x/vulndb: potential Go vuln in github.com/liamg/gitjacker: GHSA-4j5x-f394-xx79 #1911

GoVulnBot · 2023-07-13T18:01:23Z

In GitHub Security Advisory GHSA-4j5x-f394-xx79, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/liamg/gitjacker	0.1.0	< 0.1.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/liamg/gitjacker
      versions:
        - fixed: 0.1.0
      vulnerable_at: 0.0.3
      packages:
        - package: github.com/liamg/gitjacker
summary: gitjacker arbitrary code execution
description: |-
    gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a
    crafted .git directory because of directory traversal.
cves:
    - CVE-2021-29417
ghsas:
    - GHSA-4j5x-f394-xx79
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2021-29417
    - web: https://github.com/liamg/gitjacker/compare/v0.0.3...v0.1.0
    - web: https://github.com/liamg/gitjacker/releases/tag/v0.1.0
    - advisory: https://vuln.ryotak.me/advisories/5
    - advisory: https://github.com/advisories/GHSA-4j5x-f394-xx79

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-07-25T21:19:50Z

Change https://go.dev/cl/513195 mentions this issue: data/excluded: batch add 26 excluded reports

gopherbot · 2024-06-14T17:44:15Z

Change https://go.dev/cl/592761 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:53:14Z

Change https://go.dev/cl/606787 mentions this issue: data/reports: unexclude 20 reports (7)

- data/reports/GO-2023-1862.yaml - data/reports/GO-2023-1863.yaml - data/reports/GO-2023-1864.yaml - data/reports/GO-2023-1865.yaml - data/reports/GO-2023-1866.yaml - data/reports/GO-2023-1871.yaml - data/reports/GO-2023-1879.yaml - data/reports/GO-2023-1887.yaml - data/reports/GO-2023-1888.yaml - data/reports/GO-2023-1891.yaml - data/reports/GO-2023-1892.yaml - data/reports/GO-2023-1894.yaml - data/reports/GO-2023-1895.yaml - data/reports/GO-2023-1896.yaml - data/reports/GO-2023-1897.yaml - data/reports/GO-2023-1898.yaml - data/reports/GO-2023-1899.yaml - data/reports/GO-2023-1900.yaml - data/reports/GO-2023-1901.yaml - data/reports/GO-2023-1911.yaml Updates #1862 Updates #1863 Updates #1864 Updates #1865 Updates #1866 Updates #1871 Updates #1879 Updates #1887 Updates #1888 Updates #1891 Updates #1892 Updates #1894 Updates #1895 Updates #1896 Updates #1897 Updates #1898 Updates #1899 Updates #1900 Updates #1901 Updates #1911 Change-Id: Iffcbe8e6325ef654a17298cd4c7072192626ad21 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606787 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

maceonthompson self-assigned this Jul 13, 2023

maceonthompson added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Jul 13, 2023

gopherbot closed this as completed in c30dc8f Jul 25, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/liamg/gitjacker: GHSA-4j5x-f394-xx79 #1911

x/vulndb: potential Go vuln in github.com/liamg/gitjacker: GHSA-4j5x-f394-xx79 #1911

GoVulnBot commented Jul 13, 2023

gopherbot commented Jul 25, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/liamg/gitjacker: GHSA-4j5x-f394-xx79 #1911

x/vulndb: potential Go vuln in github.com/liamg/gitjacker: GHSA-4j5x-f394-xx79 #1911

Comments

GoVulnBot commented Jul 13, 2023

gopherbot commented Jul 25, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024