal/worker/store/fire_store_test.go
deleted file mode 100644
index 286da97..0000000
--- a/srv/internal/worker/store/fire_store_test.go
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.17
-// +build go1.17
-
-package store
-
-import (
- "context"
- "flag"
- "fmt"
- "math/rand"
- "os/user"
- "testing"
- "time"
-)
-
-var project = flag.String("project", "", "GCP project for Firestore")
-
-func TestFireStore(t *testing.T) {
- if *project == "" {
- t.Skip("missing -project")
- }
- ctx := context.Background()
- // Create a client with a unique namespace for this test.
- username := "unknown"
- if u, err := user.Current(); err == nil {
- username = u.Username
- }
- rand.Seed(time.Now().UnixNano())
- r := rand.Intn(1000)
- namespace := fmt.Sprintf("testing-%s-%d", username, r)
- t.Logf("testing in namespace %s", namespace)
-
- fs, err := NewFireStore(ctx, *project, namespace)
- if err != nil {
- t.Fatal(err)
- }
- // Delete the namespace when we're done.
- defer func() {
- if err := fs.Clear(ctx); err != nil {
- t.Log(err)
- }
- }()
-
- testStore(t, fs)
-}
diff --git a/srv/internal/worker/store/mem_store.go b/srv/internal/worker/store/mem_store.go
deleted file mode 100644
index 89c819a..0000000
--- a/srv/internal/worker/store/mem_store.go
+++ /dev/null
@@ -1,160 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package store
-
-import (
- "context"
- "errors"
- "fmt"
- "math/rand"
- "sort"
- "sync"
- "time"
-)
-
-// MemStore is an in-memory implementation of Store, for testing.
-type MemStore struct {
- mu sync.Mutex
- cveRecords map[string]*CVERecord
- updateRecords map[string]*CommitUpdateRecord
- dirHashes map[string]string
-}
-
-// NewMemStore creates a new, empty MemStore.
-func NewMemStore() *MemStore {
- m := &MemStore{}
- _ = m.Clear(context.Background())
- return m
-}
-
-// Clear removes all data from the MemStore.
-func (ms *MemStore) Clear(context.Context) error {
- ms.cveRecords = map[string]*CVERecord{}
- ms.updateRecords = map[string]*CommitUpdateRecord{}
- ms.dirHashes = map[string]string{}
- return nil
-}
-
-// CVERecords return all the CVERecords of the store.
-func (ms *MemStore) CVERecords() map[string]*CVERecord {
- return ms.cveRecords
-}
-
-// CreateCommitUpdateRecord implements Store.CreateCommitUpdateRecord.
-func (ms *MemStore) CreateCommitUpdateRecord(ctx context.Context, r *CommitUpdateRecord) error {
- r.ID = fmt.Sprint(rand.Uint32())
- if ms.updateRecords[r.ID] != nil {
- panic("duplicate ID")
- }
- r.UpdatedAt = time.Now()
- return ms.SetCommitUpdateRecord(ctx, r)
-}
-
-// SetCommitUpdateRecord implements Store.SetCommitUpdateRecord.
-func (ms *MemStore) SetCommitUpdateRecord(_ context.Context, r *CommitUpdateRecord) error {
- if r.ID == "" {
- return errors.New("SetCommitUpdateRecord: need ID")
- }
- c := *r
- c.UpdatedAt = time.Now()
- ms.updateRecords[c.ID] = &c
- return nil
-}
-
-// ListCommitUpdateRecords implements Store.ListCommitUpdateRecords.
-func (ms *MemStore) ListCommitUpdateRecords(_ context.Context, limit int) ([]*CommitUpdateRecord, error) {
- var urs []*CommitUpdateRecord
- for _, ur := range ms.updateRecords {
- urs = append(urs, ur)
- }
- sort.Slice(urs, func(i, j int) bool {
- return urs[i].StartedAt.After(urs[j].StartedAt)
- })
- if limit > 0 && len(urs) > limit {
- urs = urs[:limit]
- }
- return urs, nil
-}
-
-// GetCVERecord implements store.GetCVERecord.
-func (ms *MemStore) GetCVERecord(ctx context.Context, id string) (*CVERecord, error) {
- return ms.cveRecords[id], nil
-}
-
-// ListCVERecordsWithTriageState implements Store.ListCVERecordsWithTriageState.
-func (ms *MemStore) ListCVERecordsWithTriageState(_ context.Context, ts TriageState) ([]*CVERecord, error) {
- var crs []*CVERecord
- for _, r := range ms.cveRecords {
- if r.TriageState == ts {
- crs = append(crs, r)
- }
- }
- sort.Slice(crs, func(i, j int) bool {
- return crs[i].ID < crs[j].ID
- })
- return crs, nil
-}
-
-// GetDirectoryHash implements Transaction.GetDirectoryHash.
-func (ms *MemStore) GetDirectoryHash(_ context.Context, dir string) (string, error) {
- return ms.dirHashes[dir], nil
-}
-
-// SetDirectoryHash implements Transaction.SetDirectoryHash.
-func (ms *MemStore) SetDirectoryHash(_ context.Context, dir, hash string) error {
- ms.dirHashes[dir] = hash
- return nil
-}
-
-// RunTransaction implements Store.RunTransaction.
-// A transaction runs with a single lock on the entire DB.
-func (ms *MemStore) RunTransaction(ctx context.Context, f func(context.Context, Transaction) error) error {
- tx := &memTransaction{ms}
- ms.mu.Lock()
- defer ms.mu.Unlock()
- return f(ctx, tx)
-}
-
-// memTransaction implements Store.Transaction.
-type memTransaction struct {
- ms *MemStore
-}
-
-// CreateCVERecord implements Transaction.CreateCVERecord.
-func (tx *memTransaction) CreateCVERecord(r *CVERecord) error {
- if err := r.Validate(); err != nil {
- return err
- }
- tx.ms.cveRecords[r.ID] = r
- return nil
-}
-
-// SetCVERecord implements Transaction.SetCVERecord.
-func (tx *memTransaction) SetCVERecord(r *CVERecord) error {
- if err := r.Validate(); err != nil {
- return err
- }
- if tx.ms.cveRecords[r.ID] == nil {
- return fmt.Errorf("CVERecord with ID %q not found", r.ID)
- }
- tx.ms.cveRecords[r.ID] = r
- return nil
-}
-
-// GetCVERecords implements Transaction.GetCVERecords.
-func (tx *memTransaction) GetCVERecords(startID, endID string) ([]*CVERecord, error) {
- var crs []*CVERecord
- for id, r := range tx.ms.cveRecords {
- if id >= startID && id <= endID {
- c := *r
- crs = append(crs, &c)
- }
- }
- // Sort for testing.
- sort.Slice(crs, func(i, j int) bool {
- return crs[i].ID < crs[j].ID
- })
- return crs, nil
-}
diff --git a/srv/internal/worker/store/mem_store_test.go b/srv/internal/worker/store/mem_store_test.go
deleted file mode 100644
index 498750c..0000000
--- a/srv/internal/worker/store/mem_store_test.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.17
-// +build go1.17
-
-package store
-
-import "testing"
-
-func TestMemStore(t *testing.T) {
- testStore(t, NewMemStore())
-}
diff --git a/srv/internal/worker/store/store.go b/srv/internal/worker/store/store.go
deleted file mode 100644
index 3d72dd9..0000000
--- a/srv/internal/worker/store/store.go
+++ /dev/null
@@ -1,207 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package store supports permanent data storage for the vuln worker.
-package store
-
-import (
- "context"
- "errors"
- "fmt"
- "time"
-
- "golang.org/x/vuln/srv/internal/cveschema"
-)
-
-// A CVERecord contains information about a CVE.
-type CVERecord struct {
- // ID is the CVE ID, which is the same as the filename base. E.g. "CVE-2020-0034".
- ID string
- // Path is the path to the CVE file in the repo.
- Path string
- // Blobhash is the hash of the CVE's blob in repo, for quick change detection.
- BlobHash string
- // CommitHash is the commit of the cvelist repo from which this information came.
- CommitHash string
- // CVEState is the value of the metadata.STATE field.
- CVEState string
- // TriageState is the state of our triage processing on the CVE.
- TriageState TriageState
- // TriageStateReason is an explanation of TriageState.
- TriageStateReason string
-
- // Module is the Go module path that might be affected.
- Module string
-
- // CVE is a copy of the CVE, for the NeedsIssue triage state.
- CVE *cveschema.CVE
-
- // ReferenceURLs is a list of the URLs in the CVE references,
- // for the FalsePositive triage state.
- ReferenceURLs []string
-
- // IssueReference is a reference to the GitHub issue that was filed.
- // E.g. golang/vulndb#12345.
- // Set only after a GitHub issue has been successfully created.
- IssueReference string
-
- // IssueCreatedAt is the time when the issue was created.
- // Set only after a GitHub issue has been successfully created.
- IssueCreatedAt time.Time
-
- // History holds previous states of a CVERecord,
- // from most to least recent.
- History []*CVERecordSnapshot
-}
-
-// Validate returns an error if the CVERecord is not valid.
-func (r *CVERecord) Validate() error {
- if r.ID == "" {
- return errors.New("need ID")
- }
- if r.Path == "" {
- return errors.New("need Path")
- }
- if r.BlobHash == "" {
- return errors.New("need BlobHash")
- }
- if r.CommitHash == "" {
- return errors.New("need CommitHash")
- }
- return r.TriageState.Validate()
-}
-
-// TriageState is the state of our work on the CVE.
-// It is implemented as a string rather than an int so that stored values are
-// immune to renumbering.
-type TriageState string
-
-const (
- // No action is needed on the CVE (perhaps because it is rejected, reserved or invalid).
- TriageStateNoActionNeeded TriageState = "NoActionNeeded"
- // The CVE needs to have an issue created.
- TriageStateNeedsIssue TriageState = "NeedsIssue"
- // An issue has been created in the issue tracker.
- // The IssueReference and IssueCreatedAt fields have more information.
- TriageStateIssueCreated TriageState = "IssueCreated"
- // The CVE state was changed after the CVE was created.
- TriageStateUpdatedSinceIssueCreation TriageState = "UpdatedSinceIssueCreation"
- // Although the triager might think this CVE is relevant to Go, it is not.
- TriageStateFalsePositive TriageState = "FalsePositive"
- // There is already an entry in the Go vuln DB that covers this CVE.
- TriageStateHasVuln TriageState = "HasVuln"
-)
-
-// Validate returns an error if the TriageState is not one of the above values.
-func (s TriageState) Validate() error {
- switch s {
- case TriageStateNoActionNeeded, TriageStateNeedsIssue, TriageStateIssueCreated, TriageStateUpdatedSinceIssueCreation, TriageStateFalsePositive, TriageStateHasVuln:
- return nil
- default:
- return fmt.Errorf("bad TriageState %q", s)
- }
-}
-
-// NewCVERecord creates a CVERecord from a CVE, its path and its blob hash.
-func NewCVERecord(cve *cveschema.CVE, path, blobHash string) *CVERecord {
- return &CVERecord{
- ID: cve.ID,
- CVEState: cve.State,
- Path: path,
- BlobHash: blobHash,
- }
-}
-
-// CVERecordSnapshot holds a previous state of a CVERecord.
-// The fields mean the same as those of CVERecord.
-type CVERecordSnapshot struct {
- CommitHash string
- CVEState string
- TriageState TriageState
- TriageStateReason string
-}
-
-func (r *CVERecord) Snapshot() *CVERecordSnapshot {
- return &CVERecordSnapshot{
- CommitHash: r.CommitHash,
- CVEState: r.CVEState,
- TriageState: r.TriageState,
- TriageStateReason: r.TriageStateReason,
- }
-}
-
-// A CommitUpdateRecord describes a single update operation, which reconciles
-// a commit in the CVE list repo with the DB state.
-type CommitUpdateRecord struct {
- // The ID of this record in the DB. Needed to modify the record.
- ID string
- // When the update started and completed. If EndedAt is zero,
- // the update is in progress (or it crashed).
- StartedAt, EndedAt time.Time
- // The repo commit hash that this update is working on.
- CommitHash string
- // The time the commit occurred.
- CommitTime time.Time
- // The total number of CVEs being processed in this update.
- NumTotal int
- // The number currently processed. When this equals NumTotal, the
- // update is done.
- NumProcessed int
- // The number of CVEs added to the DB.
- NumAdded int
- // The number of CVEs modified.
- NumModified int
- // The error that stopped the update.
- Error string
- // The last time this record was updated.
- UpdatedAt time.Time `firestore:",serverTimestamp"`
-}
-
-// A Store is a storage system for the CVE database.
-type Store interface {
- // CreateCommitUpdateRecord creates a new CommitUpdateRecord. It should be called at the start
- // of an update. On successful return, the CommitUpdateRecord's ID field will be
- // set to a new, unique ID.
- CreateCommitUpdateRecord(context.Context, *CommitUpdateRecord) error
-
- // SetCommitUpdateRecord modifies the CommitUpdateRecord. Use the same record passed to
- // CreateCommitUpdateRecord, because it will have the correct ID.
- SetCommitUpdateRecord(context.Context, *CommitUpdateRecord) error
-
- // ListCommitUpdateRecords returns some the CommitUpdateRecords in the store, from most to
- // least recent.
- ListCommitUpdateRecords(ctx context.Context, limit int) ([]*CommitUpdateRecord, error)
-
- // GetCVERecord returns the CVERecord with the given id. If not found, it returns (nil, nil).
- GetCVERecord(ctx context.Context, id string) (*CVERecord, error)
-
- // ListCVERecordsWithTriageState returns all CVERecords with the given triage state,
- // ordered by ID.
- ListCVERecordsWithTriageState(ctx context.Context, ts TriageState) ([]*CVERecord, error)
-
- // GetDirectoryHash returns the hash for the tree object corresponding to dir.
- // If dir isn't found, it succeeds with the empty string.
- GetDirectoryHash(ctx context.Context, dir string) (string, error)
-
- // SetDirectoryHash sets the hash for the given directory.
- SetDirectoryHash(ctx context.Context, dir, hash string) error
-
- // RunTransaction runs the function in a transaction.
- RunTransaction(context.Context, func(context.Context, Transaction) error) error
-}
-
-// Transaction supports store operations that run inside a transaction.
-type Transaction interface {
- // CreateCVERecord creates a new CVERecord. It is an error if one with the same ID
- // already exists.
- CreateCVERecord(*CVERecord) error
-
- // SetCVERecord sets the CVE record in the database. It is
- // an error if no such record exists.
- SetCVERecord(r *CVERecord) error
-
- // GetCVERecords retrieves CVERecords for all CVE IDs between startID and
- // endID, inclusive.
- GetCVERecords(startID, endID string) ([]*CVERecord, error)
-}
diff --git a/srv/internal/worker/store/store_test.go b/srv/internal/worker/store/store_test.go
deleted file mode 100644
index 22f3a6f..0000000
--- a/srv/internal/worker/store/store_test.go
+++ /dev/null
@@ -1,208 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.17
-// +build go1.17
-
-package store
-
-import (
- "context"
- "testing"
- "time"
-
- "github.com/google/go-cmp/cmp"
- "github.com/google/go-cmp/cmp/cmpopts"
- "golang.org/x/vuln/srv/internal/cveschema"
-)
-
-func must(t *testing.T, err error) {
- t.Helper()
- if err != nil {
- t.Fatal(err)
- }
-}
-
-func testStore(t *testing.T, s Store) {
- t.Run("Updates", func(t *testing.T) {
- testUpdates(t, s)
- })
- t.Run("CVEs", func(t *testing.T) {
- testCVEs(t, s)
- })
- t.Run("DirHashes", func(t *testing.T) {
- testDirHashes(t, s)
- })
-}
-
-func testUpdates(t *testing.T, s Store) {
- ctx := context.Background()
- start := time.Date(2021, time.September, 1, 0, 0, 0, 0, time.Local)
-
- u1 := &CommitUpdateRecord{
- StartedAt: start,
- CommitHash: "abc",
- NumTotal: 100,
- }
- must(t, s.CreateCommitUpdateRecord(ctx, u1))
- u1.EndedAt = u1.StartedAt.Add(10 * time.Minute)
- u1.NumAdded = 100
- must(t, s.SetCommitUpdateRecord(ctx, u1))
- u2 := &CommitUpdateRecord{
- StartedAt: start.Add(time.Hour),
- CommitHash: "def",
- NumTotal: 80,
- }
- must(t, s.CreateCommitUpdateRecord(ctx, u2))
- u2.EndedAt = u2.StartedAt.Add(8 * time.Minute)
- u2.NumAdded = 40
- u2.NumModified = 40
- must(t, s.SetCommitUpdateRecord(ctx, u2))
- got, err := s.ListCommitUpdateRecords(ctx, 0)
- if err != nil {
- t.Fatal(err)
- }
- want := []*CommitUpdateRecord{u2, u1}
- diff(t, want, got, cmpopts.IgnoreFields(CommitUpdateRecord{}, "UpdatedAt"))
- for _, g := range got {
- if g.UpdatedAt.IsZero() {
- t.Error("zero UpdatedAt field")
- }
- }
-}
-
-func testCVEs(t *testing.T, s Store) {
- ctx := context.Background()
- const (
- id1 = "CVE-1905-0001"
- id2 = "CVE-1905-0002"
- id3 = "CVE-1905-0003"
- )
- crs := []*CVERecord{
- {
- ID: id1,
- Path: "1905/" + id1 + ".json",
- BlobHash: "123",
- CommitHash: "456",
- CVEState: "PUBLIC",
- TriageState: TriageStateNeedsIssue,
- },
- {
- ID: id2,
- Path: "1906/" + id2 + ".json",
- BlobHash: "abc",
- CommitHash: "def",
- CVEState: "RESERVED",
- TriageState: TriageStateNoActionNeeded,
- },
- {
- ID: id3,
- Path: "1907/" + id3 + ".json",
- BlobHash: "xyz",
- CommitHash: "456",
- CVEState: "REJECT",
- TriageState: TriageStateNoActionNeeded,
- },
- }
-
- getCVERecords := func(startID, endID string) []*CVERecord {
- var got []*CVERecord
- err := s.RunTransaction(ctx, func(ctx context.Context, tx Transaction) error {
- var err error
- got, err = tx.GetCVERecords(startID, endID)
- return err
- })
- if err != nil {
- t.Fatal(err)
- }
- return got
- }
-
- createCVERecords(t, ctx, s, crs)
-
- diff(t, crs[:1], getCVERecords(id1, id1))
- diff(t, crs[1:], getCVERecords(id2, id3))
-
- // Test SetCVERecord.
-
- set := func(r *CVERecord) *CVERecord {
- err := s.RunTransaction(ctx, func(ctx context.Context, tx Transaction) error {
- return tx.SetCVERecord(r)
- })
- if err != nil {
- t.Fatal(err)
- }
- r2, err := s.GetCVERecord(ctx, r.ID)
- if err != nil {
- t.Fatal(err)
- }
- return r2
- }
-
- // Make sure the first record is the same that we created.
- got, err := s.GetCVERecord(ctx, id1)
- if err != nil {
- t.Fatal(err)
- }
- diff(t, crs[0], got)
-
- // Change the state and the commit hash.
- got.CVEState = cveschema.StateRejected
- got.CommitHash = "999"
- set(got)
- want := *crs[0]
- want.CVEState = cveschema.StateRejected
- want.CommitHash = "999"
- diff(t, &want, got)
-
- gotNoAction, err := s.ListCVERecordsWithTriageState(ctx, TriageStateNoActionNeeded)
- if err != nil {
- t.Fatal(err)
- }
- diff(t, crs[1:], gotNoAction)
-}
-
-func testDirHashes(t *testing.T, s Store) {
- ctx := context.Background()
- const dir = "a/b/c"
- got, err := s.GetDirectoryHash(ctx, dir)
- if err != nil {
- t.Fatal(err)
- }
- if got != "" {
- t.Fatalf("got %q, want empty", got)
- }
- const want = "123"
- if err := s.SetDirectoryHash(ctx, "a/b/c", want); err != nil {
- t.Fatal(err)
- }
- got, err = s.GetDirectoryHash(ctx, dir)
- if err != nil {
- t.Fatal(err)
- }
- if got != want {
- t.Fatalf("got %q, want %q", got, want)
- }
-}
-
-func createCVERecords(t *testing.T, ctx context.Context, s Store, crs []*CVERecord) {
- err := s.RunTransaction(ctx, func(ctx context.Context, tx Transaction) error {
- for _, cr := range crs {
- if err := tx.CreateCVERecord(cr); err != nil {
- return err
- }
- }
- return nil
- })
- if err != nil {
- t.Fatal(err)
- }
-}
-
-func diff(t *testing.T, want, got interface{}, opts ...cmp.Option) {
- t.Helper()
- if diff := cmp.Diff(want, got, opts...); diff != "" {
- t.Errorf("mismatch (-want, +got):\n%s", diff)
- }
-}
diff --git a/srv/internal/worker/testdata/basic.txtar b/srv/internal/worker/testdata/basic.txtar
deleted file mode 100644
index 5832def..0000000
--- a/srv/internal/worker/testdata/basic.txtar
+++ /dev/null
@@ -1,190 +0,0 @@
-Repo in the shape of github.com/CVEProject/cvelist, with
-some actual data.
-
--- README.md --
-ignore me please
-
--- 2021/0xxx/CVE-2021-0001.json --
-{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
- "CVE_data_meta": {
- "ID": "CVE-2021-0001",
- "ASSIGNER": "secure@intel.com",
- "STATE": "PUBLIC"
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "vendor_name": "n/a",
- "product": {
- "product_data": [
- {
- "product_name": "Intel(R) IPP",
- "version": {
- "version_data": [
- {
- "version_value": "before version 2020 update 1"
- }
- ]
- }
- }
- ]
- }
- }
- ]
- }
- },
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "information disclosure"
- }
- ]
- }
- ]
- },
- "references": {
- "reference_data": [
- {
- "refsource": "MISC",
- "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
- "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html"
- },
- {
- "refsource": "*added for testing*",
- "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
- "url": "https://golang.org/x/mod"
- }
- ]
- },
- "description": {
- "description_data": [
- {
- "lang": "eng",
- "value": "Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access."
- }
- ]
- }
-}
--- 2021/0xxx/CVE-2021-0010.json --
-{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
- "CVE_data_meta": {
- "ID": "CVE-2021-0010",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
- },
- "description": {
- "description_data": [
- {
- "lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
--- 2021/1xxx/CVE-2021-1384.json --
-{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
- "CVE_data_meta": {
- "ID": "CVE-2021-1384",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "REJECT"
- },
- "references": {
- "reference_data": [
- {
- "refsource": "*added for testing*",
- "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
- "url": "https://golang.org/x/sync"
- }
- ]
- },
- "description": {
- "description_data": [
- {
- "lang": "eng",
- "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
- }
- ]
- }
-}
--- 2020/9xxx/CVE-2020-9283.json --
-{
- "CVE_data_meta": {
- "ASSIGNER": "cve@mitre.org",
- "ID": "CVE-2020-9283",
- "STATE": "PUBLIC"
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
- "description": {
- "description_data": [
- {
- "lang": "eng",
- "value": "golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client."
- }
- ]
- },
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "n/a"
- }
- ]
- }
- ]
- },
- "references": {
- "reference_data": [
- {
- "refsource": "CONFIRM",
- "name": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY",
- "url": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"
- },
- {
- "refsource": "*added for testing*",
- "name": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY",
- "url": "https://golang.org/x/crypto"
- }
- ]
- }
-}
-
diff --git a/srv/internal/worker/triage.go b/srv/internal/worker/triage.go
deleted file mode 100644
index c20d877..0000000
--- a/srv/internal/worker/triage.go
+++ /dev/null
@@ -1,195 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package worker
-
-import (
- "context"
- "errors"
- "fmt"
- "net/http"
- "net/url"
- "strconv"
- "strings"
- "time"
-
- "golang.org/x/exp/event"
- "golang.org/x/time/rate"
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/worker/log"
-)
-
-var errCVEVersionUnsupported = errors.New("unsupported CVE version")
-
-// stdlibReferenceDataKeywords are words found in the reference data URL that
-// indicate the CVE is about the standard library or a Go x-repo owned by the
-// Go team.
-var stdlibReferenceDataKeywords = []string{
- "github.com/golang",
- "golang.org",
- // from https://groups.google.com/g/golang-announce.
- "golang-announce",
- // from https://groups.google.com/g/golang-nuts.
- "golang-nuts",
-}
-
-const (
- stdlibPath = "Go Standard Library (package not identified)"
- unknownPath = "Path is unknown"
-)
-
-// TriageCVE reports whether the CVE refers to a Go module.
-func TriageCVE(ctx context.Context, c *cveschema.CVE, pkgsiteURL string) (_ *triageResult, err error) {
- defer derrors.Wrap(&err, "triageCVE(%q)", c.ID)
- switch c.DataVersion {
- case "4.0":
- return triageV4CVE(ctx, c, pkgsiteURL)
- default:
- // TODO(https://golang.org/issue/49289): Add support for v5.0.
- return nil, fmt.Errorf("CVE %q has DataVersion %q: %w", c.ID, c.DataVersion, errCVEVersionUnsupported)
- }
-}
-
-type triageResult struct {
- modulePath string
- stdlib bool
- reason string
-}
-
-// gopkgHosts are hostnames for popular Go package websites.
-var gopkgHosts = map[string]bool{
- "godoc.org": true,
- "pkg.go.dev": true,
-}
-
-const snykIdentifier = "snyk.io/vuln/SNYK-GOLANG"
-
-// triageV4CVE triages a CVE following schema v4.0 and returns the result.
-func triageV4CVE(ctx context.Context, c *cveschema.CVE, pkgsiteURL string) (_ *triageResult, err error) {
- defer derrors.Wrap(&err, "triageV4CVE(ctx, %q, %q)", c.ID, pkgsiteURL)
- for _, r := range c.References.Data {
- if r.URL == "" {
- continue
- }
- refURL, err := url.Parse(r.URL)
- if err != nil {
- return nil, fmt.Errorf("url.Parse(%q): %v", r.URL, err)
- }
- if strings.Contains(r.URL, "golang.org/pkg") {
- mp := strings.TrimPrefix(refURL.Path, "/pkg/")
- return &triageResult{
- modulePath: mp,
- stdlib: true,
- reason: fmt.Sprintf("Reference data URL %q contains path %q", r.URL, mp),
- }, nil
- }
- if gopkgHosts[refURL.Host] {
- mp := strings.TrimPrefix(refURL.Path, "/")
- return &triageResult{
- modulePath: mp,
- stdlib: stdlibContains(mp),
- reason: fmt.Sprintf("Reference data URL %q contains path %q", r.URL, mp),
- }, nil
- }
- modpaths := candidateModulePaths(refURL.Host + refURL.Path)
- for _, mp := range modpaths {
- known, err := knownToPkgsite(ctx, pkgsiteURL, mp)
- if err != nil {
- return nil, err
- }
- if known {
- u := pkgsiteURL + "/" + mp
- return &triageResult{
- modulePath: mp,
- reason: fmt.Sprintf("Reference data URL %q contains path %q; %q returned a status 200", r.URL, mp, u),
- }, nil
- }
- }
- }
-
- // We didn't find a Go package or module path in the reference data. Check
- // secondary heuristics to see if this is a Go related CVE.
- for _, r := range c.References.Data {
- // Example CVE containing snyk.io URL:
- // https://github.com/CVEProject/cvelist/blob/899bba20d62eb73e04d1841a5ff04cd6225e1618/2020/7xxx/CVE-2020-7668.json#L52.
- if strings.Contains(r.URL, snykIdentifier) {
- return &triageResult{
- modulePath: unknownPath,
- reason: fmt.Sprintf("Reference data URL %q contains %q", r.URL, snykIdentifier),
- }, nil
- }
-
- // Check for reference data indicating that this is related to the Go
- // project.
- for _, k := range stdlibReferenceDataKeywords {
- if strings.Contains(r.URL, k) {
- return &triageResult{
- modulePath: stdlibPath,
- stdlib: true,
- reason: fmt.Sprintf("Reference data URL %q contains %q", r.URL, k),
- }, nil
- }
- }
- }
- return nil, nil
-}
-
-// Limit pkgsite requests to this many per second.
-const pkgsiteQPS = 5
-
-var (
- // The limiter used to throttle pkgsite requests.
- // The second argument to rate.NewLimiter is the burst, which
- // basically lets you exceed the rate briefly.
- pkgsiteRateLimiter = rate.NewLimiter(rate.Every(time.Duration(1000/float64(pkgsiteQPS))*time.Millisecond), 3)
-
- // Cache of module paths already seen.
- seenModulePath = map[string]bool{}
- // Does seenModulePath contain all known modules?
- cacheComplete = false
-)
-
-// SetKnownModules provides a list of all known modules,
-// so that no requests need to be made to pkg.go.dev.
-func SetKnownModules(mods []string) {
- for _, m := range mods {
- seenModulePath[m] = true
- }
- cacheComplete = true
-}
-
-// knownToPkgsite reports whether pkgsite knows that modulePath actually refers
-// to a module.
-func knownToPkgsite(ctx context.Context, baseURL, modulePath string) (bool, error) {
- // If we've seen it before, no need to call.
- if b, ok := seenModulePath[modulePath]; ok {
- return b, nil
- }
- if cacheComplete {
- return false, nil
- }
- // Pause to maintain a max QPS.
- if err := pkgsiteRateLimiter.Wait(ctx); err != nil {
- return false, err
- }
- start := time.Now()
-
- url := baseURL + "/mod/" + modulePath
- res, err := http.Head(url)
- var status string
- if err == nil {
- status = strconv.Quote(res.Status)
- }
- log.Info(ctx, "HEAD "+url,
- event.Value("latency", time.Since(start)),
- event.String("status", status),
- event.Value("error", err))
- if err != nil {
- return false, err
- }
- known := res.StatusCode == http.StatusOK
- seenModulePath[modulePath] = known
- return known, nil
-}
diff --git a/srv/internal/worker/triage_test.go b/srv/internal/worker/triage_test.go
deleted file mode 100644
index ccebfcc..0000000
--- a/srv/internal/worker/triage_test.go
+++ /dev/null
@@ -1,208 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.17
-// +build go1.17
-
-package worker
-
-import (
- "context"
- "flag"
- "net/http"
- "net/http/httptest"
- "strings"
- "testing"
-
- "github.com/google/go-cmp/cmp"
- "github.com/google/go-cmp/cmp/cmpopts"
- "golang.org/x/vuln/srv/internal/cveschema"
-)
-
-var usePkgsite = flag.Bool("pkgsite", false, "use pkg.go.dev for tests")
-
-func TestTriageV4CVE(t *testing.T) {
- ctx := context.Background()
- url := getPkgsiteURL(t)
-
- for _, test := range []struct {
- name string
- in *cveschema.CVE
- want *triageResult
- }{
- {
- "repo path is unknown Go standard library",
- &cveschema.CVE{
- References: cveschema.References{
- Data: []cveschema.Reference{
- {URL: "https://groups.google.com/forum/#!topic/golang-nuts/1234"},
- },
- },
- },
- &triageResult{
- modulePath: stdlibPath,
- stdlib: true,
- },
- },
- {
- "pkg.go.dev URL is Go standard library package",
- &cveschema.CVE{
- References: cveschema.References{
- Data: []cveschema.Reference{
- {URL: "https://pkg.go.dev/net/http"},
- },
- },
- },
- &triageResult{
- modulePath: "net/http",
- stdlib: true,
- },
- },
- {
- "repo path is is valid golang.org module path",
- &cveschema.CVE{
- References: cveschema.References{
- Data: []cveschema.Reference{
- {URL: "https://groups.google.com/forum/#!topic/golang-nuts/1234"},
- {URL: "https://golang.org/x/mod"},
- },
- },
- },
- &triageResult{
- modulePath: "golang.org/x/mod",
- },
- },
- {
- "pkg.go.dev URL is is valid golang.org module path",
- &cveschema.CVE{
- References: cveschema.References{
- Data: []cveschema.Reference{
- {URL: "https://pkg.go.dev/golang.org/x/mod"},
- },
- },
- },
- &triageResult{
- modulePath: "golang.org/x/mod",
- },
- },
- {
- "contains golang.org/pkg URL",
- &cveschema.CVE{
- References: cveschema.References{
- Data: []cveschema.Reference{
- {URL: "https://golang.org/pkg/net/http"},
- },
- },
- },
- &triageResult{
- modulePath: "net/http",
- stdlib: true,
- },
- },
- {
- "contains github.com but not on pkg.go.dev",
- &cveschema.CVE{
- References: cveschema.References{
- Data: []cveschema.Reference{
- {URL: "https://github.com/something/something/404"},
- },
- },
- },
- nil,
- },
- {
- "contains longer module path",
- &cveschema.CVE{
- References: cveschema.References{
- Data: []cveschema.Reference{
- {URL: "https://bitbucket.org/foo/bar/baz/v2"},
- },
- },
- },
- &triageResult{
- modulePath: "bitbucket.org/foo/bar/baz/v2",
- },
- },
- {
- "repo path is not a module",
- &cveschema.CVE{
- References: cveschema.References{
- Data: []cveschema.Reference{
- {URL: "https://bitbucket.org/foo/bar"},
- },
- },
- },
- nil,
- },
- {
- "contains snyk.io URL containing GOLANG",
- &cveschema.CVE{
- References: cveschema.References{
- Data: []cveschema.Reference{
- {URL: "https://snyk.io/vuln/SNYK-GOLANG-12345"},
- },
- },
- },
- &triageResult{
- modulePath: unknownPath,
- },
- },
- } {
- t.Run(test.name, func(t *testing.T) {
- test.in.DataVersion = "4.0"
- got, err := TriageCVE(ctx, test.in, url)
- if err != nil {
- t.Fatal(err)
- }
- if diff := cmp.Diff(test.want, got,
- cmp.AllowUnexported(triageResult{}),
- cmpopts.IgnoreFields(triageResult{}, "reason")); diff != "" {
- t.Errorf("mismatch (-want, +got):\n%s", diff)
- }
- })
- }
-}
-
-func TestKnownToPkgsite(t *testing.T) {
- ctx := context.Background()
-
- const validModule = "golang.org/x/mod"
- url := getPkgsiteURL(t)
-
- for _, test := range []struct {
- in string
- want bool
- }{
- {validModule, true},
- {"github.com/something/something", false},
- } {
- t.Run(test.in, func(t *testing.T) {
- got, err := knownToPkgsite(ctx, url, test.in)
- if err != nil {
- t.Fatal(err)
- }
- if got != test.want {
- t.Errorf("%s: got %t, want %t", test.in, got, test.want)
- }
- })
- }
-}
-
-// getPkgsiteURL returns a URL to either a fake server or the real pkg.go.dev,
-// depending on the usePkgsite flag.
-func getPkgsiteURL(t *testing.T) string {
- if *usePkgsite {
- return pkgsiteURL
- }
- // Start a test server that recognizes anything from golang.org and bitbucket.org/foo/bar/baz.
- s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- modulePath := strings.TrimPrefix(r.URL.Path, "/mod/")
- if !strings.HasPrefix(modulePath, "golang.org/") &&
- !strings.HasPrefix(modulePath, "bitbucket.org/foo/bar/baz") {
- http.Error(w, "unknown", http.StatusNotFound)
- }
- }))
- t.Cleanup(s.Close)
- return s.URL
-}
diff --git a/srv/internal/worker/update.go b/srv/internal/worker/update.go
deleted file mode 100644
index 2daeb05..0000000
--- a/srv/internal/worker/update.go
+++ /dev/null
@@ -1,483 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package worker
-
-import (
- "context"
- "encoding/json"
- "fmt"
- "io"
- "path"
- "sort"
- "strconv"
- "strings"
- "time"
-
- "github.com/go-git/go-git/v5"
- "github.com/go-git/go-git/v5/plumbing"
- "github.com/go-git/go-git/v5/plumbing/filemode"
- "github.com/go-git/go-git/v5/plumbing/object"
- "golang.org/x/exp/event"
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/worker/log"
- "golang.org/x/vuln/srv/internal/worker/store"
-)
-
-// A triageFunc triages a CVE: it decides whether an issue needs to be filed.
-// If so, it returns a non-empty string indicating the possibly
-// affected module.
-type triageFunc func(*cveschema.CVE) (*triageResult, error)
-
-// An updater performs an update operation on the DB.
-type updater struct {
- repo *git.Repository
- commitHash plumbing.Hash
- st store.Store
- knownIDs map[string]bool
- affectedModule triageFunc
-}
-
-type updateStats struct {
- numProcessed, numAdded, numModified int
-}
-
-// newUpdater creates an updater for updating the store with information from
-// the repo commit.
-// needsIssue determines whether a CVE needs an issue to be filed for it.
-func newUpdater(repo *git.Repository, commitHash plumbing.Hash, st store.Store, knownVulnIDs []string, needsIssue triageFunc) *updater {
- u := &updater{
- repo: repo,
- commitHash: commitHash,
- st: st,
- knownIDs: map[string]bool{},
- affectedModule: needsIssue,
- }
- for _, k := range knownVulnIDs {
- u.knownIDs[k] = true
- }
- return u
-}
-
-// update updates the DB to match the repo at the given commit.
-// It also triages new or changed issues.
-func (u *updater) update(ctx context.Context) (ur *store.CommitUpdateRecord, err error) {
- // We want the action of reading the old DB record, updating it and
- // writing it back to be atomic. It would be too expensive to do that one
- // record at a time. Ideally we'd process the whole repo commit in one
- // transaction, but Firestore has a limit on how many writes one
- // transaction can do, so the CVE files in the repo are processed in
- // batches, one transaction per batch.
- defer derrors.Wrap(&err, "updater.update(%s)", u.commitHash)
-
- defer func() {
- if err != nil {
- log.Error(ctx, "update failed", event.Value("error", err))
- } else {
- var nProcessed, nAdded, nModified int64
- if ur != nil {
- nProcessed = int64(ur.NumProcessed)
- nAdded = int64(ur.NumAdded)
- nModified = int64(ur.NumModified)
- }
- log.Info(ctx, "update succeeded",
- event.String("commit", u.commitHash.String()),
- event.Int64("processed", nProcessed),
- event.Int64("added", nAdded),
- event.Int64("modified", nModified))
- }
- }()
-
- log.Info(ctx, "update starting", event.String("commit", u.commitHash.String()))
-
- commit, err := u.repo.CommitObject(u.commitHash)
- if err != nil {
- return nil, err
- }
-
- // Get all the CVE files.
- // It is cheaper to read all the files from the repo and compare
- // them to the DB in bulk, than to walk the repo and process
- // each file individually.
- files, err := repoCVEFiles(u.repo, commit)
- if err != nil {
- return nil, err
- }
- // Process files in the same directory together, so we can easily skip
- // the entire directory if it hasn't changed.
- filesByDir, err := groupFilesByDirectory(files)
- if err != nil {
- return nil, err
- }
-
- // Create a new CommitUpdateRecord to describe this run of doUpdate.
- ur = &store.CommitUpdateRecord{
- StartedAt: time.Now(),
- CommitHash: u.commitHash.String(),
- CommitTime: commit.Committer.When,
- NumTotal: len(files),
- }
- if err := u.st.CreateCommitUpdateRecord(ctx, ur); err != nil {
- return ur, err
- }
-
- for _, dirFiles := range filesByDir {
- stats, err := u.updateDirectory(ctx, dirFiles)
- // Change the CommitUpdateRecord in the Store to reflect the results of the directory update.
- if err != nil {
- ur.Error = err.Error()
- if err2 := u.st.SetCommitUpdateRecord(ctx, ur); err2 != nil {
- return ur, fmt.Errorf("update failed with %w, could not set update record: %v", err, err2)
- }
- }
- ur.NumProcessed += stats.numProcessed
- ur.NumAdded += stats.numAdded
- ur.NumModified += stats.numModified
- if err := u.st.SetCommitUpdateRecord(ctx, ur); err != nil {
- return ur, err
- }
- }
- ur.EndedAt = time.Now()
- return ur, u.st.SetCommitUpdateRecord(ctx, ur)
-}
-
-// Firestore supports a maximum of 500 writes per transaction.
-// See https://cloud.google.com/firestore/quotas.
-const maxTransactionWrites = 500
-
-func (u *updater) updateDirectory(ctx context.Context, dirFiles []repoFile) (_ updateStats, err error) {
- dirPath := dirFiles[0].dirPath
- dirHash := dirFiles[0].treeHash.String()
-
- // A non-empty directory hash means that we have fully processed the directory
- // with that hash. If the stored hash matches the current one, we can skip
- // this directory.
- dbHash, err := u.st.GetDirectoryHash(ctx, dirPath)
- if err != nil {
- return updateStats{}, err
- }
- if dirHash == dbHash {
- log.Infof(ctx, "skipping directory %s because the hashes match", dirPath)
- return updateStats{}, nil
- }
- // Set the hash to something that can't match, until we fully process this directory.
- if err := u.st.SetDirectoryHash(ctx, dirPath, "in progress"); err != nil {
- return updateStats{}, err
- }
- // It's okay if we crash now; the directory hashes are just an optimization.
- // At worst we'll redo this directory next time.
-
- // Update files in batches.
-
- var stats updateStats
- for i := 0; i < len(dirFiles); i += maxTransactionWrites {
- j := i + maxTransactionWrites
- if j > len(dirFiles) {
- j = len(dirFiles)
- }
- numBatchAdds, numBatchMods, err := u.updateBatch(ctx, dirFiles[i:j])
- if err != nil {
- return updateStats{}, err
- }
- stats.numProcessed += j - i
- // Add in these two numbers here, instead of in the function passed to
- // RunTransaction, because that function may be executed multiple times.
- stats.numAdded += numBatchAdds
- stats.numModified += numBatchMods
- } // end batch loop
-
- // We're done with this directory, so we can remember its hash.
- if err := u.st.SetDirectoryHash(ctx, dirPath, dirHash); err != nil {
- return updateStats{}, err
- }
- return stats, nil
-}
-
-func (u *updater) updateBatch(ctx context.Context, batch []repoFile) (numAdds, numMods int, err error) {
- startID := idFromFilename(batch[0].filename)
- endID := idFromFilename(batch[len(batch)-1].filename)
- defer derrors.Wrap(&err, "updateBatch(%s-%s)", startID, endID)
-
- err = u.st.RunTransaction(ctx, func(ctx context.Context, tx store.Transaction) error {
- numAdds = 0
- numMods = 0
-
- // Read information about the existing state in the store that's
- // relevant to this batch. Since the entries are sorted, we can read
- // a range of IDS.
- crs, err := tx.GetCVERecords(startID, endID)
- if err != nil {
- return err
- }
- idToRecord := map[string]*store.CVERecord{}
- for _, cr := range crs {
- idToRecord[cr.ID] = cr
- }
- // Determine what needs to be added and modified.
- for _, f := range batch {
- id := idFromFilename(f.filename)
- old := idToRecord[id]
- if old != nil && old.BlobHash == f.blobHash.String() {
- // No change; do nothing.
- continue
- }
- added, err := u.handleCVE(f, old, tx)
- if err != nil {
- return err
- }
- if added {
- numAdds++
- } else {
- numMods++
- }
- }
- return nil
- })
- if err != nil {
- return 0, 0, err
- }
- log.Debug(ctx, "update transaction",
- event.String("startID", startID),
- event.String("endID", endID),
- event.Int64("adds", int64(numAdds)),
- event.Int64("mods", int64(numMods)))
- return numAdds, numMods, nil
-}
-
-// handleCVE determines how to change the store for a single CVE.
-// The CVE will definitely be either added, if it's new, or modified, if it's
-// already in the DB.
-func (u *updater) handleCVE(f repoFile, old *store.CVERecord, tx store.Transaction) (added bool, err error) {
- defer derrors.Wrap(&err, "handleCVE(%s)", f.filename)
-
- // Read CVE from repo.
- r, err := blobReader(u.repo, f.blobHash)
- if err != nil {
- return false, err
- }
- pathname := path.Join(f.dirPath, f.filename)
- cve := &cveschema.CVE{}
- if err := json.NewDecoder(r).Decode(cve); err != nil {
- return false, err
- }
- var result *triageResult
- if cve.State == cveschema.StatePublic && !u.knownIDs[cve.ID] {
- c := cve
- // If a false positive has changed, we only care about
- // whether new reference URLs refer to a Go module.
- // We know some old ones do. So remove the old ones
- // before checking.
- if old != nil && old.TriageState == store.TriageStateFalsePositive {
- c = copyRemoving(cve, old.ReferenceURLs)
- }
- result, err = u.affectedModule(c)
- if err != nil {
- return false, err
- }
- }
-
- // If the CVE is not in the database, add it.
- if old == nil {
- cr := store.NewCVERecord(cve, pathname, f.blobHash.String())
- cr.CommitHash = u.commitHash.String()
- switch {
- case result != nil:
- cr.TriageState = store.TriageStateNeedsIssue
- cr.Module = result.modulePath
- cr.CVE = cve
- case u.knownIDs[cve.ID]:
- cr.TriageState = store.TriageStateHasVuln
- default:
- cr.TriageState = store.TriageStateNoActionNeeded
- }
- if err := tx.CreateCVERecord(cr); err != nil {
- return false, err
- }
- return true, nil
- }
- // Change to an existing record.
- mod := *old // copy the old one
- mod.Path = pathname
- mod.BlobHash = f.blobHash.String()
- mod.CVEState = cve.State
- mod.CommitHash = u.commitHash.String()
- switch old.TriageState {
- case store.TriageStateNoActionNeeded, store.TriageStateFalsePositive:
- if result != nil {
- // Didn't need an issue before, does now.
- mod.TriageState = store.TriageStateNeedsIssue
- mod.Module = result.modulePath
- }
- // Else don't change the triage state, but we still want
- // to update the other changed fields.
-
- case store.TriageStateNeedsIssue:
- if result == nil {
- // Needed an issue, no longer does.
- mod.TriageState = store.TriageStateNoActionNeeded
- mod.Module = ""
- mod.CVE = nil
- }
- // Else don't change the triage state, but we still want
- // to update the other changed fields.
-
- case store.TriageStateIssueCreated, store.TriageStateUpdatedSinceIssueCreation:
- // An issue was filed, so a person should revisit this CVE.
- mod.TriageState = store.TriageStateUpdatedSinceIssueCreation
- var mp string
- if result != nil {
- mp = result.modulePath
- }
- mod.TriageStateReason = fmt.Sprintf("CVE changed; affected module = %q", mp)
- case store.TriageStateHasVuln:
- // There is already a Go vuln report for this CVE, so
- // nothing to do.
- default:
- return false, fmt.Errorf("unknown TriageState: %q", old.TriageState)
- }
- // If the triage state changed, add the old state to the history at the beginning.
- if old.TriageState != mod.TriageState {
- mod.History = append([]*store.CVERecordSnapshot{old.Snapshot()}, mod.History...)
- }
- // If we're here, then mod is a modification to the DB.
- if err := tx.SetCVERecord(&mod); err != nil {
- return false, err
- }
- return false, nil
-}
-
-// copyRemoving returns a copy of cve with any reference that has a given URL removed.
-func copyRemoving(cve *cveschema.CVE, refURLs []string) *cveschema.CVE {
- remove := map[string]bool{}
- for _, u := range refURLs {
- remove[u] = true
- }
- c := *cve
- var rs []cveschema.Reference
- for _, r := range cve.References.Data {
- if !remove[r.URL] {
- rs = append(rs, r)
- }
- }
- c.References.Data = rs
- return &c
-}
-
-type repoFile struct {
- dirPath string
- filename string
- treeHash plumbing.Hash
- blobHash plumbing.Hash
- year int
- number int
-}
-
-// repoCVEFiles returns all the CVE files in the given repo commit, sorted by
-// name.
-func repoCVEFiles(repo *git.Repository, commit *object.Commit) (_ []repoFile, err error) {
- defer derrors.Wrap(&err, "repoCVEFiles(%s)", commit.Hash)
-
- root, err := repo.TreeObject(commit.TreeHash)
- if err != nil {
- return nil, fmt.Errorf("TreeObject: %v", err)
- }
- files, err := walkFiles(repo, root, "", nil)
- if err != nil {
- return nil, err
- }
- sort.Slice(files, func(i, j int) bool {
- // Compare the year and the number, as ints. Using the ID directly
- // would put CVE-2014-100009 before CVE-2014-10001.
- if files[i].year != files[j].year {
- return files[i].year < files[j].year
- }
- return files[i].number < files[j].number
- })
- return files, nil
-}
-
-// walkFiles collects CVE files from a repo tree.
-func walkFiles(repo *git.Repository, tree *object.Tree, dirpath string, files []repoFile) ([]repoFile, error) {
- for _, e := range tree.Entries {
- if e.Mode == filemode.Dir {
- dir, err := repo.TreeObject(e.Hash)
- if err != nil {
- return nil, err
- }
- files, err = walkFiles(repo, dir, path.Join(dirpath, e.Name), files)
- if err != nil {
- return nil, err
- }
- } else if isCVEFilename(e.Name) {
- // e.Name is CVE-YEAR-NUMBER.json
- year, err := strconv.Atoi(e.Name[4:8])
- if err != nil {
- return nil, err
- }
- number, err := strconv.Atoi(e.Name[9 : len(e.Name)-5])
- if err != nil {
- return nil, err
- }
- files = append(files, repoFile{
- dirPath: dirpath,
- filename: e.Name,
- treeHash: tree.Hash,
- blobHash: e.Hash,
- year: year,
- number: number,
- })
- }
- }
- return files, nil
-}
-
-// Collect files by directory, verifying that directories are contiguous in
-// the list of files. Our directory hash optimization depends on that.
-func groupFilesByDirectory(files []repoFile) ([][]repoFile, error) {
- if len(files) == 0 {
- return nil, nil
- }
- var (
- result [][]repoFile
- curDir []repoFile
- )
- for _, f := range files {
- if len(curDir) > 0 && f.dirPath != curDir[0].dirPath {
- result = append(result, curDir)
- curDir = nil
- }
- curDir = append(curDir, f)
- }
- if len(curDir) > 0 {
- result = append(result, curDir)
- }
- seen := map[string]bool{}
- for _, dir := range result {
- if seen[dir[0].dirPath] {
- return nil, fmt.Errorf("directory %s is not contiguous in the sorted list of files", dir[0].dirPath)
- }
- seen[dir[0].dirPath] = true
- }
- return result, nil
-}
-
-// blobReader returns a reader to the blob with the given hash.
-func blobReader(repo *git.Repository, hash plumbing.Hash) (io.Reader, error) {
- blob, err := repo.BlobObject(hash)
- if err != nil {
- return nil, err
- }
- return blob.Reader()
-}
-
-// idFromFilename extracts the CVE ID from its filename.
-func idFromFilename(name string) string {
- return strings.TrimSuffix(path.Base(name), path.Ext(name))
-}
-
-// isCVEFilename reports whether name is the basename of a CVE file.
-func isCVEFilename(name string) bool {
- return strings.HasPrefix(name, "CVE-") && path.Ext(name) == ".json"
-}
diff --git a/srv/internal/worker/update_test.go b/srv/internal/worker/update_test.go
deleted file mode 100644
index fa83866..0000000
--- a/srv/internal/worker/update_test.go
+++ /dev/null
@@ -1,389 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.17
-// +build go1.17
-
-package worker
-
-import (
- "context"
- "testing"
- "time"
-
- "github.com/go-git/go-git/v5"
- "github.com/go-git/go-git/v5/plumbing"
- "github.com/google/go-cmp/cmp"
- "github.com/google/go-cmp/cmp/cmpopts"
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/worker/store"
-)
-
-func TestRepoCVEFiles(t *testing.T) {
- repo, err := readTxtarRepo("testdata/basic.txtar", time.Now())
- if err != nil {
- t.Fatal(err)
- }
- commit := headCommit(t, repo)
- if err != nil {
- t.Fatal(err)
- }
-
- got, err := repoCVEFiles(repo, commit)
- if err != nil {
- t.Fatal(err)
- }
-
- want := []repoFile{
- {dirPath: "2020/9xxx", filename: "CVE-2020-9283.json", year: 2020, number: 9283},
- {dirPath: "2021/0xxx", filename: "CVE-2021-0001.json", year: 2021, number: 1},
- {dirPath: "2021/0xxx", filename: "CVE-2021-0010.json", year: 2021, number: 10},
- {dirPath: "2021/1xxx", filename: "CVE-2021-1384.json", year: 2021, number: 1384},
- }
-
- opt := cmpopts.IgnoreFields(repoFile{}, "treeHash", "blobHash")
- if diff := cmp.Diff(want, got, cmp.AllowUnexported(repoFile{}), opt); diff != "" {
- t.Errorf("mismatch (-want, +got):\n%s", diff)
- }
-}
-
-const clearString = "**CLEAR**"
-
-var clearCVE = &cveschema.CVE{}
-
-func modify(r, m *store.CVERecord) *store.CVERecord {
- modString := func(p *string, s string) {
- if s == clearString {
- *p = ""
- } else if s != "" {
- *p = s
- }
- }
-
- c := *r
- modString(&c.BlobHash, m.BlobHash)
- modString(&c.CommitHash, m.CommitHash)
- modString(&c.CVEState, m.CVEState)
- if m.TriageState != "" {
- if m.TriageState == clearString {
- c.TriageState = ""
- } else {
- c.TriageState = m.TriageState
- }
- }
- modString(&c.TriageStateReason, m.TriageStateReason)
- modString(&c.Module, m.Module)
- if m.CVE == clearCVE {
- c.CVE = nil
- } else if m.CVE != nil {
- c.CVE = m.CVE
- }
- modString(&c.IssueReference, m.IssueReference)
- if !m.IssueCreatedAt.IsZero() {
- panic("unsupported modification")
- }
- if m.ReferenceURLs != nil {
- c.ReferenceURLs = m.ReferenceURLs
- }
- if m.History != nil {
- c.History = m.History
- }
- return &c
-}
-
-func TestDoUpdate(t *testing.T) {
- ctx := context.Background()
- repo, err := readTxtarRepo("testdata/basic.txtar", time.Now())
- if err != nil {
- t.Fatal(err)
- }
- h, err := headHash(repo)
- if err != nil {
- t.Fatal(err)
- }
-
- purl := getPkgsiteURL(t)
- needsIssue := func(cve *cveschema.CVE) (*triageResult, error) {
- return TriageCVE(ctx, cve, purl)
- }
-
- ref, err := repo.Reference(plumbing.HEAD, true)
- if err != nil {
- t.Fatal(err)
- }
-
- commitHash := ref.Hash().String()
- knownVulns := []string{"CVE-2020-9283"}
-
- paths := []string{
- "2021/0xxx/CVE-2021-0001.json",
- "2021/0xxx/CVE-2021-0010.json",
- "2021/1xxx/CVE-2021-1384.json",
- "2020/9xxx/CVE-2020-9283.json",
- }
-
- var (
- cves []*cveschema.CVE
- blobHashes []string
- )
- for _, p := range paths {
- cve, bh := readCVE(t, repo, p)
- cves = append(cves, cve)
- blobHashes = append(blobHashes, bh)
- }
- // CVERecords after the above CVEs are added to an empty DB.
- var rs []*store.CVERecord
- for i := 0; i < len(cves); i++ {
- r := &store.CVERecord{
- ID: cves[i].ID,
- CVEState: cves[i].State,
- Path: paths[i],
- BlobHash: blobHashes[i],
- CommitHash: commitHash,
- }
- rs = append(rs, r)
- }
- rs[0].TriageState = store.TriageStateNeedsIssue // a public CVE, has a golang.org path
- rs[0].Module = "golang.org/x/mod"
- rs[0].CVE = cves[0]
- rs[1].TriageState = store.TriageStateNoActionNeeded // state is reserved
- rs[2].TriageState = store.TriageStateNoActionNeeded // state is rejected
- rs[3].TriageState = store.TriageStateHasVuln
-
- for _, test := range []struct {
- name string
- cur []*store.CVERecord // current state of DB
- want []*store.CVERecord // expected state after update
- }{
- {
- name: "empty",
- cur: nil,
- want: rs,
- },
- {
- name: "no change",
- cur: rs,
- want: rs,
- },
- {
- name: "pre-issue changes",
- cur: []*store.CVERecord{
- // NoActionNeeded -> NeedsIssue
- modify(rs[0], &store.CVERecord{
- BlobHash: "x", // if we don't use a different blob hash, no update will happen
- TriageState: store.TriageStateNoActionNeeded,
- }),
- // NeedsIssue -> NoActionNeeded
- modify(rs[1], &store.CVERecord{
- BlobHash: "x",
- TriageState: store.TriageStateNeedsIssue,
- Module: "something",
- CVE: cves[1],
- }),
- // NoActionNeeded, triage state stays the same but other fields change.
- modify(rs[2], &store.CVERecord{
- TriageState: store.TriageStateNoActionNeeded,
- }),
- },
- want: []*store.CVERecord{
- modify(rs[0], &store.CVERecord{
- History: []*store.CVERecordSnapshot{{
- CommitHash: commitHash,
- CVEState: cveschema.StatePublic,
- TriageState: store.TriageStateNoActionNeeded,
- }},
- }),
- modify(rs[1], &store.CVERecord{
- Module: clearString,
- CVE: clearCVE,
- History: []*store.CVERecordSnapshot{{
- CommitHash: commitHash,
- CVEState: cveschema.StateReserved,
- TriageState: store.TriageStateNeedsIssue,
- }},
- }),
- rs[2],
- rs[3],
- },
- },
- {
- name: "post-issue changes",
- cur: []*store.CVERecord{
- // IssueCreated -> Updated
- modify(rs[0], &store.CVERecord{
- BlobHash: "x",
- TriageState: store.TriageStateIssueCreated,
- }),
- modify(rs[1], &store.CVERecord{
- BlobHash: "x",
- TriageState: store.TriageStateUpdatedSinceIssueCreation,
- }),
- },
- want: []*store.CVERecord{
- modify(rs[0], &store.CVERecord{
- TriageState: store.TriageStateUpdatedSinceIssueCreation,
- TriageStateReason: `CVE changed; affected module = "golang.org/x/mod"`,
- History: []*store.CVERecordSnapshot{{
- CommitHash: commitHash,
- CVEState: cveschema.StatePublic,
- TriageState: store.TriageStateIssueCreated,
- }},
- }),
- modify(rs[1], &store.CVERecord{
- TriageState: store.TriageStateUpdatedSinceIssueCreation,
- TriageStateReason: `CVE changed; affected module = ""`,
- }),
- rs[2],
- rs[3],
- },
- },
- {
- name: "false positive no Go URLs",
- cur: []*store.CVERecord{
- // FalsePositive; no change
- modify(rs[0], &store.CVERecord{
- BlobHash: "x",
- TriageState: store.TriageStateFalsePositive,
- ReferenceURLs: []string{
- "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
- "https://golang.org/x/mod",
- },
- }),
- },
- want: []*store.CVERecord{
- modify(rs[0], &store.CVERecord{
- TriageState: store.TriageStateFalsePositive,
- ReferenceURLs: []string{
- "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
- "https://golang.org/x/mod",
- },
- }),
- rs[1], rs[2], rs[3],
- },
- },
- {
- name: "false positive new Go URLs",
- cur: []*store.CVERecord{
- // FalsePositive; no change
- modify(rs[0], &store.CVERecord{
- BlobHash: "x",
- TriageState: store.TriageStateFalsePositive,
- ReferenceURLs: []string{
- "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
- },
- }),
- },
- want: []*store.CVERecord{
- modify(rs[0], &store.CVERecord{
- ReferenceURLs: []string{
- "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
- },
- History: []*store.CVERecordSnapshot{{
- CommitHash: commitHash,
- CVEState: "PUBLIC",
- TriageState: "FalsePositive",
- }},
- }),
- rs[1], rs[2], rs[3],
- },
- },
- } {
- t.Run(test.name, func(t *testing.T) {
- mstore := store.NewMemStore()
- createCVERecords(t, mstore, test.cur)
- if _, err := newUpdater(repo, h, mstore, knownVulns, needsIssue).update(ctx); err != nil {
- t.Fatal(err)
- }
- got := mstore.CVERecords()
- want := map[string]*store.CVERecord{}
- for _, cr := range test.want {
- want[cr.ID] = cr
- }
- if diff := cmp.Diff(want, got); diff != "" {
- t.Errorf("mismatch (-want, +got):\n%s", diff)
- }
- })
- }
-}
-
-func TestGroupFilesByDirectory(t *testing.T) {
- for _, test := range []struct {
- in []repoFile
- want [][]repoFile
- }{
- {in: nil, want: nil},
- {
- in: []repoFile{{dirPath: "a"}},
- want: [][]repoFile{{{dirPath: "a"}}},
- },
- {
- in: []repoFile{
- {dirPath: "a", filename: "f1"},
- {dirPath: "a", filename: "f2"},
- },
- want: [][]repoFile{{
- {dirPath: "a", filename: "f1"},
- {dirPath: "a", filename: "f2"},
- }},
- },
- {
- in: []repoFile{
- {dirPath: "a", filename: "f1"},
- {dirPath: "a", filename: "f2"},
- {dirPath: "b", filename: "f1"},
- {dirPath: "c", filename: "f1"},
- {dirPath: "c", filename: "f2"},
- },
- want: [][]repoFile{
- {
- {dirPath: "a", filename: "f1"},
- {dirPath: "a", filename: "f2"},
- },
- {
- {dirPath: "b", filename: "f1"},
- },
- {
- {dirPath: "c", filename: "f1"},
- {dirPath: "c", filename: "f2"},
- },
- },
- },
- } {
- got, err := groupFilesByDirectory(test.in)
- if err != nil {
- t.Fatalf("%v: %v", test.in, err)
- }
- if diff := cmp.Diff(got, test.want, cmp.AllowUnexported(repoFile{})); diff != "" {
- t.Errorf("%v: (-want, +got)\n%s", test.in, diff)
- }
- }
-
- _, err := groupFilesByDirectory([]repoFile{{dirPath: "a"}, {dirPath: "b"}, {dirPath: "a"}})
- if err == nil {
- t.Error("got nil, want error")
- }
-}
-
-func readCVE(t *testing.T, repo *git.Repository, path string) (*cveschema.CVE, string) {
- c := headCommit(t, repo)
- cve, blobHash, err := ReadCVEAtPath(c, path)
- if err != nil {
- t.Fatal(err)
- }
- return cve, blobHash
-}
-
-func createCVERecords(t *testing.T, s store.Store, crs []*store.CVERecord) {
- err := s.RunTransaction(context.Background(), func(_ context.Context, tx store.Transaction) error {
- for _, cr := range crs {
- if err := tx.CreateCVERecord(cr); err != nil {
- return err
- }
- }
- return nil
- })
- if err != nil {
- t.Fatal(err)
- }
-}
diff --git a/srv/internal/worker/util.go b/srv/internal/worker/util.go
deleted file mode 100644
index ec813ef..0000000
--- a/srv/internal/worker/util.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package worker
-
-import (
- "encoding/json"
-
- "github.com/go-git/go-git/v5/plumbing/object"
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/derrors"
-)
-
-// ReadCVEAtPath reads file at path in commit, and JSON-decodes it into a CVE.
-func ReadCVEAtPath(commit *object.Commit, path string) (_ *cveschema.CVE, blobHash string, err error) {
- defer derrors.Wrap(&err, "readCVEAtPath(%q)", path)
- file, err := commit.File(path)
- if err != nil {
- return nil, "", err
- }
- var cve cveschema.CVE
- r, err := file.Reader()
- if err != nil {
- return nil, "", err
- }
- if err := json.NewDecoder(r).Decode(&cve); err != nil {
- return nil, "", err
- }
- return &cve, file.Hash.String(), nil
-}
diff --git a/srv/internal/worker/worker.go b/srv/internal/worker/worker.go
deleted file mode 100644
index aeda82e..0000000
--- a/srv/internal/worker/worker.go
+++ /dev/null
@@ -1,309 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package worker
-
-// This file has the public API of the worker, used by cmd/worker as well
-// as the server in this package.
-
-import (
- "context"
- "errors"
- "fmt"
- "strings"
- "sync"
- "text/template"
- "time"
-
- "github.com/go-git/go-git/v5"
- "github.com/go-git/go-git/v5/plumbing"
- "golang.org/x/exp/event"
- "golang.org/x/sync/errgroup"
- "golang.org/x/time/rate"
- vulnc "golang.org/x/vuln/client"
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/gitrepo"
- "golang.org/x/vuln/srv/internal/worker/log"
- "golang.org/x/vuln/srv/internal/worker/store"
-)
-
-// UpdateCommit performs an update on the store using the given commit.
-// Unless force is true, it checks that the update makes sense before doing it.
-func UpdateCommit(ctx context.Context, repoPath, commitHash string, st store.Store, pkgsiteURL string, force bool) (err error) {
- defer derrors.Wrap(&err, "RunCommitUpdate(%q, %q, force=%t)", repoPath, commitHash, force)
-
- b, err := falsePositivesInserted(ctx, st)
- if err != nil {
- return err
- }
- if !b {
- log.Info(ctx, "inserting false positives")
- if err := InsertFalsePositives(ctx, st); err != nil {
- return err
- }
- }
-
- repo, err := gitrepo.CloneOrOpen(ctx, repoPath)
- if err != nil {
- return err
- }
- var ch plumbing.Hash
- if commitHash == "HEAD" {
- ref, err := repo.Reference(plumbing.HEAD, true)
- if err != nil {
- return err
- }
- ch = ref.Hash()
- } else {
- ch = plumbing.NewHash(commitHash)
- }
- if !force {
- if err := checkUpdate(ctx, repo, ch, st); err != nil {
- return err
- }
- }
- knownVulnIDs, err := readVulnDB(ctx)
- if err != nil {
- return err
- }
- u := newUpdater(repo, ch, st, knownVulnIDs, func(cve *cveschema.CVE) (*triageResult, error) {
- return TriageCVE(ctx, cve, pkgsiteURL)
- })
- _, err = u.update(ctx)
- return err
-}
-
-// checkUpdate performs sanity checks on a potential update.
-// It verifies that there is not an update currently in progress,
-// and it makes sure that the update is to a more recent commit.
-func checkUpdate(ctx context.Context, repo *git.Repository, commitHash plumbing.Hash, st store.Store) error {
- b, err := falsePositivesInserted(ctx, st)
- if err != nil {
- return err
- }
- if !b {
- return errors.New("false positives not inserted")
- }
-
- urs, err := st.ListCommitUpdateRecords(ctx, 1)
- if err != nil {
- return err
- }
- if len(urs) == 0 {
- // No updates, we're good.
- return nil
- }
- lu := urs[0]
- if lu.EndedAt.IsZero() {
- return &CheckUpdateError{
- msg: fmt.Sprintf("latest update started %s ago and has not finished", time.Since(lu.StartedAt)),
- }
- }
- if lu.Error != "" {
- return &CheckUpdateError{
- msg: fmt.Sprintf("latest update finished with error %q", lu.Error),
- }
- }
- commit, err := repo.CommitObject(commitHash)
- if err != nil {
- return err
- }
- if commit.Committer.When.Before(lu.CommitTime) {
- return &CheckUpdateError{
- msg: fmt.Sprintf("commit %s time %s is before latest update commit %s time %s",
- commitHash, commit.Committer.When.Format(time.RFC3339),
- lu.CommitHash, lu.CommitTime.Format(time.RFC3339)),
- }
- }
- return nil
-}
-
-// CheckUpdateError is an error returned from UpdateCommit that can be avoided
-// calling UpdateCommit with force set to true.
-type CheckUpdateError struct {
- msg string
-}
-
-func (c *CheckUpdateError) Error() string {
- return c.msg
-}
-
-const vulnDBURL = "https://storage.googleapis.com/go-vulndb"
-
-// readVulnDB returns a list of all CVE IDs in the Go vuln DB.
-func readVulnDB(ctx context.Context) ([]string, error) {
- const concurrency = 4
-
- client, err := vulnc.NewClient([]string{vulnDBURL}, vulnc.Options{})
- if err != nil {
- return nil, err
- }
-
- goIDs, err := client.ListIDs(ctx)
- if err != nil {
- return nil, err
- }
- var (
- mu sync.Mutex
- cveIDs []string
- )
- sem := make(chan struct{}, concurrency)
- g, ctx := errgroup.WithContext(ctx)
- for _, id := range goIDs {
- id := id
- sem <- struct{}{}
- g.Go(func() error {
- defer func() { <-sem }()
- e, err := client.GetByID(ctx, id)
- if err != nil {
- return err
- }
- // Assume all the aliases are CVE IDs.
- mu.Lock()
- cveIDs = append(cveIDs, e.Aliases...)
- mu.Unlock()
- return nil
- })
- }
- if err := g.Wait(); err != nil {
- return nil, err
- }
- return cveIDs, nil
-}
-
-// Limit GitHub issue creation requests to this many per second.
-const issueQPS = 1
-
-// The limiter used to throttle pkgsite requests.
-// The second argument to rate.NewLimiter is the burst, which
-// basically lets you exceed the rate briefly.
-var issueRateLimiter = rate.NewLimiter(rate.Every(time.Duration(1000/float64(issueQPS))*time.Millisecond), 1)
-
-func CreateIssues(ctx context.Context, st store.Store, ic IssueClient, limit int) (err error) {
- derrors.Wrap(&err, "CreateIssues(destination: %s)", ic.Destination())
-
- needsIssue, err := st.ListCVERecordsWithTriageState(ctx, store.TriageStateNeedsIssue)
- if err != nil {
- return err
- }
- log.Info(ctx, "CreateIssues starting",
- event.String("destination", ic.Destination()),
- event.Int64("needsIssue", int64(len(needsIssue))))
- numCreated := int64(0)
- for _, r := range needsIssue {
- if limit > 0 && int(numCreated) >= limit {
- break
- }
- if r.IssueReference != "" || !r.IssueCreatedAt.IsZero() {
- log.Error(ctx, "triage state is NeedsIssue but issue field(s) non-zero; skipping",
- event.String("ID", r.ID),
- event.String("IssueReference", r.IssueReference),
- event.Value("IssueCreatedAt", r.IssueCreatedAt))
- continue
- }
- body, err := newBody(r)
- if err != nil {
- return err
- }
-
- // Create the issue.
- iss := &Issue{
- Title: fmt.Sprintf("x/vulndb: potential Go vulnerability found from CVE List: %s", r.ID),
- Body: body,
- Labels: []string{"Needs Triage"},
- }
- if err := issueRateLimiter.Wait(ctx); err != nil {
- return err
- }
- num, err := ic.CreateIssue(ctx, iss)
- if err != nil {
- return fmt.Errorf("creating issue for %s: %w", r.ID, err)
- }
- // If we crashed here, we would have filed an issue without recording
- // that fact in the DB. That can lead to duplicate issues, but nothing
- // worse (we won't miss a CVE).
- // TODO(golang/go#49733): look for the issue title to avoid duplications.
- ref := ic.Reference(num)
- log.Info(ctx, "created issue", event.String("CVE", r.ID), event.String("reference", ref))
-
- // Update the CVERecord in the DB with issue information.
- err = st.RunTransaction(ctx, func(ctx context.Context, tx store.Transaction) error {
- rs, err := tx.GetCVERecords(r.ID, r.ID)
- if err != nil {
- return err
- }
- r := rs[0]
- r.TriageState = store.TriageStateIssueCreated
- r.IssueReference = ref
- r.IssueCreatedAt = time.Now()
- return tx.SetCVERecord(r)
- })
- if err != nil {
- return err
- }
- numCreated++
- }
- log.Info(ctx, "CreateIssues done", event.Int64("limit", int64(limit)), event.Int64("numCreated", numCreated))
- return nil
-}
-
-const englishLang = "eng"
-
-func newBody(r *store.CVERecord) (string, error) {
- var b strings.Builder
- var desc string
- if r.CVE != nil {
- for _, d := range r.CVE.Description.Data {
- if d.Lang == englishLang {
- desc = d.Value
- }
- }
- }
- err := issueTemplate.Execute(&b, issueTemplateData{
- Heading: fmt.Sprintf(
- "In [%s](%s/tree/%s/%s), the reference URL [%s](%s) (and possibly others) refers to something in Go.",
- r.ID, gitrepo.CVEListRepoURL, r.CommitHash, r.Path, r.Module, r.Module),
- Description: desc,
- CVERecord: r,
- Pre: "```",
- })
- if err != nil {
- return "", err
- }
- return b.String(), nil
-}
-
-type issueTemplateData struct {
- Heading string
- Description string
- Pre string // markdown string for a <pre> block
- *store.CVERecord
-}
-
-var issueTemplate = template.Must(template.New("issue").Parse(`
-{{- .Heading}}
-
-{{.Pre}}
-module: {{.Module}}
-package:
-stdlib:
-versions:
- - introduced:
- - fixed:
-description: |
- {{.Description}}
-
-cve: {{.ID}}
-credit:
-symbols:
- -
-published:
-links:
- commit:
- pr:
- context:
- -
-{{.Pre}}
-`))
diff --git a/srv/internal/worker/worker_test.go b/srv/internal/worker/worker_test.go
deleted file mode 100644
index add9d6a..0000000
--- a/srv/internal/worker/worker_test.go
+++ /dev/null
@@ -1,218 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.17
-// +build go1.17
-
-package worker
-
-import (
- "context"
- "math"
- "strings"
- "testing"
- "time"
-
- "github.com/google/go-cmp/cmp"
- "github.com/google/go-cmp/cmp/cmpopts"
- "golang.org/x/vuln/srv/internal/cveschema"
- "golang.org/x/vuln/srv/internal/worker/log"
- "golang.org/x/vuln/srv/internal/worker/store"
-)
-
-func TestCheckUpdate(t *testing.T) {
- ctx := context.Background()
- tm := time.Date(2021, 1, 26, 0, 0, 0, 0, time.Local)
- repo, err := readTxtarRepo("testdata/basic.txtar", tm)
- if err != nil {
- t.Fatal(err)
- }
- for _, test := range []struct {
- latestUpdate *store.CommitUpdateRecord
- want string // non-empty => substring of error message
- }{
- // no latest update, no problem
- {nil, ""},
- // latest update finished and commit is earlier; no problem
- {
- &store.CommitUpdateRecord{
- EndedAt: time.Now(),
- CommitHash: "abc",
- CommitTime: tm.Add(-time.Hour),
- },
- "",
- },
- // latest update didn't finish
- {
- &store.CommitUpdateRecord{
- CommitHash: "abc",
- CommitTime: tm.Add(-time.Hour),
- },
- "not finish",
- },
- // latest update finished with error
- {
- &store.CommitUpdateRecord{
- CommitHash: "abc",
- CommitTime: tm.Add(-time.Hour),
- EndedAt: time.Now(),
- Error: "bad",
- },
- "with error",
- },
- // latest update finished on a later commit
- {
- &store.CommitUpdateRecord{
- EndedAt: time.Now(),
- CommitHash: "abc",
- CommitTime: tm.Add(time.Hour),
- },
- "before",
- },
- } {
- mstore := store.NewMemStore()
- if err := InsertFalsePositives(ctx, mstore); err != nil {
- t.Fatal(err)
- }
- if test.latestUpdate != nil {
- if err := mstore.CreateCommitUpdateRecord(ctx, test.latestUpdate); err != nil {
- t.Fatal(err)
- }
- }
- got := checkUpdate(ctx, repo, headCommit(t, repo).Hash, mstore)
- if got == nil && test.want != "" {
- t.Errorf("%+v:\ngot no error, wanted %q", test.latestUpdate, test.want)
- } else if got != nil && !strings.Contains(got.Error(), test.want) {
- t.Errorf("%+v:\ngot '%s', does not contain %q", test.latestUpdate, got, test.want)
- }
- }
-}
-
-func TestCreateIssues(t *testing.T) {
- ctx := log.WithLineLogger(context.Background())
- mstore := store.NewMemStore()
- ic := newFakeIssueClient()
-
- crs := []*store.CVERecord{
- {
- ID: "ID1",
- BlobHash: "bh1",
- CommitHash: "ch",
- Path: "path1",
- TriageState: store.TriageStateNeedsIssue,
- },
- {
- ID: "ID2",
- BlobHash: "bh2",
- CommitHash: "ch",
- Path: "path2",
- TriageState: store.TriageStateNoActionNeeded,
- },
- {
- ID: "ID3",
- BlobHash: "bh3",
- CommitHash: "ch",
- Path: "path3",
- TriageState: store.TriageStateIssueCreated,
- },
- }
- createCVERecords(t, mstore, crs)
-
- if err := CreateIssues(ctx, mstore, ic, 0); err != nil {
- t.Fatal(err)
- }
-
- var wants []*store.CVERecord
- for _, r := range crs {
- copy := *r
- wants = append(wants, ©)
- }
- wants[0].TriageState = store.TriageStateIssueCreated
- wants[0].IssueReference = "inMemory#1"
-
- gotRecs := mstore.CVERecords()
- if len(gotRecs) != len(wants) {
- t.Fatalf("wrong number of records: got %d, want %d", len(gotRecs), len(wants))
- }
- for _, want := range wants {
- got := gotRecs[want.ID]
- if !cmp.Equal(got, want, cmpopts.IgnoreFields(store.CVERecord{}, "IssueCreatedAt")) {
- t.Errorf("got %+v\nwant %+v", got, want)
- }
- }
-}
-
-func TestNewBody(t *testing.T) {
- r := &store.CVERecord{
- ID: "ID1",
- Module: "aModule",
- CVE: &cveschema.CVE{
- Description: cveschema.Description{
- Data: []cveschema.LangString{{
- Lang: "eng",
- Value: "a description",
- }},
- },
- },
- }
- got, err := newBody(r)
- if err != nil {
- t.Fatal(err)
- }
- want := `In [ID1](https://github.com/CVEProject/cvelist/tree//), the reference URL [aModule](aModule) (and possibly others) refers to something in Go.
-
-` + "```" + `
-module: aModule
-package:
-stdlib:
-versions:
- - introduced:
- - fixed:
-description: |
- a description
-
-cve: ID1
-credit:
-symbols:
- -
-published:
-links:
- commit:
- pr:
- context:
- -
-` + "```\n"
- if diff := cmp.Diff(unindent(want), got); diff != "" {
- t.Errorf("mismatch (-want, +got):\n%s", diff)
- }
-}
-
-// unindent removes leading whitespace from s.
-// It first finds the line beginning with the fewest space and tab characters.
-// It then removes that many characters from every line.
-func unindent(s string) string {
- lines := strings.Split(s, "\n")
- min := math.MaxInt
- for _, l := range lines {
- if len(l) == 0 {
- continue
- }
- n := 0
- for _, r := range l {
- if r != ' ' && r != '\t' {
- break
- }
- n++
- }
- if n < min {
- min = n
- }
- }
- for i, l := range lines {
- if len(l) > 0 {
- lines[i] = l[min:]
- }
- }
- return strings.Join(lines, "\n")
-}
diff --git a/srv/triaged-cve-list b/srv/triaged-cve-list
deleted file mode 100644
index b706abf..0000000
--- a/srv/triaged-cve-list
+++ /dev/null
@@ -1,622 +0,0 @@
-# This file contains a list of CVEs identified by cmd/cve-triage which may be
-# related to Go modules. It tracks which CVEs have already been triaged, which
-# are false positives, and which are pending triage.
-#
-# The format of each line is as follows:
-# <CVE-ID> <state> <comma separated list of reports linked to CVE>
-#
-# <state> may be one of the following:
-# false-positive CVE is not for importable Go code
-# triaged CVE has been triaged and assigned a vulndb report
-# pending CVE is awaiting triage
-
-CVE-2013-2124 false-positive
-CVE-2013-2233 false-positive
-CVE-2014-0177 false-positive
-CVE-2014-3498 false-positive
-CVE-2014-3971 false-positive
-CVE-2014-4657 false-positive
-CVE-2014-4658 false-positive
-CVE-2014-4659 false-positive
-CVE-2014-4660 false-positive
-CVE-2014-4678 false-positive
-CVE-2014-4966 false-positive
-CVE-2014-4967 false-positive
-CVE-2014-8178 false-positive
-CVE-2014-8179 false-positive
-CVE-2014-8682 false-positive
-CVE-2014-9938 false-positive
-CVE-2015-5237 false-positive
-CVE-2015-5250 false-positive
-CVE-2015-6240 false-positive
-CVE-2015-7082 false-positive
-CVE-2015-7528 false-positive
-CVE-2015-7545 false-positive
-CVE-2016-2315 false-positive
-CVE-2016-2324 false-positive
-CVE-2018-17456 false-positive
-CVE-2020-11008 false-positive
-CVE-2020-12278 false-positive
-CVE-2020-12279 false-positive
-CVE-2020-5260 false-positive
-CVE-2021-21300 false-positive
-CVE-2015-7561 false-positive
-CVE-2015-8222 false-positive
-CVE-2015-8945 false-positive
-CVE-2015-9258 false-positive
-CVE-2015-9259 false-positive
-CVE-2015-9282 false-positive
-CVE-2016-1133 false-positive
-CVE-2016-1544 false-positive
-CVE-2016-1587 false-positive
-CVE-2016-1905 false-positive
-CVE-2016-1906 false-positive
-CVE-2016-216 false-positive
-CVE-2016-2183 false-positive
-CVE-2016-3096 false-positive
-CVE-2016-3711 false-positive
-CVE-2016-4817 false-positive
-CVE-2016-4864 false-positive
-CVE-2016-6349 false-positive
-CVE-2016-6494 false-positive
-CVE-2016-7063 false-positive
-CVE-2016-7064 false-positive
-CVE-2016-7075 false-positive
-CVE-2016-7569 false-positive
-CVE-2016-7835 false-positive
-CVE-2016-8579 false-positive
-CVE-2016-9274 false-positive
-CVE-2017-1000056 false-positive
-CVE-2017-1000069 false-positive
-CVE-2017-1000070 false-positive
-CVE-2017-1000420 false-positive
-CVE-2017-1000459 false-positive
-CVE-2017-1000492 false-positive
-CVE-2017-1002100 false-positive
-CVE-2017-1002101 false-positive
-CVE-2017-1002102 false-positive
-CVE-2017-10868 false-positive
-CVE-2017-10869 false-positive
-CVE-2017-10872 false-positive
-CVE-2017-10908 false-positive
-CVE-2017-14178 false-positive
-CVE-2017-14623 false-positive
-CVE-2017-14992 false-positive
-CVE-2017-15104 false-positive
-CVE-2017-16539 false-positive
-CVE-2017-17697 false-positive
-CVE-2017-2428 false-positive
-CVE-2017-7297 false-positive
-CVE-2017-7481 false-positive
-CVE-2017-7550 false-positive
-CVE-2017-7860 false-positive
-CVE-2017-7861 false-positive
-CVE-2017-8359 false-positive
-CVE-2017-9431 false-positive
-CVE-2018-0608 false-positive
-CVE-2018-1000803 false-positive
-CVE-2018-1000816 false-positive
-CVE-2018-1002100 false-positive
-CVE-2018-1002101 false-positive
-CVE-2018-1002102 false-positive
-CVE-2018-1002103 false-positive
-CVE-2018-1002104 false-positive
-CVE-2018-1002105 false-positive
-CVE-2018-1002207 false-positive
-CVE-2018-10055 false-positive
-CVE-2018-10856 false-positive
-CVE-2018-10892 false-positive
-CVE-2018-10937 false-positive
-CVE-2018-12099 false-positive
-CVE-2018-12608 false-positive
-CVE-2018-12678 false-positive
-CVE-2018-12976 false-positive
-CVE-2018-14474 false-positive
-CVE-2018-15178 false-positive
-CVE-2018-15192 false-positive
-CVE-2018-15193 false-positive
-CVE-2018-15598 false-positive
-CVE-2018-15664 false-positive
-CVE-2018-15747 false-positive
-CVE-2018-15869 false-positive
-CVE-2018-16316 false-positive
-CVE-2018-16359 false-positive
-CVE-2018-16398 false-positive
-CVE-2018-16409 false-positive
-CVE-2018-16733 false-positive
-CVE-2018-16859 false-positive
-CVE-2018-16876 false-positive
-CVE-2018-17031 false-positive
-CVE-2018-18264 false-positive
-CVE-2018-18553 false-positive
-CVE-2018-18623 false-positive
-CVE-2018-18624 false-positive
-CVE-2018-18625 false-positive
-CVE-2018-18925 false-positive
-CVE-2018-18926 false-positive
-CVE-2018-19114 false-positive
-CVE-2018-19148 false-positive
-CVE-2018-19184 false-positive
-CVE-2018-19295 false-positive
-CVE-2018-19333 false-positive
-CVE-2018-19367 false-positive
-CVE-2018-19466 false-positive
-CVE-2018-19653 false-positive
-CVE-2018-19786 false-positive
-CVE-2018-19793 false-positive
-CVE-2018-1098 false-positive
-CVE-2018-1099 false-positive
-CVE-2018-20303 false-positive
-CVE-2018-20421 false-positive
-CVE-2018-20699 false-positive
-CVE-2018-21034 false-positive
-CVE-2018-21233 false-positive
-CVE-2018-7575 false-positive
-CVE-2018-7576 false-positive
-CVE-2018-7577 false-positive
-CVE-2018-8825 false-positive
-CVE-2018-9057 false-positive
-CVE-2019-1000002 false-positive
-CVE-2019-1002100 false-positive
-CVE-2019-1002101 false-positive
-CVE-2019-1010003 false-positive
-CVE-2019-1010261 false-positive
-CVE-2019-1010275 false-positive
-CVE-2019-1010314 false-positive
-CVE-2019-1020009 false-positive
-CVE-2019-1020014 false-positive
-CVE-2019-1020015 false-positive
-CVE-2019-10152 false-positive
-CVE-2019-10156 false-positive
-CVE-2019-10165 false-positive
-CVE-2019-10200 false-positive
-CVE-2019-10217 false-positive
-CVE-2019-10223 false-positive
-CVE-2019-10743 false-positive
-CVE-2019-11043 false-positive
-CVE-2019-11228 false-positive
-CVE-2019-11229 false-positive
-CVE-2019-11243 false-positive
-CVE-2019-11244 false-positive
-CVE-2019-11245 false-positive
-CVE-2019-11246 false-positive
-CVE-2019-11247 false-positive
-CVE-2019-11248 false-positive
-CVE-2019-11249 false-positive
-CVE-2019-11251 false-positive
-CVE-2019-11252 false-positive
-CVE-2019-11255 false-positive
-CVE-2019-11328 false-positive
-CVE-2019-11405 false-positive
-CVE-2019-11471 false-positive
-CVE-2019-11502 false-positive
-CVE-2019-11503 false-positive
-CVE-2019-11576 false-positive
-CVE-2019-11641 false-positive
-CVE-2019-11881 false-positive
-CVE-2019-11938 false-positive
-CVE-2019-12291 false-positive
-CVE-2019-12452 false-positive
-CVE-2019-12494 false-positive
-CVE-2019-12618 false-positive
-CVE-2019-12995 false-positive
-CVE-2019-12999 false-positive
-CVE-2019-13068 false-positive
-CVE-2019-13139 false-positive
-CVE-2019-13915 false-positive
-CVE-2019-14243 false-positive
-CVE-2019-14255 false-positive
-CVE-2019-14271 false-positive
-CVE-2019-14544 false-positive
-CVE-2019-14846 false-positive
-CVE-2019-14864 false-positive
-CVE-2019-14904 false-positive
-CVE-2019-14940 false-positive
-CVE-2019-14993 false-positive
-CVE-2019-15043 false-positive
-CVE-2019-15119 false-positive
-CVE-2019-15225 false-positive
-CVE-2019-15226 false-positive
-CVE-2019-15562 false-positive
-CVE-2019-15716 false-positive
-CVE-2019-16060 false-positive
-CVE-2019-16097 false-positive
-CVE-2019-16146 false-positive
-CVE-2019-16214 false-positive
-CVE-2019-16355 false-positive
-CVE-2019-16778 false-positive
-CVE-2019-16919 false-positive
-CVE-2019-18466 false-positive
-CVE-2019-18657 false-positive
-CVE-2019-18801 false-positive
-CVE-2019-18802 false-positive
-CVE-2019-18817 false-positive
-CVE-2019-18836 false-positive
-CVE-2019-18838 false-positive
-CVE-2019-18923 false-positive
-CVE-2019-19023 false-positive
-CVE-2019-19025 false-positive
-CVE-2019-19026 false-positive
-CVE-2019-19029 false-positive
-CVE-2019-19316 false-positive
-CVE-2019-19335 false-positive
-CVE-2019-19349 false-positive
-CVE-2019-19350 false-positive
-CVE-2019-19724 false-positive
-CVE-2019-19922 false-positive
-CVE-2019-20329 false-positive
-CVE-2019-20372 false-positive
-CVE-2019-20377 false-positive
-CVE-2019-20894 false-positive
-CVE-2019-20933 false-positive
-CVE-2019-25014 false-positive
-CVE-2019-3552 false-positive
-CVE-2019-3553 false-positive
-CVE-2019-3558 false-positive
-CVE-2019-3559 false-positive
-CVE-2019-3565 false-positive
-CVE-2019-3826 false-positive
-CVE-2019-3828 false-positive
-CVE-2019-3841 false-positive
-CVE-2019-3990 false-positive
-CVE-2019-5736 false-positive
-CVE-2019-6035 false-positive
-CVE-2019-8336 false-positive
-CVE-2019-8400 false-positive
-CVE-2019-9547 false-positive
-CVE-2019-9635 false-positive
-CVE-2019-9764 false-positive
-CVE-2019-9900 false-positive
-CVE-2019-9901 false-positive
-CVE-2019-9946 false-positive
-CVE-2020-10660 false-positive
-CVE-2020-10661 false-positive
-CVE-2020-10685 false-positive
-CVE-2020-10691 false-positive
-CVE-2020-10696 false-positive
-CVE-2020-10706 false-positive
-CVE-2020-10712 false-positive
-CVE-2020-10715 false-positive
-CVE-2020-10749 false-positive
-CVE-2020-10750 false-positive
-CVE-2020-10763 false-positive
-CVE-2020-10944 false-positive
-CVE-2020-11012 false-positive
-CVE-2020-11013 false-positive
-CVE-2020-11053 false-positive
-CVE-2020-11080 false-positive
-CVE-2020-11091 false-positive
-CVE-2020-11110 false-positive
-CVE-2020-11498 false-positive
-CVE-2020-11576 false-positive
-CVE-2020-11710 false-positive
-CVE-2020-11767 false-positive
-CVE-2020-12118 false-positive
-CVE-2020-12245 false-positive
-CVE-2020-12283 false-positive
-CVE-2020-12458 false-positive
-CVE-2020-12459 false-positive
-CVE-2020-12603 false-positive
-CVE-2020-12604 false-positive
-CVE-2020-12605 false-positive
-CVE-2020-12757 false-positive
-CVE-2020-12758 false-positive
-CVE-2020-12797 false-positive
-CVE-2020-13170 false-positive
-CVE-2020-13223 false-positive
-CVE-2020-13246 false-positive
-CVE-2020-13250 false-positive
-CVE-2020-13401 false-positive
-CVE-2020-13430 false-positive
-CVE-2020-13449 false-positive
-CVE-2020-13450 false-positive
-CVE-2020-13451 false-positive
-CVE-2020-13452 false-positive
-CVE-2020-13597 false-positive
-CVE-2020-13788 false-positive
-CVE-2020-13794 false-positive
-CVE-2020-14144 false-positive
-CVE-2020-14306 false-positive
-CVE-2020-14330 false-positive
-CVE-2020-14332 false-positive
-CVE-2020-14958 false-positive
-CVE-2020-15104 false-positive
-CVE-2020-15127 false-positive
-CVE-2020-15129 false-positive
-CVE-2020-15157 false-positive
-CVE-2020-15184 false-positive
-CVE-2020-15185 false-positive
-CVE-2020-15186 false-positive
-CVE-2020-15187 false-positive
-CVE-2020-15190 false-positive
-CVE-2020-15191 false-positive
-CVE-2020-15192 false-positive
-CVE-2020-15193 false-positive
-CVE-2020-15194 false-positive
-CVE-2020-15195 false-positive
-CVE-2020-15196 false-positive
-CVE-2020-15197 false-positive
-CVE-2020-15198 false-positive
-CVE-2020-15199 false-positive
-CVE-2020-15200 false-positive
-CVE-2020-15201 false-positive
-CVE-2020-15202 false-positive
-CVE-2020-15203 false-positive
-CVE-2020-15204 false-positive
-CVE-2020-15205 false-positive
-CVE-2020-15206 false-positive
-CVE-2020-15207 false-positive
-CVE-2020-15208 false-positive
-CVE-2020-15209 false-positive
-CVE-2020-15210 false-positive
-CVE-2020-15211 false-positive
-CVE-2020-15212 false-positive
-CVE-2020-15213 false-positive
-CVE-2020-15214 false-positive
-CVE-2020-15254 false-positive
-CVE-2020-15257 false-positive
-CVE-2020-15265 false-positive
-CVE-2020-15266 false-positive
-CVE-2020-15391 false-positive
-CVE-2020-16248 false-positive
-CVE-2020-16250 false-positive
-CVE-2020-16251 false-positive
-CVE-2020-16844 false-positive
-CVE-2020-1733 false-positive
-CVE-2020-1734 false-positive
-CVE-2020-1735 false-positive
-CVE-2020-1736 false-positive
-CVE-2020-1737 false-positive
-CVE-2020-1738 false-positive
-CVE-2020-1739 false-positive
-CVE-2020-1740 false-positive
-CVE-2020-1746 false-positive
-CVE-2020-24263 false-positive
-CVE-2020-24264 false-positive
-CVE-2020-24303 false-positive
-CVE-2020-24356 false-positive
-CVE-2020-24707 false-positive
-CVE-2020-24708 false-positive
-CVE-2020-24710 false-positive
-CVE-2020-24711 false-positive
-CVE-2020-24712 false-positive
-CVE-2020-25017 false-positive
-CVE-2020-25018 false-positive
-CVE-2020-25201 false-positive
-CVE-2020-25816 false-positive
-CVE-2020-25989 false-positive
-CVE-2020-26222 false-positive
-CVE-2020-26266 false-positive
-CVE-2020-26267 false-positive
-CVE-2020-26268 false-positive
-CVE-2020-26269 false-positive
-CVE-2020-26270 false-positive
-CVE-2020-26271 false-positive
-CVE-2020-26276 false-positive
-CVE-2020-26277 false-positive
-CVE-2020-26278 false-positive
-CVE-2020-26279 false-positive
-CVE-2020-26283 false-positive
-CVE-2020-26284 false-positive
-CVE-2020-26290 false-positive
-CVE-2020-26294 false-positive
-CVE-2020-26521 false-positive
-CVE-2020-26892 false-positive
-CVE-2020-27151 false-positive
-CVE-2020-27195 false-positive
-CVE-2020-27534 false-positive
-CVE-2020-27955 false-positive
-CVE-2020-28053 false-positive
-CVE-2020-28348 false-positive
-CVE-2020-28349 false-positive
-CVE-2020-28466 false-positive
-CVE-2020-28914 false-positive
-CVE-2020-28924 false-positive
-CVE-2020-28991 false-positive
-CVE-2020-29662 false-positive
-CVE-2020-2023 false-positive
-CVE-2020-35137 false-positive
-CVE-2020-35138 false-positive
-CVE-2020-35177 false-positive
-CVE-2020-35453 false-positive
-CVE-2020-35470 false-positive
-CVE-2020-35471 false-positive
-CVE-2020-36066 false-positive
-CVE-2020-3996 false-positive
-CVE-2020-4037 false-positive
-CVE-2020-4053 false-positive
-CVE-2020-5215 false-positive
-CVE-2020-5233 false-positive
-CVE-2020-5300 false-positive
-CVE-2020-5415 false-positive
-CVE-2020-6016 false-positive
-CVE-2020-6017 false-positive
-CVE-2020-6018 false-positive
-CVE-2020-6019 false-positive
-CVE-2020-7218 false-positive
-CVE-2020-7219 false-positive
-CVE-2020-7220 false-positive
-CVE-2020-7665 false-positive
-CVE-2020-7666 false-positive
-CVE-2020-7669 false-positive
-CVE-2020-7955 false-positive
-CVE-2020-7956 false-positive
-CVE-2020-8551 false-positive
-CVE-2020-8552 false-positive
-CVE-2020-8553 false-positive
-CVE-2020-8554 false-positive
-CVE-2020-8555 false-positive
-CVE-2020-8557 false-positive
-CVE-2020-8558 false-positive
-CVE-2020-8559 false-positive
-CVE-2020-8563 false-positive
-CVE-2020-8566 false-positive
-CVE-2020-8569 false-positive
-CVE-2020-8595 false-positive
-CVE-2020-8659 false-positive
-CVE-2020-8660 false-positive
-CVE-2020-8661 false-positive
-CVE-2020-8663 false-positive
-CVE-2020-8664 false-positive
-CVE-2020-8826 false-positive
-CVE-2020-8827 false-positive
-CVE-2020-8828 false-positive
-CVE-2020-8843 false-positive
-CVE-2020-8927 false-positive
-CVE-2020-8929 false-positive
-CVE-2020-9321 false-positive
-CVE-2020-9329 false-positive
-CVE-2021-20198 false-positive
-CVE-2021-20199 false-positive
-CVE-2021-20218 false-positive
-CVE-2021-20291 false-positive
-CVE-2021-21284 false-positive
-CVE-2021-21285 false-positive
-CVE-2021-21287 false-positive
-CVE-2021-21291 false-positive
-CVE-2021-21296 false-positive
-CVE-2021-21303 false-positive
-CVE-2021-21334 false-positive
-CVE-2021-21362 false-positive
-CVE-2021-21363 false-positive
-CVE-2021-21364 false-positive
-CVE-2021-21378 false-positive
-CVE-2021-21390 false-positive
-CVE-2021-21404 false-positive
-CVE-2021-21411 false-positive
-CVE-2021-21432 false-positive
-CVE-2021-22538 false-positive
-CVE-2021-23345 false-positive
-CVE-2021-23347 false-positive
-CVE-2021-23351 false-positive
-CVE-2021-23357 false-positive
-CVE-2021-23827 false-positive
-CVE-2021-25313 false-positive
-CVE-2021-26921 false-positive
-CVE-2021-26923 false-positive
-CVE-2021-26924 false-positive
-CVE-2021-27098 false-positive
-CVE-2021-27099 false-positive
-CVE-2021-27358 false-positive
-CVE-2021-27375 false-positive
-CVE-2021-27935 false-positive
-CVE-2021-27940 false-positive
-CVE-2021-28361 false-positive
-CVE-2021-28378 false-positive
-CVE-2021-28681 false-positive
-CVE-2021-28954 false-positive
-CVE-2021-28955 false-positive
-CVE-2021-29136 false-positive
-CVE-2021-29271 false-positive
-CVE-2021-29272 false-positive
-CVE-2021-29417 false-positive
-CVE-2021-29651 false-positive
-CVE-2021-29652 false-positive
-CVE-2021-3344 false-positive
-CVE-2021-3382 false-positive
-CVE-2021-3391 false-positive
-CVE-2016-9962 false-positive
-CVE-2018-1000400 false-positive
-CVE-2018-1000538 false-positive
-CVE-2018-17572 false-positive
-CVE-2018-20744 false-positive
-CVE-2019-13126 false-positive
-CVE-2020-10752 false-positive
-CVE-2020-15112 false-positive # covered by GO-2020-0005
-CVE-2020-15113 false-positive
-CVE-2020-15114 false-positive
-CVE-2020-15115 false-positive
-CVE-2020-15136 false-positive
-CVE-2020-15223 false-positive
-CVE-2020-15233 false-positive
-CVE-2020-15234 false-positive
-CVE-2020-24359 false-positive
-CVE-2020-26240 false-positive
-CVE-2020-26241 false-positive
-CVE-2020-26242 false-positive
-CVE-2020-26265 false-positive
-CVE-2020-29243 false-positive # covered by GO-2021-0097
-CVE-2020-29244 false-positive # covered by GO-2021-0097
-CVE-2020-29245 false-positive # covered by GO-2021-0097
-CVE-2020-29510 false-positive
-CVE-2020-29511 false-positive
-CVE-2020-2024 false-positive
-CVE-2020-2025 false-positive
-CVE-2020-2026 false-positive
-CVE-2020-36066 false-positive
-CVE-2020-5303 false-positive
-CVE-2021-21271 false-positive
-CVE-2021-25834 false-positive
-CVE-2021-25835 false-positive
-CVE-2021-25836 false-positive
-CVE-2021-25837 false-positive
-CVE-2016-2160 false-positive
-
-CVE-2018-17846 triaged GO-2020-0014
-CVE-2020-35381 triaged GO-2021-0057
-CVE-2019-12496 triaged GO-2021-0083
-CVE-2017-3204 triaged GO-2020-0013
-CVE-2020-25614 triaged GO-2020-0048
-CVE-2019-11250 triaged GO-2021-0065
-CVE-2020-8564 triaged GO-2021-0066
-CVE-2018-18206 triaged GO-2021-0079
-CVE-2019-19619 triaged GO-2021-0086
-CVE-2019-3564 triaged GO-2021-0088
-CVE-2017-18367 triaged GO-2020-0007
-CVE-2020-28362 triaged GO-2021-0069
-CVE-2018-1103 triaged GO-2020-0026
-CVE-2020-14040 triaged GO-2020-0015
-CVE-2014-8681 triaged GO-2020-0021
-CVE-2019-11254 triaged GO-2020-0036
-CVE-2019-16354 triaged GO-2021-0084
-CVE-2019-16884 triaged GO-2021-0085
-CVE-2020-15091 triaged GO-2021-0090
-CVE-2016-9123 triaged GO-2020-0009
-CVE-2020-28483 triaged GO-2021-0052
-CVE-2020-29509 triaged GO-2021-0060
-CVE-2020-29529 triaged GO-2021-0094
-CVE-2020-26160 triaged GO-2020-0017
-CVE-2019-11253 triaged GO-2021-0062
-CVE-2016-3697 triaged GO-2021-0070
-CVE-2020-7711 triaged GO-2020-0046
-CVE-2020-15216 triaged GO-2020-0050,GO-2021-0056
-CVE-2017-11468 triaged GO-2021-0072
-CVE-2020-8945 triaged GO-2020-0002,GO-2020-0031,GO-2021-0096
-CVE-2021-3115 triaged GO-2021-0068
-CVE-2019-11939 triaged GO-2021-0082
-CVE-2020-8565 triaged GO-2021-0064
-CVE-2020-12666 triaged GO-2020-0039
-CVE-2020-35380 triaged GO-2021-0059
-CVE-2018-17419 triaged GO-2020-0028
-CVE-2021-27919 triaged GO-2021-0067
-CVE-2020-10675 triaged GO-2021-0089
-CVE-2020-15111 triaged GO-2021-0091
-CVE-2020-15106 triaged GO-2020-0005
-CVE-2018-16886 triaged GO-2021-0077
-CVE-2020-8918 triaged GO-2021-0095
-CVE-2015-1340 triaged GO-2021-0071
-CVE-2019-20786 triaged GO-2020-0038
-CVE-2018-6558 triaged GO-2020-0027
-CVE-2017-17831 triaged GO-2021-0073
-CVE-2018-14632 triaged GO-2021-0076
-CVE-2018-17075 triaged GO-2021-0078
-CVE-2019-19921 triaged GO-2021-0087
-CVE-2020-27813 triaged GO-2020-0019
-CVE-2016-9122 triaged GO-2020-0011
-CVE-2020-7667 triaged GO-2020-0042
-CVE-2020-36067 triaged GO-2021-0054
-CVE-2020-27846 triaged GO-2021-0058
-CVE-2020-26264 triaged GO-2021-0063
-CVE-2018-12018 triaged GO-2021-0075
-CVE-2020-15222 triaged GO-2021-0092
-CVE-2016-9121 triaged GO-2020-0010
-CVE-2019-19794 triaged GO-2020-0008
-CVE-2020-9283 triaged GO-2020-0012
-CVE-2020-7668 triaged GO-2020-0041
-CVE-2018-21246 triaged GO-2020-0043
-CVE-2021-3121 triaged GO-2021-0053
-CVE-2019-10214 triaged GO-2021-0081
-CVE-2017-15133 triaged GO-2020-0006
-CVE-2020-29242 triaged GO-2021-0097
-CVE-2021-21237 triaged GO-2021-0098
-CVE-2021-21272 triaged GO-2021-0099
\ No newline at end of file
diff --git a/srv/vlint/vlint.go b/srv/vlint/vlint.go
deleted file mode 100644
index 3b0b53a..0000000
--- a/srv/vlint/vlint.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package vlint contains functionality for linting reports in x/vulndb.
-package vlint
-
-import (
- "fmt"
- "io/ioutil"
-
- "golang.org/x/vuln/srv/internal/derrors"
- "golang.org/x/vuln/srv/internal/report"
- "gopkg.in/yaml.v2"
-)
-
-// LintReport is used to lint the x/vulndb/reports/ directory. It is run by
-// TestLintReports (in the vulndb repo) to ensure that there are no errors in
-// the YAML reports.
-func LintReport(filename string) (_ []string, err error) {
- defer derrors.Wrap(&err, "Lint(%q)", filename)
- b, err := ioutil.ReadFile(filename)
- if err != nil {
- return nil, fmt.Errorf("ioutil.ReadDir(%q): %v", filename, err)
- }
- var r report.Report
- if err := yaml.UnmarshalStrict(b, &r); err != nil {
- return nil, fmt.Errorf("yaml.UnmarshalStrict(b, &r): %v (%q)", err, filename)
- }
- return r.Lint(), nil
-}
