Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qrwm-xqfr-4vhv #1619

Closed
GoVulnBot opened this issue Mar 8, 2023 · 3 comments
Labels
excluded: NOT_IMPORTABLE This vulnerability only exists in a binary and is not importable.

Comments

@GoVulnBot
Copy link

In GitHub Security Advisory GHSA-qrwm-xqfr-4vhv, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/answerdev/answer 1.0.6 < 1.0.6

Cross references:

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/answerdev/answer
    versions:
      - fixed: 1.0.6
    packages:
      - package: github.com/answerdev/answer
description: Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer
    prior to 1.0.6.
cves:
  - CVE-2023-1242
ghsas:
  - GHSA-qrwm-xqfr-4vhv
references:
  - web: https://nvd.nist.gov/vuln/detail/CVE-2023-1242
  - fix: https://github.com/answerdev/answer/commit/90bfa0dcc7b49482f1d1e31aee3ab073f3c13dd9
  - web: https://huntr.dev/bounties/71c24c5e-ceb2-45cf-bda7-fa195d37e289
  - advisory: https://github.com/advisories/GHSA-qrwm-xqfr-4vhv

@rolandshoemaker rolandshoemaker added the excluded: NOT_IMPORTABLE This vulnerability only exists in a binary and is not importable. label Mar 8, 2023
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/474578 mentions this issue: data/excluded: batch add GO-2023-1610, GO-2023-1609, GO-2023-1606, GO-2023-1620, GO-2023-1619, GO-2023-1618, GO-2023-1617, GO-2023-1616, GO-2023-1615, GO-2023-1614, GO-2023-1613, GO-2023-1612

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/592759 mentions this issue: data/reports: unexclude 75 reports

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/606783 mentions this issue: data/reports: unexclude 20 reports (3)

gopherbot pushed a commit that referenced this issue Aug 20, 2024
  - data/reports/GO-2023-1590.yaml
  - data/reports/GO-2023-1592.yaml
  - data/reports/GO-2023-1596.yaml
  - data/reports/GO-2023-1607.yaml
  - data/reports/GO-2023-1612.yaml
  - data/reports/GO-2023-1613.yaml
  - data/reports/GO-2023-1614.yaml
  - data/reports/GO-2023-1615.yaml
  - data/reports/GO-2023-1616.yaml
  - data/reports/GO-2023-1617.yaml
  - data/reports/GO-2023-1618.yaml
  - data/reports/GO-2023-1619.yaml
  - data/reports/GO-2023-1620.yaml
  - data/reports/GO-2023-1622.yaml
  - data/reports/GO-2023-1627.yaml
  - data/reports/GO-2023-1628.yaml
  - data/reports/GO-2023-1629.yaml
  - data/reports/GO-2023-1630.yaml
  - data/reports/GO-2023-1633.yaml
  - data/reports/GO-2023-1639.yaml

Updates #1590
Updates #1592
Updates #1596
Updates #1607
Updates #1612
Updates #1613
Updates #1614
Updates #1615
Updates #1616
Updates #1617
Updates #1618
Updates #1619
Updates #1620
Updates #1622
Updates #1627
Updates #1628
Updates #1629
Updates #1630
Updates #1633
Updates #1639

Change-Id: I2441a82107b88955ddb98c7d3c55b7b2fe3e3aa7
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606783
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
excluded: NOT_IMPORTABLE This vulnerability only exists in a binary and is not importable.
Projects
None yet
Development

No branches or pull requests

3 participants