x/vulndb: potential Go vuln in github.com/go-vela/server: GHSA-69p4-j5v5-x234

[GoVulnBot]

In GitHub Security Advisory GHSA-69p4-j5v5-x234, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/go-vela/server	0.23.2	<= 0.23.1

Cross references:

• Module github.com/go-vela/server appears in issue x/vulndb: potential Go vuln in github.com/go-vela/server/api: GHSA-8j3f-mhq8-gmh4 #812 NOT_IMPORTABLE
• Module github.com/go-vela/server appears in issue x/vulndb: potential Go vuln in github.com/go-vela/worker: GHSA-5m7g-pj8w-7593 #1100 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/go-vela/server
      versions:
        - introduced: TODO (earliest fixed "0.23.2", vuln range "<= 0.23.1")
      packages:
        - package: github.com/go-vela/server
summary: Server/API for Vela Insecure Variable Substitution
ghsas:
    - GHSA-69p4-j5v5-x234
references:
    - advisory: https://github.com/go-vela/server/security/advisories/GHSA-69p4-j5v5-x234
    - fix: https://github.com/go-vela/server/commit/a645c822da1d91e1f4159b69685224232683bebb
    - advisory: https://github.com/advisories/GHSA-69p4-j5v5-x234

[gopherbot]

Change https://go.dev/cl/582358 mentions this issue: data/reports: batch add 11 unreviewed reports

[gopherbot]

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

[gopherbot]

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports