x/vulndb: potential Go vuln in github.com/stacklok/minder: GHSA-ggp5-28x4-xcj9

[GoVulnBot]

In GitHub Security Advisory GHSA-ggp5-28x4-xcj9, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/stacklok/minder	0.0.40	= 0.0.39

Cross references:

• Module github.com/stacklok/minder appears in issue x/vulndb: potential Go vuln in github.com/stacklok/minder: CVE-2024-27093 #2582 NOT_IMPORTABLE
• Module github.com/stacklok/minder appears in issue x/vulndb: potential Go vuln in github.com/stacklok/minder: GHSA-v627-69v2-xx37 #2608

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/stacklok/minder
      versions:
        - introduced: TODO (earliest fixed "0.0.40", vuln range "= 0.0.39")
      packages:
        - package: github.com/stacklok/minder
summary: Minder GetRepositoryByName data leak
cves:
    - CVE-2024-31455
ghsas:
    - GHSA-ggp5-28x4-xcj9
references:
    - advisory: https://github.com/stacklok/minder/security/advisories/GHSA-ggp5-28x4-xcj9
    - fix: https://github.com/stacklok/minder/pull/2941
    - fix: https://github.com/stacklok/minder/commit/11b6573ad62cfdd783a8bb52f3fce461466037f4
    - fix: https://github.com/stacklok/minder/commit/5c381cfbf3e4b7ce040ed8511a1fae1a78a0014b
    - advisory: https://github.com/advisories/GHSA-ggp5-28x4-xcj9

[gopherbot]

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

[gopherbot]

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

[gopherbot]

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports