x/vulndb: potential Go vuln in knative.dev/serving: GHSA-qmvj-4qr9-v547 #2355

GoVulnBot · 2023-11-28T03:01:35Z

In GitHub Security Advisory GHSA-qmvj-4qr9-v547, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
knative.dev/serving	0.39.0	< 0.39.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: knative.dev/serving
      versions:
        - fixed: 0.39.0
      vulnerable_at: 0.38.4
      packages:
        - package: knative.dev/serving
summary: |-
    Knative Serving vulnerable to attacker-controlled pod causing denial of service
    of autoscaler
cves:
    - CVE-2023-48713
ghsas:
    - GHSA-qmvj-4qr9-v547
references:
    - advisory: https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547
    - fix: https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca
    - fix: https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1
    - fix: https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a
    - advisory: https://github.com/advisories/GHSA-qmvj-4qr9-v547

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-11-30T19:48:43Z

Change https://go.dev/cl/545818 mentions this issue: data/excluded: batch add 13 excluded reports

gopherbot · 2024-06-14T17:46:27Z

Change https://go.dev/cl/592764 mentions this issue: data/reports: unexclude 31 reports

gopherbot · 2024-08-20T16:54:44Z

Change https://go.dev/cl/606793 mentions this issue: data/reports: unexclude 15 reports (12)

- data/reports/GO-2023-2340.yaml - data/reports/GO-2023-2341.yaml - data/reports/GO-2023-2344.yaml - data/reports/GO-2023-2351.yaml - data/reports/GO-2023-2355.yaml - data/reports/GO-2023-2376.yaml - data/reports/GO-2023-2377.yaml - data/reports/GO-2023-2378.yaml - data/reports/GO-2023-2381.yaml - data/reports/GO-2023-2388.yaml - data/reports/GO-2023-2397.yaml - data/reports/GO-2023-2398.yaml - data/reports/GO-2023-2414.yaml - data/reports/GO-2023-2422.yaml - data/reports/GO-2023-2426.yaml Updates #2340 Updates #2341 Updates #2344 Updates #2351 Updates #2355 Updates #2376 Updates #2377 Updates #2378 Updates #2381 Updates #2388 Updates #2397 Updates #2398 Updates #2414 Updates #2422 Updates #2426 Change-Id: I279f769375f27873ced76b136c88665f610ac68c Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606793 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Commit-Queue: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>

maceonthompson self-assigned this Nov 30, 2023

maceonthompson added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Nov 30, 2023

maceonthompson mentioned this issue Nov 30, 2023

x/vulndb: potential Go vuln in github.com/knative/serving: CVE-2023-48713 #2356

Closed

gopherbot closed this as completed in dc4971e Nov 30, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in knative.dev/serving: GHSA-qmvj-4qr9-v547 #2355

x/vulndb: potential Go vuln in knative.dev/serving: GHSA-qmvj-4qr9-v547 #2355

GoVulnBot commented Nov 28, 2023

gopherbot commented Nov 30, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in knative.dev/serving: GHSA-qmvj-4qr9-v547 #2355

x/vulndb: potential Go vuln in knative.dev/serving: GHSA-qmvj-4qr9-v547 #2355

Comments

GoVulnBot commented Nov 28, 2023

gopherbot commented Nov 30, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024