Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/coredns/coredns: CVE-2024-0874 #2785

Closed
GoVulnBot opened this issue Apr 25, 2024 · 3 comments
Closed

x/vulndb: potential Go vuln in github.com/coredns/coredns: CVE-2024-0874 #2785

GoVulnBot opened this issue Apr 25, 2024 · 3 comments
Assignees
@maceonthompson
Labels
triaged

Comments

@GoVulnBot
Copy link

CVE-2024-0874 references github.com/coredns/coredns, which may be a Go module.

Description:
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

References:

Cross references:

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/coredns/coredns
      vulnerable_at: 1.11.1
      packages:
        - package: Logging Subsystem for Red Hat OpenShift
summary: CVE-2024-0874 in github.com/coredns/coredns
cves:
    - CVE-2024-0874
references:
    - web: https://access.redhat.com/security/cve/CVE-2024-0874
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=2219234
    - report: https://github.com/coredns/coredns/issues/6186
    - fix: https://github.com/coredns/coredns/pull/6354
source:
    id: CVE-2024-0874
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/595960 mentions this issue: data/reports: review 3 reports, add 2 reports

gopherbot pushed a commit that referenced this issue Jul 1, 2024
@tatianab @gopherbot
data/reports: review 3 reports, add 2 reports
6b8d768 
  - data/reports/GO-2024-2491.yaml
  - data/reports/GO-2024-2698.yaml
  - data/reports/GO-2024-2785.yaml
  - data/reports/GO-2024-2912.yaml
  - data/reports/GO-2024-2918.yaml

Updates #2491
Updates #2698
Updates #2785
Fixes #2912
Fixes #2918

Change-Id: I296bb2155b7a3ad7b8f8e7e3f1cc829a159c6cc8
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/595960
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
This was referenced Sep 18, 2024
Closed
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@maceonthompson maceonthompson

Labels
triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tatianab @gopherbot @maceonthompson @GoVulnBot