Google Git
Sign in
go / vulndb / 660e69064900e3b1bf6f97df19d12956d527ed01^! / .
commit660e69064900e3b1bf6f97df19d12956d527ed01[log] [tgz]
authorDamien Neil <dneil@google.com>Wed Nov 29 12:51:12 2023 -0800
committerDamien Neil <dneil@google.com>Wed Nov 29 22:55:49 2023 +0000
tree7d264c7b0a5ef3e3e181b81bfebe422e4d382710
parent73b9e2ecc3757e27f001b04326adf1293d9279ad [diff]
data/excluded: batch add 6 excluded reports

Adds excluded reports:
	- data/excluded/GO-2023-2349.yaml
	- data/excluded/GO-2023-2346.yaml
	- data/excluded/GO-2023-2353.yaml
	- data/excluded/GO-2023-2351.yaml
	- data/excluded/GO-2023-2347.yaml
	- data/excluded/GO-2023-2331.yaml

Fixes golang/vulndb#2349
Fixes golang/vulndb#2346
Fixes golang/vulndb#2353
Fixes golang/vulndb#2351
Fixes golang/vulndb#2347
Fixes golang/vulndb#2331

Change-Id: If58a88f5f61615634a3ab5a9dd30a28e1856ed35
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/546035
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Tim King <taking@google.com>

diff --git a/data/excluded/GO-2023-2331.yaml b/data/excluded/GO-2023-2331.yaml
new file mode 100644
index 0000000..cc0e123
--- /dev/null
+++ b/data/excluded/GO-2023-2331.yaml

@@ -0,0 +1,8 @@
+id: GO-2023-2331
+excluded: DEPENDENT_VULNERABILITY
+modules:
+    - module: github.com/open-telemetry/opentelemetry-go-contrib
+cves:
+    - CVE-2023-47108
+ghsas:
+    - GHSA-8pgv-569h-w5rw

diff --git a/data/excluded/GO-2023-2346.yaml b/data/excluded/GO-2023-2346.yaml
new file mode 100644
index 0000000..55b5276
--- /dev/null
+++ b/data/excluded/GO-2023-2346.yaml

@@ -0,0 +1,8 @@
+id: GO-2023-2346
+excluded: NOT_A_VULNERABILITY
+modules:
+    - module: https://pkg.go.dev/github.com/whilp/git-urls
+cves:
+    - CVE-2023-46402
+ghsas:
+    - GHSA-3f2q-6294-fmq5

diff --git a/data/excluded/GO-2023-2347.yaml b/data/excluded/GO-2023-2347.yaml
new file mode 100644
index 0000000..378594a
--- /dev/null
+++ b/data/excluded/GO-2023-2347.yaml

@@ -0,0 +1,6 @@
+id: GO-2023-2347
+excluded: EFFECTIVELY_PRIVATE
+modules:
+    - module: github.com/openreplay/openreplay
+cves:
+    - CVE-2023-48226

diff --git a/data/excluded/GO-2023-2349.yaml b/data/excluded/GO-2023-2349.yaml
new file mode 100644
index 0000000..63de1f1
--- /dev/null
+++ b/data/excluded/GO-2023-2349.yaml

@@ -0,0 +1,6 @@
+id: GO-2023-2349
+excluded: NOT_GO_CODE
+modules:
+    - module: github.com/ossf/malicious-packages
+cves:
+    - CVE-2023-49210

diff --git a/data/excluded/GO-2023-2351.yaml b/data/excluded/GO-2023-2351.yaml
new file mode 100644
index 0000000..5648b8c
--- /dev/null
+++ b/data/excluded/GO-2023-2351.yaml

@@ -0,0 +1,8 @@
+id: GO-2023-2351
+excluded: EFFECTIVELY_PRIVATE
+modules:
+    - module: github.com/clastix/capsule-proxy
+cves:
+    - CVE-2023-48312
+ghsas:
+    - GHSA-fpvw-6m5v-hqfp

diff --git a/data/excluded/GO-2023-2353.yaml b/data/excluded/GO-2023-2353.yaml
new file mode 100644
index 0000000..4cdb024
--- /dev/null
+++ b/data/excluded/GO-2023-2353.yaml

@@ -0,0 +1,8 @@
+id: GO-2023-2353
+excluded: EFFECTIVELY_PRIVATE
+modules:
+    - module: github.com/layer5io/meshery
+cves:
+    - CVE-2023-46575
+ghsas:
+    - GHSA-9jjc-grg5-67gj