search

golang / vulndb

[mirror] The Go Vulnerability Database
Other
560 stars 58 forks source link

x/vulndb: potential Go vuln in github.com/mindoc-org/mindoc: GHSA-f7ff-xf87-f22q #596

Closed julieqiu closed 2 years ago

julieqiu commented 2 years ago

In GitHub Security Advisory GHSA-f7ff-xf87-f22q, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/mindoc-org/mindoc <= 2.1-beta.5

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/mindoc-org/mindoc
    versions:
      - {}
description: An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers
    to execute arbitrary commands via a crafted Zip file.
published: 2022-05-27T00:00:29Z
last_modified: 2022-06-09T22:54:49Z
cves:
  - CVE-2022-29637
ghsas:
  - GHSA-f7ff-xf87-f22q
links:
    context:
      - https://github.com/advisories/GHSA-f7ff-xf87-f22q
neild commented 2 years ago

Vulnerability in tool.

Fix is in effectively internal packages.

gopherbot commented 3 months ago

Change https://go.dev/cl/592769 mentions this issue: data/reports: unexclude 50 reports