data/reports: add GO-2023-2413.yaml
Aliases: CVE-2023-49922, GHSA-hj4r-2c9c-29h3
Fixes golang/vulndb#2413
Change-Id: I96c06e7f8bef048a8005bf84df1075c669d7915a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/553635
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
TryBot-Bypass: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
diff --git a/data/osv/GO-2023-2413.json b/data/osv/GO-2023-2413.json
new file mode 100644
index 0000000..4dc0b90
--- /dev/null
+++ b/data/osv/GO-2023-2413.json
@@ -0,0 +1,61 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2023-2413",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2023-49922",
+ "GHSA-hj4r-2c9c-29h3"
+ ],
+ "summary": "Sensitive information logged in github.com/elastic/beats/v7",
+ "details": "Sensitive information logged in github.com/elastic/beats/v7",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/elastic/beats/v7",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "7.17.16"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/elastic/beats/v7/libbeat/processors/script/javascript",
+ "symbols": [
+ "jsProcessor.Run",
+ "session.runProcessFunc"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49922"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/elastic/beats/commit/9bd7de84ab9c31bb4e1c0a348a7b7c26817a0996"
+ },
+ {
+ "type": "WEB",
+ "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2023-2413"
+ }
+}
\ No newline at end of file
diff --git a/data/reports/GO-2023-2413.yaml b/data/reports/GO-2023-2413.yaml
new file mode 100644
index 0000000..a10e854
--- /dev/null
+++ b/data/reports/GO-2023-2413.yaml
@@ -0,0 +1,21 @@
+id: GO-2023-2413
+modules:
+ - module: github.com/elastic/beats/v7
+ versions:
+ - fixed: 7.17.16
+ vulnerable_at: 7.17.15
+ packages:
+ - package: github.com/elastic/beats/v7/libbeat/processors/script/javascript
+ symbols:
+ - session.runProcessFunc
+ derived_symbols:
+ - jsProcessor.Run
+summary: Sensitive information logged in github.com/elastic/beats/v7
+cves:
+ - CVE-2023-49922
+ghsas:
+ - GHSA-hj4r-2c9c-29h3
+references:
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-49922
+ - fix: https://github.com/elastic/beats/commit/9bd7de84ab9c31bb4e1c0a348a7b7c26817a0996
+ - web: https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180