-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Aliases: CVE-2024-34352, GHSA-f8ch-w75v-c847 Fixes #2830 Change-Id: I88db203866c97fd848a7d2284183f6a44ba5891e Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/584657 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> Auto-Submit: Tim King <taking@google.com>
- Loading branch information
1 parent
85c3cae
commit 32f3555
Showing
2 changed files
with
85 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2830", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-34352", | ||
| "GHSA-f8ch-w75v-c847" | ||
| ], | ||
| "summary": "Arbitrary file write in github.com/1Panel-dev/1Panel", | ||
| "details": "A maliciously crafted packet can write to an arbitrary file.", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/1Panel-dev/1Panel", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "1.10.3-lts" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": { | ||
| "imports": [ | ||
| { | ||
| "path": "github.com/1Panel-dev/1Panel/backend/utils/cmd", | ||
| "symbols": [ | ||
| "CheckIllegal" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/1Panel-dev/1Panel/commit/e037b69f52799e110af8e98f39a3627ad0285ea6" | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "name": "@an5er" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2830" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| id: GO-2024-2830 | ||
| modules: | ||
| - module: github.com/1Panel-dev/1Panel | ||
| versions: | ||
| - fixed: 1.10.3-lts | ||
| vulnerable_at: 1.10.2-lts | ||
| packages: | ||
| - package: github.com/1Panel-dev/1Panel/backend/utils/cmd | ||
| symbols: | ||
| - CheckIllegal | ||
| summary: Arbitrary file write in github.com/1Panel-dev/1Panel | ||
| description: A maliciously crafted packet can write to an arbitrary file. | ||
| cves: | ||
| - CVE-2024-34352 | ||
| ghsas: | ||
| - GHSA-f8ch-w75v-c847 | ||
| credits: | ||
| - '@an5er' | ||
| references: | ||
| - advisory: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847 | ||
| - fix: https://github.com/1Panel-dev/1Panel/commit/e037b69f52799e110af8e98f39a3627ad0285ea6 | ||
| source: | ||
| id: GHSA-f8ch-w75v-c847 | ||
| created: 2024-05-11T15:38:11.046626-07:00 |