data/reports/GO-2023-1505.yaml - vulndb - Git at Google

 id: GO-2023-1505
 modules:
     - module: github.com/uber/kraken
       vulnerable_at: 0.1.4
       packages:
         - package: github.com/uber/kraken/lib/backend/testfs
           symbols:
             - Server.downloadHandler
             - Server.Handler
 summary: Arbitrary file read vulnerability in github.com/uber/kraken
 description: kraken contains an arbitrary file read vulnerability via component testfs.
 cves:
     - CVE-2022-47747
 ghsas:
     - GHSA-hj4g-4w36-x8hp
 references:
     - report: https://github.com/uber/kraken/issues/333
     - advisory: https://github.com/advisories/GHSA-hj4g-4w36-x8hp
 review_status: REVIEWED
	id: GO-2023-1505
	modules:
	- module: github.com/uber/kraken
	vulnerable_at: 0.1.4
	packages:
	- package: github.com/uber/kraken/lib/backend/testfs
	symbols:
	- Server.downloadHandler
	- Server.Handler
	summary: Arbitrary file read vulnerability in github.com/uber/kraken
	description: kraken contains an arbitrary file read vulnerability via component testfs.
	cves:
	- CVE-2022-47747
	ghsas:
	- GHSA-hj4g-4w36-x8hp
	references:
	- report: https://github.com/uber/kraken/issues/333
	- advisory: https://github.com/advisories/GHSA-hj4g-4w36-x8hp
	review_status: REVIEWED