data/reports: add 16 unreviewed reports

  - data/reports/GO-2024-2902.yaml
  - data/reports/GO-2024-2915.yaml
  - data/reports/GO-2024-2901.yaml
  - data/reports/GO-2024-2913.yaml
  - data/reports/GO-2024-2911.yaml
  - data/reports/GO-2024-2914.yaml
  - data/reports/GO-2024-2916.yaml
  - data/reports/GO-2024-2891.yaml
  - data/reports/GO-2024-2907.yaml
  - data/reports/GO-2024-2919.yaml
  - data/reports/GO-2024-2899.yaml
  - data/reports/GO-2024-2904.yaml
  - data/reports/GO-2024-2906.yaml
  - data/reports/GO-2024-2917.yaml
  - data/reports/GO-2024-2903.yaml
  - data/reports/GO-2024-2900.yaml

Fixes #2902
Fixes #2915
Fixes #2901
Fixes #2913
Fixes #2911
Fixes #2914
Fixes #2916
Fixes #2891
Fixes #2907
Fixes #2919
Fixes #2899
Fixes #2904
Fixes #2906
Fixes #2917
Fixes #2903
Fixes #2900

Change-Id: I9f2058ccf726462824192c0a7da1c227a8224661
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/592457
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Author: tatianab

data/osv/GO-2024-2891.json

@@ -0,0 +1,236 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2891",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-32873",
+    "GHSA-pxv8-qhrh-jc7v"
+  ],
+  "summary": "evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos/v10",
+  "details": "evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos/v10",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v10",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v11",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v12",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v13",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v14",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v15",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v16",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v17",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v6",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v7",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v8",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/evmos/evmos/v9",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32873"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2891",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2024-2899.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2899",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-36127",
+    "GHSA-v6mg-7f7p-qmqp"
+  ],
+  "summary": "apko Exposure of HTTP basic auth credentials in log output in chainguard.dev/apko",
+  "details": "apko Exposure of HTTP basic auth credentials in log output in chainguard.dev/apko",
+  "affected": [
+    {
+      "package": {
+        "name": "chainguard.dev/apko",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.14.5"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/chainguard-dev/apko/security/advisories/GHSA-v6mg-7f7p-qmqp"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36127"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/chainguard-dev/apko/commit/2c0533e4d52e83031a04f6a83ec63fc2a11eff01"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2899",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2024-2900.json

@@ -0,0 +1,80 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2900",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-36129",
+    "GHSA-c74f-6mfw-mm4v"
+  ],
+  "summary": "Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC in go.opentelemetry.io/collector/config/configgrpc",
+  "details": "Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC in go.opentelemetry.io/collector/config/configgrpc",
+  "affected": [
+    {
+      "package": {
+        "name": "go.opentelemetry.io/collector/config/configgrpc",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.102.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "go.opentelemetry.io/collector/config/confighttp",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.102.0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36129"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open-telemetry/opentelemetry-collector/pull/10289"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open-telemetry/opentelemetry-collector/pull/10323"
+    },
+    {
+      "type": "WEB",
+      "url": "https://opentelemetry.io/blog/2024/cve-2024-36129"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2900",
+    "review_status": "UNREVIEWED"
+  }
+}