data/reports: add 2 needs review reports
- data/reports/GO-2024-3279.yaml
- data/reports/GO-2024-3282.yaml
Updates golang/vulndb#3279
Updates golang/vulndb#3282
Change-Id: I198fb77d1510d966d66fd34906f15ae24a1f2364
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/630756
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/osv/GO-2024-3279.json b/data/osv/GO-2024-3279.json
new file mode 100644
index 0000000..4fb7d57
--- /dev/null
+++ b/data/osv/GO-2024-3279.json
@@ -0,0 +1,47 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2024-3279",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "GHSA-7225-m954-23v7"
+ ],
+ "summary": "ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic",
+ "details": "ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic",
+ "affected": [
+ {
+ "package": {
+ "name": "cosmossdk.io/math",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.4.0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-7225-m954-23v7"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/cosmos/cosmos-sdk/commit/c6522a72a45c34897f9fc85d438c0b74d52f8862"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2024-3279",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2024-3282.json b/data/osv/GO-2024-3282.json
new file mode 100644
index 0000000..af47c03
--- /dev/null
+++ b/data/osv/GO-2024-3282.json
@@ -0,0 +1,75 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2024-3282",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "GHSA-r4pg-vg54-wxx4"
+ ],
+ "summary": "cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs in github.com/cert-manager/cert-manager",
+ "details": "cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs in github.com/cert-manager/cert-manager",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/cert-manager/cert-manager",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.12.14"
+ },
+ {
+ "introduced": "1.13.0-alpha.0"
+ },
+ {
+ "fixed": "1.15.4"
+ },
+ {
+ "introduced": "1.16.0-alpha.0"
+ },
+ {
+ "fixed": "1.16.2"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/cert-manager/cert-manager/pull/7400"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/cert-manager/cert-manager/pull/7401"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/cert-manager/cert-manager/pull/7402"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/cert-manager/cert-manager/pull/7403"
+ },
+ {
+ "type": "WEB",
+ "url": "https://go.dev/issue/50116"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2024-3282",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/reports/GO-2024-3279.yaml b/data/reports/GO-2024-3279.yaml
new file mode 100644
index 0000000..ddaa649
--- /dev/null
+++ b/data/reports/GO-2024-3279.yaml
@@ -0,0 +1,18 @@
+id: GO-2024-3279
+modules:
+ - module: cosmossdk.io/math
+ versions:
+ - fixed: 1.4.0
+ vulnerable_at: 1.3.0
+summary: |-
+ ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and
+ sdk.Dec can lead to panic
+ghsas:
+ - GHSA-7225-m954-23v7
+references:
+ - advisory: https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-7225-m954-23v7
+ - web: https://github.com/cosmos/cosmos-sdk/commit/c6522a72a45c34897f9fc85d438c0b74d52f8862
+source:
+ id: GHSA-7225-m954-23v7
+ created: 2024-11-21T14:39:42.980234-05:00
+review_status: NEEDS_REVIEW
diff --git a/data/reports/GO-2024-3282.yaml b/data/reports/GO-2024-3282.yaml
new file mode 100644
index 0000000..46ba00b
--- /dev/null
+++ b/data/reports/GO-2024-3282.yaml
@@ -0,0 +1,26 @@
+id: GO-2024-3282
+modules:
+ - module: github.com/cert-manager/cert-manager
+ versions:
+ - fixed: 1.12.14
+ - introduced: 1.13.0-alpha.0
+ - fixed: 1.15.4
+ - introduced: 1.16.0-alpha.0
+ - fixed: 1.16.2
+ vulnerable_at: 1.16.1
+summary: |-
+ cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM
+ inputs in github.com/cert-manager/cert-manager
+ghsas:
+ - GHSA-r4pg-vg54-wxx4
+references:
+ - advisory: https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4
+ - fix: https://github.com/cert-manager/cert-manager/pull/7400
+ - fix: https://github.com/cert-manager/cert-manager/pull/7401
+ - fix: https://github.com/cert-manager/cert-manager/pull/7402
+ - fix: https://github.com/cert-manager/cert-manager/pull/7403
+ - web: https://go.dev/issue/50116
+source:
+ id: GHSA-r4pg-vg54-wxx4
+ created: 2024-11-21T14:39:18.975104-05:00
+review_status: NEEDS_REVIEW
