Google Git
Sign in
go / vulndb / bfd27ade11c20157c4432b663fdfc2a9681b4b86 / . / data / reports / GO-2023-1980.yaml
blob: 81979f562ed0a20409639944c19e6cba401fc185 [file] [log] [blame]
id: GO-2023-1980
modules:
- module: github.com/crossplane/crossplane
versions:
- fixed: 1.11.5
- introduced: 1.12.0
- fixed: 1.12.3
vulnerable_at: 1.12.2
summary: Possible image tampering from missing image validation for Packages in github.com/crossplane/crossplane
cves:
- CVE-2023-38495
ghsas:
- GHSA-pj4x-2xr5-w87m
references:
- advisory: https://github.com/crossplane/crossplane/security/advisories/GHSA-pj4x-2xr5-w87m
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-38495
- web: https://github.com/crossplane/crossplane/blob/ac8b24fe739c5d942ea885157148497f196c3dd3/security/ADA-security-audit-23.pdf
source:
id: GHSA-pj4x-2xr5-w87m
created: 2024-08-20T11:59:12.603892-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE