x/vulndb: potential Go vuln in github.com/appleboy/gorush: GHSA-p3pf-mff8-3h47

[GoVulnBot]

Advisory GHSA-p3pf-mff8-3h47 references a vulnerability in the following Go modules:

Module
github.com/appleboy/gorush

Description:
An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version.

References:

• ADVISORY: GHSA-p3pf-mff8-3h47
• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-41270
• FIX: appleboy/gorush@067cb59
• REPORT: Upgrade TLS Support to TLS 1.2 and Above in RunHTTPServer Function appleboy/gorush#792
• WEB: https://gist.github.com/nyxfqq/cfae38fada582a0f576d154be1aeb1fc

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/appleboy/gorush
      versions:
        - fixed: 1.18.5
      vulnerable_at: 1.18.4
summary: Gorush uses deprecated TLS versions in github.com/appleboy/gorush
cves:
    - CVE-2024-41270
ghsas:
    - GHSA-p3pf-mff8-3h47
references:
    - advisory: https://github.com/advisories/GHSA-p3pf-mff8-3h47
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41270
    - fix: https://github.com/appleboy/gorush/commit/067cb597e485e40b790a267187bf7f00730b1c4b
    - report: https://github.com/appleboy/gorush/issues/792
    - web: https://gist.github.com/nyxfqq/cfae38fada582a0f576d154be1aeb1fc
source:
    id: GHSA-p3pf-mff8-3h47
    created: 2024-08-07T15:01:14.603725749Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/606775 mentions this issue: data/reports: add 4 reports