x/vulndb: potential Go vuln in knative.dev/eventing-github: GHSA-v7hc-87jc-qrrr #2388

GoVulnBot · 2023-12-06T20:01:13Z

In GitHub Security Advisory GHSA-v7hc-87jc-qrrr, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
knative.dev/eventing-github	0.39.1	< 0.39.1

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: knative.dev/eventing-github
      versions:
        - fixed: 0.39.1
      vulnerable_at: 0.39.0
      packages:
        - package: knative.dev/eventing-github
summary: |-
    eventing-github vulnerable to denial of service caused by improper enforcement
    of the timeout on individual read operations
ghsas:
    - GHSA-v7hc-87jc-qrrr
references:
    - advisory: https://github.com/knative-extensions/eventing-github/security/advisories/GHSA-v7hc-87jc-qrrr
    - fix: https://github.com/knative-extensions/eventing-github/pull/442
    - fix: https://github.com/knative-extensions/eventing-github/pull/446
    - fix: https://github.com/knative-extensions/eventing-github/pull/447
    - fix: https://github.com/knative-extensions/eventing-github/commit/ea5cb8b25fc3410dde45ce2eb95454e4cfe77c40
    - advisory: https://github.com/advisories/GHSA-v7hc-87jc-qrrr

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-12-07T23:09:53Z

Change https://go.dev/cl/547979 mentions this issue: data/excluded: batch add 11 excluded reports

gopherbot · 2024-06-14T17:47:45Z

Change https://go.dev/cl/592764 mentions this issue: data/reports: unexclude 31 reports

gopherbot · 2024-08-20T16:54:46Z

Change https://go.dev/cl/606793 mentions this issue: data/reports: unexclude 15 reports (12)

- data/reports/GO-2023-2340.yaml - data/reports/GO-2023-2341.yaml - data/reports/GO-2023-2344.yaml - data/reports/GO-2023-2351.yaml - data/reports/GO-2023-2355.yaml - data/reports/GO-2023-2376.yaml - data/reports/GO-2023-2377.yaml - data/reports/GO-2023-2378.yaml - data/reports/GO-2023-2381.yaml - data/reports/GO-2023-2388.yaml - data/reports/GO-2023-2397.yaml - data/reports/GO-2023-2398.yaml - data/reports/GO-2023-2414.yaml - data/reports/GO-2023-2422.yaml - data/reports/GO-2023-2426.yaml Updates #2340 Updates #2341 Updates #2344 Updates #2351 Updates #2355 Updates #2376 Updates #2377 Updates #2378 Updates #2381 Updates #2388 Updates #2397 Updates #2398 Updates #2414 Updates #2422 Updates #2426 Change-Id: I279f769375f27873ced76b136c88665f610ac68c Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606793 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Commit-Queue: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>

tatianab self-assigned this Dec 7, 2023

tatianab added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Dec 7, 2023

gopherbot closed this as completed in dc6f836 Dec 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in knative.dev/eventing-github: GHSA-v7hc-87jc-qrrr #2388

x/vulndb: potential Go vuln in knative.dev/eventing-github: GHSA-v7hc-87jc-qrrr #2388

GoVulnBot commented Dec 6, 2023

gopherbot commented Dec 7, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in knative.dev/eventing-github: GHSA-v7hc-87jc-qrrr #2388

x/vulndb: potential Go vuln in knative.dev/eventing-github: GHSA-v7hc-87jc-qrrr #2388

Comments

GoVulnBot commented Dec 6, 2023

gopherbot commented Dec 7, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024