From d0b10b750ad539f5437d380d432fa3bdf7cc76e1 Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Fri, 13 Sep 2024 15:15:28 -0400 Subject: [PATCH] data/reports: add GO-2024-3125 - data/reports/GO-2024-3125.yaml Fixes golang/vulndb#3125 Change-Id: Iec691609f4298941f47e8b9e3028427c480d3acb Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/613256 LUCI-TryBot-Result: Go LUCI Reviewed-by: Zvonimir Pavlinovic Auto-Submit: Tatiana Bradley --- data/osv/GO-2024-3125.json | 76 ++++++++++++++++++++++++++++++++++ data/reports/GO-2024-3125.yaml | 25 +++++++++++ 2 files changed, 101 insertions(+) create mode 100644 data/osv/GO-2024-3125.json create mode 100644 data/reports/GO-2024-3125.yaml diff --git a/data/osv/GO-2024-3125.json b/data/osv/GO-2024-3125.json new file mode 100644 index 00000000..6e7a10fe --- /dev/null +++ b/data/osv/GO-2024-3125.json @@ -0,0 +1,76 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-3125", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-8572", + "GHSA-pv7h-hg6m-82j8" + ], + "summary": "Gouniverse GoLang CMS vulnerable to Cross-site Scripting in github.com/gouniverse/cms", + "details": "Gouniverse GoLang CMS vulnerable to Cross-site Scripting in github.com/gouniverse/cms", + "affected": [ + { + "package": { + "name": "github.com/gouniverse/cms", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-pv7h-hg6m-82j8" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8572" + }, + { + "type": "FIX", + "url": "https://github.com/gouniverse/cms/commit/3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c" + }, + { + "type": "REPORT", + "url": "https://github.com/gouniverse/cms/issues/5" + }, + { + "type": "REPORT", + "url": "https://github.com/gouniverse/cms/issues/5#issuecomment-2330848731" + }, + { + "type": "WEB", + "url": "https://github.com/gouniverse/cms/releases/tag/v1.4.1" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.276802" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.276802" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.401896" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-3125", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2024-3125.yaml b/data/reports/GO-2024-3125.yaml new file mode 100644 index 00000000..507235fd --- /dev/null +++ b/data/reports/GO-2024-3125.yaml @@ -0,0 +1,25 @@ +id: GO-2024-3125 +modules: + - module: github.com/gouniverse/cms + versions: + - fixed: 1.4.1 + vulnerable_at: 1.4.0 +summary: Gouniverse GoLang CMS vulnerable to Cross-site Scripting in github.com/gouniverse/cms +cves: + - CVE-2024-8572 +ghsas: + - GHSA-pv7h-hg6m-82j8 +references: + - advisory: https://github.com/advisories/GHSA-pv7h-hg6m-82j8 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-8572 + - fix: https://github.com/gouniverse/cms/commit/3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c + - report: https://github.com/gouniverse/cms/issues/5 + - report: https://github.com/gouniverse/cms/issues/5#issuecomment-2330848731 + - web: https://github.com/gouniverse/cms/releases/tag/v1.4.1 + - web: https://vuldb.com/?ctiid.276802 + - web: https://vuldb.com/?id.276802 + - web: https://vuldb.com/?submit.401896 +source: + id: GHSA-pv7h-hg6m-82j8 + created: 2024-09-13T15:11:48.913685-04:00 +review_status: UNREVIEWED