From 984d6ee144f4d34f2963e9f4cbf958ccc22a4eb7 Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Tue, 20 Aug 2024 15:33:15 -0400 Subject: [PATCH] data/reports: unexclude 20 reports (31) - data/reports/GO-2022-1219.yaml - data/reports/GO-2022-1220.yaml - data/reports/GO-2022-1225.yaml - data/reports/GO-2022-1235.yaml - data/reports/GO-2022-1236.yaml - data/reports/GO-2022-1239.yaml - data/reports/GO-2022-1240.yaml - data/reports/GO-2022-1243.yaml - data/reports/GO-2022-1244.yaml - data/reports/GO-2022-1245.yaml - data/reports/GO-2022-1248.yaml - data/reports/GO-2022-1250.yaml - data/reports/GO-2022-1251.yaml - data/reports/GO-2022-1252.yaml - data/reports/GO-2022-1253.yaml - data/reports/GO-2022-1256.yaml - data/reports/GO-2022-1257.yaml - data/reports/GO-2022-1259.yaml - data/reports/GO-2022-1260.yaml - data/reports/GO-2022-1261.yaml Updates golang/vulndb#1219 Updates golang/vulndb#1220 Updates golang/vulndb#1225 Updates golang/vulndb#1235 Updates golang/vulndb#1236 Updates golang/vulndb#1239 Updates golang/vulndb#1240 Updates golang/vulndb#1243 Updates golang/vulndb#1244 Updates golang/vulndb#1245 Updates golang/vulndb#1248 Updates golang/vulndb#1250 Updates golang/vulndb#1251 Updates golang/vulndb#1252 Updates golang/vulndb#1253 Updates golang/vulndb#1256 Updates golang/vulndb#1257 Updates golang/vulndb#1259 Updates golang/vulndb#1260 Updates golang/vulndb#1261 Change-Id: Ica30c989e0f295a3b92b2b355787ffcc1d04dcf4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607233 Reviewed-by: Damien Neil Auto-Submit: Tatiana Bradley LUCI-TryBot-Result: Go LUCI Commit-Queue: Tatiana Bradley --- data/excluded/GO-2022-1219.yaml | 8 ----- data/excluded/GO-2022-1220.yaml | 8 ----- data/excluded/GO-2022-1225.yaml | 8 ----- data/excluded/GO-2022-1235.yaml | 8 ----- data/excluded/GO-2022-1236.yaml | 8 ----- data/excluded/GO-2022-1239.yaml | 8 ----- data/excluded/GO-2022-1240.yaml | 8 ----- data/excluded/GO-2022-1243.yaml | 8 ----- data/excluded/GO-2022-1244.yaml | 8 ----- data/excluded/GO-2022-1245.yaml | 8 ----- data/excluded/GO-2022-1248.yaml | 8 ----- data/excluded/GO-2022-1250.yaml | 8 ----- data/excluded/GO-2022-1251.yaml | 8 ----- data/excluded/GO-2022-1252.yaml | 8 ----- data/excluded/GO-2022-1253.yaml | 8 ----- data/excluded/GO-2022-1256.yaml | 8 ----- data/excluded/GO-2022-1257.yaml | 8 ----- data/excluded/GO-2022-1259.yaml | 8 ----- data/excluded/GO-2022-1260.yaml | 8 ----- data/excluded/GO-2022-1261.yaml | 8 ----- data/osv/GO-2022-1219.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1220.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1225.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1235.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1236.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1239.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1240.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1243.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1244.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1245.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1248.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1250.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1251.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1252.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1253.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1256.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1257.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1259.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1260.json | 56 +++++++++++++++++++++++++++++++++ data/osv/GO-2022-1261.json | 56 +++++++++++++++++++++++++++++++++ data/reports/GO-2022-1219.yaml | 21 +++++++++++++ data/reports/GO-2022-1220.yaml | 21 +++++++++++++ data/reports/GO-2022-1225.yaml | 21 +++++++++++++ data/reports/GO-2022-1235.yaml | 21 +++++++++++++ data/reports/GO-2022-1236.yaml | 21 +++++++++++++ data/reports/GO-2022-1239.yaml | 21 +++++++++++++ data/reports/GO-2022-1240.yaml | 23 ++++++++++++++ data/reports/GO-2022-1243.yaml | 21 +++++++++++++ data/reports/GO-2022-1244.yaml | 23 ++++++++++++++ data/reports/GO-2022-1245.yaml | 21 +++++++++++++ data/reports/GO-2022-1248.yaml | 21 +++++++++++++ data/reports/GO-2022-1250.yaml | 21 +++++++++++++ data/reports/GO-2022-1251.yaml | 21 +++++++++++++ data/reports/GO-2022-1252.yaml | 21 +++++++++++++ data/reports/GO-2022-1253.yaml | 21 +++++++++++++ data/reports/GO-2022-1256.yaml | 21 +++++++++++++ data/reports/GO-2022-1257.yaml | 21 +++++++++++++ data/reports/GO-2022-1259.yaml | 21 +++++++++++++ data/reports/GO-2022-1260.yaml | 23 ++++++++++++++ data/reports/GO-2022-1261.yaml | 21 +++++++++++++ 60 files changed, 1546 insertions(+), 160 deletions(-) delete mode 100644 data/excluded/GO-2022-1219.yaml delete mode 100644 data/excluded/GO-2022-1220.yaml delete mode 100644 data/excluded/GO-2022-1225.yaml delete mode 100644 data/excluded/GO-2022-1235.yaml delete mode 100644 data/excluded/GO-2022-1236.yaml delete mode 100644 data/excluded/GO-2022-1239.yaml delete mode 100644 data/excluded/GO-2022-1240.yaml delete mode 100644 data/excluded/GO-2022-1243.yaml delete mode 100644 data/excluded/GO-2022-1244.yaml delete mode 100644 data/excluded/GO-2022-1245.yaml delete mode 100644 data/excluded/GO-2022-1248.yaml delete mode 100644 data/excluded/GO-2022-1250.yaml delete mode 100644 data/excluded/GO-2022-1251.yaml delete mode 100644 data/excluded/GO-2022-1252.yaml delete mode 100644 data/excluded/GO-2022-1253.yaml delete mode 100644 data/excluded/GO-2022-1256.yaml delete mode 100644 data/excluded/GO-2022-1257.yaml delete mode 100644 data/excluded/GO-2022-1259.yaml delete mode 100644 data/excluded/GO-2022-1260.yaml delete mode 100644 data/excluded/GO-2022-1261.yaml create mode 100644 data/osv/GO-2022-1219.json create mode 100644 data/osv/GO-2022-1220.json create mode 100644 data/osv/GO-2022-1225.json create mode 100644 data/osv/GO-2022-1235.json create mode 100644 data/osv/GO-2022-1236.json create mode 100644 data/osv/GO-2022-1239.json create mode 100644 data/osv/GO-2022-1240.json create mode 100644 data/osv/GO-2022-1243.json create mode 100644 data/osv/GO-2022-1244.json create mode 100644 data/osv/GO-2022-1245.json create mode 100644 data/osv/GO-2022-1248.json create mode 100644 data/osv/GO-2022-1250.json create mode 100644 data/osv/GO-2022-1251.json create mode 100644 data/osv/GO-2022-1252.json create mode 100644 data/osv/GO-2022-1253.json create mode 100644 data/osv/GO-2022-1256.json create mode 100644 data/osv/GO-2022-1257.json create mode 100644 data/osv/GO-2022-1259.json create mode 100644 data/osv/GO-2022-1260.json create mode 100644 data/osv/GO-2022-1261.json create mode 100644 data/reports/GO-2022-1219.yaml create mode 100644 data/reports/GO-2022-1220.yaml create mode 100644 data/reports/GO-2022-1225.yaml create mode 100644 data/reports/GO-2022-1235.yaml create mode 100644 data/reports/GO-2022-1236.yaml create mode 100644 data/reports/GO-2022-1239.yaml create mode 100644 data/reports/GO-2022-1240.yaml create mode 100644 data/reports/GO-2022-1243.yaml create mode 100644 data/reports/GO-2022-1244.yaml create mode 100644 data/reports/GO-2022-1245.yaml create mode 100644 data/reports/GO-2022-1248.yaml create mode 100644 data/reports/GO-2022-1250.yaml create mode 100644 data/reports/GO-2022-1251.yaml create mode 100644 data/reports/GO-2022-1252.yaml create mode 100644 data/reports/GO-2022-1253.yaml create mode 100644 data/reports/GO-2022-1256.yaml create mode 100644 data/reports/GO-2022-1257.yaml create mode 100644 data/reports/GO-2022-1259.yaml create mode 100644 data/reports/GO-2022-1260.yaml create mode 100644 data/reports/GO-2022-1261.yaml diff --git a/data/excluded/GO-2022-1219.yaml b/data/excluded/GO-2022-1219.yaml deleted file mode 100644 index a7f990b1..00000000 --- a/data/excluded/GO-2022-1219.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1219 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4767 -ghsas: - - GHSA-33m8-f4hw-wm3q diff --git a/data/excluded/GO-2022-1220.yaml b/data/excluded/GO-2022-1220.yaml deleted file mode 100644 index a019358c..00000000 --- a/data/excluded/GO-2022-1220.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1220 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4734 -ghsas: - - GHSA-j593-h5v3-45x6 diff --git a/data/excluded/GO-2022-1225.yaml b/data/excluded/GO-2022-1225.yaml deleted file mode 100644 index 257b9503..00000000 --- a/data/excluded/GO-2022-1225.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1225 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4691 -ghsas: - - GHSA-97rc-mm5j-f6rj diff --git a/data/excluded/GO-2022-1235.yaml b/data/excluded/GO-2022-1235.yaml deleted file mode 100644 index ec12e3c3..00000000 --- a/data/excluded/GO-2022-1235.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1235 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4801 -ghsas: - - GHSA-f83p-pg86-p922 diff --git a/data/excluded/GO-2022-1236.yaml b/data/excluded/GO-2022-1236.yaml deleted file mode 100644 index b19d02d7..00000000 --- a/data/excluded/GO-2022-1236.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1236 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4796 -ghsas: - - GHSA-ghx2-6v4g-9wmm diff --git a/data/excluded/GO-2022-1239.yaml b/data/excluded/GO-2022-1239.yaml deleted file mode 100644 index db00a056..00000000 --- a/data/excluded/GO-2022-1239.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1239 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4799 -ghsas: - - GHSA-jvq8-w7qv-hqp6 diff --git a/data/excluded/GO-2022-1240.yaml b/data/excluded/GO-2022-1240.yaml deleted file mode 100644 index ce48c1e9..00000000 --- a/data/excluded/GO-2022-1240.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1240 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4800 -ghsas: - - GHSA-mfvq-m3jj-8864 diff --git a/data/excluded/GO-2022-1243.yaml b/data/excluded/GO-2022-1243.yaml deleted file mode 100644 index 29db754d..00000000 --- a/data/excluded/GO-2022-1243.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1243 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4798 -ghsas: - - GHSA-qcf5-m2c6-89f2 diff --git a/data/excluded/GO-2022-1244.yaml b/data/excluded/GO-2022-1244.yaml deleted file mode 100644 index 388c38c9..00000000 --- a/data/excluded/GO-2022-1244.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1244 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4797 -ghsas: - - GHSA-qrrf-xvcf-p64q diff --git a/data/excluded/GO-2022-1245.yaml b/data/excluded/GO-2022-1245.yaml deleted file mode 100644 index ccd32279..00000000 --- a/data/excluded/GO-2022-1245.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1245 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4804 -ghsas: - - GHSA-qw36-rw5q-gxcq diff --git a/data/excluded/GO-2022-1248.yaml b/data/excluded/GO-2022-1248.yaml deleted file mode 100644 index cd3ee855..00000000 --- a/data/excluded/GO-2022-1248.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1248 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4802 -ghsas: - - GHSA-rx2m-xr4x-54hh diff --git a/data/excluded/GO-2022-1250.yaml b/data/excluded/GO-2022-1250.yaml deleted file mode 100644 index c0e48340..00000000 --- a/data/excluded/GO-2022-1250.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1250 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4849 -ghsas: - - GHSA-642q-2q68-9j3p diff --git a/data/excluded/GO-2022-1251.yaml b/data/excluded/GO-2022-1251.yaml deleted file mode 100644 index c5d87b59..00000000 --- a/data/excluded/GO-2022-1251.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1251 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4814 -ghsas: - - GHSA-6fx9-29x2-fmfj diff --git a/data/excluded/GO-2022-1252.yaml b/data/excluded/GO-2022-1252.yaml deleted file mode 100644 index a38e7dcc..00000000 --- a/data/excluded/GO-2022-1252.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1252 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4809 -ghsas: - - GHSA-6w5w-wx8w-2cq9 diff --git a/data/excluded/GO-2022-1253.yaml b/data/excluded/GO-2022-1253.yaml deleted file mode 100644 index 902ea893..00000000 --- a/data/excluded/GO-2022-1253.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1253 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4813 -ghsas: - - GHSA-7qpw-2j9m-rw8c diff --git a/data/excluded/GO-2022-1256.yaml b/data/excluded/GO-2022-1256.yaml deleted file mode 100644 index 584a3a11..00000000 --- a/data/excluded/GO-2022-1256.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1256 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4807 -ghsas: - - GHSA-gfj4-wg89-m22r diff --git a/data/excluded/GO-2022-1257.yaml b/data/excluded/GO-2022-1257.yaml deleted file mode 100644 index 633e5045..00000000 --- a/data/excluded/GO-2022-1257.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1257 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4845 -ghsas: - - GHSA-gw9m-2m5v-c6x5 diff --git a/data/excluded/GO-2022-1259.yaml b/data/excluded/GO-2022-1259.yaml deleted file mode 100644 index 7015c790..00000000 --- a/data/excluded/GO-2022-1259.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1259 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4811 -ghsas: - - GHSA-hc5q-26h8-r9wf diff --git a/data/excluded/GO-2022-1260.yaml b/data/excluded/GO-2022-1260.yaml deleted file mode 100644 index c7fa261d..00000000 --- a/data/excluded/GO-2022-1260.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1260 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4812 -ghsas: - - GHSA-m5pr-wm6q-x4g2 diff --git a/data/excluded/GO-2022-1261.yaml b/data/excluded/GO-2022-1261.yaml deleted file mode 100644 index 3ac5599d..00000000 --- a/data/excluded/GO-2022-1261.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1261 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4806 -ghsas: - - GHSA-pp3p-6jjh-rmg7 diff --git a/data/osv/GO-2022-1219.json b/data/osv/GO-2022-1219.json new file mode 100644 index 00000000..29ead56e --- /dev/null +++ b/data/osv/GO-2022-1219.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1219", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4767", + "GHSA-33m8-f4hw-wm3q" + ], + "summary": "usememos/memos Denial of Service vulnerability in github.com/usememos/memos", + "details": "usememos/memos Denial of Service vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-33m8-f4hw-wm3q" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4767" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/f888c628408501daf639de07b90a72ab443b0f4c" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/75b4a085-923c-4ecc-bbf6-e049290db502" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1219", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1220.json b/data/osv/GO-2022-1220.json new file mode 100644 index 00000000..1fa0d107 --- /dev/null +++ b/data/osv/GO-2022-1220.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1220", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4734", + "GHSA-j593-h5v3-45x6" + ], + "summary": "usememos/memos may leak user information to an authenticated user in github.com/usememos/memos", + "details": "usememos/memos may leak user information to an authenticated user in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-j593-h5v3-45x6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4734" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1220", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1225.json b/data/osv/GO-2022-1225.json new file mode 100644 index 00000000..e18d6d85 --- /dev/null +++ b/data/osv/GO-2022-1225.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1225", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4691", + "GHSA-97rc-mm5j-f6rj" + ], + "summary": "usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos", + "details": "usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-97rc-mm5j-f6rj" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4691" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/459b55c1-22f5-4556-9cda-9b86aa91582f" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1225", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1235.json b/data/osv/GO-2022-1235.json new file mode 100644 index 00000000..60e00386 --- /dev/null +++ b/data/osv/GO-2022-1235.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1235", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4801", + "GHSA-f83p-pg86-p922" + ], + "summary": "usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos", + "details": "usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-f83p-pg86-p922" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4801" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/b0795261-0f97-4f0b-be44-9dc079e01593" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1235", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1236.json b/data/osv/GO-2022-1236.json new file mode 100644 index 00000000..90864d62 --- /dev/null +++ b/data/osv/GO-2022-1236.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1236", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4796", + "GHSA-ghx2-6v4g-9wmm" + ], + "summary": "usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos", + "details": "usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-ghx2-6v4g-9wmm" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4796" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1236", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1239.json b/data/osv/GO-2022-1239.json new file mode 100644 index 00000000..4f1dfc8a --- /dev/null +++ b/data/osv/GO-2022-1239.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1239", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4799", + "GHSA-jvq8-w7qv-hqp6" + ], + "summary": "usememos/memos Improper Authentication vulnerability in github.com/usememos/memos", + "details": "usememos/memos Improper Authentication vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-jvq8-w7qv-hqp6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4799" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/c5d70f9d-b7a7-4418-9368-4566a8143e79" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1239", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1240.json b/data/osv/GO-2022-1240.json new file mode 100644 index 00000000..1b883d20 --- /dev/null +++ b/data/osv/GO-2022-1240.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1240", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4800", + "GHSA-mfvq-m3jj-8864" + ], + "summary": "usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos", + "details": "usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-mfvq-m3jj-8864" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4800" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1240", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1243.json b/data/osv/GO-2022-1243.json new file mode 100644 index 00000000..0ee6c933 --- /dev/null +++ b/data/osv/GO-2022-1243.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1243", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4798", + "GHSA-qcf5-m2c6-89f2" + ], + "summary": "usememos/memos Improper Authorization vulnerability in github.com/usememos/memos", + "details": "usememos/memos Improper Authorization vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qcf5-m2c6-89f2" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4798" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1243", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1244.json b/data/osv/GO-2022-1244.json new file mode 100644 index 00000000..95fb0bf8 --- /dev/null +++ b/data/osv/GO-2022-1244.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1244", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4797", + "GHSA-qrrf-xvcf-p64q" + ], + "summary": "usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos", + "details": "usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qrrf-xvcf-p64q" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4797" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/5233f76f-016b-4c65-b019-2c5d27802a1b" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1244", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1245.json b/data/osv/GO-2022-1245.json new file mode 100644 index 00000000..c27bef7c --- /dev/null +++ b/data/osv/GO-2022-1245.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1245", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4804", + "GHSA-qw36-rw5q-gxcq" + ], + "summary": "usememos/memos Improper Authorization vulnerability in github.com/usememos/memos", + "details": "usememos/memos Improper Authorization vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qw36-rw5q-gxcq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4804" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/4ee48a1e-6332-4d95-a360-9c392643c533" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1245", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1248.json b/data/osv/GO-2022-1248.json new file mode 100644 index 00000000..e52bdf9d --- /dev/null +++ b/data/osv/GO-2022-1248.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1248", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4802", + "GHSA-rx2m-xr4x-54hh" + ], + "summary": "usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos", + "details": "usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rx2m-xr4x-54hh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4802" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1248", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1250.json b/data/osv/GO-2022-1250.json new file mode 100644 index 00000000..b605afbf --- /dev/null +++ b/data/osv/GO-2022-1250.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1250", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4849", + "GHSA-642q-2q68-9j3p" + ], + "summary": "usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos", + "details": "usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-642q-2q68-9j3p" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4849" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/404ce7dd-f345-4d98-ad80-c53ac74f4e5c" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1250", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1251.json b/data/osv/GO-2022-1251.json new file mode 100644 index 00000000..3d1b2530 --- /dev/null +++ b/data/osv/GO-2022-1251.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1251", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4814", + "GHSA-6fx9-29x2-fmfj" + ], + "summary": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "details": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-6fx9-29x2-fmfj" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4814" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1251", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1252.json b/data/osv/GO-2022-1252.json new file mode 100644 index 00000000..eee88ab4 --- /dev/null +++ b/data/osv/GO-2022-1252.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1252", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4809", + "GHSA-6w5w-wx8w-2cq9" + ], + "summary": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "details": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-6w5w-wx8w-2cq9" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4809" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/e46c5380-a590-40de-a8e5-79872ee0bb29" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1252", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1253.json b/data/osv/GO-2022-1253.json new file mode 100644 index 00000000..1d163513 --- /dev/null +++ b/data/osv/GO-2022-1253.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1253", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4813", + "GHSA-7qpw-2j9m-rw8c" + ], + "summary": "usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos", + "details": "usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-7qpw-2j9m-rw8c" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4813" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1253", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1256.json b/data/osv/GO-2022-1256.json new file mode 100644 index 00000000..af323140 --- /dev/null +++ b/data/osv/GO-2022-1256.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1256", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4807", + "GHSA-gfj4-wg89-m22r" + ], + "summary": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "details": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-gfj4-wg89-m22r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4807" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/704c9ed7-2120-47ea-aaf0-5fdcbd492954" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1256", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1257.json b/data/osv/GO-2022-1257.json new file mode 100644 index 00000000..c172c6b9 --- /dev/null +++ b/data/osv/GO-2022-1257.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1257", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4845", + "GHSA-gw9m-2m5v-c6x5" + ], + "summary": "usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos", + "details": "usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-gw9m-2m5v-c6x5" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4845" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1257", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1259.json b/data/osv/GO-2022-1259.json new file mode 100644 index 00000000..edfbedd8 --- /dev/null +++ b/data/osv/GO-2022-1259.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1259", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4811", + "GHSA-hc5q-26h8-r9wf" + ], + "summary": "usememos/memos Improper Authorization vulnerability in github.com/usememos/memos", + "details": "usememos/memos Improper Authorization vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hc5q-26h8-r9wf" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4811" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1259", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1260.json b/data/osv/GO-2022-1260.json new file mode 100644 index 00000000..79b6bb5b --- /dev/null +++ b/data/osv/GO-2022-1260.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1260", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4812", + "GHSA-m5pr-wm6q-x4g2" + ], + "summary": "usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos", + "details": "usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-m5pr-wm6q-x4g2" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4812" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1260", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1261.json b/data/osv/GO-2022-1261.json new file mode 100644 index 00000000..78b7ee46 --- /dev/null +++ b/data/osv/GO-2022-1261.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1261", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4806", + "GHSA-pp3p-6jjh-rmg7" + ], + "summary": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "details": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-pp3p-6jjh-rmg7" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4806" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1261", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2022-1219.yaml b/data/reports/GO-2022-1219.yaml new file mode 100644 index 00000000..fce745bf --- /dev/null +++ b/data/reports/GO-2022-1219.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1219 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Denial of Service vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4767 +ghsas: + - GHSA-33m8-f4hw-wm3q +references: + - advisory: https://github.com/advisories/GHSA-33m8-f4hw-wm3q + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4767 + - fix: https://github.com/usememos/memos/commit/f888c628408501daf639de07b90a72ab443b0f4c + - web: https://huntr.dev/bounties/75b4a085-923c-4ecc-bbf6-e049290db502 +source: + id: GHSA-33m8-f4hw-wm3q + created: 2024-08-20T14:55:02.566754-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1220.yaml b/data/reports/GO-2022-1220.yaml new file mode 100644 index 00000000..9b111b1d --- /dev/null +++ b/data/reports/GO-2022-1220.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1220 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos +cves: + - CVE-2022-4734 +ghsas: + - GHSA-j593-h5v3-45x6 +references: + - advisory: https://github.com/advisories/GHSA-j593-h5v3-45x6 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4734 + - fix: https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210 + - web: https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b +source: + id: GHSA-j593-h5v3-45x6 + created: 2024-08-20T14:55:06.675303-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1225.yaml b/data/reports/GO-2022-1225.yaml new file mode 100644 index 00000000..39004d23 --- /dev/null +++ b/data/reports/GO-2022-1225.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1225 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.3 +summary: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos +cves: + - CVE-2022-4691 +ghsas: + - GHSA-97rc-mm5j-f6rj +references: + - advisory: https://github.com/advisories/GHSA-97rc-mm5j-f6rj + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4691 + - fix: https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82 + - web: https://huntr.dev/bounties/459b55c1-22f5-4556-9cda-9b86aa91582f +source: + id: GHSA-97rc-mm5j-f6rj + created: 2024-08-20T14:55:10.864325-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1235.yaml b/data/reports/GO-2022-1235.yaml new file mode 100644 index 00000000..d22f39d7 --- /dev/null +++ b/data/reports/GO-2022-1235.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1235 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos +cves: + - CVE-2022-4801 +ghsas: + - GHSA-f83p-pg86-p922 +references: + - advisory: https://github.com/advisories/GHSA-f83p-pg86-p922 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4801 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/b0795261-0f97-4f0b-be44-9dc079e01593 +source: + id: GHSA-f83p-pg86-p922 + created: 2024-08-20T14:55:14.531596-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1236.yaml b/data/reports/GO-2022-1236.yaml new file mode 100644 index 00000000..77707631 --- /dev/null +++ b/data/reports/GO-2022-1236.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1236 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos +cves: + - CVE-2022-4796 +ghsas: + - GHSA-ghx2-6v4g-9wmm +references: + - advisory: https://github.com/advisories/GHSA-ghx2-6v4g-9wmm + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4796 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6 +source: + id: GHSA-ghx2-6v4g-9wmm + created: 2024-08-20T14:55:18.32903-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1239.yaml b/data/reports/GO-2022-1239.yaml new file mode 100644 index 00000000..6d72c526 --- /dev/null +++ b/data/reports/GO-2022-1239.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1239 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4799 +ghsas: + - GHSA-jvq8-w7qv-hqp6 +references: + - advisory: https://github.com/advisories/GHSA-jvq8-w7qv-hqp6 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4799 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/c5d70f9d-b7a7-4418-9368-4566a8143e79 +source: + id: GHSA-jvq8-w7qv-hqp6 + created: 2024-08-20T14:55:21.435749-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1240.yaml b/data/reports/GO-2022-1240.yaml new file mode 100644 index 00000000..4164afa5 --- /dev/null +++ b/data/reports/GO-2022-1240.yaml @@ -0,0 +1,23 @@ +id: GO-2022-1240 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: |- + usememos/memos vulnerable to Improper Verification of Source of a Communication + Channel in github.com/usememos/memos +cves: + - CVE-2022-4800 +ghsas: + - GHSA-mfvq-m3jj-8864 +references: + - advisory: https://github.com/advisories/GHSA-mfvq-m3jj-8864 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4800 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8 +source: + id: GHSA-mfvq-m3jj-8864 + created: 2024-08-20T14:55:25.072888-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1243.yaml b/data/reports/GO-2022-1243.yaml new file mode 100644 index 00000000..17d11f29 --- /dev/null +++ b/data/reports/GO-2022-1243.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1243 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4798 +ghsas: + - GHSA-qcf5-m2c6-89f2 +references: + - advisory: https://github.com/advisories/GHSA-qcf5-m2c6-89f2 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4798 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae +source: + id: GHSA-qcf5-m2c6-89f2 + created: 2024-08-20T14:55:28.318099-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1244.yaml b/data/reports/GO-2022-1244.yaml new file mode 100644 index 00000000..1c88c4de --- /dev/null +++ b/data/reports/GO-2022-1244.yaml @@ -0,0 +1,23 @@ +id: GO-2022-1244 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: |- + usememos/memos vulnerable Improper Restriction of Excessive Authentication + Attempts in github.com/usememos/memos +cves: + - CVE-2022-4797 +ghsas: + - GHSA-qrrf-xvcf-p64q +references: + - advisory: https://github.com/advisories/GHSA-qrrf-xvcf-p64q + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4797 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/5233f76f-016b-4c65-b019-2c5d27802a1b +source: + id: GHSA-qrrf-xvcf-p64q + created: 2024-08-20T14:55:31.555761-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1245.yaml b/data/reports/GO-2022-1245.yaml new file mode 100644 index 00000000..2ba1ffef --- /dev/null +++ b/data/reports/GO-2022-1245.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1245 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4804 +ghsas: + - GHSA-qw36-rw5q-gxcq +references: + - advisory: https://github.com/advisories/GHSA-qw36-rw5q-gxcq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4804 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/4ee48a1e-6332-4d95-a360-9c392643c533 +source: + id: GHSA-qw36-rw5q-gxcq + created: 2024-08-20T14:55:35.647236-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1248.yaml b/data/reports/GO-2022-1248.yaml new file mode 100644 index 00000000..92f37754 --- /dev/null +++ b/data/reports/GO-2022-1248.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1248 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos +cves: + - CVE-2022-4802 +ghsas: + - GHSA-rx2m-xr4x-54hh +references: + - advisory: https://github.com/advisories/GHSA-rx2m-xr4x-54hh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4802 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956 +source: + id: GHSA-rx2m-xr4x-54hh + created: 2024-08-20T14:55:39.132742-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1250.yaml b/data/reports/GO-2022-1250.yaml new file mode 100644 index 00000000..e22cf982 --- /dev/null +++ b/data/reports/GO-2022-1250.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1250 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4849 +ghsas: + - GHSA-642q-2q68-9j3p +references: + - advisory: https://github.com/advisories/GHSA-642q-2q68-9j3p + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4849 + - fix: https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 + - web: https://huntr.dev/bounties/404ce7dd-f345-4d98-ad80-c53ac74f4e5c +source: + id: GHSA-642q-2q68-9j3p + created: 2024-08-20T14:55:42.737338-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1251.yaml b/data/reports/GO-2022-1251.yaml new file mode 100644 index 00000000..1dcc1147 --- /dev/null +++ b/data/reports/GO-2022-1251.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1251 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4814 +ghsas: + - GHSA-6fx9-29x2-fmfj +references: + - advisory: https://github.com/advisories/GHSA-6fx9-29x2-fmfj + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4814 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4 +source: + id: GHSA-6fx9-29x2-fmfj + created: 2024-08-20T14:55:46.514513-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1252.yaml b/data/reports/GO-2022-1252.yaml new file mode 100644 index 00000000..0665d582 --- /dev/null +++ b/data/reports/GO-2022-1252.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1252 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4809 +ghsas: + - GHSA-6w5w-wx8w-2cq9 +references: + - advisory: https://github.com/advisories/GHSA-6w5w-wx8w-2cq9 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4809 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/e46c5380-a590-40de-a8e5-79872ee0bb29 +source: + id: GHSA-6w5w-wx8w-2cq9 + created: 2024-08-20T14:55:50.861612-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1253.yaml b/data/reports/GO-2022-1253.yaml new file mode 100644 index 00000000..fe539c58 --- /dev/null +++ b/data/reports/GO-2022-1253.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1253 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos +cves: + - CVE-2022-4813 +ghsas: + - GHSA-7qpw-2j9m-rw8c +references: + - advisory: https://github.com/advisories/GHSA-7qpw-2j9m-rw8c + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4813 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc +source: + id: GHSA-7qpw-2j9m-rw8c + created: 2024-08-20T14:55:54.837366-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1256.yaml b/data/reports/GO-2022-1256.yaml new file mode 100644 index 00000000..9bfe1d38 --- /dev/null +++ b/data/reports/GO-2022-1256.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1256 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4807 +ghsas: + - GHSA-gfj4-wg89-m22r +references: + - advisory: https://github.com/advisories/GHSA-gfj4-wg89-m22r + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4807 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/704c9ed7-2120-47ea-aaf0-5fdcbd492954 +source: + id: GHSA-gfj4-wg89-m22r + created: 2024-08-20T14:56:06.014864-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1257.yaml b/data/reports/GO-2022-1257.yaml new file mode 100644 index 00000000..e61c839f --- /dev/null +++ b/data/reports/GO-2022-1257.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1257 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4845 +ghsas: + - GHSA-gw9m-2m5v-c6x5 +references: + - advisory: https://github.com/advisories/GHSA-gw9m-2m5v-c6x5 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4845 + - fix: https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 + - web: https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b +source: + id: GHSA-gw9m-2m5v-c6x5 + created: 2024-08-20T14:56:09.175433-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1259.yaml b/data/reports/GO-2022-1259.yaml new file mode 100644 index 00000000..3e383257 --- /dev/null +++ b/data/reports/GO-2022-1259.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1259 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4811 +ghsas: + - GHSA-hc5q-26h8-r9wf +references: + - advisory: https://github.com/advisories/GHSA-hc5q-26h8-r9wf + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4811 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c +source: + id: GHSA-hc5q-26h8-r9wf + created: 2024-08-20T14:56:12.172503-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1260.yaml b/data/reports/GO-2022-1260.yaml new file mode 100644 index 00000000..01fee54e --- /dev/null +++ b/data/reports/GO-2022-1260.yaml @@ -0,0 +1,23 @@ +id: GO-2022-1260 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: |- + usememos/memos vulnerable to Comparison of Object References Instead of Object + Contents in github.com/usememos/memos +cves: + - CVE-2022-4812 +ghsas: + - GHSA-m5pr-wm6q-x4g2 +references: + - advisory: https://github.com/advisories/GHSA-m5pr-wm6q-x4g2 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4812 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c +source: + id: GHSA-m5pr-wm6q-x4g2 + created: 2024-08-20T14:56:16.356627-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1261.yaml b/data/reports/GO-2022-1261.yaml new file mode 100644 index 00000000..2822a669 --- /dev/null +++ b/data/reports/GO-2022-1261.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1261 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.1 + vulnerable_at: 0.9.0 +summary: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4806 +ghsas: + - GHSA-pp3p-6jjh-rmg7 +references: + - advisory: https://github.com/advisories/GHSA-pp3p-6jjh-rmg7 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4806 + - fix: https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 + - web: https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be +source: + id: GHSA-pp3p-6jjh-rmg7 + created: 2024-08-20T14:56:20.174919-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE