x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-pj2h-85jq-g5vg #2051

GoVulnBot · 2023-09-08T13:01:22Z

In GitHub Security Advisory GHSA-pj2h-85jq-g5vg, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/answerdev/answer	1.1.3	< 1.1.3

Cross references:

Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-65px-4cpf-697r #1541 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-4cwh-8w4g-jxxh #1550 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-hjmr-xm25-36mh #1551 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-p7wj-c85f-xq9h #1552 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qx34-47fc-vv79 #1553 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-rmw8-7823-wp7f #1554 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6cvf-m58q-h9wf #1592 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6c32-3x46-m9rh #1612 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-55vm-3vq3-4jpc #1613 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-5w78-v688-cx9q #1614 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-8jh8-33f5-cgfp #1615 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-9v4v-9fj5-p982 #1616 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ff27-hrmr-ggpj #1617 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-h85v-cx5m-78wj #1618 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qrwm-xqfr-4vhv #1619 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-vxhr-p2vp-7gf8 #1620 NOT_IMPORTABLE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6x5v-cxpp-pc5x #1654 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-79hx-g43v-xfmr #1655 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-83qr-c7m9-wmgw #1656 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-g44v-6qfm-f6ch #1657 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-h2wg-83fc-xvm9 #1658 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-hwj7-frgj-7829 #1659 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-r95w-7cpx-h5mx #1660 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-rvjp-8qj4-8p29 #1661 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-xvfj-84vc-hrmf #1662 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-65v8-6pvw-jwvq #1716 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-8jg3-rx43-3fv4 #1718 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-j97g-77fj-9c4p #1719 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qmqw-r4x6-3w2q #1774 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-52h8-c876-989c #1995 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-ggcf-hwxp-rc77 #1996 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-v9vc-7x69-c2x8 #1997 EFFECTIVELY_PRIVATE
Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-j63x-f657-2m9g #2001 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/answerdev/answer
      versions:
        - fixed: 1.1.3
      vulnerable_at: 1.1.2
      packages:
        - package: github.com/answerdev/answer
summary: Answer Missing Authentication for Critical Function
description: |-
    Missing Authentication for Critical Function in GitHub repository
    answerdev/answer prior to v1.1.3.
cves:
    - CVE-2023-4815
ghsas:
    - GHSA-pj2h-85jq-g5vg
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-4815
    - fix: https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666
    - web: https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c
    - advisory: https://github.com/advisories/GHSA-pj2h-85jq-g5vg

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-09-09T17:29:27Z

Change https://go.dev/cl/527176 mentions this issue: data/excluded: batch add 14 excluded reports

gopherbot · 2024-06-14T17:51:31Z

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:55:00Z

Change https://go.dev/cl/606791 mentions this issue: data/reports: unexclude 20 reports (11)

- data/reports/GO-2023-2051.yaml - data/reports/GO-2023-2053.yaml - data/reports/GO-2023-2055.yaml - data/reports/GO-2023-2063.yaml - data/reports/GO-2023-2065.yaml - data/reports/GO-2023-2066.yaml - data/reports/GO-2023-2067.yaml - data/reports/GO-2023-2068.yaml - data/reports/GO-2023-2069.yaml - data/reports/GO-2023-2070.yaml - data/reports/GO-2023-2071.yaml - data/reports/GO-2023-2072.yaml - data/reports/GO-2023-2073.yaml - data/reports/GO-2023-2075.yaml - data/reports/GO-2023-2078.yaml - data/reports/GO-2023-2079.yaml - data/reports/GO-2023-2080.yaml - data/reports/GO-2023-2084.yaml - data/reports/GO-2023-2085.yaml - data/reports/GO-2023-2088.yaml Updates #2051 Updates #2053 Updates #2055 Updates #2063 Updates #2065 Updates #2066 Updates #2067 Updates #2068 Updates #2069 Updates #2070 Updates #2071 Updates #2072 Updates #2073 Updates #2075 Updates #2078 Updates #2079 Updates #2080 Updates #2084 Updates #2085 Updates #2088 Change-Id: I0103dfe39411ae2cf3d74933349260db7dc3496b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606791 Commit-Queue: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>

tatianab added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Sep 8, 2023

gopherbot closed this as completed in 74276ae Sep 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-pj2h-85jq-g5vg #2051

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-pj2h-85jq-g5vg #2051

GoVulnBot commented Sep 8, 2023

gopherbot commented Sep 9, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-pj2h-85jq-g5vg #2051

x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-pj2h-85jq-g5vg #2051

Comments

GoVulnBot commented Sep 8, 2023

gopherbot commented Sep 9, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024