data/reports: review 1 report
Updates golang/vulndb#3699
Updates golang/vulndb#3708
Updates golang/vulndb#3709
Change-Id: I66b0a86340d9ab3d368c43d7676484b81df05106
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/676555
Auto-Submit: Neal Patel <nealpatel@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/osv/GO-2025-3699.json b/data/osv/GO-2025-3699.json
index 168782e..c404f70 100644
--- a/data/osv/GO-2025-3699.json
+++ b/data/osv/GO-2025-3699.json
@@ -7,28 +7,11 @@
"CVE-2025-47290",
"GHSA-cm76-qm8v-3j95"
],
- "summary": "containerd allows host filesystem access on pull in github.com/containerd/containerd",
- "details": "containerd allows host filesystem access on pull in github.com/containerd/containerd",
+ "summary": "Allows host filesystem access on pull in github.com/containerd/containerd",
+ "details": "Allows host filesystem access on pull in github.com/containerd/containerd",
"affected": [
{
"package": {
- "name": "github.com/containerd/containerd",
- "ecosystem": "Go"
- },
- "ranges": [
- {
- "type": "SEMVER",
- "events": [
- {
- "introduced": "0"
- }
- ]
- }
- ],
- "ecosystem_specific": {}
- },
- {
- "package": {
"name": "github.com/containerd/containerd/v2",
"ecosystem": "Go"
},
@@ -54,10 +37,6 @@
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95"
},
{
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47290"
- },
- {
"type": "FIX",
"url": "https://github.com/containerd/containerd/commit/cada13298fba85493badb6fecb6ccf80e49673cc"
},
@@ -68,6 +47,6 @@
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2025-3699",
- "review_status": "UNREVIEWED"
+ "review_status": "REVIEWED"
}
}
\ No newline at end of file
diff --git a/data/reports/GO-2025-3699.yaml b/data/reports/GO-2025-3699.yaml
index f5a16b8..ba2edbe 100644
--- a/data/reports/GO-2025-3699.yaml
+++ b/data/reports/GO-2025-3699.yaml
@@ -1,23 +1,22 @@
id: GO-2025-3699
modules:
- - module: github.com/containerd/containerd
- vulnerable_at: 1.7.27
- module: github.com/containerd/containerd/v2
versions:
- introduced: 2.1.0
- fixed: 2.1.1
vulnerable_at: 2.1.0
-summary: containerd allows host filesystem access on pull in github.com/containerd/containerd
+summary: |-
+ Allows host filesystem access on pull in
+ github.com/containerd/containerd
cves:
- CVE-2025-47290
ghsas:
- GHSA-cm76-qm8v-3j95
references:
- advisory: https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95
- - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-47290
- fix: https://github.com/containerd/containerd/commit/cada13298fba85493badb6fecb6ccf80e49673cc
- web: https://github.com/containerd/containerd/releases/tag/v2.1.1
source:
id: GHSA-cm76-qm8v-3j95
created: 2025-05-22T12:45:54.914854-04:00
-review_status: UNREVIEWED
+review_status: REVIEWED
