x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-39911

[GoVulnBot]

Advisory CVE-2024-39911 references a vulnerability in the following Go modules:

Module
github.com/1Panel-dev/1Panel

Description:
1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-39911
• WEB: GHSA-7m53-pwp6-v3f5

Cross references:

• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-36457 #1887 NOT_IMPORTABLE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-36458 #1888 EFFECTIVELY_PRIVATE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-37477 #1940 EFFECTIVELY_PRIVATE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-39964 #2004 EFFECTIVELY_PRIVATE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-39965 #2005 EFFECTIVELY_PRIVATE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-39966 #2006 EFFECTIVELY_PRIVATE
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-24768 #2531
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: GHSA-26w3-q4j8-4xjp #2613
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: GHSA-x2vg-5wrf-vj6v #2636
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-30257 #2734
• Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-34352 #2830

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/1Panel-dev/1Panel
      vulnerable_at: 1.9.6
summary: CVE-2024-39911 in github.com/1Panel-dev/1Panel
cves:
    - CVE-2024-39911
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39911
    - web: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5
source:
    id: CVE-2024-39911
    created: 2024-07-18T17:01:20.816735593Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/599457 mentions this issue: data/excluded,data/reports: add 6 reports