search

golang / vulndb

[mirror] The Go Vulnerability Database
Other
562 stars 58 forks source link

x/vulndb: potential Go vuln in github.com/neuvector/neuvector: GHSA-622h-h2p8-743x #2103

Closed GoVulnBot closed 1 year ago

GoVulnBot commented 1 year ago

In GitHub Security Advisory GHSA-622h-h2p8-743x, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/neuvector/neuvector 5.2.2 < 5.2.2

Cross references: No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/neuvector/neuvector
      versions:
        - fixed: 5.2.2
      packages:
        - package: github.com/neuvector/neuvector
summary: |-
    JWT token compromise can allow malicious actions including Remote Code Execution
    (RCE)
cves:
    - CVE-2023-32188
ghsas:
    - GHSA-622h-h2p8-743x
references:
    - advisory: https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x
    - web: https://open-docs.neuvector.com/releasenotes/5x
    - advisory: https://github.com/advisories/GHSA-622h-h2p8-743x
jba commented 1 year ago

Vuln in tool.

gopherbot commented 1 year ago

Change https://go.dev/cl/533995 mentions this issue: data/excluded: batch add 4 excluded reports

gopherbot commented 1 year ago

Change https://go.dev/cl/534237 mentions this issue: data/excluded: batch add 4 excluded reports

gopherbot commented 4 months ago

Change https://go.dev/cl/592763 mentions this issue: data/reports: unexclude 75 reports