x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-j63x-f657-2m9g #2001

GoVulnBot · 2023-08-08T23:01:21Z

In GitHub Security Advisory GHSA-j63x-f657-2m9g, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/answerdev/answer	1.1.0	< 1.1.0

Cross references:

Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-65px-4cpf-697r #1541 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-4cwh-8w4g-jxxh #1550 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-hjmr-xm25-36mh #1551 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-p7wj-c85f-xq9h #1552 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qx34-47fc-vv79 #1553 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-rmw8-7823-wp7f #1554 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6cvf-m58q-h9wf #1592 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6c32-3x46-m9rh #1612 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-55vm-3vq3-4jpc #1613 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-5w78-v688-cx9q #1614 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-8jh8-33f5-cgfp #1615 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-9v4v-9fj5-p982 #1616 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ff27-hrmr-ggpj #1617 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-h85v-cx5m-78wj #1618 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qrwm-xqfr-4vhv #1619 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-vxhr-p2vp-7gf8 #1620 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6x5v-cxpp-pc5x #1654 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-79hx-g43v-xfmr #1655 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-83qr-c7m9-wmgw #1656 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-g44v-6qfm-f6ch #1657 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-h2wg-83fc-xvm9 #1658 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-hwj7-frgj-7829 #1659 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-r95w-7cpx-h5mx #1660 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-rvjp-8qj4-8p29 #1661 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-xvfj-84vc-hrmf #1662 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-65v8-6pvw-jwvq #1716 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-8jg3-rx43-3fv4 #1718 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-j97g-77fj-9c4p #1719 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qmqw-r4x6-3w2q #1774 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-52h8-c876-989c #1995 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ggcf-hwxp-rc77 #1996 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-v9vc-7x69-c2x8 #1997 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/answerdev/answer
      versions:
        - fixed: 1.1.0
      vulnerable_at: 1.1.0-beta.2
      packages:
        - package: github.com/answerdev/answer
summary: Answer has Weak Password Requirements
description: |-
    Weak Password Requirements in GitHub repository answerdev/answer prior to
    v1.1.0.
cves:
    - CVE-2023-4125
ghsas:
    - GHSA-j63x-f657-2m9g
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-4125
    - fix: https://github.com/answerdev/answer/commit/7d23b17cdbbefcd2e7b5c3150f0b5ec908dc835f
    - web: https://huntr.dev/bounties/85bfd18f-8d3b-4154-8b7b-1f8fcf704e28
    - advisory: https://github.com/advisories/GHSA-j63x-f657-2m9g

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-08-09T16:22:57Z

Change https://go.dev/cl/517857 mentions this issue: data/excluded: add GO-2023-2001.yaml

gopherbot · 2024-06-14T17:50:08Z

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:54:32Z

Change https://go.dev/cl/606790 mentions this issue: data/reports: unexclude 20 reports (10)

- data/reports/GO-2023-1997.yaml - data/reports/GO-2023-1999.yaml - data/reports/GO-2023-2001.yaml - data/reports/GO-2023-2004.yaml - data/reports/GO-2023-2005.yaml - data/reports/GO-2023-2006.yaml - data/reports/GO-2023-2011.yaml - data/reports/GO-2023-2012.yaml - data/reports/GO-2023-2014.yaml - data/reports/GO-2023-2018.yaml - data/reports/GO-2023-2020.yaml - data/reports/GO-2023-2022.yaml - data/reports/GO-2023-2023.yaml - data/reports/GO-2023-2025.yaml - data/reports/GO-2023-2026.yaml - data/reports/GO-2023-2028.yaml - data/reports/GO-2023-2036.yaml - data/reports/GO-2023-2038.yaml - data/reports/GO-2023-2049.yaml - data/reports/GO-2023-2050.yaml Updates #1997 Updates #1999 Updates #2001 Updates #2004 Updates #2005 Updates #2006 Updates #2011 Updates #2012 Updates #2014 Updates #2018 Updates #2020 Updates #2022 Updates #2023 Updates #2025 Updates #2026 Updates #2028 Updates #2036 Updates #2038 Updates #2049 Updates #2050 Change-Id: Iac9a2efe688e28fa0889e8a14e9b4fea7677a197 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606790 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>

zpavlinovic self-assigned this Aug 9, 2023

zpavlinovic added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Aug 9, 2023

gopherbot closed this as completed in 21b1797 Aug 9, 2023

GoVulnBot mentioned this issue Sep 8, 2023

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-pj2h-85jq-g5vg #2051

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-j63x-f657-2m9g #2001

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-j63x-f657-2m9g #2001

GoVulnBot commented Aug 8, 2023

gopherbot commented Aug 9, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-j63x-f657-2m9g #2001

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-j63x-f657-2m9g #2001

Comments

GoVulnBot commented Aug 8, 2023

gopherbot commented Aug 9, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024