reports: reformat
Run `vulnreport format` on all reports.
Change-Id: I442d0a3b12bf9a6e2e6b5c3ff5e201313d3929a1
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/382515
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
diff --git a/reports/GO-2020-0001.yaml b/reports/GO-2020-0001.yaml
index 4024c14..7c53d62 100644
--- a/reports/GO-2020-0001.yaml
+++ b/reports/GO-2020-0001.yaml
@@ -2,18 +2,18 @@
versions:
- fixed: v1.6.0
description: |
- The default Formatter for the Logger middleware (LoggerConfig.Formatter),
- which is included in the Default engine, allows attackers to inject arbitrary
- log entries by manipulating the request path.
-credit: "@thinkerou <thinkerou@gmail.com>"
+ The default Formatter for the Logger middleware (LoggerConfig.Formatter),
+ which is included in the Default engine, allows attackers to inject arbitrary
+ log entries by manipulating the request path.
+credit: '@thinkerou <thinkerou@gmail.com>'
symbols:
- defaultLogFormatter
links:
- pr: https://github.com/gin-gonic/gin/pull/2237
- commit: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
+ pr: https://github.com/gin-gonic/gin/pull/2237
+ commit: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
cve_metadata:
- id: CVE-9999-0001
- cwe: "CWE-20: Improper Input Validation"
- description: |
- Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
- allows remote attackers to inject arbitrary log lines.
+ id: CVE-9999-0001
+ cwe: 'CWE-20: Improper Input Validation'
+ description: |
+ Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
+ allows remote attackers to inject arbitrary log lines.
diff --git a/reports/GO-2020-0002.yaml b/reports/GO-2020-0002.yaml
index 465c82a..ccc74d3 100644
--- a/reports/GO-2020-0002.yaml
+++ b/reports/GO-2020-0002.yaml
@@ -2,12 +2,12 @@
versions:
- fixed: v0.1.1
description: |
- The Data, Context, or Key finalizers might run during or before GPGME
- operations. This will release the C structures that are still in use, leading
- to crashes and potentially code execution through a use-after-free.
+ The Data, Context, or Key finalizers might run during or before GPGME
+ operations. This will release the C structures that are still in use, leading
+ to crashes and potentially code execution through a use-after-free.
cves:
- CVE-2020-8945
credit: Ulrich Obergfell <uobergfe@redhat.com>
links:
- pr: https://github.com/proglottis/gpgme/pull/23
- commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
+ pr: https://github.com/proglottis/gpgme/pull/23
+ commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
diff --git a/reports/GO-2020-0003.yaml b/reports/GO-2020-0003.yaml
index 55d412c..391336f 100644
--- a/reports/GO-2020-0003.yaml
+++ b/reports/GO-2020-0003.yaml
@@ -2,18 +2,18 @@
versions:
- fixed: v1.0.0
description: |
- An attacker can cause an application that accepts slice parameters
- (https://revel.github.io/manual/parameters.html#slices) to allocate large
- amounts of memory and crash through manipulating the request query sent to the application.
-credit: "@SYM01"
+ An attacker can cause an application that accepts slice parameters
+ (https://revel.github.io/manual/parameters.html#slices) to allocate large
+ amounts of memory and crash through manipulating the request query sent to the application.
+credit: '@SYM01'
links:
- pr: https://github.com/revel/revel/pull/1427
- commit: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605
- context:
- - https://github.com/revel/revel/issues/1424
+ pr: https://github.com/revel/revel/pull/1427
+ commit: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605
+ context:
+ - https://github.com/revel/revel/issues/1424
cve_metadata:
- id: CVE-9999-0002
- cwe: "CWE-400: Uncontrolled Resource Consumption"
- description: |
- Unsanitized input in the query parser in github.com/revel/revel before v1.0.0
- allows remote attackers to cause resource exhaustion via memory allocation.
+ id: CVE-9999-0002
+ cwe: 'CWE-400: Uncontrolled Resource Consumption'
+ description: |
+ Unsanitized input in the query parser in github.com/revel/revel before v1.0.0
+ allows remote attackers to cause resource exhaustion via memory allocation.
diff --git a/reports/GO-2020-0004.yaml b/reports/GO-2020-0004.yaml
index a298629..140c38d 100644
--- a/reports/GO-2020-0004.yaml
+++ b/reports/GO-2020-0004.yaml
@@ -3,24 +3,24 @@
- introduced: v0.0.0-20160722212129-ac0cc4484ad4
fixed: v0.0.0-20200131131040-063a3fb69896
description: |
- If any of the ListenAndServe functions are called with an empty token,
- token authentication is disabled globally for all listeners.
+ If any of the ListenAndServe functions are called with an empty token,
+ token authentication is disabled globally for all listeners.
- Also, a minor timing side channel was present allowing attackers with
- very low latency and able to make a lot of requests to potentially
- recover the token.
-credit: "@bouk"
+ Also, a minor timing side channel was present allowing attackers with
+ very low latency and able to make a lot of requests to potentially
+ recover the token.
+credit: '@bouk'
symbols:
- Auth.ServerHTTP
- Auth.ListenAndServeTLS
- Auth.ListenAndServe
links:
- pr: https://github.com/nanobox-io/golang-nanoauth/pull/5
- commit: https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3
+ pr: https://github.com/nanobox-io/golang-nanoauth/pull/5
+ commit: https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3
cve_metadata:
- id: CVE-9999-0003
- cwe: "CWE-305: Authentication Bypass by Primary Weakness"
- description: |
- Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between
- v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe
- is called with an empty token.
+ id: CVE-9999-0003
+ cwe: 'CWE-305: Authentication Bypass by Primary Weakness'
+ description: |
+ Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between
+ v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe
+ is called with an empty token.
diff --git a/reports/GO-2020-0005.yaml b/reports/GO-2020-0005.yaml
index 27673c6..6657e8e 100644
--- a/reports/GO-2020-0005.yaml
+++ b/reports/GO-2020-0005.yaml
@@ -3,9 +3,9 @@
versions:
- fixed: v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
description: |
- Malformed WALs can be constructed such that WAL.ReadAll can cause attempted
- out of bounds reads, or creation of arbitrarily sized slices, which may be used as
- a DoS vector.
+ Malformed WALs can be constructed such that WAL.ReadAll can cause attempted
+ out of bounds reads, or creation of arbitrarily sized slices, which may be used as
+ a DoS vector.
cves:
- CVE-2020-15106
- CVE-2020-15112
@@ -14,7 +14,7 @@
- WAL.ReadAll
- decoder.decodeRecord
links:
- pr: https://github.com/etcd-io/etcd/pull/11793
- commit: https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
- context:
- - https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
+ pr: https://github.com/etcd-io/etcd/pull/11793
+ commit: https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
+ context:
+ - https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
diff --git a/reports/GO-2020-0006.yaml b/reports/GO-2020-0006.yaml
index 1f521cc..b6c3e37 100644
--- a/reports/GO-2020-0006.yaml
+++ b/reports/GO-2020-0006.yaml
@@ -2,14 +2,14 @@
versions:
- fixed: v1.0.4-0.20180125103619-43913f2f4fbd
description: |
- An attacker may prevent TCP connections to a Server by opening
- a connection and leaving it idle, until the connection is closed by
- the server no other connections will be accepted.
+ An attacker may prevent TCP connections to a Server by opening
+ a connection and leaving it idle, until the connection is closed by
+ the server no other connections will be accepted.
cves:
- CVE-2017-15133
credit: Pedro Sampaio
symbols:
- Server.serveTCP
links:
- pr: https://github.com/miekg/dns/pull/631
- commit: https://github.com/miekg/dns/commit/43913f2f4fbd7dcff930b8a809e709591e4dd79e
+ pr: https://github.com/miekg/dns/pull/631
+ commit: https://github.com/miekg/dns/commit/43913f2f4fbd7dcff930b8a809e709591e4dd79e
diff --git a/reports/GO-2020-0007.yaml b/reports/GO-2020-0007.yaml
index 2514916..8b845ba 100644
--- a/reports/GO-2020-0007.yaml
+++ b/reports/GO-2020-0007.yaml
@@ -2,15 +2,15 @@
versions:
- fixed: v0.9.1-0.20170424173420-06e7a29f36a3
description: |
- Filters containing rules with multiple syscall arguments are improperly
- constructed, such that all arguments are required to match rather than
- any of the arguments (AND is used rather than OR). These filters can be
- bypassed by only specifying a subset of the arguments due to this
- behavior.
+ Filters containing rules with multiple syscall arguments are improperly
+ constructed, such that all arguments are required to match rather than
+ any of the arguments (AND is used rather than OR). These filters can be
+ bypassed by only specifying a subset of the arguments due to this
+ behavior.
cves:
- CVE-2017-18367
-credit: "@ihac"
+credit: '@ihac'
symbols:
- ScmpFilter.addRuleGeneric
links:
- commit: https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
+ commit: https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
diff --git a/reports/GO-2020-0008.yaml b/reports/GO-2020-0008.yaml
index ec36d2a..9bcf259 100644
--- a/reports/GO-2020-0008.yaml
+++ b/reports/GO-2020-0008.yaml
@@ -2,16 +2,16 @@
versions:
- fixed: v1.1.25-0.20191211073109-8ebf2e419df7
description: |
- DNS message transaction IDs are generated using math/rand which
- makes them relatively predictable. This reduces the complexity
- of response spoofing attacks against DNS clients.
+ DNS message transaction IDs are generated using math/rand which
+ makes them relatively predictable. This reduces the complexity
+ of response spoofing attacks against DNS clients.
cves:
- CVE-2019-19794
symbols:
- id
links:
- pr: https://github.com/miekg/dns/pull/1044
- commit: https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
- context:
- - https://github.com/miekg/dns/issues/1037
- - https://github.com/miekg/dns/issues/1043
+ pr: https://github.com/miekg/dns/pull/1044
+ commit: https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
+ context:
+ - https://github.com/miekg/dns/issues/1037
+ - https://github.com/miekg/dns/issues/1043
diff --git a/reports/GO-2020-0009.yaml b/reports/GO-2020-0009.yaml
index e5e6653..0cf648e 100644
--- a/reports/GO-2020-0009.yaml
+++ b/reports/GO-2020-0009.yaml
@@ -8,10 +8,10 @@
versions:
- fixed: v0.0.0-20160903044734-789a4c4bd4c1
description: |
- On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC
- with HMAC such that they can control how large the input buffer is when computing
- the HMAC authentication tag. This can can allow a manipulated ciphertext to be
- verified as authentic, opening the door for padding oracle attacks.
+ On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC
+ with HMAC such that they can control how large the input buffer is when computing
+ the HMAC authentication tag. This can can allow a manipulated ciphertext to be
+ verified as authentic, opening the door for padding oracle attacks.
cves:
- CVE-2016-9123
credit: Quan Nguyen from Google's Information Security Engineering Team
@@ -31,6 +31,6 @@
- s390
- sparc
links:
- commit: https://github.com/square/go-jose/commit/789a4c4bd4c118f7564954f441b29c153ccd6a96
- context:
- - https://www.openwall.com/lists/oss-security/2016/11/03/1
+ commit: https://github.com/square/go-jose/commit/789a4c4bd4c118f7564954f441b29c153ccd6a96
+ context:
+ - https://www.openwall.com/lists/oss-security/2016/11/03/1
diff --git a/reports/GO-2020-0010.yaml b/reports/GO-2020-0010.yaml
index 5bf3452..1e16411 100644
--- a/reports/GO-2020-0010.yaml
+++ b/reports/GO-2020-0010.yaml
@@ -7,9 +7,9 @@
versions:
- fixed: v0.0.0-20160831185616-c7581939a365
description: |
- When using ECDH-ES an attacker can mount an invalid curve attack during
- decryption as the supplied public key is not checked to be on the same
- curve as the receivers private key.
+ When using ECDH-ES an attacker can mount an invalid curve attack during
+ decryption as the supplied public key is not checked to be on the same
+ curve as the receivers private key.
cves:
- CVE-2016-9121
credit: Quan Nguyen from Google's Information Security Engineering Team
@@ -18,6 +18,6 @@
- ecDecrypterSigner.decryptKey
- rawJsonWebKey.ecPublicKey
links:
- commit: https://github.com/square/go-jose/commit/c7581939a3656bb65e89d64da0a52364a33d2507
- context:
- - https://www.openwall.com/lists/oss-security/2016/11/03/1
+ commit: https://github.com/square/go-jose/commit/c7581939a3656bb65e89d64da0a52364a33d2507
+ context:
+ - https://www.openwall.com/lists/oss-security/2016/11/03/1
diff --git a/reports/GO-2020-0011.yaml b/reports/GO-2020-0011.yaml
index f86ce76..26e1612 100644
--- a/reports/GO-2020-0011.yaml
+++ b/reports/GO-2020-0011.yaml
@@ -2,11 +2,11 @@
versions:
- fixed: v0.0.0-20160922232413-2c5656adca99
description: |
- When decrypting JsonWebEncryption objects with multiple recipients
- or JsonWebSignature objects with multiple signatures the Decrypt
- and Verify methods do not indicate which recipient or signature was
- valid. This may lead a caller to rely on protected headers from an
- invalid recipient or signature.
+ When decrypting JsonWebEncryption objects with multiple recipients
+ or JsonWebSignature objects with multiple signatures the Decrypt
+ and Verify methods do not indicate which recipient or signature was
+ valid. This may lead a caller to rely on protected headers from an
+ invalid recipient or signature.
cves:
- CVE-2016-9122
credit: Quan Nguyen from Google's Information Security Engineering Team
@@ -14,6 +14,6 @@
- JsonWebEncryption.Decrypt
- JsonWebSignature.Verify
links:
- commit: https://github.com/square/go-jose/commit/2c5656adca9909843c4ff50acf1d2cf8f32da7e6
- context:
- - https://www.openwall.com/lists/oss-security/2016/11/03/1
+ commit: https://github.com/square/go-jose/commit/2c5656adca9909843c4ff50acf1d2cf8f32da7e6
+ context:
+ - https://www.openwall.com/lists/oss-security/2016/11/03/1
diff --git a/reports/GO-2020-0012.yaml b/reports/GO-2020-0012.yaml
index 162228d..1753588 100644
--- a/reports/GO-2020-0012.yaml
+++ b/reports/GO-2020-0012.yaml
@@ -3,10 +3,10 @@
versions:
- fixed: v0.0.0-20200220183623-bac4c82f6975
description: |
- An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
- key, such that the library will panic when trying to verify a signature
- with it. If verifying signatures using user supplied public keys, this
- may be used as a denial of service vector.
+ An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
+ key, such that the library will panic when trying to verify a signature
+ with it. If verifying signatures using user supplied public keys, this
+ may be used as a denial of service vector.
cves:
- CVE-2020-9283
credit: Alex Gaynor, Fish in a Barrel
@@ -17,7 +17,7 @@
- skEd25519PublicKey.Verify
- NewPublicKey
links:
- pr: https://go-review.googlesource.com/c/crypto/+/220357
- commit: https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
- context:
- - https://groups.google.com/g/golang-announce/c/3L45YRc91SY
+ pr: https://go-review.googlesource.com/c/crypto/+/220357
+ commit: https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
+ context:
+ - https://groups.google.com/g/golang-announce/c/3L45YRc91SY
diff --git a/reports/GO-2020-0013.yaml b/reports/GO-2020-0013.yaml
index ea36426..6bd75a1 100644
--- a/reports/GO-2020-0013.yaml
+++ b/reports/GO-2020-0013.yaml
@@ -3,17 +3,17 @@
versions:
- fixed: v0.0.0-20170330155735-e4e2799dd7aa
description: |
- By default host key verification is disabled which allows for
- man-in-the-middle attacks against SSH clients if
- ClientConfig.HostKeyCallback is not set.
+ By default host key verification is disabled which allows for
+ man-in-the-middle attacks against SSH clients if
+ ClientConfig.HostKeyCallback is not set.
cves:
- CVE-2017-3204
credit: Phil Pennock
symbols:
- NewClientConn
links:
- pr: https://go-review.googlesource.com/38701
- commit: https://go.googlesource.com/crypto/+/e4e2799dd7aab89f583e1d898300d96367750991
- context:
- - https://go.dev/issue/19767
- - https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/
+ pr: https://go-review.googlesource.com/38701
+ commit: https://go.googlesource.com/crypto/+/e4e2799dd7aab89f583e1d898300d96367750991
+ context:
+ - https://go.dev/issue/19767
+ - https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/
diff --git a/reports/GO-2020-0014.yaml b/reports/GO-2020-0014.yaml
index 10344ae..2c08ae3 100644
--- a/reports/GO-2020-0014.yaml
+++ b/reports/GO-2020-0014.yaml
@@ -3,9 +3,9 @@
versions:
- fixed: v0.0.0-20190125091013-d26f9f9a57f3
description: |
- html.Parse does not properly handle "select" tags, which can lead
- to an infinite loop. If parsing user supplied input, this may be used
- as a denial of service vector.
+ html.Parse does not properly handle "select" tags, which can lead
+ to an infinite loop. If parsing user supplied input, this may be used
+ as a denial of service vector.
cves:
- CVE-2018-17846
credit: '@tr3ee'
@@ -13,7 +13,7 @@
- inSelectIM
- inSelectInTableIM
links:
- pr: https://go-review.googlesource.com/c/137275
- commit: https://go.googlesource.com/net/+/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
- context:
- - https://go.dev/issue/27842
+ pr: https://go-review.googlesource.com/c/137275
+ commit: https://go.googlesource.com/net/+/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
+ context:
+ - https://go.dev/issue/27842
diff --git a/reports/GO-2020-0015.yaml b/reports/GO-2020-0015.yaml
index 72ee7ff..7032e42 100644
--- a/reports/GO-2020-0015.yaml
+++ b/reports/GO-2020-0015.yaml
@@ -10,11 +10,11 @@
versions:
- fixed: v0.3.3
description: |
- An attacker could provide a single byte to a UTF16 decoder instantiated with
- UseBOM or ExpectBOM to trigger an infinite loop if the String function on
- the Decoder is called, or the Decoder is passed to transform.String.
- If used to parse user supplied input, this may be used as a denial of service
- vector.
+ An attacker could provide a single byte to a UTF16 decoder instantiated with
+ UseBOM or ExpectBOM to trigger an infinite loop if the String function on
+ the Decoder is called, or the Decoder is passed to transform.String.
+ If used to parse user supplied input, this may be used as a denial of service
+ vector.
last_modified: 2021-06-07T12:00:00Z
cves:
- CVE-2020-14040
@@ -22,8 +22,8 @@
symbols:
- utf16Decoder.Transform
links:
- pr: https://go-review.googlesource.com/c/text/+/238238
- commit: https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
- context:
- - https://go.dev/issue/39491
- - https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0
+ pr: https://go-review.googlesource.com/c/text/+/238238
+ commit: https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
+ context:
+ - https://go.dev/issue/39491
+ - https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0
diff --git a/reports/GO-2020-0016.yaml b/reports/GO-2020-0016.yaml
index 411d20e..d82e803 100644
--- a/reports/GO-2020-0016.yaml
+++ b/reports/GO-2020-0016.yaml
@@ -2,17 +2,17 @@
versions:
- fixed: v0.5.8
description: |
- An attacker can construct a series of bytes such that calling
- Reader.Read on the bytes could cause an infinite loop. If
- parsing user supplied input, this may be used as a denial of
- service vector.
-credit: "@0xdecaf"
+ An attacker can construct a series of bytes such that calling
+ Reader.Read on the bytes could cause an infinite loop. If
+ parsing user supplied input, this may be used as a denial of
+ service vector.
cves:
- CVE-2021-29482
+credit: '@0xdecaf'
symbols:
- readUvarint
links:
- commit: https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
- context:
- - https://github.com/ulikunitz/xz/issues/35
- - https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
+ commit: https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
+ context:
+ - https://github.com/ulikunitz/xz/issues/35
+ - https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
diff --git a/reports/GO-2020-0017.yaml b/reports/GO-2020-0017.yaml
index f195509..04f8d3f 100644
--- a/reports/GO-2020-0017.yaml
+++ b/reports/GO-2020-0017.yaml
@@ -8,16 +8,16 @@
versions:
- introduced: v0.0.0-20150717181359-44718f8a89b0
description: |
- If a JWT contains an audience claim with an array of strings, rather
- than a single string, and MapClaims.VerifyAudience is called with
- req set to false, then audience verification will be bypassed,
- allowing an invalid set of audiences to be provided.
+ If a JWT contains an audience claim with an array of strings, rather
+ than a single string, and MapClaims.VerifyAudience is called with
+ req set to false, then audience verification will be bypassed,
+ allowing an invalid set of audiences to be provided.
cves:
- CVE-2020-26160
-credit: "@christopher-wong"
+credit: '@christopher-wong'
symbols:
- MapClaims.VerifyAudience
links:
- commit: https://github.com/dgrijalva/jwt-go/commit/ec0a89a131e3e8567adcb21254a5cd20a70ea4ab
- context:
- - https://github.com/dgrijalva/jwt-go/issues/422
+ commit: https://github.com/dgrijalva/jwt-go/commit/ec0a89a131e3e8567adcb21254a5cd20a70ea4ab
+ context:
+ - https://github.com/dgrijalva/jwt-go/issues/422
diff --git a/reports/GO-2020-0018.yaml b/reports/GO-2020-0018.yaml
index 1aa3eb2..af677d0 100644
--- a/reports/GO-2020-0018.yaml
+++ b/reports/GO-2020-0018.yaml
@@ -2,18 +2,18 @@
versions:
- fixed: v1.2.1-0.20181016170032-d91630c85102
description: |
- UUIDs generated using NewV1 and NewV4 may not read the expected
- number of random bytes. These UUIDs may contain a significantly smaller
- amount of entropy than expected, possibly leading to collisions.
-credit: "@josselin-c"
+ UUIDs generated using NewV1 and NewV4 may not read the expected
+ number of random bytes. These UUIDs may contain a significantly smaller
+ amount of entropy than expected, possibly leading to collisions.
cves:
- CVE-2021-3538
+credit: '@josselin-c'
symbols:
- NewV4
- rfc4122Generator.getClockSequence
- rfc4122Generator.getHardwareAddr
links:
- pr: https://github.com/satori/go.uuid/pull/75
- commit: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45
- context:
- - https://github.com/satori/go.uuid/issues/73
+ pr: https://github.com/satori/go.uuid/pull/75
+ commit: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45
+ context:
+ - https://github.com/satori/go.uuid/issues/73
diff --git a/reports/GO-2020-0019.yaml b/reports/GO-2020-0019.yaml
index 37183d1..20b5871 100644
--- a/reports/GO-2020-0019.yaml
+++ b/reports/GO-2020-0019.yaml
@@ -2,10 +2,10 @@
versions:
- fixed: v1.4.1
description: |
- An attacker can craft malicious WebSocket frames that cause an integer
- overflow in a variable which tracks the number of bytes remaining. This
- may cause the server or client to get stuck attempting to read frames
- in a loop, which can be used as a denial of service vector.
+ An attacker can craft malicious WebSocket frames that cause an integer
+ overflow in a variable which tracks the number of bytes remaining. This
+ may cause the server or client to get stuck attempting to read frames
+ in a loop, which can be used as a denial of service vector.
cves:
- CVE-2020-27813
credit: Max Justicz
@@ -13,5 +13,5 @@
- Conn.advanceFrame
- messageReader.Read
links:
- pr: https://github.com/gorilla/websocket/pull/537
- commit: https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37
+ pr: https://github.com/gorilla/websocket/pull/537
+ commit: https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37
diff --git a/reports/GO-2020-0020.yaml b/reports/GO-2020-0020.yaml
index fd02c03..f0ef171 100644
--- a/reports/GO-2020-0020.yaml
+++ b/reports/GO-2020-0020.yaml
@@ -2,12 +2,12 @@
versions:
- fixed: v1.3.0
description: |
- Usage of the CORS handler may apply improper CORS headers, allowing
- the requester to explicitly control the value of the Access-Control-Allow-Origin
- header, which bypasses the expected behavior of the Same Origin Policy.
+ Usage of the CORS handler may apply improper CORS headers, allowing
+ the requester to explicitly control the value of the Access-Control-Allow-Origin
+ header, which bypasses the expected behavior of the Same Origin Policy.
credit: Evan J Johnson
symbols:
- cors.ServeHTTP
links:
- pr: https://github.com/gorilla/handlers/pull/116
- commit: https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145
+ pr: https://github.com/gorilla/handlers/pull/116
+ commit: https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145
diff --git a/reports/GO-2020-0021.yaml b/reports/GO-2020-0021.yaml
index 61767e1..2991cbb 100644
--- a/reports/GO-2020-0021.yaml
+++ b/reports/GO-2020-0021.yaml
@@ -2,9 +2,9 @@
versions:
- fixed: v0.5.8
description: |
- Due to improper santization of user input, a number of methods are
- vulnerable to SQL injection if used with user input that has not
- been santized by the caller.
+ Due to improper santization of user input, a number of methods are
+ vulnerable to SQL injection if used with user input that has not
+ been santized by the caller.
cves:
- CVE-2014-8681
credit: Pascal Turbing and Jiahua (Joe) Chen
@@ -13,6 +13,6 @@
- SearchRepositoryByName
- SearchUserByName
links:
- commit: https://github.com/gogs/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8
- context:
- - https://seclists.org/fulldisclosure/2014/Nov/31
+ commit: https://github.com/gogs/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8
+ context:
+ - https://seclists.org/fulldisclosure/2014/Nov/31
diff --git a/reports/GO-2020-0022.yaml b/reports/GO-2020-0022.yaml
index 19a98f0..c754877 100644
--- a/reports/GO-2020-0022.yaml
+++ b/reports/GO-2020-0022.yaml
@@ -2,13 +2,13 @@
versions:
- fixed: v0.0.0-20140711154735-199f5f787806
description: |
- LZ4 bindings use a deprecated C API that is vulnerable to
- memory corruption, which could lead to arbitrary code execution
- if called with untrusted user input.
+ LZ4 bindings use a deprecated C API that is vulnerable to
+ memory corruption, which could lead to arbitrary code execution
+ if called with untrusted user input.
credit: Yann Collet
symbols:
- Uncompress
links:
- commit: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
- context:
- - https://github.com/cloudflare/golz4/issues/5
+ commit: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
+ context:
+ - https://github.com/cloudflare/golz4/issues/5
diff --git a/reports/GO-2020-0023.yaml b/reports/GO-2020-0023.yaml
index 9e7c525..e4cedc2 100644
--- a/reports/GO-2020-0023.yaml
+++ b/reports/GO-2020-0023.yaml
@@ -2,13 +2,13 @@
versions:
- fixed: v0.0.0-20170426191122-ca1404ee6e83
description: |
- Token validation methods are susceptible to a timing side-channel
- during HMAC comparison. With a large enough number of requests
- over a low latency connection, an attacker may use this to determine
- the expected HMAC.
+ Token validation methods are susceptible to a timing side-channel
+ during HMAC comparison. With a large enough number of requests
+ over a low latency connection, an attacker may use this to determine
+ the expected HMAC.
symbols:
- Algorithm.validateSignature
links:
- commit: https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654
- context:
- - https://github.com/robbert229/jwt/issues/12
+ commit: https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654
+ context:
+ - https://github.com/robbert229/jwt/issues/12
diff --git a/reports/GO-2020-0024.yaml b/reports/GO-2020-0024.yaml
index b5290ef..d3d9c91 100644
--- a/reports/GO-2020-0024.yaml
+++ b/reports/GO-2020-0024.yaml
@@ -11,11 +11,11 @@
versions:
- fixed: v0.0.0-20130808000456-233bccbb1abe
description: |
- The RemoteAddr and LocalAddr methods on the returned net.Conn may
- call themselves, leading to an infinite loop which will crash the
- program due to a stack overflow.
+ The RemoteAddr and LocalAddr methods on the returned net.Conn may
+ call themselves, leading to an infinite loop which will crash the
+ program due to a stack overflow.
symbols:
- proxiedConn.LocalAddr
- proxiedConn.RemoteAddr
links:
- commit: https://github.com/btcsuite/go-socks/commit/233bccbb1abe02f05750f7ace66f5bffdb13defc
+ commit: https://github.com/btcsuite/go-socks/commit/233bccbb1abe02f05750f7ace66f5bffdb13defc
diff --git a/reports/GO-2020-0025.yaml b/reports/GO-2020-0025.yaml
index f1f5f3b..922b56c 100644
--- a/reports/GO-2020-0025.yaml
+++ b/reports/GO-2020-0025.yaml
@@ -9,13 +9,13 @@
versions:
- fixed: v0.0.0-20180523222229-09b5706aa936
description: |
- Due to improper path santization, archives containing relative file
- paths can cause files to be written (or overwritten) outside of the
- target directory.
+ Due to improper path santization, archives containing relative file
+ paths can cause files to be written (or overwritten) outside of the
+ target directory.
symbols:
- tgzExtractor.Extract
- zipExtractor.Extract
links:
- commit: https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840
- context:
- - https://snyk.io/research/zip-slip-vulnerability
+ commit: https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840
+ context:
+ - https://snyk.io/research/zip-slip-vulnerability
diff --git a/reports/GO-2020-0026.yaml b/reports/GO-2020-0026.yaml
index e425124..39dceca 100644
--- a/reports/GO-2020-0026.yaml
+++ b/reports/GO-2020-0026.yaml
@@ -3,9 +3,9 @@
versions:
- fixed: v1.1.10-0.20180427153919-f5cbcbc5cc6f
description: |
- Due to improper path santization, archives containing relative file
- paths can cause files to be written (or overwritten) outside of the
- target directory.
+ Due to improper path santization, archives containing relative file
+ paths can cause files to be written (or overwritten) outside of the
+ target directory.
cves:
- CVE-2018-1103
symbols:
@@ -13,6 +13,6 @@
- stiTar.extractLink
- New
links:
- commit: https://github.com/openshift/source-to-image/commit/f5cbcbc5cc6f8cc2f479a7302443bea407a700cb
- context:
- - https://snyk.io/research/zip-slip-vulnerability
+ commit: https://github.com/openshift/source-to-image/commit/f5cbcbc5cc6f8cc2f479a7302443bea407a700cb
+ context:
+ - https://snyk.io/research/zip-slip-vulnerability
diff --git a/reports/GO-2020-0027.yaml b/reports/GO-2020-0027.yaml
index fcb4bf7..5de25ee 100644
--- a/reports/GO-2020-0027.yaml
+++ b/reports/GO-2020-0027.yaml
@@ -8,9 +8,9 @@
versions:
- fixed: v0.2.4
description: |
- After dropping and then elevating process privileges euid, guid, and groups
- are not properly restored to their original values, allowing an unprivileged
- user to gain membership in the root group.
+ After dropping and then elevating process privileges euid, guid, and groups
+ are not properly restored to their original values, allowing an unprivileged
+ user to gain membership in the root group.
cves:
- CVE-2018-6558
symbols:
@@ -18,6 +18,6 @@
- SetProcessPrivileges
- Handle.StopAsPamUser
links:
- commit: https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b
- context:
- - https://github.com/google/fscrypt/issues/77
+ commit: https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b
+ context:
+ - https://github.com/google/fscrypt/issues/77
diff --git a/reports/GO-2020-0028.yaml b/reports/GO-2020-0028.yaml
index 77e49bf..f8d731e 100644
--- a/reports/GO-2020-0028.yaml
+++ b/reports/GO-2020-0028.yaml
@@ -2,15 +2,15 @@
versions:
- fixed: v1.0.10
description: |
- Due to a nil pointer dereference, parsing a malformed zone file
- containing TA records may cause a panic. If parsing user supplied
- input, this may be used as a denial of service vector.
+ Due to a nil pointer dereference, parsing a malformed zone file
+ containing TA records may cause a panic. If parsing user supplied
+ input, this may be used as a denial of service vector.
cves:
- CVE-2018-17419
-credit: "@tr3ee"
+credit: '@tr3ee'
symbols:
- setTA
links:
- commit: https://github.com/miekg/dns/commit/501e858f679edecd4a38a86317ce50271014a80d
- context:
- - https://github.com/miekg/dns/issues/742
+ commit: https://github.com/miekg/dns/commit/501e858f679edecd4a38a86317ce50271014a80d
+ context:
+ - https://github.com/miekg/dns/issues/742
diff --git a/reports/GO-2020-0029.yaml b/reports/GO-2020-0029.yaml
index 971d6c7..0419e9b 100644
--- a/reports/GO-2020-0029.yaml
+++ b/reports/GO-2020-0029.yaml
@@ -2,12 +2,12 @@
versions:
- fixed: v0.0.0-20141229113116-0099840c98ae
description: |
- Due to improper HTTP header santization, a malicious user can spoof their
- source IP address by setting the X-Forwarded-For header. This may allow
- a user to bypass IP based restrictions, or obfuscate their true source.
-credit: "@nl5887"
+ Due to improper HTTP header santization, a malicious user can spoof their
+ source IP address by setting the X-Forwarded-For header. This may allow
+ a user to bypass IP based restrictions, or obfuscate their true source.
+credit: '@nl5887'
symbols:
- Context.ClientIP
links:
- commit: https://github.com/gin-gonic/gin/commit/0099840c98ae1473c5ff0f18bc93a8e13ceed829
- pr: https://github.com/gin-gonic/gin/pull/182
+ pr: https://github.com/gin-gonic/gin/pull/182
+ commit: https://github.com/gin-gonic/gin/commit/0099840c98ae1473c5ff0f18bc93a8e13ceed829
diff --git a/reports/GO-2020-0031.yaml b/reports/GO-2020-0031.yaml
index 91f7131..d600250 100644
--- a/reports/GO-2020-0031.yaml
+++ b/reports/GO-2020-0031.yaml
@@ -2,11 +2,11 @@
versions:
- fixed: v0.1.1
description: |
- Due to improper setting of finalizers, memory passed to C may be freed before it is used,
- leading to crashes due to memory corruption or possible code execution.
+ Due to improper setting of finalizers, memory passed to C may be freed before it is used,
+ leading to crashes due to memory corruption or possible code execution.
cves:
- CVE-2020-8945
links:
- commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
- context:
- - https://bugzilla.redhat.com/show_bug.cgi?id=1795838
+ commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
+ context:
+ - https://bugzilla.redhat.com/show_bug.cgi?id=1795838
diff --git a/reports/GO-2020-0032.yaml b/reports/GO-2020-0032.yaml
index 5bf2026..43e1c5e 100644
--- a/reports/GO-2020-0032.yaml
+++ b/reports/GO-2020-0032.yaml
@@ -13,18 +13,19 @@
versions:
- fixed: v1.4.3
description: |
- Due to improper santization of user input, Controller.FileHandler allows
- for directory traversal, allowing an attacker to read files outside of
- the target directory that the server has permission to read.
-credit: "@christi3k"
+ Due to improper santization of user input, Controller.FileHandler allows
+ for directory traversal, allowing an attacker to read files outside of
+ the target directory that the server has permission to read.
+credit: '@christi3k'
symbols:
- Controller.FileHandler
links:
- pr: https://github.com/goadesign/goa/pull/2388
- commit: https://github.com/goadesign/goa/commit/70b5a199d0f813d74423993832c424e1fc73fb39
+ pr: https://github.com/goadesign/goa/pull/2388
+ commit: https://github.com/goadesign/goa/commit/70b5a199d0f813d74423993832c424e1fc73fb39
cve_metadata:
- id: CVE-9999-0012
- cwe: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
- description: |
- Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or
- v1.4.3 allow remote attackers to read files outside of the intended directory.
+ id: CVE-9999-0012
+ cwe: 'CWE-22: Improper Limitation of a Pathname to a Restricted Directory (''Path
+ Traversal'')'
+ description: |
+ Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or
+ v1.4.3 allow remote attackers to read files outside of the intended directory.
diff --git a/reports/GO-2020-0033.yaml b/reports/GO-2020-0033.yaml
index 4b51882..dd831fd 100644
--- a/reports/GO-2020-0033.yaml
+++ b/reports/GO-2020-0033.yaml
@@ -2,14 +2,14 @@
versions:
- fixed: v0.12.4
description: |
- Due to improper santization of user input, HTTPEngine.Handle allows
- for directory traversal, allowing an attacker to read files outside of
- the target directory that the server has permission to read.
-credit: "@snyff"
+ Due to improper santization of user input, HTTPEngine.Handle allows
+ for directory traversal, allowing an attacker to read files outside of
+ the target directory that the server has permission to read.
+credit: '@snyff'
symbols:
- HTTPEngine.Handle
links:
- pr: https://github.com/go-aah/aah/pull/267
- commit: https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec
- context:
- - https://github.com/go-aah/aah/issues/266
+ pr: https://github.com/go-aah/aah/pull/267
+ commit: https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec
+ context:
+ - https://github.com/go-aah/aah/issues/266
diff --git a/reports/GO-2020-0034.yaml b/reports/GO-2020-0034.yaml
index 386085e..4635658 100644
--- a/reports/GO-2020-0034.yaml
+++ b/reports/GO-2020-0034.yaml
@@ -2,13 +2,13 @@
versions:
- fixed: v1.0.0
description: |
- Due to improper path santization, archives containing relative file
- paths can cause files to be written (or overwritten) outside of the
- target directory.
+ Due to improper path santization, archives containing relative file
+ paths can cause files to be written (or overwritten) outside of the
+ target directory.
symbols:
- Unzip.Extract
links:
- pr: https://github.com/artdarek/go-unzip/pull/2
- commit: https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0
- context:
- - https://snyk.io/research/zip-slip-vulnerability
+ pr: https://github.com/artdarek/go-unzip/pull/2
+ commit: https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0
+ context:
+ - https://snyk.io/research/zip-slip-vulnerability
diff --git a/reports/GO-2020-0035.yaml b/reports/GO-2020-0035.yaml
index 29a500e..89e14c9 100644
--- a/reports/GO-2020-0035.yaml
+++ b/reports/GO-2020-0035.yaml
@@ -2,13 +2,13 @@
versions:
- fixed: v1.0.3-0.20200308084313-2adbaa4891b9
description: |
- Due to improper path santization, archives containing relative file
- paths can cause files to be written (or overwritten) outside of the
- target directory.
+ Due to improper path santization, archives containing relative file
+ paths can cause files to be written (or overwritten) outside of the
+ target directory.
symbols:
- Unzip.Extract
links:
- pr: https://github.com/yi-ge/unzip/pull/1
- commit: https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73
- context:
- - https://snyk.io/research/zip-slip-vulnerability
+ pr: https://github.com/yi-ge/unzip/pull/1
+ commit: https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73
+ context:
+ - https://snyk.io/research/zip-slip-vulnerability
diff --git a/reports/GO-2020-0036.yaml b/reports/GO-2020-0036.yaml
index bf56969..0f2221e 100644
--- a/reports/GO-2020-0036.yaml
+++ b/reports/GO-2020-0036.yaml
@@ -1,22 +1,20 @@
module: gopkg.in/yaml.v2
additional_packages:
- # all of the incompatible versions of github.com/go-yaml/yaml
- # are affected
- module: github.com/go-yaml/yaml
symbols:
- yaml_parser_fetch_more_tokens
versions:
- fixed: v2.2.8
description: |
- Due to unbounded aliasing, a crafted YAML file can cause consumption
- of significant system resources. If parsing user supplied input, this
- may be used as a denial of service vector.
+ Due to unbounded aliasing, a crafted YAML file can cause consumption
+ of significant system resources. If parsing user supplied input, this
+ may be used as a denial of service vector.
cves:
- CVE-2019-11254
symbols:
- yaml_parser_fetch_more_tokens
links:
- pr: https://github.com/go-yaml/yaml/pull/555
- commit: https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48
- context:
- - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496
+ pr: https://github.com/go-yaml/yaml/pull/555
+ commit: https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48
+ context:
+ - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496
diff --git a/reports/GO-2020-0037.yaml b/reports/GO-2020-0037.yaml
index 1dd3b21..b28e6e1 100644
--- a/reports/GO-2020-0037.yaml
+++ b/reports/GO-2020-0037.yaml
@@ -3,13 +3,13 @@
versions:
- fixed: v0.31.1
description: |
- Due to support of Gzip compression in request bodies, as well
- as a lack of limiting response body sizes, a malicious server
- can cause a client to consume a significant amount of system
- resources, which may be used as a denial of service vector.
-credit: "@guagualvcha"
+ Due to support of Gzip compression in request bodies, as well
+ as a lack of limiting response body sizes, a malicious server
+ can cause a client to consume a significant amount of system
+ resources, which may be used as a denial of service vector.
+credit: '@guagualvcha'
symbols:
- makeHTTPClient
links:
- pr: https://github.com/tendermint/tendermint/pull/3430
- commit: https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613
+ pr: https://github.com/tendermint/tendermint/pull/3430
+ commit: https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613
diff --git a/reports/GO-2020-0038.yaml b/reports/GO-2020-0038.yaml
index b27d3db..3d08fb1 100644
--- a/reports/GO-2020-0038.yaml
+++ b/reports/GO-2020-0038.yaml
@@ -2,16 +2,16 @@
versions:
- fixed: v1.5.2
description: |
- Due to improper verification of packets, unencrypted packets containing
- application data are accepted after the initial handshake. This allows
- an attacker to inject arbitrary data which the client/server believes
- was encrypted, despite not knowing the session key.
+ Due to improper verification of packets, unencrypted packets containing
+ application data are accepted after the initial handshake. This allows
+ an attacker to inject arbitrary data which the client/server believes
+ was encrypted, despite not knowing the session key.
cves:
- CVE-2019-20786
symbols:
- Conn.handleIncomingPacket
links:
- pr: https://github.com/pion/dtls/pull/128
- commit: https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0
- context:
- - https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf
+ pr: https://github.com/pion/dtls/pull/128
+ commit: https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0
+ context:
+ - https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf
diff --git a/reports/GO-2020-0039.yaml b/reports/GO-2020-0039.yaml
index bd0f474..b3b4784 100644
--- a/reports/GO-2020-0039.yaml
+++ b/reports/GO-2020-0039.yaml
@@ -2,16 +2,16 @@
versions:
- fixed: v1.3.7
description: |
- Due to improper request santization, a specifically crafted URL
- can cause the static file handler to redirect to an attacker chosen
- URL, allowing for open redirect attacks.
+ Due to improper request santization, a specifically crafted URL
+ can cause the static file handler to redirect to an attacker chosen
+ URL, allowing for open redirect attacks.
cves:
- CVE-2020-12666
-credit: "@ev0A"
+credit: '@ev0A'
symbols:
- staticHandler
links:
- pr: https://github.com/go-macaron/macaron/pull/199
- commit: https://github.com/go-macaron/macaron/commit/addc7461c3a90a040e79aa75bfd245107a210245
- context:
- - https://github.com/go-macaron/macaron/issues/198
+ pr: https://github.com/go-macaron/macaron/pull/199
+ commit: https://github.com/go-macaron/macaron/commit/addc7461c3a90a040e79aa75bfd245107a210245
+ context:
+ - https://github.com/go-macaron/macaron/issues/198
diff --git a/reports/GO-2020-0040.yaml b/reports/GO-2020-0040.yaml
index b7a786c..8435b0b 100644
--- a/reports/GO-2020-0040.yaml
+++ b/reports/GO-2020-0040.yaml
@@ -1,8 +1,8 @@
module: github.com/shiyanhui/dht
description: |
- Due to unchecked type assertions, maliciously crafted messages can
- cause panics, which may be used as a denial of service vector.
-credit: "@hMihaiDavid"
+ Due to unchecked type assertions, maliciously crafted messages can
+ cause panics, which may be used as a denial of service vector.
+credit: '@hMihaiDavid'
links:
- context:
- - https://github.com/shiyanhui/dht/issues/57
+ context:
+ - https://github.com/shiyanhui/dht/issues/57
diff --git a/reports/GO-2020-0041.yaml b/reports/GO-2020-0041.yaml
index db9d878..37cef39 100644
--- a/reports/GO-2020-0041.yaml
+++ b/reports/GO-2020-0041.yaml
@@ -1,7 +1,6 @@
module: github.com/unknwon/cae
package: github.com/unknwon/cae/tz
additional_packages:
- # CVE-2020-7664
- module: github.com/unknwon/cae
package: github.com/unknwon/cae/zip
symbols:
@@ -12,15 +11,15 @@
versions:
- fixed: v1.0.1
description: |
- Due to improper path santization, archives containing relative file
- paths can cause files to be written (or overwritten) outside of the
- target directory.
+ Due to improper path santization, archives containing relative file
+ paths can cause files to be written (or overwritten) outside of the
+ target directory.
cves:
- CVE-2020-7668
symbols:
- TzArchive.syncFiles
- TzArchive.ExtractToFunc
links:
- commit: https://github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11
- context:
- - https://snyk.io/research/zip-slip-vulnerability
+ commit: https://github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11
+ context:
+ - https://snyk.io/research/zip-slip-vulnerability
diff --git a/reports/GO-2020-0042.yaml b/reports/GO-2020-0042.yaml
index eff7f51..05e0615 100644
--- a/reports/GO-2020-0042.yaml
+++ b/reports/GO-2020-0042.yaml
@@ -3,14 +3,14 @@
versions:
- fixed: v0.1.0
description: |
- Due to improper path santization, RPMs containing relative file
- paths can cause files to be written (or overwritten) outside of the
- target directory.
+ Due to improper path santization, RPMs containing relative file
+ paths can cause files to be written (or overwritten) outside of the
+ target directory.
cves:
- CVE-2020-7667
symbols:
- Extract
links:
- commit: https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0
- context:
- - https://snyk.io/research/zip-slip-vulnerability
+ commit: https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0
+ context:
+ - https://snyk.io/research/zip-slip-vulnerability
diff --git a/reports/GO-2020-0043.yaml b/reports/GO-2020-0043.yaml
index 05ade3e..1d38330 100644
--- a/reports/GO-2020-0043.yaml
+++ b/reports/GO-2020-0043.yaml
@@ -3,10 +3,10 @@
versions:
- fixed: v0.10.13
description: |
- Due to improper TLS verification when serving traffic for multiple
- SNIs, an attacker may bypass TLS client authentication by indicating
- an SNI during the TLS handshake that is different from the name in
- the HTTP Host header.
+ Due to improper TLS verification when serving traffic for multiple
+ SNIs, an attacker may bypass TLS client authentication by indicating
+ an SNI during the TLS handshake that is different from the name in
+ the HTTP Host header.
cves:
- CVE-2018-21246
symbols:
@@ -14,7 +14,7 @@
- Server.serveHTTP
- assertConfigsCompatible
links:
- pr: https://github.com/caddyserver/caddy/pull/2099
- commit: https://github.com/caddyserver/caddy/commit/4d9ee000c8d2cbcdd8284007c1e0f2da7bc3c7c3
- context:
- - https://bugs.gentoo.org/715214
+ pr: https://github.com/caddyserver/caddy/pull/2099
+ commit: https://github.com/caddyserver/caddy/commit/4d9ee000c8d2cbcdd8284007c1e0f2da7bc3c7c3
+ context:
+ - https://bugs.gentoo.org/715214
diff --git a/reports/GO-2020-0045.yaml b/reports/GO-2020-0045.yaml
index acf05bb..76d9fce 100644
--- a/reports/GO-2020-0045.yaml
+++ b/reports/GO-2020-0045.yaml
@@ -2,14 +2,14 @@
versions:
- fixed: v0.3.0
description: |
- CSRF tokens are generated using math/rand, which is not a cryptographically secure
- rander number generation, making predicting their values relatively trivial and
- allowing an attacker to bypass CSRF protections which relatively few requests.
-credit: "@elithrar"
+ CSRF tokens are generated using math/rand, which is not a cryptographically secure
+ rander number generation, making predicting their values relatively trivial and
+ allowing an attacker to bypass CSRF protections which relatively few requests.
+credit: '@elithrar'
symbols:
- randomBytes
links:
- pr: https://github.com/dinever/golf/pull/24
- commit: https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe
- context:
- - https://github.com/dinever/golf/issues/20
+ pr: https://github.com/dinever/golf/pull/24
+ commit: https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe
+ context:
+ - https://github.com/dinever/golf/issues/20
diff --git a/reports/GO-2020-0047.yaml b/reports/GO-2020-0047.yaml
index ec804e0..877d507 100644
--- a/reports/GO-2020-0047.yaml
+++ b/reports/GO-2020-0047.yaml
@@ -1,12 +1,12 @@
module: github.com/RobotsAndPencils/go-saml
description: |
- XML Digital Signatures generated and validated using this package use
- SHA-1, which may allow an attacker to craft inputs which cause hash
- collisions depending on their control over the input.
+ XML Digital Signatures generated and validated using this package use
+ SHA-1, which may allow an attacker to craft inputs which cause hash
+ collisions depending on their control over the input.
symbols:
- AuthnRequest.Validate
- NewAuthnRequest
- NewSignedResponse
links:
- context:
- - https://github.com/RobotsAndPencils/go-saml/pull/38
+ context:
+ - https://github.com/RobotsAndPencils/go-saml/pull/38
diff --git a/reports/GO-2020-0048.yaml b/reports/GO-2020-0048.yaml
index 8e52b06..842502e 100644
--- a/reports/GO-2020-0048.yaml
+++ b/reports/GO-2020-0048.yaml
@@ -2,16 +2,16 @@
versions:
- fixed: v1.3.1
description: |
- LoadURL does not check the Content-Type of loaded resources,
- which can cause a panic due to nil pointer deference if the loaded
- resource is not XML. If user supplied URLs are loaded, this may be
- used as a denial of service vector.
+ LoadURL does not check the Content-Type of loaded resources,
+ which can cause a panic due to nil pointer deference if the loaded
+ resource is not XML. If user supplied URLs are loaded, this may be
+ used as a denial of service vector.
cves:
- CVE-2020-25614
-credit: "@dwisiswant0"
+credit: '@dwisiswant0'
symbols:
- LoadURL
links:
- commit: https://github.com/antchfx/xmlquery/commit/5648b2f39e8d5d3fc903c45a4f1274829df71821
- context:
- - https://github.com/antchfx/xmlquery/issues/39
+ commit: https://github.com/antchfx/xmlquery/commit/5648b2f39e8d5d3fc903c45a4f1274829df71821
+ context:
+ - https://github.com/antchfx/xmlquery/issues/39
diff --git a/reports/GO-2020-0049.yaml b/reports/GO-2020-0049.yaml
index 5fc8523..91b603e 100644
--- a/reports/GO-2020-0049.yaml
+++ b/reports/GO-2020-0049.yaml
@@ -2,13 +2,13 @@
versions:
- fixed: v1.1.1
description: |
- Due to improper validation of caller input, validation is silently disabled
- if the provided expected token is malformed, causing any user supplied token
- to be considered valid.
-credit: "@aeneasr"
+ Due to improper validation of caller input, validation is silently disabled
+ if the provided expected token is malformed, causing any user supplied token
+ to be considered valid.
+credit: '@aeneasr'
symbols:
- VerifyToken
- verifyToken
links:
- pr: https://github.com/justinas/nosurf/pull/60
- commit: https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314
+ pr: https://github.com/justinas/nosurf/pull/60
+ commit: https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314
diff --git a/reports/GO-2020-0050.yaml b/reports/GO-2020-0050.yaml
index 937610b..9d6ba61 100644
--- a/reports/GO-2020-0050.yaml
+++ b/reports/GO-2020-0050.yaml
@@ -2,15 +2,15 @@
versions:
- fixed: v1.1.0
description: |
- Due to the behavior of encoding/xml, a crafted XML document may cause
- XML Digital Signature validation to be entirely bypassed, causing an
- unsigned document to appear signed.
+ Due to the behavior of encoding/xml, a crafted XML document may cause
+ XML Digital Signature validation to be entirely bypassed, causing an
+ unsigned document to appear signed.
cves:
- CVE-2020-15216
-credit: "@jupenur"
+credit: '@jupenur'
symbols:
- ValidationContext.findSignature
links:
- commit: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
- context:
- - https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
+ commit: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
+ context:
+ - https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
diff --git a/reports/GO-2021-0051.yaml b/reports/GO-2021-0051.yaml
index 22c9f8a..cc0f7e7 100644
--- a/reports/GO-2021-0051.yaml
+++ b/reports/GO-2021-0051.yaml
@@ -2,14 +2,14 @@
versions:
- fixed: v4.1.18-0.20201215153152-4422e3b66b9f
description: |
- Due to improper sanitization of user input on Windows, the static file handler
- allows for directory traversal, allowing an attacker to read files outside of
- the target directory that the server has permission to read.
-credit: "@little-cui (Apache ServiceComb)"
+ Due to improper sanitization of user input on Windows, the static file handler
+ allows for directory traversal, allowing an attacker to read files outside of
+ the target directory that the server has permission to read.
+credit: '@little-cui (Apache ServiceComb)'
symbols:
- common.static
os:
- windows
links:
- pr: https://github.com/labstack/echo/pull/1718
- commit: https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
+ pr: https://github.com/labstack/echo/pull/1718
+ commit: https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
diff --git a/reports/GO-2021-0052.yaml b/reports/GO-2021-0052.yaml
index f1f2b20..402815e 100644
--- a/reports/GO-2021-0052.yaml
+++ b/reports/GO-2021-0052.yaml
@@ -1,17 +1,17 @@
module: github.com/gin-gonic/gin
-description: |
- Due to improper HTTP header santization, a malicious user can spoof their
- source IP address by setting the X-Forwarded-For header. This may allow
- a user to bypass IP based restrictions, or obfuscate their true source.
-cves:
- - CVE-2020-28483
-credit: "@sorenh"
-symbols:
- - Context.ClientIP
versions:
- fixed: v1.6.3-0.20210406033725-bfc8ca285eb4
+description: |
+ Due to improper HTTP header santization, a malicious user can spoof their
+ source IP address by setting the X-Forwarded-For header. This may allow
+ a user to bypass IP based restrictions, or obfuscate their true source.
+cves:
+ - CVE-2020-28483
+credit: '@sorenh'
+symbols:
+ - Context.ClientIP
links:
- commit: https://github.com/gin-gonic/gin/commit/bfc8ca285eb46dad60e037d57c545cd260636711
- pr: https://github.com/gin-gonic/gin/pull/2632
- context:
- - https://github.com/gin-gonic/gin/pull/2474
+ pr: https://github.com/gin-gonic/gin/pull/2632
+ commit: https://github.com/gin-gonic/gin/commit/bfc8ca285eb46dad60e037d57c545cd260636711
+ context:
+ - https://github.com/gin-gonic/gin/pull/2474
diff --git a/reports/GO-2021-0053.yaml b/reports/GO-2021-0053.yaml
index 3c3ee99..af6e6e1 100644
--- a/reports/GO-2021-0053.yaml
+++ b/reports/GO-2021-0053.yaml
@@ -2,10 +2,10 @@
versions:
- fixed: v1.3.2
description: |
- Due to improper bounds checking, maliciously crafted input to generated
- Unmarshal methods can cause an out-of-bounds panic. If parsing messages
- from untrusted parties, this may be used as a denial of service vector.
+ Due to improper bounds checking, maliciously crafted input to generated
+ Unmarshal methods can cause an out-of-bounds panic. If parsing messages
+ from untrusted parties, this may be used as a denial of service vector.
cves:
- CVE-2021-3121
links:
- commit: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
+ commit: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
diff --git a/reports/GO-2021-0054.yaml b/reports/GO-2021-0054.yaml
index 6bbb699..3ff1eee 100644
--- a/reports/GO-2021-0054.yaml
+++ b/reports/GO-2021-0054.yaml
@@ -2,15 +2,15 @@
versions:
- fixed: v1.6.6
description: |
- Due to improper bounds checking, maliciously crafted JSON objects
- can cause an out-of-bounds panic. If parsing user input, this may
- be used as a denial of service vector.
+ Due to improper bounds checking, maliciously crafted JSON objects
+ can cause an out-of-bounds panic. If parsing user input, this may
+ be used as a denial of service vector.
cves:
- CVE-2020-36067
-credit: "@toptotu"
+credit: '@toptotu'
symbols:
- unwrap
links:
- commit: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b
- context:
- - https://github.com/tidwall/gjson/issues/196
+ commit: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b
+ context:
+ - https://github.com/tidwall/gjson/issues/196
diff --git a/reports/GO-2021-0056.yaml b/reports/GO-2021-0056.yaml
index e01f66d..c781c2b 100644
--- a/reports/GO-2021-0056.yaml
+++ b/reports/GO-2021-0056.yaml
@@ -3,15 +3,15 @@
versions:
- fixed: v0.0.0-20201214082111-324b1c886b40
description: |
- Due to the behavior of encoding/xml, a crafted XML document may cause
- XML Digital Signature validation to be entirely bypassed, causing an
- unsigned document to appear signed.
+ Due to the behavior of encoding/xml, a crafted XML document may cause
+ XML Digital Signature validation to be entirely bypassed, causing an
+ unsigned document to appear signed.
cves:
- CVE-2020-15216
credit: Juho Nurminen (Mattermost)
symbols:
- provider.HandlePOST
links:
- commit: https://github.com/dexidp/dex/commit/324b1c886b407594196113a3dbddebe38eecd4e8
- context:
- - https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5
+ commit: https://github.com/dexidp/dex/commit/324b1c886b407594196113a3dbddebe38eecd4e8
+ context:
+ - https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5
diff --git a/reports/GO-2021-0057.yaml b/reports/GO-2021-0057.yaml
index bc2d900..8b5601e 100644
--- a/reports/GO-2021-0057.yaml
+++ b/reports/GO-2021-0057.yaml
@@ -2,16 +2,16 @@
versions:
- fixed: v1.1.1
description: |
- Due to improper bounds checking, maliciously crafted JSON objects
- can cause an out-of-bounds panic. If parsing user input, this may
- be used as a denial of service vector.
+ Due to improper bounds checking, maliciously crafted JSON objects
+ can cause an out-of-bounds panic. If parsing user input, this may
+ be used as a denial of service vector.
cves:
- CVE-2020-35381
-credit: "@toptotu"
+credit: '@toptotu'
symbols:
- searchKeys
links:
- pr: https://github.com/buger/jsonparser/pull/221
- commit: https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
- context:
- - https://github.com/buger/jsonparser/issues/219
+ pr: https://github.com/buger/jsonparser/pull/221
+ commit: https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
+ context:
+ - https://github.com/buger/jsonparser/issues/219
diff --git a/reports/GO-2021-0058.yaml b/reports/GO-2021-0058.yaml
index fbdf88f..e1bba12 100644
--- a/reports/GO-2021-0058.yaml
+++ b/reports/GO-2021-0058.yaml
@@ -11,9 +11,9 @@
versions:
- fixed: v0.4.3
description: |
- Due to the behavior of encoding/xml, a crafted XML document may cause
- XML Digital Signature validation to be entirely bypassed, causing an
- unsigned document to appear signed.
+ Due to the behavior of encoding/xml, a crafted XML document may cause
+ XML Digital Signature validation to be entirely bypassed, causing an
+ unsigned document to appear signed.
cves:
- CVE-2020-27846
symbols:
@@ -22,6 +22,6 @@
- ServiceProvider.ValidateLogoutResponseForm
- ServiceProvider.ValidateLogoutResponseRedirect
links:
- commit: https://github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053
- context:
- - https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9
+ commit: https://github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053
+ context:
+ - https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9
diff --git a/reports/GO-2021-0059.yaml b/reports/GO-2021-0059.yaml
index cf8bea5..99209e5 100644
--- a/reports/GO-2021-0059.yaml
+++ b/reports/GO-2021-0059.yaml
@@ -2,15 +2,15 @@
versions:
- fixed: v1.6.4
description: |
- Due to improper bounds checking, maliciously crafted JSON objects
- can cause an out-of-bounds panic. If parsing user input, this may
- be used as a denial of service vector.
+ Due to improper bounds checking, maliciously crafted JSON objects
+ can cause an out-of-bounds panic. If parsing user input, this may
+ be used as a denial of service vector.
cves:
- CVE-2020-35380
-credit: "@toptotu"
+credit: '@toptotu'
symbols:
- sqaush
links:
- commit: https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc
- context:
- - https://github.com/tidwall/gjson/issues/192
+ commit: https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc
+ context:
+ - https://github.com/tidwall/gjson/issues/192
diff --git a/reports/GO-2021-0060.yaml b/reports/GO-2021-0060.yaml
index 8696462..b39584e 100644
--- a/reports/GO-2021-0060.yaml
+++ b/reports/GO-2021-0060.yaml
@@ -2,15 +2,15 @@
versions:
- fixed: v0.6.0
description: |
- Due to the behavior of encoding/xml, a crafted XML document may cause
- XML Digital Signature validation to be entirely bypassed, causing an
- unsigned document to appear signed.
+ Due to the behavior of encoding/xml, a crafted XML document may cause
+ XML Digital Signature validation to be entirely bypassed, causing an
+ unsigned document to appear signed.
cves:
- CVE-2020-29509
credit: Juho Nurminen
symbols:
- parseResponse
links:
- commit: https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9
- context:
- - https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg
+ commit: https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9
+ context:
+ - https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg
diff --git a/reports/GO-2021-0061.yaml b/reports/GO-2021-0061.yaml
index c390f1b..0f19a35 100644
--- a/reports/GO-2021-0061.yaml
+++ b/reports/GO-2021-0061.yaml
@@ -1,19 +1,17 @@
module: gopkg.in/yaml.v2
additional_packages:
- # all of the incompatible versions of github.com/go-yaml/yaml
- # are affected
- module: github.com/go-yaml/yaml
symbols:
- decoder.unmarshal
versions:
- fixed: v2.2.3
description: |
- Due to unbounded alias chasing, a maliciously crafted YAML file
- can cause the system to consume significant system resources. If
- parsing user input, this may be used as a denial of service vector.
-credit: "@simonferquel"
+ Due to unbounded alias chasing, a maliciously crafted YAML file
+ can cause the system to consume significant system resources. If
+ parsing user input, this may be used as a denial of service vector.
+credit: '@simonferquel'
symbols:
- decoder.unmarshal
links:
- pr: https://github.com/go-yaml/yaml/pull/375
- commit: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241
+ pr: https://github.com/go-yaml/yaml/pull/375
+ commit: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241
diff --git a/reports/GO-2021-0063.yaml b/reports/GO-2021-0063.yaml
index d784e26..97fe073 100644
--- a/reports/GO-2021-0063.yaml
+++ b/reports/GO-2021-0063.yaml
@@ -3,14 +3,14 @@
versions:
- fixed: v1.9.25
description: |
- Due to a nil pointer dereference, a malicously crafted RPC message
- can cause a panic. If handling RPC messages from untrusted clients,
- this may be used as a denial of service vector.
+ Due to a nil pointer dereference, a malicously crafted RPC message
+ can cause a panic. If handling RPC messages from untrusted clients,
+ this may be used as a denial of service vector.
cves:
- CVE-2020-26264
-credit: "@zsfelfoldi"
+credit: '@zsfelfoldi'
symbols:
- serverHandler.handleMsg
links:
- pr: https://github.com/ethereum/go-ethereum/pull/21896
- commit: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46
+ pr: https://github.com/ethereum/go-ethereum/pull/21896
+ commit: https://github.com/ethereum/go-ethereum/commit/bddd103a9f0af27ef533f04e06ea429cf76b6d46
diff --git a/reports/GO-2021-0064.yaml b/reports/GO-2021-0064.yaml
index b4fdab2..5da2922 100644
--- a/reports/GO-2021-0064.yaml
+++ b/reports/GO-2021-0064.yaml
@@ -10,15 +10,15 @@
versions:
- fixed: v0.20.0-alpha.2
description: |
- Authorization tokens may be inappropriately logged if the verbosity
- level is set to a debug level.
+ Authorization tokens may be inappropriately logged if the verbosity
+ level is set to a debug level.
cves:
- CVE-2020-8565
-credit: "@sfowl"
+credit: '@sfowl'
symbols:
- requestInfo.toCurl
links:
- pr: https://github.com/kubernetes/kubernetes/pull/95316
- commit: https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419
- context:
- - https://github.com/kubernetes/kubernetes/issues/95623
+ pr: https://github.com/kubernetes/kubernetes/pull/95316
+ commit: https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419
+ context:
+ - https://github.com/kubernetes/kubernetes/issues/95623
diff --git a/reports/GO-2021-0065.yaml b/reports/GO-2021-0065.yaml
index 049a6ba..bc044a3 100644
--- a/reports/GO-2021-0065.yaml
+++ b/reports/GO-2021-0065.yaml
@@ -10,14 +10,14 @@
versions:
- fixed: v0.17.0
description: |
- Authorization tokens may be inappropriately logged if the verbosity
- level is set to a debug level.
+ Authorization tokens may be inappropriately logged if the verbosity
+ level is set to a debug level.
cves:
- CVE-2019-11250
symbols:
- debuggingRoundTripper.RoundTrip
links:
- pr: https://github.com/kubernetes/kubernetes/pull/81330
- commit: https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245
- context:
- - https://github.com/kubernetes/kubernetes/issues/81114
+ pr: https://github.com/kubernetes/kubernetes/pull/81330
+ commit: https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245
+ context:
+ - https://github.com/kubernetes/kubernetes/issues/81114
diff --git a/reports/GO-2021-0066.yaml b/reports/GO-2021-0066.yaml
index 3661234..df884eb 100644
--- a/reports/GO-2021-0066.yaml
+++ b/reports/GO-2021-0066.yaml
@@ -3,16 +3,16 @@
versions:
- fixed: v1.20.0-alpha.1
description: |
- Attempting to read a malformed .dockercfg may cause secrets to be
- inappropriately logged.
+ Attempting to read a malformed .dockercfg may cause secrets to be
+ inappropriately logged.
cves:
- CVE-2020-8564
-credit: "@sfowl"
+credit: '@sfowl'
symbols:
- readDockerConfigFileFromBytes
- readDockerConfigJSONFileFromBytes
links:
- pr: https://github.com/kubernetes/kubernetes/pull/94712
- commit: https://github.com/kubernetes/kubernetes/commit/11793434dac97a49bfed0150b56ac63e5dc34634
- context:
- - https://github.com/kubernetes/kubernetes/issues/95622
+ pr: https://github.com/kubernetes/kubernetes/pull/94712
+ commit: https://github.com/kubernetes/kubernetes/commit/11793434dac97a49bfed0150b56ac63e5dc34634
+ context:
+ - https://github.com/kubernetes/kubernetes/issues/95622
diff --git a/reports/GO-2021-0067.yaml b/reports/GO-2021-0067.yaml
index 1e120d0..2d0e179 100644
--- a/reports/GO-2021-0067.yaml
+++ b/reports/GO-2021-0067.yaml
@@ -4,16 +4,16 @@
- introduced: go1.16
fixed: go1.16.1
description: |
- Using Reader.Open on an archive containing a file with a path
- prefixed by "../" will cause a panic due to a stack overflow.
- If parsing user supplied archives, this may be used as a
- denial of service vector.
+ Using Reader.Open on an archive containing a file with a path
+ prefixed by "../" will cause a panic due to a stack overflow.
+ If parsing user supplied archives, this may be used as a
+ denial of service vector.
cves:
- CVE-2021-27919
symbols:
- toValidName
links:
- pr: https://go-review.googlesource.com/c/go/+/300489
- commit: https://go.googlesource.com/go/+/cd3b4ca9f20fd14187ed4cdfdee1a02ea87e5cd8
- context:
- - https://go.dev/issue/44916
+ pr: https://go-review.googlesource.com/c/go/+/300489
+ commit: https://go.googlesource.com/go/+/cd3b4ca9f20fd14187ed4cdfdee1a02ea87e5cd8
+ context:
+ - https://go.dev/issue/44916
diff --git a/reports/GO-2021-0068.yaml b/reports/GO-2021-0068.yaml
index 233a62d..5702bf1 100644
--- a/reports/GO-2021-0068.yaml
+++ b/reports/GO-2021-0068.yaml
@@ -5,18 +5,18 @@
- fixed: go1.14.14
- fixed: go1.15.7
description: |
- The go command may execute arbitrary code at build time when using cgo on Windows.
- This can be triggered by running go get on a malicious module, or any other time
- the code is built.
+ The go command may execute arbitrary code at build time when using cgo on Windows.
+ This can be triggered by running go get on a malicious module, or any other time
+ the code is built.
cves:
- CVE-2021-3115
credit: RyotaK
os:
- windows
links:
- pr: https://go.dev/cl/284783
- commit: https://go.googlesource.com/go/+/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0
- context:
- - https://go.dev/issue/43783
- - https://go.dev/cl/284780
- - https://go.googlesource.com/go/+/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0
+ pr: https://go.dev/cl/284783
+ commit: https://go.googlesource.com/go/+/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0
+ context:
+ - https://go.dev/issue/43783
+ - https://go.dev/cl/284780
+ - https://go.googlesource.com/go/+/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0
diff --git a/reports/GO-2021-0069.yaml b/reports/GO-2021-0069.yaml
index ee5bf98..799c7c6 100644
--- a/reports/GO-2021-0069.yaml
+++ b/reports/GO-2021-0069.yaml
@@ -6,14 +6,14 @@
- introduced: go1.15
fixed: go1.15.5
description: |
- A number of math/big.Int methods can panic when provided large inputs due
- to a flawed division method.
+ A number of math/big.Int methods can panic when provided large inputs due
+ to a flawed division method.
cves:
- CVE-2020-28362
symbols:
- nat.divRecursiveStep
links:
- pr: https://go-review.googlesource.com/c/go/+/269657
- commit: https://go.googlesource.com/go/+/1e1fa5903b760c6714ba17e50bf850b01f49135c
- context:
- - https://go.dev/issue/42552
+ pr: https://go-review.googlesource.com/c/go/+/269657
+ commit: https://go.googlesource.com/go/+/1e1fa5903b760c6714ba17e50bf850b01f49135c
+ context:
+ - https://go.dev/issue/42552
diff --git a/reports/GO-2021-0070.yaml b/reports/GO-2021-0070.yaml
index 46e3605..aaece4b 100644
--- a/reports/GO-2021-0070.yaml
+++ b/reports/GO-2021-0070.yaml
@@ -3,19 +3,19 @@
versions:
- fixed: v0.1.0
description: |
- GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
- improperly interpret numeric UIDs as usernames. If the method is used without
- verifying that usernames are formatted as expected, it may allow a user to
- gain unexpected privileges.
+ GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
+ improperly interpret numeric UIDs as usernames. If the method is used without
+ verifying that usernames are formatted as expected, it may allow a user to
+ gain unexpected privileges.
cves:
- CVE-2016-3697
symbols:
- GetExecUser
links:
- pr: https://github.com/opencontainers/runc/pull/708
- commit: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091
- context:
- - https://github.com/docker/docker/issues/21436
- - http://rhn.redhat.com/errata/RHSA-2016-1034.html
- - http://rhn.redhat.com/errata/RHSA-2016-2634.html
- - https://security.gentoo.org/glsa/201612-28
+ pr: https://github.com/opencontainers/runc/pull/708
+ commit: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091
+ context:
+ - https://github.com/docker/docker/issues/21436
+ - http://rhn.redhat.com/errata/RHSA-2016-1034.html
+ - http://rhn.redhat.com/errata/RHSA-2016-2634.html
+ - https://security.gentoo.org/glsa/201612-28
diff --git a/reports/GO-2021-0071.yaml b/reports/GO-2021-0071.yaml
index 9cd5a99..69191d9 100644
--- a/reports/GO-2021-0071.yaml
+++ b/reports/GO-2021-0071.yaml
@@ -3,17 +3,17 @@
versions:
- fixed: v0.0.0-20151004155856-19c6961cc101
description: |
- A race between chown and chmod operations during a container
- filesystem shift may allow a user who can modify the filesystem to
- chmod an arbitrary path of their choice, rather than the expected
- path.
+ A race between chown and chmod operations during a container
+ filesystem shift may allow a user who can modify the filesystem to
+ chmod an arbitrary path of their choice, rather than the expected
+ path.
cves:
- CVE-2015-1340
credit: Seth Arnold
symbols:
- IdmapSet.doUidshiftIntoContainer
links:
- pr: https://github.com/lxc/lxd/pull/1189
- commit: https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4
- context:
- - https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1502270
+ pr: https://github.com/lxc/lxd/pull/1189
+ commit: https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4
+ context:
+ - https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1502270
diff --git a/reports/GO-2021-0072.yaml b/reports/GO-2021-0072.yaml
index fa65447..2720a2e 100644
--- a/reports/GO-2021-0072.yaml
+++ b/reports/GO-2021-0072.yaml
@@ -10,16 +10,16 @@
versions:
- fixed: v2.7.0-rc.0+incompatible
description: |
- Various storage methods do not impose limits on how much content is accepted
- from user requests, allowing a malicious user to force the caller to allocate
- an arbitrary amount of memory.
+ Various storage methods do not impose limits on how much content is accepted
+ from user requests, allowing a malicious user to force the caller to allocate
+ an arbitrary amount of memory.
cves:
- CVE-2017-11468
symbols:
- copyFullPayload
links:
- pr: https://github.com/distribution/distribution/pull/2340
- commit: https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f
- context:
- - https://access.redhat.com/errata/RHSA-2017:2603
- - http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html
+ pr: https://github.com/distribution/distribution/pull/2340
+ commit: https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f
+ context:
+ - https://access.redhat.com/errata/RHSA-2017:2603
+ - http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html
diff --git a/reports/GO-2021-0073.yaml b/reports/GO-2021-0073.yaml
index ce372c2..94418c4 100644
--- a/reports/GO-2021-0073.yaml
+++ b/reports/GO-2021-0073.yaml
@@ -3,17 +3,17 @@
versions:
- fixed: v2.1.1-0.20170519163204-f913f5f9c7c6+incompatible
description: |
- Arbitrary command execution can be triggered by improperly
- sanitized SSH URLs in LFS configuration files. This can be
- triggered by cloning a malicious repository.
+ Arbitrary command execution can be triggered by improperly
+ sanitized SSH URLs in LFS configuration files. This can be
+ triggered by cloning a malicious repository.
cves:
- CVE-2017-17831
symbols:
- sshGetLFSExeAndArgs
links:
- pr: https://github.com/git-lfs/git-lfs/pull/2241
- commit: https://github.com/git-lfs/git-lfs/commit/f913f5f9c7c6d1301785fdf9884a2942d59cdf19
- context:
- - http://blog.recurity-labs.com/2017-08-10/scm-vulns
- - https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
- - http://www.securityfocus.com/bid/102926
+ pr: https://github.com/git-lfs/git-lfs/pull/2241
+ commit: https://github.com/git-lfs/git-lfs/commit/f913f5f9c7c6d1301785fdf9884a2942d59cdf19
+ context:
+ - http://blog.recurity-labs.com/2017-08-10/scm-vulns
+ - https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
+ - http://www.securityfocus.com/bid/102926
diff --git a/reports/GO-2021-0075.yaml b/reports/GO-2021-0075.yaml
index b190072..56433ae 100644
--- a/reports/GO-2021-0075.yaml
+++ b/reports/GO-2021-0075.yaml
@@ -3,14 +3,14 @@
versions:
- fixed: v1.8.11
description: |
- Due to improper argument validation in RPC messages, a maliciously crafted
- message can cause a panic, leading to denial of service.
+ Due to improper argument validation in RPC messages, a maliciously crafted
+ message can cause a panic, leading to denial of service.
cves:
- CVE-2018-12018
symbols:
- protocolManager.handleMsg
links:
- pr: https://github.com/ethereum/go-ethereum/pull/16891
- commit: https://github.com/ethereum/go-ethereum/commit/a5237a27eaf81946a3edb4fafe13ed6359d119e4
- context:
- - https://peckshield.com/2018/06/27/EPoD/
+ pr: https://github.com/ethereum/go-ethereum/pull/16891
+ commit: https://github.com/ethereum/go-ethereum/commit/a5237a27eaf81946a3edb4fafe13ed6359d119e4
+ context:
+ - https://peckshield.com/2018/06/27/EPoD/
diff --git a/reports/GO-2021-0076.yaml b/reports/GO-2021-0076.yaml
index 9c6d954..b64c5a0 100644
--- a/reports/GO-2021-0076.yaml
+++ b/reports/GO-2021-0076.yaml
@@ -2,13 +2,13 @@
versions:
- fixed: v0.5.2
description: |
- A malicious JSON patch can cause a panic due to an out-of-bounds
- write attempt. This can be used as a denial of service vector if
- exposed to arbitrary user input.
+ A malicious JSON patch can cause a panic due to an out-of-bounds
+ write attempt. This can be used as a denial of service vector if
+ exposed to arbitrary user input.
cves:
- CVE-2018-14632
symbols:
- partialArray.add
links:
- pr: https://github.com/evanphx/json-patch/pull/57
- commit: https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03
+ pr: https://github.com/evanphx/json-patch/pull/57
+ commit: https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03
diff --git a/reports/GO-2021-0077.yaml b/reports/GO-2021-0077.yaml
index 9f4aae3..e3f26cb 100644
--- a/reports/GO-2021-0077.yaml
+++ b/reports/GO-2021-0077.yaml
@@ -3,14 +3,14 @@
versions:
- fixed: v0.5.0-alpha.5.0.20190108173120-83c051b701d3
description: |
- A user can use a valid client certificate that contains a CommonName that matches a
- valid RBAC username to authenticate themselves as that user, despite lacking the
- required credentials. This may allow authentication bypass, but requires a certificate
- that is issued by a CA trusted by the server.
+ A user can use a valid client certificate that contains a CommonName that matches a
+ valid RBAC username to authenticate themselves as that user, despite lacking the
+ required credentials. This may allow authentication bypass, but requires a certificate
+ that is issued by a CA trusted by the server.
cves:
- CVE-2018-16886
symbols:
- authStore.AuthInfoFromTLS
links:
- pr: https://github.com/etcd-io/etcd/pull/10366
- commit: https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2
+ pr: https://github.com/etcd-io/etcd/pull/10366
+ commit: https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2
diff --git a/reports/GO-2021-0078.yaml b/reports/GO-2021-0078.yaml
index 3aeed72..c16393b 100644
--- a/reports/GO-2021-0078.yaml
+++ b/reports/GO-2021-0078.yaml
@@ -3,9 +3,9 @@
versions:
- fixed: v0.0.0-20180816102801-aaf60122140d
description: |
- The HTML parser does not properly handle "in frameset" insertion mode, and can be made
- to panic when operating on malformed HTML that contains <template> tags. If operating
- on user input, this may be a vector for a denial of service attack.
+ The HTML parser does not properly handle "in frameset" insertion mode, and can be made
+ to panic when operating on malformed HTML that contains <template> tags. If operating
+ on user input, this may be a vector for a denial of service attack.
cves:
- CVE-2018-17075
credit: Kunpei Sakai
@@ -13,9 +13,9 @@
- inBodyIM
- inFramesetIM
links:
- pr: https://go-review.googlesource.com/123776
- commit: https://go.googlesource.com/net/+/aaf60122140d3fcf75376d319f0554393160eb50
- context:
- - https://go.dev/issue/27016
- - https://bugs.chromium.org/p/chromium/issues/detail?id=829668
- - https://go-review.googlesource.com/c/net/+/94838/9/html/parse.go#1906
+ pr: https://go-review.googlesource.com/123776
+ commit: https://go.googlesource.com/net/+/aaf60122140d3fcf75376d319f0554393160eb50
+ context:
+ - https://go.dev/issue/27016
+ - https://bugs.chromium.org/p/chromium/issues/detail?id=829668
+ - https://go-review.googlesource.com/c/net/+/94838/9/html/parse.go#1906
diff --git a/reports/GO-2021-0079.yaml b/reports/GO-2021-0079.yaml
index 9a5ee9d..1a9dfc4 100644
--- a/reports/GO-2021-0079.yaml
+++ b/reports/GO-2021-0079.yaml
@@ -3,15 +3,15 @@
versions:
- fixed: v1.0.4-0.20180831054840-1ac3c8ac4f2b
description: |
- A malformed query can cause an out-of-bounds panic due to improper
- validation of arguments. If processing queries from untrusted
- parties, this may be used as a vector for denial of service
- attacks.
+ A malformed query can cause an out-of-bounds panic due to improper
+ validation of arguments. If processing queries from untrusted
+ parties, this may be used as a vector for denial of service
+ attacks.
cves:
- CVE-2018-18206
-credit: "@yahtoo"
+credit: '@yahtoo'
symbols:
- Network.checkTopicRegister
links:
- pr: https://github.com/Bytom/bytom/pull/1307
- commit: https://github.com/Bytom/bytom/commit/1ac3c8ac4f2b1e1df9675228290bda6b9586ba42
+ pr: https://github.com/Bytom/bytom/pull/1307
+ commit: https://github.com/Bytom/bytom/commit/1ac3c8ac4f2b1e1df9675228290bda6b9586ba42
diff --git a/reports/GO-2021-0081.yaml b/reports/GO-2021-0081.yaml
index c772927..9a5ee7a 100644
--- a/reports/GO-2021-0081.yaml
+++ b/reports/GO-2021-0081.yaml
@@ -3,16 +3,16 @@
versions:
- fixed: v2.0.2-0.20190802080134-634605d06e73+incompatible
description: |
- The HTTP client used to connect to the container registry authorization
- service explicitly disables TLS verification, allowing an attacker that
- is able to MITM the connection to steal credentials.
+ The HTTP client used to connect to the container registry authorization
+ service explicitly disables TLS verification, allowing an attacker that
+ is able to MITM the connection to steal credentials.
cves:
- CVE-2019-10214
symbols:
- dockerClient.getBearerToken
links:
- pr: https://github.com/containers/image/pull/669
- commit: https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf
- context:
- - https://github.com/containers/image/issues/654
- - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
+ pr: https://github.com/containers/image/pull/669
+ commit: https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf
+ context:
+ - https://github.com/containers/image/issues/654
+ - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
diff --git a/reports/GO-2021-0082.yaml b/reports/GO-2021-0082.yaml
index 7472eab..df4ae6a 100644
--- a/reports/GO-2021-0082.yaml
+++ b/reports/GO-2021-0082.yaml
@@ -3,14 +3,14 @@
versions:
- fixed: v0.31.1-0.20200311080807-483ed864d69f
description: |
- Thirft Servers preallocate memory for the declared size of messages before
- checking the actual size of the message. This allows a malicious user to
- send messages that declare that they are significantly larger than they
- actually are, allowing them to force the server to allocate significant
- amounts of memory. This can be used as a denial of service vector.
+ Thirft Servers preallocate memory for the declared size of messages before
+ checking the actual size of the message. This allows a malicious user to
+ send messages that declare that they are significantly larger than they
+ actually are, allowing them to force the server to allocate significant
+ amounts of memory. This can be used as a denial of service vector.
cves:
- CVE-2019-11939
links:
- commit: https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757
- context:
- - https://www.facebook.com/security/advisories/cve-2019-11939
+ commit: https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757
+ context:
+ - https://www.facebook.com/security/advisories/cve-2019-11939
diff --git a/reports/GO-2021-0083.yaml b/reports/GO-2021-0083.yaml
index 13f86d0..64e848e 100644
--- a/reports/GO-2021-0083.yaml
+++ b/reports/GO-2021-0083.yaml
@@ -3,14 +3,14 @@
versions:
- fixed: v1.12.1-0.20190521122906-c1aa4f867846
description: |
- TLS certificate verification is skipped when connecting to a MQTT server.
- This allows an attacker who can MITM the connection to read, or forge,
- messages passed between the client and server.
+ TLS certificate verification is skipped when connecting to a MQTT server.
+ This allows an attacker who can MITM the connection to read, or forge,
+ messages passed between the client and server.
cves:
- CVE-2019-12496
symbols:
- Adaptor.newTLSConfig
links:
- commit: https://github.com/hybridgroup/gobot/commit/c1aa4f867846da4669ecf3bc3318bd96b7ee6f3f
- context:
- - https://github.com/hybridgroup/gobot/releases/tag/v1.13.0
+ commit: https://github.com/hybridgroup/gobot/commit/c1aa4f867846da4669ecf3bc3318bd96b7ee6f3f
+ context:
+ - https://github.com/hybridgroup/gobot/releases/tag/v1.13.0
diff --git a/reports/GO-2021-0084.yaml b/reports/GO-2021-0084.yaml
index 35a9d2e..f284e27 100644
--- a/reports/GO-2021-0084.yaml
+++ b/reports/GO-2021-0084.yaml
@@ -3,16 +3,16 @@
versions:
- fixed: v1.12.2-0.20200613154013-bac2b31afecc
description: |
- Session data is stored using permissive permissions, allowing local users
- with filesystem access to read arbitrary data.
+ Session data is stored using permissive permissions, allowing local users
+ with filesystem access to read arbitrary data.
cves:
- CVE-2019-16354
-credit: "@nicowaisman"
+credit: '@nicowaisman'
symbols:
- FileProvider.SessionRead
- FileProvider.SessionRegenerate
links:
- pr: https://github.com/beego/beego/pull/3975
- commit: https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1
- context:
- - https://github.com/beego/beego/issues/3763
+ pr: https://github.com/beego/beego/pull/3975
+ commit: https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1
+ context:
+ - https://github.com/beego/beego/issues/3763
diff --git a/reports/GO-2021-0085.yaml b/reports/GO-2021-0085.yaml
index 0b8d301..eb149c3 100644
--- a/reports/GO-2021-0085.yaml
+++ b/reports/GO-2021-0085.yaml
@@ -8,13 +8,13 @@
versions:
- fixed: v1.0.0-rc8.0.20190930145003-cad42f6e0932
description: |
- AppArmor restrictions may be bypassed due to improper validation of mount
- targets, allowing a malicious image to mount volumes over e.g. /proc.
+ AppArmor restrictions may be bypassed due to improper validation of mount
+ targets, allowing a malicious image to mount volumes over e.g. /proc.
cves:
- CVE-2019-16884
credit: Leopold Schabel
links:
- pr: https://github.com/opencontainers/runc/pull/2130
- commit: https://github.com/opencontainers/runc/commit/cad42f6e0932db0ce08c3a3d9e89e6063ec283e4
- context:
- - https://github.com/opencontainers/runc/issues/2128
+ pr: https://github.com/opencontainers/runc/pull/2130
+ commit: https://github.com/opencontainers/runc/commit/cad42f6e0932db0ce08c3a3d9e89e6063ec283e4
+ context:
+ - https://github.com/opencontainers/runc/issues/2128
diff --git a/reports/GO-2021-0086.yaml b/reports/GO-2021-0086.yaml
index 8f30be9..b2eaa72 100644
--- a/reports/GO-2021-0086.yaml
+++ b/reports/GO-2021-0086.yaml
@@ -3,11 +3,11 @@
versions:
- fixed: v1.76.3-0.20191119114751-a4384210d4d0
description: |
- HTML content in markdown is not santized during rendering, possibly allowing
- XSS if used to render untrusted user input.
+ HTML content in markdown is not santized during rendering, possibly allowing
+ XSS if used to render untrusted user input.
cves:
- CVE-2019-19619
symbols:
- Provider.Render
links:
- commit: https://github.com/documize/community/commit/a4384210d4d0d6b18e6fdb7e155de96d4a1cf9f3
+ commit: https://github.com/documize/community/commit/a4384210d4d0d6b18e6fdb7e155de96d4a1cf9f3
diff --git a/reports/GO-2021-0087.yaml b/reports/GO-2021-0087.yaml
index ff19dcd..0ed1902 100644
--- a/reports/GO-2021-0087.yaml
+++ b/reports/GO-2021-0087.yaml
@@ -3,16 +3,16 @@
versions:
- fixed: v1.0.0-rc9.0.20200122160610-2fc03cc11c77
description: |
- A race while mounting volumes allows a possible symlink-exchange
- attack, allowing a user whom can start multiple containers with
- custom volume mount configurations to escape the container.
+ A race while mounting volumes allows a possible symlink-exchange
+ attack, allowing a user whom can start multiple containers with
+ custom volume mount configurations to escape the container.
cves:
- CVE-2019-19921
credit: Leopold Schabel
symbols:
- mountToRootfs
links:
- pr: https://github.com/opencontainers/runc/pull/2207
- commit: https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0
- context:
- - https://github.com/opencontainers/runc/issues/2197
+ pr: https://github.com/opencontainers/runc/pull/2207
+ commit: https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0
+ context:
+ - https://github.com/opencontainers/runc/issues/2197
diff --git a/reports/GO-2021-0088.yaml b/reports/GO-2021-0088.yaml
index e1c6a46..211bce1 100644
--- a/reports/GO-2021-0088.yaml
+++ b/reports/GO-2021-0088.yaml
@@ -3,15 +3,15 @@
versions:
- fixed: v0.31.1-0.20190225164308-c461c1bd1a3e
description: |
- Skip ignores unknown fields, rather than failing. A malicious user can craft small
- messages with unknown fields which can take significant resources to parse. If a
- server accepts messages from an untrusted user, it may be used as a denial of service
- vector.
+ Skip ignores unknown fields, rather than failing. A malicious user can craft small
+ messages with unknown fields which can take significant resources to parse. If a
+ server accepts messages from an untrusted user, it may be used as a denial of service
+ vector.
cves:
- CVE-2019-3564
symbols:
- Skip
links:
- commit: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
- context:
- - https://www.facebook.com/security/advisories/cve-2019-3564
+ commit: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
+ context:
+ - https://www.facebook.com/security/advisories/cve-2019-3564
diff --git a/reports/GO-2021-0089.yaml b/reports/GO-2021-0089.yaml
index caeee99..3868443 100644
--- a/reports/GO-2021-0089.yaml
+++ b/reports/GO-2021-0089.yaml
@@ -2,16 +2,16 @@
versions:
- fixed: v0.0.0-20200321185410-91ac96899e49
description: |
- Parsing malformed JSON which contain opening brackets, but not closing brackets,
- leads to an infinite loop. If operating on untrusted user input this can be
- used as a denial of service vector.
+ Parsing malformed JSON which contain opening brackets, but not closing brackets,
+ leads to an infinite loop. If operating on untrusted user input this can be
+ used as a denial of service vector.
cves:
- CVE-2020-10675
credit: Cong Wang
symbols:
- findKeyStart
links:
- pr: https://github.com/buger/jsonparser/pull/192
- commit: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
- context:
- - https://github.com/buger/jsonparser/issues/188
+ pr: https://github.com/buger/jsonparser/pull/192
+ commit: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
+ context:
+ - https://github.com/buger/jsonparser/issues/188
diff --git a/reports/GO-2021-0090.yaml b/reports/GO-2021-0090.yaml
index 9f58875..eaf75ef 100644
--- a/reports/GO-2021-0090.yaml
+++ b/reports/GO-2021-0090.yaml
@@ -4,16 +4,16 @@
- introduced: v0.33.0
fixed: v0.34.0-dev1.0.20200702134149-480b995a3172
description: |
- Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping
- these signatures, they cause failure during verification. A malicious proposer can use this to force
- consensus failures.
+ Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping
+ these signatures, they cause failure during verification. A malicious proposer can use this to force
+ consensus failures.
cves:
- CVE-2020-15091
credit: Neeraj Murarka
symbols:
- VoteSet.MakeCommit
links:
- pr: https://github.com/tendermint/tendermint/pull/5426
- commit: https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340
- context:
- - https://github.com/tendermint/tendermint/issues/4926
+ pr: https://github.com/tendermint/tendermint/pull/5426
+ commit: https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340
+ context:
+ - https://github.com/tendermint/tendermint/issues/4926
diff --git a/reports/GO-2021-0091.yaml b/reports/GO-2021-0091.yaml
index f929af9..6e23cb1 100644
--- a/reports/GO-2021-0091.yaml
+++ b/reports/GO-2021-0091.yaml
@@ -2,16 +2,16 @@
versions:
- fixed: v1.12.6-0.20200710202935-a8ad5454363f
description: |
- Due to improper input validation when uploading a file, a malicious user may
- force the server to return arbitrary HTTP headers when the uploaded
- file is downloaded.
+ Due to improper input validation when uploading a file, a malicious user may
+ force the server to return arbitrary HTTP headers when the uploaded
+ file is downloaded.
cves:
- CVE-2020-15111
credit: Hasibul Hasan and Abdullah Shaleh
symbols:
- Ctx.Attachment
links:
- pr: github.com/gofiber/fiber/pull/579
- commit: https://github.com/gofiber/fiber/commit/a8ad5454363f627c3f9469c56c5faaf1b943f06a
- context:
- - https://github.com/gofiber/fiber/security/advisories/GHSA-9cx9-x2gp-9qvh
+ pr: github.com/gofiber/fiber/pull/579
+ commit: https://github.com/gofiber/fiber/commit/a8ad5454363f627c3f9469c56c5faaf1b943f06a
+ context:
+ - https://github.com/gofiber/fiber/security/advisories/GHSA-9cx9-x2gp-9qvh
diff --git a/reports/GO-2021-0092.yaml b/reports/GO-2021-0092.yaml
index 46cfa47..08dea9e 100644
--- a/reports/GO-2021-0092.yaml
+++ b/reports/GO-2021-0092.yaml
@@ -2,13 +2,13 @@
versions:
- fixed: v0.31.0
description: |
- Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be
- replayed.
+ Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be
+ replayed.
cves:
- CVE-2020-15222
symbols:
- Fosite.AuthenticateClient
links:
- commit: https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9
- context:
- - https://github.com/ory/fosite/security/advisories/GHSA-v3q9-2p3m-7g43
+ commit: https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9
+ context:
+ - https://github.com/ory/fosite/security/advisories/GHSA-v3q9-2p3m-7g43
diff --git a/reports/GO-2021-0094.yaml b/reports/GO-2021-0094.yaml
index db90638..e353dd7 100644
--- a/reports/GO-2021-0094.yaml
+++ b/reports/GO-2021-0094.yaml
@@ -2,18 +2,18 @@
versions:
- fixed: v0.5.0
description: |
- Protections against directory traversal during archive extraction can be
- bypassed by chaining multiple symbolic links within the archive. This allows
- a malicious attacker to cause files to be created outside of the target
- directory. Additionally if the attacker is able to read extracted files
- they may create symbolic links to arbitrary files on the system which the
- unpacker has permissions to read.
+ Protections against directory traversal during archive extraction can be
+ bypassed by chaining multiple symbolic links within the archive. This allows
+ a malicious attacker to cause files to be created outside of the target
+ directory. Additionally if the attacker is able to read extracted files
+ they may create symbolic links to arbitrary files on the system which the
+ unpacker has permissions to read.
cves:
- CVE-2020-29529
symbols:
- Unpack
links:
- pr: https://github.com/hashicorp/go-slug/pull/12
- commit: https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f
- context:
- - https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug
+ pr: https://github.com/hashicorp/go-slug/pull/12
+ commit: https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f
+ context:
+ - https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug
diff --git a/reports/GO-2021-0095.yaml b/reports/GO-2021-0095.yaml
index a5b1072..9000916 100644
--- a/reports/GO-2021-0095.yaml
+++ b/reports/GO-2021-0095.yaml
@@ -3,16 +3,16 @@
versions:
- fixed: v0.3.0
description: |
- Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport
- is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,
- allowing them to use the created key.
+ Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport
+ is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,
+ allowing them to use the created key.
cves:
- CVE-2020-8918
credit: Chris Fenner
symbols:
- CreateWrapKey
links:
- pr: https://github.com/google/go-tpm/pull/195
- commit: https://github.com/google/go-tpm/commit/d7806cce857a1a020190c03348e5361725d8f141
- context:
- - https://github.com/google/go-tpm/security/advisories/GHSA-5x29-3hr9-6wpw
+ pr: https://github.com/google/go-tpm/pull/195
+ commit: https://github.com/google/go-tpm/commit/d7806cce857a1a020190c03348e5361725d8f141
+ context:
+ - https://github.com/google/go-tpm/security/advisories/GHSA-5x29-3hr9-6wpw
diff --git a/reports/GO-2021-0096.yaml b/reports/GO-2021-0096.yaml
index ad656b4..79c045b 100644
--- a/reports/GO-2021-0096.yaml
+++ b/reports/GO-2021-0096.yaml
@@ -2,11 +2,11 @@
versions:
- fixed: v0.1.1
description: |
- Due to improper setting of finalizers, memory passed to C may be freed before it is used,
- leading to crashes due to memory corruption or possible code execution.
+ Due to improper setting of finalizers, memory passed to C may be freed before it is used,
+ leading to crashes due to memory corruption or possible code execution.
cves:
- CVE-2020-8945
credit: Ulrich Obergfell
links:
- pr: https://github.com/proglottis/gpgme/pull/23
- commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
+ pr: https://github.com/proglottis/gpgme/pull/23
+ commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
diff --git a/reports/GO-2021-0097.yaml b/reports/GO-2021-0097.yaml
index 98b69a9..430ae9a 100644
--- a/reports/GO-2021-0097.yaml
+++ b/reports/GO-2021-0097.yaml
@@ -2,23 +2,23 @@
versions:
- fixed: v0.0.0-20201120070457-d52dcb253c63
description: |
- Due to improper bounds checking, a number of methods can trigger a panic due to attempted
- out-of-bounds reads. If the package is used to parse user supplied input, this may be
- used as a vector for a denial of service attack.
+ Due to improper bounds checking, a number of methods can trigger a panic due to attempted
+ out-of-bounds reads. If the package is used to parse user supplied input, this may be
+ used as a vector for a denial of service attack.
cves:
- CVE-2020-29242
- CVE-2020-29243
- CVE-2020-29244
- CVE-2020-29245
-credit: "@Jayl1n"
+credit: '@Jayl1n'
symbols:
- readPICFrame
- readAPICFrame
- readTextWithDescrFrame
- readAtomData
links:
- commit: https://github.com/dhowden/tag/commit/d52dcb253c63a153632bfee5f269dd411dcd8e96
- context:
- - https://github.com/dhowden/tag/commit/a92213460e4838490ce3066ef11dc823cdc1740e
- - https://github.com/dhowden/tag/commit/4b595ed4fac79f467594aa92f8953f90f817116e
- - https://github.com/dhowden/tag/commit/6b18201aa5c5535511802ddfb4e4117686b4866d
+ commit: https://github.com/dhowden/tag/commit/d52dcb253c63a153632bfee5f269dd411dcd8e96
+ context:
+ - https://github.com/dhowden/tag/commit/a92213460e4838490ce3066ef11dc823cdc1740e
+ - https://github.com/dhowden/tag/commit/4b595ed4fac79f467594aa92f8953f90f817116e
+ - https://github.com/dhowden/tag/commit/6b18201aa5c5535511802ddfb4e4117686b4866d
diff --git a/reports/GO-2021-0098.yaml b/reports/GO-2021-0098.yaml
index 6ed99fa..29c2617 100644
--- a/reports/GO-2021-0098.yaml
+++ b/reports/GO-2021-0098.yaml
@@ -23,16 +23,16 @@
versions:
- fixed: v1.5.1-0.20210113180018-fc664697ed2c
description: |
- Due to the standard library behavior of exec.LookPath on Windows a number of methods may
- result in arbitrary code execution when cloning or operating on untrusted Git repositories.
+ Due to the standard library behavior of exec.LookPath on Windows a number of methods may
+ result in arbitrary code execution when cloning or operating on untrusted Git repositories.
cves:
- CVE-2021-21237
-credit: "@Ry0taK"
+credit: '@Ry0taK'
symbols:
- PipeCommand
os:
- windows
links:
- commit: https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a
- context:
- - https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5
+ commit: https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a
+ context:
+ - https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5
diff --git a/reports/GO-2021-0099.yaml b/reports/GO-2021-0099.yaml
index f060230..2a2a58c 100644
--- a/reports/GO-2021-0099.yaml
+++ b/reports/GO-2021-0099.yaml
@@ -3,15 +3,15 @@
versions:
- fixed: v0.9.0
description: |
- Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore
- content store may result in directory traversal during archive extraction, allowing a
- malicious archive to write paths to arbitrary paths that the process can write to.
+ Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore
+ content store may result in directory traversal during archive extraction, allowing a
+ malicious archive to write paths to arbitrary paths that the process can write to.
cves:
- CVE-2021-21272
credit: Chris Smowton
symbols:
- extractTarDirectory
links:
- commit: https://github.com/deislabs/oras/commit/96cd90423303f1bb42bd043cb4c36085e6e91e8e
- context:
- - https://github.com/deislabs/oras/security/advisories/GHSA-g5v4-5x39-vwhx
+ commit: https://github.com/deislabs/oras/commit/96cd90423303f1bb42bd043cb4c36085e6e91e8e
+ context:
+ - https://github.com/deislabs/oras/security/advisories/GHSA-g5v4-5x39-vwhx
diff --git a/reports/GO-2021-0100.yaml b/reports/GO-2021-0100.yaml
index 836e22d..fbdb8aa 100644
--- a/reports/GO-2021-0100.yaml
+++ b/reports/GO-2021-0100.yaml
@@ -3,18 +3,18 @@
versions:
- fixed: v1.28.1
description: |
- Due to a goroutine deadlock, using github.com/containers/storage/pkg/archive.DecompressStream
- on a xz archive returns a reader which will hang indefinitely when Close is called. An attacker
- can use this to cause denial of service if they are able to cause the caller to attempt to
- decompress an archive they control.
+ Due to a goroutine deadlock, using github.com/containers/storage/pkg/archive.DecompressStream
+ on a xz archive returns a reader which will hang indefinitely when Close is called. An attacker
+ can use this to cause denial of service if they are able to cause the caller to attempt to
+ decompress an archive they control.
cves:
- CVE-2021-20291
credit: Aviv Sasson (Palo Alto Networks)
symbols:
- cmdStream
links:
- commit: https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1
- pr: https://github.com/containers/storage/pull/860
- context:
- - https://github.com/advisories/GHSA-7qw8-847f-pggm
- - https://bugzilla.redhat.com/show_bug.cgi?id=1939485
+ pr: https://github.com/containers/storage/pull/860
+ commit: https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1
+ context:
+ - https://github.com/advisories/GHSA-7qw8-847f-pggm
+ - https://bugzilla.redhat.com/show_bug.cgi?id=1939485
diff --git a/reports/GO-2021-0101.yaml b/reports/GO-2021-0101.yaml
index b7bdd1b..76ee7f3 100644
--- a/reports/GO-2021-0101.yaml
+++ b/reports/GO-2021-0101.yaml
@@ -4,14 +4,14 @@
- introduced: v0.0.0-20151001171628-53dd39833a08
- fixed: v0.13.0
description: |
- Due to an improper bounds check, parsing maliciously crafted messages can cause panics. If
- this package is used to parse untrusted input, this may be used as a vector for a denial of
- service attack.
+ Due to an improper bounds check, parsing maliciously crafted messages can cause panics. If
+ this package is used to parse untrusted input, this may be used as a vector for a denial of
+ service attack.
cves:
- CVE-2019-0210
symbols:
- TSimpleJSONProtocol.safePeekContains
links:
- commit: https://github.com/apache/thrift/commit/264a3f318ed3e9e51573f67f963c8509786bcec2
- context:
- - https://github.com/advisories/GHSA-jq7p-26h5-w78r
+ commit: https://github.com/apache/thrift/commit/264a3f318ed3e9e51573f67f963c8509786bcec2
+ context:
+ - https://github.com/advisories/GHSA-jq7p-26h5-w78r
diff --git a/reports/GO-2021-0102.yaml b/reports/GO-2021-0102.yaml
index 80c3b34..a54178d 100644
--- a/reports/GO-2021-0102.yaml
+++ b/reports/GO-2021-0102.yaml
@@ -10,15 +10,15 @@
versions:
- fixed: v0.0.0-20191101214924-b1b5c44e050f
description: |
- Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect
- nonce size. If this package is used to decrypt user supplied messages without checking the size of
- supplied nonces, this may be used as a vector for a denial of service attack.
+ Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect
+ nonce size. If this package is used to decrypt user supplied messages without checking the size of
+ supplied nonces, this may be used as a vector for a denial of service attack.
cves:
- CVE-2019-11289
symbols:
- AesGCM.Decrypt
links:
- commit: https://github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f
- context:
- - https://github.com/advisories/GHSA-5796-p3m6-9qj4
- - https://www.cloudfoundry.org/blog/cve-2019-11289/
+ commit: https://github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f
+ context:
+ - https://github.com/advisories/GHSA-5796-p3m6-9qj4
+ - https://www.cloudfoundry.org/blog/cve-2019-11289/
diff --git a/reports/GO-2021-0103.yaml b/reports/GO-2021-0103.yaml
index 097e8dd..1a7252c 100644
--- a/reports/GO-2021-0103.yaml
+++ b/reports/GO-2021-0103.yaml
@@ -3,16 +3,16 @@
- introduced: v0.1.0
- fixed: v1.1.1
description: |
- Due to improper bounds checking, certain mathmatical operations can cause a panic via an
- out of bounds read. If this package is used to process untrusted user inputs, this may be used
- as a vector for a denial of service attack.
+ Due to improper bounds checking, certain mathmatical operations can cause a panic via an
+ out of bounds read. If this package is used to process untrusted user inputs, this may be used
+ as a vector for a denial of service attack.
cves:
- CVE-2020-26242
credit: Dima Stebaev
symbols:
- udivrem
links:
- commit: https://github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716d
- pr: https://github.com/holiman/uint256/pull/80
- context:
- - https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m
+ pr: https://github.com/holiman/uint256/pull/80
+ commit: https://github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716d
+ context:
+ - https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m
diff --git a/reports/GO-2021-0104.yaml b/reports/GO-2021-0104.yaml
index 9bf9df6..f416ae5 100644
--- a/reports/GO-2021-0104.yaml
+++ b/reports/GO-2021-0104.yaml
@@ -2,18 +2,18 @@
versions:
- fixed: v3.0.15
description: |
- Due to improper error handling, DTLS connections were not killed when certificate verification
- failed, causing users who did not check the connection state to continue to use the connection.
- This could allow allow an attacker which holds the ICE password, but not a valid certificate,
- to bypass this restriction.
+ Due to improper error handling, DTLS connections were not killed when certificate verification
+ failed, causing users who did not check the connection state to continue to use the connection.
+ This could allow allow an attacker which holds the ICE password, but not a valid certificate,
+ to bypass this restriction.
cves:
- CVE-2021-28681
credit: Gaukas Wang (@Gaukas)
symbols:
- DTLSTransport.Start
links:
- commit: https://github.com/pion/webrtc/commit/545613dcdeb5dedb01cce94175f40bcbe045df2e
- pr: https://github.com/pion/webrtc/pull/1709
- context:
- - https://github.com/pion/webrtc/issues/1708
- - https://github.com/advisories/GHSA-74xm-qj29-cq8p
+ pr: https://github.com/pion/webrtc/pull/1709
+ commit: https://github.com/pion/webrtc/commit/545613dcdeb5dedb01cce94175f40bcbe045df2e
+ context:
+ - https://github.com/pion/webrtc/issues/1708
+ - https://github.com/advisories/GHSA-74xm-qj29-cq8p
diff --git a/reports/GO-2021-0105.yaml b/reports/GO-2021-0105.yaml
index c769476..719f2a7 100644
--- a/reports/GO-2021-0105.yaml
+++ b/reports/GO-2021-0105.yaml
@@ -4,15 +4,15 @@
- introduced: v1.9.4
- fixed: v1.9.20
description: |
- Due to an incorrect state calculation, a specific set of transactions could cause a consensus disagreement,
- causing users of this package to reject a canonical chain.
+ Due to an incorrect state calculation, a specific set of transactions could cause a consensus disagreement,
+ causing users of this package to reject a canonical chain.
cves:
- CVE-2020-26265
credit: John Youngseok Yang (Software Platform Lab)
symbols:
- StateDB.createObject
links:
- commit: https://github.com/ethereum/go-ethereum/commit/87c0ba92136a75db0ab2aba1046d4a9860375d6a
- pr: https://github.com/ethereum/go-ethereum/pull/21080
- context:
- - https://github.com/advisories/GHSA-xw37-57qp-9mm4
+ pr: https://github.com/ethereum/go-ethereum/pull/21080
+ commit: https://github.com/ethereum/go-ethereum/commit/87c0ba92136a75db0ab2aba1046d4a9860375d6a
+ context:
+ - https://github.com/advisories/GHSA-xw37-57qp-9mm4
diff --git a/reports/GO-2021-0106.yaml b/reports/GO-2021-0106.yaml
index d65de68..bb53de4 100644
--- a/reports/GO-2021-0106.yaml
+++ b/reports/GO-2021-0106.yaml
@@ -2,12 +2,12 @@
versions:
- fixed: v0.0.0-20201201191210-20a61371de5b
description: |
- Due to improper path santization, archives containing relative file
- paths can cause files to be written (or overwritten) outside of the
- target directory.
+ Due to improper path santization, archives containing relative file
+ paths can cause files to be written (or overwritten) outside of the
+ target directory.
symbols:
- Extractor.outputPath
links:
- commit: https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227
- context:
- - https://snyk.io/research/zip-slip-vulnerability
+ commit: https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227
+ context:
+ - https://snyk.io/research/zip-slip-vulnerability
diff --git a/reports/GO-2021-0107.yaml b/reports/GO-2021-0107.yaml
index 8c8c13c..931c466 100644
--- a/reports/GO-2021-0107.yaml
+++ b/reports/GO-2021-0107.yaml
@@ -2,12 +2,12 @@
versions:
- fixed: v1.5.2
description: |
- Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a
- nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or
- authentication bypass.
+ Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a
+ nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or
+ authentication bypass.
symbols:
- Server.socketHandler
links:
- commit: https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f
- context:
- - https://github.com/advisories/GHSA-5gjg-jgh4-gppm
+ commit: https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f
+ context:
+ - https://github.com/advisories/GHSA-5gjg-jgh4-gppm
diff --git a/reports/GO-2021-0108.yaml b/reports/GO-2021-0108.yaml
index e9dcd67..8bea79c 100644
--- a/reports/GO-2021-0108.yaml
+++ b/reports/GO-2021-0108.yaml
@@ -2,16 +2,16 @@
versions:
- fixed: v1.12.6
description: |
- Due to improper input sanitization, a maliciously constructed filename could cause a file
- download to use an attacker controlled filename, as well as injecting additional headers
- into an HTTP response.
+ Due to improper input sanitization, a maliciously constructed filename could cause a file
+ download to use an attacker controlled filename, as well as injecting additional headers
+ into an HTTP response.
cves:
- CVE-2020-15111
credit: Hasibul Hasan and Abdullah Shaleh
symbols:
- Ctx.Attachment
links:
- commit: https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f
- pr: https://github.com/gofiber/fiber/pull/579
- context:
- - https://github.com/advisories/GHSA-9cx9-x2gp-9qvh
+ pr: https://github.com/gofiber/fiber/pull/579
+ commit: https://github.com/gofiber/fiber/commit/f698b5d5066cfe594102ae252cd58a1fe57cf56f
+ context:
+ - https://github.com/advisories/GHSA-9cx9-x2gp-9qvh
diff --git a/reports/GO-2021-0109.yaml b/reports/GO-2021-0109.yaml
index 7bb59d1..5278b6a 100644
--- a/reports/GO-2021-0109.yaml
+++ b/reports/GO-2021-0109.yaml
@@ -2,14 +2,14 @@
versions:
- fixed: v0.34.0
description: |
- Due to improper error handling, an error with the underlying token storage may cause a user
- to believe a token has been successfully revoked when it is in fact still valid. An attackers
- ability to exploit this relies on an ability to trigger errors in the underlying storage.
+ Due to improper error handling, an error with the underlying token storage may cause a user
+ to believe a token has been successfully revoked when it is in fact still valid. An attackers
+ ability to exploit this relies on an ability to trigger errors in the underlying storage.
cves:
- CVE-2020-15223
symbols:
- TokenRevocationHandler.RevokeToken
links:
- commit: https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319
- context:
- - https://github.com/advisories/GHSA-7mqr-2v3q-v2wm
+ commit: https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319
+ context:
+ - https://github.com/advisories/GHSA-7mqr-2v3q-v2wm
diff --git a/reports/GO-2021-0110.yaml b/reports/GO-2021-0110.yaml
index 46cfa47..08dea9e 100644
--- a/reports/GO-2021-0110.yaml
+++ b/reports/GO-2021-0110.yaml
@@ -2,13 +2,13 @@
versions:
- fixed: v0.31.0
description: |
- Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be
- replayed.
+ Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be
+ replayed.
cves:
- CVE-2020-15222
symbols:
- Fosite.AuthenticateClient
links:
- commit: https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9
- context:
- - https://github.com/ory/fosite/security/advisories/GHSA-v3q9-2p3m-7g43
+ commit: https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9
+ context:
+ - https://github.com/ory/fosite/security/advisories/GHSA-v3q9-2p3m-7g43
diff --git a/reports/GO-2021-0111.yaml b/reports/GO-2021-0111.yaml
index a56e002..93b908d 100644
--- a/reports/GO-2021-0111.yaml
+++ b/reports/GO-2021-0111.yaml
@@ -1,18 +1,18 @@
-module: go.mongodb.org/mongo-driver # there is also a non-canonical import since <v2
+module: go.mongodb.org/mongo-driver
package: go.mongodb.org/mongo-driver/bson/bsonrw
versions:
- fixed: v1.5.1
description: |
- Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed
- Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are
- affected if they use this package to handle untrusted user input.
+ Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed
+ Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are
+ affected if they use this package to handle untrusted user input.
cves:
- CVE-2021-20329
symbols:
- valueWriter.writeElementHeader
links:
- commit: https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca
- pr: https://github.com/mongodb/mongo-go-driver/pull/622
- context:
- - https://github.com/advisories/GHSA-f6mq-5m25-4r72
- - https://jira.mongodb.org/browse/GODRIVER-1923
+ pr: https://github.com/mongodb/mongo-go-driver/pull/622
+ commit: https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca
+ context:
+ - https://github.com/advisories/GHSA-f6mq-5m25-4r72
+ - https://jira.mongodb.org/browse/GODRIVER-1923
diff --git a/reports/GO-2021-0112.yaml b/reports/GO-2021-0112.yaml
index befddf1..7d71db9 100644
--- a/reports/GO-2021-0112.yaml
+++ b/reports/GO-2021-0112.yaml
@@ -1,19 +1,19 @@
-module: go.mongodb.org/mongo-driver # there is also a non-canonical import since <v2
+module: go.mongodb.org/mongo-driver
package: go.mongodb.org/mongo-driver/x/bsonx/bsoncore
versions:
- fixed: v1.5.1
description: |
- Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed
- Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are
- affected if they use this package to handle untrusted user input.
+ Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed
+ Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are
+ affected if they use this package to handle untrusted user input.
cves:
- CVE-2021-20329
symbols:
- AppendHeader
- AppendRegex
links:
- commit: https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca
- pr: https://github.com/mongodb/mongo-go-driver/pull/622
- context:
- - https://github.com/advisories/GHSA-f6mq-5m25-4r72
- - https://jira.mongodb.org/browse/GODRIVER-1923
+ pr: https://github.com/mongodb/mongo-go-driver/pull/622
+ commit: https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca
+ context:
+ - https://github.com/advisories/GHSA-f6mq-5m25-4r72
+ - https://jira.mongodb.org/browse/GODRIVER-1923
diff --git a/reports/GO-2021-0113.yaml b/reports/GO-2021-0113.yaml
index 9df798c..e2b4635 100644
--- a/reports/GO-2021-0113.yaml
+++ b/reports/GO-2021-0113.yaml
@@ -3,14 +3,14 @@
versions:
- fixed: v0.3.7
description: |
- Due to improper index calculation, an incorrectly formatted language tag can cause Parse
- to panic via an out of bounds read. If Parse is used to process untrusted user inputs,
- this may be used as a vector for a denial of service attack.
+ Due to improper index calculation, an incorrectly formatted language tag can cause Parse
+ to panic via an out of bounds read. If Parse is used to process untrusted user inputs,
+ this may be used as a vector for a denial of service attack.
cves:
- CVE-2021-38561
credit: Guido Vranken
symbols:
- Parse
links:
- commit: https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
- pr: https://go-review.googlesource.com/c/text/+/340830
+ pr: https://go-review.googlesource.com/c/text/+/340830
+ commit: https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
diff --git a/reports/GO-2021-0140.yaml b/reports/GO-2021-0140.yaml
index a2b0cd1..49d3f3c 100644
--- a/reports/GO-2021-0140.yaml
+++ b/reports/GO-2021-0140.yaml
@@ -4,8 +4,8 @@
- fixed: go1.13.13
- fixed: go1.14.5
description: |
- X509 Certificate verification does not validate KeyUsages EKU
- requirements on Windows if VerifyOptions.Roots is nil.
+ X509 Certificate verification does not validate KeyUsages EKU
+ requirements on Windows if VerifyOptions.Roots is nil.
cves:
- CVE-2020-14039
credit: Niall Newman
@@ -14,7 +14,7 @@
os:
- windows
links:
- pr: https://go.dev/cl/242597
- commit: https://go.googlesource.com/go/+/82175e699a2e2cd83d3aa34949e9b922d66d52f5
- context:
- - https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w
+ pr: https://go.dev/cl/242597
+ commit: https://go.googlesource.com/go/+/82175e699a2e2cd83d3aa34949e9b922d66d52f5
+ context:
+ - https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w
diff --git a/reports/GO-2021-0141.yaml b/reports/GO-2021-0141.yaml
index 5f5da5f..454671f 100644
--- a/reports/GO-2021-0141.yaml
+++ b/reports/GO-2021-0141.yaml
@@ -4,16 +4,16 @@
- fixed: go1.13.13
- fixed: go1.14.5
description: |
- A Go HTTP server which reads from the request body while
- simultaneously writing a response can panic when clients
- send a "Expect: 100-continue" header.
+ A Go HTTP server which reads from the request body while
+ simultaneously writing a response can panic when clients
+ send a "Expect: 100-continue" header.
cves:
- CVE-2020-15586
credit: Mikael Manukyan
symbols:
- expectContinueReader.Read
links:
- pr: https://go.dev/cl/242598
- commit: https://go.googlesource.com/go/+/fa98f46741f818913a8c11b877520a548715131f
- context:
- - https://go.dev/issue/34902
+ pr: https://go.dev/cl/242598
+ commit: https://go.googlesource.com/go/+/fa98f46741f818913a8c11b877520a548715131f
+ context:
+ - https://go.dev/issue/34902
diff --git a/reports/GO-2021-0157.yaml b/reports/GO-2021-0157.yaml
index 9657244..a8056ec 100644
--- a/reports/GO-2021-0157.yaml
+++ b/reports/GO-2021-0157.yaml
@@ -1,19 +1,19 @@
module: std
package: net/textproto
versions:
-- fixed: go1.4.3
+ - fixed: go1.4.3
description: |
- The MIME header parser treated spaces and hyphens
- as equivalent, which can permit HTTP request smuggling.
+ The MIME header parser treated spaces and hyphens
+ as equivalent, which can permit HTTP request smuggling.
published: 2022-01-05T20:00:00Z
cves:
-- CVE-2015-5739
+ - CVE-2015-5739
credit: Régis Leroy
symbols:
-- CanonicalMIMEHeaderKey
-- canonicalMIMEHeaderKey
+ - CanonicalMIMEHeaderKey
+ - canonicalMIMEHeaderKey
links:
- pr: https://go.dev/cl/11772
- commit: https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9
- context:
- - https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ
+ pr: https://go.dev/cl/11772
+ commit: https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9
+ context:
+ - https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ
diff --git a/reports/GO-2021-0159.yaml b/reports/GO-2021-0159.yaml
index 38a5762..9f2df65 100644
--- a/reports/GO-2021-0159.yaml
+++ b/reports/GO-2021-0159.yaml
@@ -1,34 +1,34 @@
-package: net/http
module: std
+package: net/http
versions:
-- fixed: go1.4.3
+ - fixed: go1.4.3
description: |
- HTTP headers were not properly parsed, which allows remote attackers to
- conduct HTTP request smuggling attacks via a request that contains
- Content-Length and Transfer-Encoding header fields.
+ HTTP headers were not properly parsed, which allows remote attackers to
+ conduct HTTP request smuggling attacks via a request that contains
+ Content-Length and Transfer-Encoding header fields.
cves:
- CVE-2015-5739
- CVE-2015-5740
- CVE-2015-5741
credit: Jed Denlea and Régis Leroy
symbols:
-- CanonicalMIMEHeaderKey
-- body.readLocked
-- canonicalMIMEHeaderKey
-- chunkWriter.writeHeader
-- fixLength
-- fixTransferEncoding
-- readTransfer
-- transferWriter.shouldSendContentLength
-- validHeaderFieldByte
+ - CanonicalMIMEHeaderKey
+ - body.readLocked
+ - canonicalMIMEHeaderKey
+ - chunkWriter.writeHeader
+ - fixLength
+ - fixTransferEncoding
+ - readTransfer
+ - transferWriter.shouldSendContentLength
+ - validHeaderFieldByte
links:
- pr: https://go.dev/cl/13148
- commit: https://go.googlesource.com/go/+/26049f6f9171d1190f3bbe05ec304845cfe6399f
- context:
- - https://go.dev/cl/11772
- - https://go.dev/cl/11810
- - https://go.dev/cl/12865
- - https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9
- - https://go.googlesource.com/go/+/300d9a21583e7cf0149a778a0611e76ff7c6680f
- - https://go.googlesource.com/go/+/c2db5f4ccc61ba7df96a747e268a277b802cbb87
- - https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ
+ pr: https://go.dev/cl/13148
+ commit: https://go.googlesource.com/go/+/26049f6f9171d1190f3bbe05ec304845cfe6399f
+ context:
+ - https://go.dev/cl/11772
+ - https://go.dev/cl/11810
+ - https://go.dev/cl/12865
+ - https://go.googlesource.com/go/+/117ddcb83d7f42d6aa72241240af99ded81118e9
+ - https://go.googlesource.com/go/+/300d9a21583e7cf0149a778a0611e76ff7c6680f
+ - https://go.googlesource.com/go/+/c2db5f4ccc61ba7df96a747e268a277b802cbb87
+ - https://groups.google.com/g/golang-announce/c/iSIyW4lM4hY/m/ADuQR4DiDwAJ
diff --git a/reports/GO-2021-0160.yaml b/reports/GO-2021-0160.yaml
index 045796f..a6ceaee 100644
--- a/reports/GO-2021-0160.yaml
+++ b/reports/GO-2021-0160.yaml
@@ -4,25 +4,25 @@
- introduced: go1.5
fixed: go1.5.3
description: |
- Int.Exp Montgomery mishandled carry propagation and produced an incorrect
- output, which makes it easier for attackers to obtain private RSA keys via
- unspecified vectors.
+ Int.Exp Montgomery mishandled carry propagation and produced an incorrect
+ output, which makes it easier for attackers to obtain private RSA keys via
+ unspecified vectors.
- This issue can affect RSA computations in crypto/rsa, which is used by
- crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA
- private key due to this issue. Other protocol implementations that create
- many RSA signatures could also be impacted in the same way.
+ This issue can affect RSA computations in crypto/rsa, which is used by
+ crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA
+ private key due to this issue. Other protocol implementations that create
+ many RSA signatures could also be impacted in the same way.
- Specifically, incorrect results in one part of the RSA Chinese Remainder
- computation can cause the result to be incorrect in such a way that it leaks
- one of the primes. While RSA blinding should prevent an attacker from crafting
- specific inputs that trigger the bug, on 32-bit systems the bug can be expected
- to occur at random around one in 2^26 times. Thus collecting around 64 million
- signatures (of known data) from an affected server should be enough to extract
- the private key used.
+ Specifically, incorrect results in one part of the RSA Chinese Remainder
+ computation can cause the result to be incorrect in such a way that it leaks
+ one of the primes. While RSA blinding should prevent an attacker from crafting
+ specific inputs that trigger the bug, on 32-bit systems the bug can be expected
+ to occur at random around one in 2^26 times. Thus collecting around 64 million
+ signatures (of known data) from an affected server should be enough to extract
+ the private key used.
- Note that on 64-bit systems, the frequency of the bug is so low
- (less than one in 2^50) that it would be very difficult to exploit.
+ Note that on 64-bit systems, the frequency of the bug is so low
+ (less than one in 2^50) that it would be very difficult to exploit.
cves:
- CVE-2015-8618
credit: Nick Craig-Wood
@@ -30,10 +30,10 @@
- nat.expNNMontgomery
- nat.montgomery
links:
- pr: https://go.dev/cl/18491
- commit: https://go.googlesource.com/go/+/1e066cad1ba23f4064545355b8737e4762dd6838
- context:
- - https://go.googlesource.com/go/+/4306352182bf94f86f0cfc6a8b0ed461cbf1d82c
- - https://go.dev/cl/17672
- - https://go.dev/issue/13515
- - https://groups.google.com/g/golang-announce/c/MEATuOi_ei4
+ pr: https://go.dev/cl/18491
+ commit: https://go.googlesource.com/go/+/1e066cad1ba23f4064545355b8737e4762dd6838
+ context:
+ - https://go.googlesource.com/go/+/4306352182bf94f86f0cfc6a8b0ed461cbf1d82c
+ - https://go.dev/cl/17672
+ - https://go.dev/issue/13515
+ - https://groups.google.com/g/golang-announce/c/MEATuOi_ei4
diff --git a/reports/GO-2021-0163.yaml b/reports/GO-2021-0163.yaml
index a59cd16..c4e5653 100644
--- a/reports/GO-2021-0163.yaml
+++ b/reports/GO-2021-0163.yaml
@@ -4,16 +4,16 @@
- fixed: go1.5.4
- fixed: go1.6.1
description: |
- Untrusted search path vulnerability on Windows related to LoadLibrary allows
- local users to gain privileges via a malicious DLL in the current working
- directory.
+ Untrusted search path vulnerability on Windows related to LoadLibrary allows
+ local users to gain privileges via a malicious DLL in the current working
+ directory.
cves:
- CVE-2016-3958
symbols:
- LoadLibrary
links:
- commit: https://go.googlesource.com/go/+/6a0bb87bd0bf0fdf8ddbd35f77a75ebd412f61b0
- pr: https://go.dev/cl/21428
- context:
- - https://go.dev/issue/14959
- - https://groups.google.com/g/golang-announce/c/9eqIHqaWvck
+ pr: https://go.dev/cl/21428
+ commit: https://go.googlesource.com/go/+/6a0bb87bd0bf0fdf8ddbd35f77a75ebd412f61b0
+ context:
+ - https://go.dev/issue/14959
+ - https://groups.google.com/g/golang-announce/c/9eqIHqaWvck
diff --git a/reports/GO-2021-0225.yaml b/reports/GO-2021-0225.yaml
index 6d14706..4d14669 100644
--- a/reports/GO-2021-0225.yaml
+++ b/reports/GO-2021-0225.yaml
@@ -1,28 +1,28 @@
module: std
package: encoding/binary
versions:
-- fixed: go1.13.15
-- fixed: go1.14.7
+ - fixed: go1.13.15
+ - fixed: go1.14.7
description: |
- Certain invalid inputs to ReadUvarint or ReadVarint could cause those
- functions to read an unlimited number of bytes from the ByteReader argument
- before returning an error. This could lead to processing more input than
- expected when the caller is reading directly from a network and depends on
- ReadUvarint and ReadVarint only consuming a small, bounded number of bytes,
- even from invalid inputs.
+ Certain invalid inputs to ReadUvarint or ReadVarint could cause those
+ functions to read an unlimited number of bytes from the ByteReader argument
+ before returning an error. This could lead to processing more input than
+ expected when the caller is reading directly from a network and depends on
+ ReadUvarint and ReadVarint only consuming a small, bounded number of bytes,
+ even from invalid inputs.
- With the update, ReadUvarint and ReadVarint now always return after consuming
- a bounded number of bytes (specifically, MaxVarintLen64, which is 10). The
- result being returned has not changed; the functions merely detect and return
- some errors without reading as much input.
+ With the update, ReadUvarint and ReadVarint now always return after consuming
+ a bounded number of bytes (specifically, MaxVarintLen64, which is 10). The
+ result being returned has not changed; the functions merely detect and return
+ some errors without reading as much input.
cves:
-- CVE-2020-16845
+ - CVE-2020-16845
credit: Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon
symbols:
-- ReadUvarint
+ - ReadUvarint
links:
- pr: https://go.dev/cl/247120
- commit: https://go.googlesource.com/go/+/027d7241ce050d197e7fabea3d541ffbe3487258
- context:
- - https://go.dev/issue/40618
- - https://groups.google.com/g/golang-announce/c/NyPIaucMgXo
+ pr: https://go.dev/cl/247120
+ commit: https://go.googlesource.com/go/+/027d7241ce050d197e7fabea3d541ffbe3487258
+ context:
+ - https://go.dev/issue/40618
+ - https://groups.google.com/g/golang-announce/c/NyPIaucMgXo
diff --git a/reports/GO-2021-0226.yaml b/reports/GO-2021-0226.yaml
index 5e1016e..bec9077 100644
--- a/reports/GO-2021-0226.yaml
+++ b/reports/GO-2021-0226.yaml
@@ -1,31 +1,31 @@
module: std
package: net/http/cgi
versions:
-- fixed: go1.14.8
-- fixed: go1.15.1
+ - fixed: go1.14.8
+ - fixed: go1.15.1
description: |
- When a Handler does not explicitly set the Content-Type header, the the
- package would default to “text/html”, which could cause a Cross-Site Scripting
- vulnerability if an attacker can control any part of the contents of a
- response.
+ When a Handler does not explicitly set the Content-Type header, the the
+ package would default to “text/html”, which could cause a Cross-Site Scripting
+ vulnerability if an attacker can control any part of the contents of a
+ response.
- The Content-Type header is now set based on the contents of the first Write
- using http.DetectContentType, which is consistent with the behavior of the
- net/http package.
+ The Content-Type header is now set based on the contents of the first Write
+ using http.DetectContentType, which is consistent with the behavior of the
+ net/http package.
- Although this protects some applications that validate the contents of
- uploaded files, not setting the Content-Type header explicitly on any
- attacker-controlled file is unsafe and should be avoided.
+ Although this protects some applications that validate the contents of
+ uploaded files, not setting the Content-Type header explicitly on any
+ attacker-controlled file is unsafe and should be avoided.
cves:
-- CVE-2020-24553
+ - CVE-2020-24553
credit: RedTeam Pentesting GmbH
symbols:
-- response.Write
-- response.WriteHeader
-- response.writeCGIHeader
+ - response.Write
+ - response.WriteHeader
+ - response.writeCGIHeader
links:
- pr: https://go.dev/cl/252179
- commit: https://go.googlesource.com/go/+/4f5cd0c0331943c7ec72df3b827d972584f77833
- context:
- - https://groups.google.com/g/golang-announce/c/8wqlSbkLdPs
- - https://go.dev/issue/40928
+ pr: https://go.dev/cl/252179
+ commit: https://go.googlesource.com/go/+/4f5cd0c0331943c7ec72df3b827d972584f77833
+ context:
+ - https://groups.google.com/g/golang-announce/c/8wqlSbkLdPs
+ - https://go.dev/issue/40928
diff --git a/reports/GO-2021-0228.yaml b/reports/GO-2021-0228.yaml
index 23d6c89..2b7783e 100644
--- a/reports/GO-2021-0228.yaml
+++ b/reports/GO-2021-0228.yaml
@@ -1,20 +1,20 @@
module: github.com/unknwon/cae
package: github.com/unknwon/cae/zip
versions:
-- fixed: v1.0.1
+ - fixed: v1.0.1
description: |
- The ExtractTo function doesn't securely escape file paths in zip archives
- which include leading or non-leading "..". This allows an attacker to add or
- replace files system-wide.
+ The ExtractTo function doesn't securely escape file paths in zip archives
+ which include leading or non-leading "..". This allows an attacker to add or
+ replace files system-wide.
cves:
-- CVE-2020-7664
+ - CVE-2020-7664
credit: Georgios Gkitsas of Snyk Security Team
symbols:
-- TzArchive.syncFiles
-- TzArchive.ExtractToFunc
-- ZipArchive.Open
-- ZipArchive.ExtractToFunc
+ - TzArchive.syncFiles
+ - TzArchive.ExtractToFunc
+ - ZipArchive.Open
+ - ZipArchive.ExtractToFunc
links:
- commit: https://github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11
- context:
- - https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383
+ commit: https://github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11
+ context:
+ - https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383
diff --git a/reports/GO-2021-0237.yaml b/reports/GO-2021-0237.yaml
index 6d87ac9..4b583eb 100644
--- a/reports/GO-2021-0237.yaml
+++ b/reports/GO-2021-0237.yaml
@@ -1,17 +1,17 @@
module: github.com/AndrewBurian/powermux
versions:
-- fixed: v1.1.1
+ - fixed: v1.1.1
description: |
- Attackers may be able to craft phishing links and other open
- redirects by exploiting PowerMux's trailing slash redirection
- feature. This may lead to users being redirected to untrusted
- sites after following an attacker crafted link.
+ Attackers may be able to craft phishing links and other open
+ redirects by exploiting PowerMux's trailing slash redirection
+ feature. This may lead to users being redirected to untrusted
+ sites after following an attacker crafted link.
cves:
-- CVE-2021-32721
+ - CVE-2021-32721
symbols:
-- Route.execute
+ - Route.execute
links:
- pr: https://github.com/AndrewBurian/powermux/pull/42
- commit: https://github.com/AndrewBurian/powermux/commit/5e60a8a0372b35a898796c2697c40e8daabed8e9
- context:
- - https://github.com/AndrewBurian/powermux/security/advisories/GHSA-mj9r-wwm8-7q52
+ pr: https://github.com/AndrewBurian/powermux/pull/42
+ commit: https://github.com/AndrewBurian/powermux/commit/5e60a8a0372b35a898796c2697c40e8daabed8e9
+ context:
+ - https://github.com/AndrewBurian/powermux/security/advisories/GHSA-mj9r-wwm8-7q52
diff --git a/reports/GO-2021-0258.yaml b/reports/GO-2021-0258.yaml
index 7cb9aae..ee59322 100644
--- a/reports/GO-2021-0258.yaml
+++ b/reports/GO-2021-0258.yaml
@@ -1,21 +1,21 @@
module: github.com/pomerium/pomerium
versions:
-- fixed: v0.15.6
+ - fixed: v0.15.6
description: |
- Pomerium is an open source identity-aware access proxy. Changes to the OIDC
- claims of a user after initial login are not reflected in policy evaluation
- when using allowed_idp_claims as part of policy. If using allowed_idp_claims
- and a user's claims are changed, Pomerium can make incorrect authorization
- decisions.
+ Pomerium is an open source identity-aware access proxy. Changes to the OIDC
+ claims of a user after initial login are not reflected in policy evaluation
+ when using allowed_idp_claims as part of policy. If using allowed_idp_claims
+ and a user's claims are changed, Pomerium can make incorrect authorization
+ decisions.
- For users unable to upgrade clear data on databroker service by clearing
- redis or restarting the in-memory databroker to force claims to be updated.
+ For users unable to upgrade clear data on databroker service by clearing
+ redis or restarting the in-memory databroker to force claims to be updated.
cves:
-- CVE-2021-41230
+ - CVE-2021-41230
symbols:
-- Manager.onUpdateRecords
+ - Manager.onUpdateRecords
links:
- pr: https://github.com/pomerium/pomerium/pull/2724
- commit: https://github.com/pomerium/pomerium/commit/f20542c4bf2cc691e4c324f7ec79e02e46d95511
- context:
- - https://github.com/pomerium/pomerium/security/advisories/GHSA-j6wp-3859-vxfg
+ pr: https://github.com/pomerium/pomerium/pull/2724
+ commit: https://github.com/pomerium/pomerium/commit/f20542c4bf2cc691e4c324f7ec79e02e46d95511
+ context:
+ - https://github.com/pomerium/pomerium/security/advisories/GHSA-j6wp-3859-vxfg
diff --git a/reports/GO-2021-0263.yaml b/reports/GO-2021-0263.yaml
index 77d0a51..668bc21 100644
--- a/reports/GO-2021-0263.yaml
+++ b/reports/GO-2021-0263.yaml
@@ -1,21 +1,21 @@
module: std
package: debug/macho
versions:
-- fixed: go1.17.3
-- fixed: go1.16.10
+ - fixed: go1.17.3
+ - fixed: go1.16.10
description: |
- Calling File.ImportedSymbols on a loaded file which contains an invalid
- dynamic symbol table command can cause a panic, in particular if the encoded
- number of undefined symbols is larger than the number of symbols in the symbol
- table.
+ Calling File.ImportedSymbols on a loaded file which contains an invalid
+ dynamic symbol table command can cause a panic, in particular if the encoded
+ number of undefined symbols is larger than the number of symbols in the symbol
+ table.
cves:
-- CVE-2021-41771
+ - CVE-2021-41771
credit: Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech)
symbols:
-- NewFile
+ - NewFile
links:
- pr: https://go.dev/cl/367075
- commit: https://go.googlesource.com/go/+/61536ec03063b4951163bd09609c86d82631fa27
- context:
- - https://groups.google.com/g/golang-announce/c/0fM21h43arc
- - https://go.dev/issue/48990
+ pr: https://go.dev/cl/367075
+ commit: https://go.googlesource.com/go/+/61536ec03063b4951163bd09609c86d82631fa27
+ context:
+ - https://groups.google.com/g/golang-announce/c/0fM21h43arc
+ - https://go.dev/issue/48990
diff --git a/reports/GO-2021-0264.yaml b/reports/GO-2021-0264.yaml
index dcd5b2b..2742e09 100644
--- a/reports/GO-2021-0264.yaml
+++ b/reports/GO-2021-0264.yaml
@@ -4,30 +4,31 @@
- fixed: go1.16.10
- fixed: go1.17.3
description: |
- Previously, opening a zip with (*Reader).Open could result in a panic if the
- zip contained a file whose name was exclusively made up of slash characters or
- ".." path elements.
+ Previously, opening a zip with (*Reader).Open could result in a panic if the
+ zip contained a file whose name was exclusively made up of slash characters or
+ ".." path elements.
- Open could also panic if passed the empty string directly as an argument.
+ Open could also panic if passed the empty string directly as an argument.
- Now, any files in the zip whose name could not be made valid for fs.FS.Open
- will be skipped, and no longer added to the fs.FS file list, although they
- are still accessible through (*Reader).File.
+ Now, any files in the zip whose name could not be made valid for fs.FS.Open
+ will be skipped, and no longer added to the fs.FS file list, although they
+ are still accessible through (*Reader).File.
- Note that it was already the case that a file could be accessible from
- (*Reader).Open with a name different from the one in (*Reader).File, as the
- former is the cleaned name, while the latter is the original one.
+ Note that it was already the case that a file could be accessible from
+ (*Reader).Open with a name different from the one in (*Reader).File, as the
+ former is the cleaned name, while the latter is the original one.
- Finally, the actual panic site was made robust as a defense-in-depth measure.
+ Finally, the actual panic site was made robust as a defense-in-depth measure.
cves:
- CVE-2021-41772
-credit: Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code Intelligence Team
+credit: Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code Intelligence
+ Team
symbols:
- split
- Reader.Open
links:
- pr: https://go.dev/cl/349770
- commit: https://go.googlesource.com/go/+/b24687394b55a93449e2be4e6892ead58ea9a10f
- context:
- - https://groups.google.com/g/golang-announce/c/0fM21h43arc
- - https://go.dev/issue/48085
+ pr: https://go.dev/cl/349770
+ commit: https://go.googlesource.com/go/+/b24687394b55a93449e2be4e6892ead58ea9a10f
+ context:
+ - https://groups.google.com/g/golang-announce/c/0fM21h43arc
+ - https://go.dev/issue/48085
diff --git a/reports/GO-2021-0265.yaml b/reports/GO-2021-0265.yaml
index 4ac4ac1..6a2fb91 100644
--- a/reports/GO-2021-0265.yaml
+++ b/reports/GO-2021-0265.yaml
@@ -1,15 +1,15 @@
module: github.com/tidwall/gjson
versions:
-- fixed: v1.9.3
+ - fixed: v1.9.3
description: |
- GJSON allowed a ReDoS (regular expression denial of service) attack.
+ GJSON allowed a ReDoS (regular expression denial of service) attack.
cves:
-- CVE-2021-42836
+ - CVE-2021-42836
symbols:
-- match.Match
+ - match.Match
links:
- commit: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
- context:
- - https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3
- - https://github.com/tidwall/gjson/issues/236
- - https://github.com/tidwall/gjson/issues/237
+ commit: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
+ context:
+ - https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3
+ - https://github.com/tidwall/gjson/issues/236
+ - https://github.com/tidwall/gjson/issues/237
diff --git a/reports/GO-2021-0269.yaml b/reports/GO-2021-0269.yaml
index 4e55c15..74b4547 100644
--- a/reports/GO-2021-0269.yaml
+++ b/reports/GO-2021-0269.yaml
@@ -1,31 +1,31 @@
module: std
package: net/http/fcgi
versions:
-- fixed: go1.14.8
-- fixed: go1.15.1
+ - fixed: go1.14.8
+ - fixed: go1.15.1
description: |
- When a Handler does not explicitly set the Content-Type header, the the
- package would default to “text/html”, which could cause a Cross-Site Scripting
- vulnerability if an attacker can control any part of the contents of a
- response.
+ When a Handler does not explicitly set the Content-Type header, the the
+ package would default to “text/html”, which could cause a Cross-Site Scripting
+ vulnerability if an attacker can control any part of the contents of a
+ response.
- The Content-Type header is now set based on the contents of the first Write
- using http.DetectContentType, which is consistent with the behavior of the
- net/http package.
+ The Content-Type header is now set based on the contents of the first Write
+ using http.DetectContentType, which is consistent with the behavior of the
+ net/http package.
- Although this protects some applications that validate the contents of
- uploaded files, not setting the Content-Type header explicitly on any
- attacker-controlled file is unsafe and should be avoided.
+ Although this protects some applications that validate the contents of
+ uploaded files, not setting the Content-Type header explicitly on any
+ attacker-controlled file is unsafe and should be avoided.
cves:
-- CVE-2020-24553
+ - CVE-2020-24553
credit: RedTeam Pentesting GmbH
symbols:
-- response.Write
-- response.WriteHeader
-- response.writeCGIHeader
+ - response.Write
+ - response.WriteHeader
+ - response.writeCGIHeader
links:
- pr: https://go.dev/cl/252179
- commit: https://go.googlesource.com/go/+/4f5cd0c0331943c7ec72df3b827d972584f77833
- context:
- - https://groups.google.com/g/golang-announce/c/8wqlSbkLdPs
- - https://go.dev/issue/40928
+ pr: https://go.dev/cl/252179
+ commit: https://go.googlesource.com/go/+/4f5cd0c0331943c7ec72df3b827d972584f77833
+ context:
+ - https://groups.google.com/g/golang-announce/c/8wqlSbkLdPs
+ - https://go.dev/issue/40928
