-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- data/reports/GO-2024-3129.yaml Fixes #3129 Change-Id: I349b725a7babd24154285b8420840e51f5486e9e Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/614077 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Tatiana Bradley <[email protected]> Auto-Submit: Zvonimir Pavlinovic <[email protected]>
- Loading branch information
1 parent
49808b2
commit 19e5675
Showing
2 changed files
with
80 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3129", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-7387", | ||
| "GHSA-qqv8-ph7f-h3f7" | ||
| ], | ||
| "summary": "OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer in github.com/openshift/builder", | ||
| "details": "OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer in github.com/openshift/builder", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/openshift/builder", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/advisories/GHSA-qqv8-ph7f-h3f7" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7387" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/openshift/builder/commit/0b62633adfa2836465202bc851885e078ec888d1" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/security/cve/CVE-2024-7387" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302259" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3129", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| id: GO-2024-3129 | ||
| modules: | ||
| - module: github.com/openshift/builder | ||
| unsupported_versions: | ||
| - last_affected: 4.0.0 | ||
| vulnerable_at: 4.0.0+incompatible | ||
| summary: |- | ||
| OpenShift Builder has a path traversal, allows command injection in privileged | ||
| BuildContainer in github.com/openshift/builder | ||
| cves: | ||
| - CVE-2024-7387 | ||
| ghsas: | ||
| - GHSA-qqv8-ph7f-h3f7 | ||
| references: | ||
| - advisory: https://github.com/advisories/GHSA-qqv8-ph7f-h3f7 | ||
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-7387 | ||
| - fix: https://github.com/openshift/builder/commit/0b62633adfa2836465202bc851885e078ec888d1 | ||
| - web: https://access.redhat.com/security/cve/CVE-2024-7387 | ||
| - web: https://bugzilla.redhat.com/show_bug.cgi?id=2302259 | ||
| source: | ||
| id: GHSA-qqv8-ph7f-h3f7 | ||
| created: 2024-09-18T13:42:07.618082148Z | ||
| review_status: UNREVIEWED |