File tree Expand file tree Collapse file tree 12 files changed +468
-0
lines changed Expand file tree Collapse file tree 12 files changed +468
-0
lines changed Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3184"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-36814"
8+ " GHSA-9cp9-8gw2-8v7m"
9+ ],
10+ "summary" : " Adguard Home arbitrary file read vulnerability in github.com/AdguardTeam/AdGuardHome"
11+ "details" : " Adguard Home arbitrary file read vulnerability in github.com/AdguardTeam/AdGuardHome"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/AdguardTeam/AdGuardHome"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ },
25+ {
26+ "fixed" : " 0.107.53"
27+ }
28+ ]
29+ }
30+ ],
31+ "ecosystem_specific" : {}
32+ }
33+ ],
34+ "references" : [
35+ {
36+ "type" : " ADVISORY"
37+ "url" : " https://github.com/advisories/GHSA-9cp9-8gw2-8v7m"
38+ },
39+ {
40+ "type" : " ADVISORY"
41+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-36814"
42+ },
43+ {
44+ "type" : " FIX"
45+ "url" : " https://github.com/AdguardTeam/AdGuardHome/commit/e8fd4b187287a562cbe9018999e5ea576b4c7d68"
46+ },
47+ {
48+ "type" : " WEB"
49+ "url" : " https://github.com/AdguardTeam/AdGuardHome/blob/7c002e1a99b9b4e4a40e8c66851eda33e666d52d/internal/filtering/http.go#L23C1-L51C2"
50+ },
51+ {
52+ "type" : " WEB"
53+ "url" : " https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.53"
54+ },
55+ {
56+ "type" : " WEB"
57+ "url" : " https://github.com/itz-d0dgy"
58+ },
59+ {
60+ "type" : " WEB"
61+ "url" : " https://happy-little-accidents.pages.dev/posts/CVE-2024-36814"
62+ }
63+ ],
64+ "database_specific" : {
65+ "url" : " https://pkg.go.dev/vuln/GO-2024-3184"
66+ "review_status" : " UNREVIEWED"
67+ }
68+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3185"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-47832"
8+ ],
9+ "summary" : " XML Signature Bypass via differential XML parsing in ssoready in github.com/ssoready/ssoready"
10+ "details" : " XML Signature Bypass via differential XML parsing in ssoready in github.com/ssoready/ssoready"
11+ "affected" : [
12+ {
13+ "package" : {
14+ "name" : " github.com/ssoready/ssoready"
15+ "ecosystem" : " Go"
16+ },
17+ "ranges" : [
18+ {
19+ "type" : " SEMVER"
20+ "events" : [
21+ {
22+ "introduced" : " 0"
23+ }
24+ ]
25+ }
26+ ],
27+ "ecosystem_specific" : {}
28+ }
29+ ],
30+ "references" : [
31+ {
32+ "type" : " ADVISORY"
33+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-47832"
34+ },
35+ {
36+ "type" : " FIX"
37+ "url" : " https://github.com/ssoready/ssoready/commit/7f92a0630439972fcbefa8c7eafe8c144bd89915"
38+ },
39+ {
40+ "type" : " WEB"
41+ "url" : " https://github.com/ssoready/ssoready/security/advisories/GHSA-j2hr-q93x-gxvh"
42+ },
43+ {
44+ "type" : " WEB"
45+ "url" : " https://ssoready.com/docs/self-hosting/self-hosting-sso-ready"
46+ }
47+ ],
48+ "database_specific" : {
49+ "url" : " https://pkg.go.dev/vuln/GO-2024-3185"
50+ "review_status" : " UNREVIEWED"
51+ }
52+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3186"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-9675"
8+ " GHSA-586p-749j-fhwp"
9+ ],
10+ "summary" : " Buildah allows arbitrary directory mount in github.com/containers/buildah"
11+ "details" : " Buildah allows arbitrary directory mount in github.com/containers/buildah"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/containers/buildah"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ }
30+ ],
31+ "references" : [
32+ {
33+ "type" : " ADVISORY"
34+ "url" : " https://github.com/advisories/GHSA-586p-749j-fhwp"
35+ },
36+ {
37+ "type" : " ADVISORY"
38+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-9675"
39+ },
40+ {
41+ "type" : " WEB"
42+ "url" : " https://access.redhat.com/security/cve/CVE-2024-9675"
43+ },
44+ {
45+ "type" : " WEB"
46+ "url" : " https://bugzilla.redhat.com/show_bug.cgi?id=2317458"
47+ }
48+ ],
49+ "database_specific" : {
50+ "url" : " https://pkg.go.dev/vuln/GO-2024-3186"
51+ "review_status" : " UNREVIEWED"
52+ }
53+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3188"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-9312"
8+ " GHSA-4gfw-wf7c-w6g2"
9+ ],
10+ "summary" : " Authd allows attacker-controlled usernames to yield controllable UIDs in github.com/ubuntu/authd"
11+ "details" : " Authd allows attacker-controlled usernames to yield controllable UIDs in github.com/ubuntu/authd"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/ubuntu/authd"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ }
30+ ],
31+ "references" : [
32+ {
33+ "type" : " ADVISORY"
34+ "url" : " https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2"
35+ },
36+ {
37+ "type" : " ADVISORY"
38+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-9312"
39+ },
40+ {
41+ "type" : " ADVISORY"
42+ "url" : " https://www.cve.org/CVERecord?id=CVE-2024-9312"
43+ }
44+ ],
45+ "database_specific" : {
46+ "url" : " https://pkg.go.dev/vuln/GO-2024-3188"
47+ "review_status" : " UNREVIEWED"
48+ }
49+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3190"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-47067"
8+ " GHSA-8pph-gfhp-w226"
9+ ],
10+ "summary" : " Alist reflected Cross-Site Scripting vulnerability in github.com/alist-org/alist"
11+ "details" : " Alist reflected Cross-Site Scripting vulnerability in github.com/alist-org/alist"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/alist-org/alist"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ },
30+ {
31+ "package" : {
32+ "name" : " github.com/alist-org/alist/v3"
33+ "ecosystem" : " Go"
34+ },
35+ "ranges" : [
36+ {
37+ "type" : " SEMVER"
38+ "events" : [
39+ {
40+ "introduced" : " 0"
41+ },
42+ {
43+ "fixed" : " 3.29.0"
44+ }
45+ ]
46+ }
47+ ],
48+ "ecosystem_specific" : {}
49+ }
50+ ],
51+ "references" : [
52+ {
53+ "type" : " ADVISORY"
54+ "url" : " https://github.com/advisories/GHSA-8pph-gfhp-w226"
55+ },
56+ {
57+ "type" : " ADVISORY"
58+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-47067"
59+ },
60+ {
61+ "type" : " ADVISORY"
62+ "url" : " https://securitylab.github.com/advisories/GHSL-2023-220_Alist"
63+ },
64+ {
65+ "type" : " FIX"
66+ "url" : " https://github.com/alist-org/alist/commit/6100647310594868e931f3de1188ddd8bde93b78"
67+ }
68+ ],
69+ "database_specific" : {
70+ "url" : " https://pkg.go.dev/vuln/GO-2024-3190"
71+ "review_status" : " UNREVIEWED"
72+ }
73+ }
Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3191"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-9180"
8+ " GHSA-rr8j-7w34-xp5j"
9+ ],
10+ "summary" : " Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault"
11+ "details" : " Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/hashicorp/vault"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ },
25+ {
26+ "fixed" : " 1.18.0"
27+ }
28+ ]
29+ }
30+ ],
31+ "ecosystem_specific" : {}
32+ }
33+ ],
34+ "references" : [
35+ {
36+ "type" : " ADVISORY"
37+ "url" : " https://github.com/advisories/GHSA-rr8j-7w34-xp5j"
38+ },
39+ {
40+ "type" : " ADVISORY"
41+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-9180"
42+ },
43+ {
44+ "type" : " WEB"
45+ "url" : " https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565"
46+ }
47+ ],
48+ "database_specific" : {
49+ "url" : " https://pkg.go.dev/vuln/GO-2024-3191"
50+ "review_status" : " UNREVIEWED"
51+ }
52+ }
Original file line number Diff line number Diff line change 1+ id : GO-2024-3184
2+ modules :
3+ - module : github.com/AdguardTeam/AdGuardHome
4+ versions :
5+ - fixed : 0.107.53
6+ vulnerable_at : 0.107.52
7+ summary : Adguard Home arbitrary file read vulnerability in github.com/AdguardTeam/AdGuardHome
8+ cves :
9+ - CVE-2024-36814
10+ ghsas :
11+ - GHSA-9cp9-8gw2-8v7m
12+ references :
13+ - advisory : https://github.com/advisories/GHSA-9cp9-8gw2-8v7m
14+ - advisory : https://nvd.nist.gov/vuln/detail/CVE-2024-36814
15+ - fix : https://github.com/AdguardTeam/AdGuardHome/commit/e8fd4b187287a562cbe9018999e5ea576b4c7d68
16+ - web : https://github.com/AdguardTeam/AdGuardHome/blob/7c002e1a99b9b4e4a40e8c66851eda33e666d52d/internal/filtering/http.go#L23C1-L51C2
17+ - web : https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.53
18+ - web : https://github.com/itz-d0dgy
19+ - web : https://happy-little-accidents.pages.dev/posts/CVE-2024-36814
20+ source :
21+ id : GHSA-9cp9-8gw2-8v7m
22+ created : 2024-10-11T10:16:23.951474-04:00
23+ review_status : UNREVIEWED
You can’t perform that action at this time.
0 commit comments