data/reports: add 16 unreviewed reports

  - data/reports/GO-2024-3207.yaml
  - data/reports/GO-2024-3208.yaml
  - data/reports/GO-2024-3210.yaml
  - data/reports/GO-2024-3211.yaml
  - data/reports/GO-2024-3212.yaml
  - data/reports/GO-2024-3213.yaml
  - data/reports/GO-2024-3214.yaml
  - data/reports/GO-2024-3215.yaml
  - data/reports/GO-2024-3216.yaml
  - data/reports/GO-2024-3217.yaml
  - data/reports/GO-2024-3219.yaml
  - data/reports/GO-2024-3220.yaml
  - data/reports/GO-2024-3221.yaml
  - data/reports/GO-2024-3222.yaml
  - data/reports/GO-2024-3223.yaml
  - data/reports/GO-2024-3224.yaml

Fixes #3207
Fixes #3208
Fixes #3210
Fixes #3211
Fixes #3212
Fixes #3213
Fixes #3214
Fixes #3215
Fixes #3216
Fixes #3217
Fixes #3219
Fixes #3220
Fixes #3221
Fixes #3222
Fixes #3223
Fixes #3224

Change-Id: I194a8c99c011c5855a50ecd5069b628a1d36746a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/622835
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>

Author: tatianab

data/osv/GO-2024-3207.json

@@ -0,0 +1,47 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3207",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-p5wf-cmr4-xrwr"
+  ],
+  "summary": "Permissive Regular Expression in tacquito in github.com/facebookincubator/tacquito",
+  "details": "Permissive Regular Expression in tacquito in github.com/facebookincubator/tacquito",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/facebookincubator/tacquito",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.0.0-20241011192817-07b49d1358e6"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/facebookincubator/tacquito/security/advisories/GHSA-p5wf-cmr4-xrwr"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/facebookincubator/tacquito/commit/07b49d1358e6ec0b5aa482fcd284f509191119e2"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3207",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2024-3208.json

@@ -0,0 +1,62 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3208",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-47825",
+    "GHSA-3wwx-63fv-pfq6"
+  ],
+  "summary": "Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium",
+  "details": "Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/cilium/cilium",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "1.14.0"
+            },
+            {
+              "fixed": "1.14.16"
+            },
+            {
+              "introduced": "1.15.0"
+            },
+            {
+              "fixed": "1.15.10"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-3wwx-63fv-pfq6"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47825"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/cilium/cilium/commit/02d28d9ac9afcaddd301fae6fb4d6cda8c2d0c45"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/cilium/cilium/commit/9c01afb5646af3f0c696421a410dc66c513b6524"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3208",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2024-3210.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3210",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-8901"
+  ],
+  "summary": "Lack of JWT issuer and signer validation in github.com/awslabs/aws-alb-route-directive-adapter-for-istio",
+  "details": "Lack of JWT issuer and signer validation in github.com/awslabs/aws-alb-route-directive-adapter-for-istio",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/awslabs/aws-alb-route-directive-adapter-for-istio",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://aws.amazon.com/security/security-bulletins/AWS-2024-011/"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8901"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/security/advisories/GHSA-789x-wph8-m68r"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3210",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2024-3211.json

@@ -0,0 +1,57 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3211",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-50312"
+  ],
+  "summary": "Graphql: information disclosure via graphql introspection in openshift in github.com/openshift/console",
+  "details": "Graphql: information disclosure via graphql introspection in openshift in github.com/openshift/console",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/openshift/console",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50312"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/openshift/console/pull/14409/files"
+    },
+    {
+      "type": "REPORT",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319378"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2024-50312"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Red Hat would like to thank Maksymilian Kubiak (AFINE), Paweł Zdunek (AFINE), and Sławomir Zakrzewski (AFINE) for reporting this issue."
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3211",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2024-3212.json

@@ -0,0 +1,66 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3212",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-rjfv-pjvx-mjgv"
+  ],
+  "summary": "AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller",
+  "details": "AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: sigs.k8s.io/aws-load-balancer-controller from v2.0.0 before v2.8.2.",
+  "affected": [
+    {
+      "package": {
+        "name": "sigs.k8s.io/aws-load-balancer-controller",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "custom_ranges": [
+          {
+            "type": "ECOSYSTEM",
+            "events": [
+              {
+                "introduced": "2.0.0"
+              },
+              {
+                "fixed": "2.8.2"
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/kubernetes-sigs/aws-load-balancer-controller/security/advisories/GHSA-rjfv-pjvx-mjgv"
+    },
+    {
+      "type": "WEB",
+      "url": "https://aws.amazon.com/security/vulnerability-reporting"
+    },
+    {
+      "type": "WEB",
+      "url": "https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/configurations/#waf-addons"
+    },
+    {
+      "type": "WEB",
+      "url": "https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#addons"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3212",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2024-3213.json

@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3213",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-49380"
+  ],
+  "summary": "Plenti arbitrary file write vulnerability in github.com/plentico/plenti",
+  "details": "Plenti arbitrary file write vulnerability in github.com/plentico/plenti",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/plentico/plenti",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.7.2"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49380"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/plentico/plenti/releases/tag/v0.7.2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3213",
+    "review_status": "UNREVIEWED"
+  }
+}