x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-39907 #2991

GoVulnBot · 2024-07-18T17:01:20Z

Advisory CVE-2024-39907 references a vulnerability in the following Go modules:

Module
github.com/1Panel-dev/1Panel

Description:
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.

References:

ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-39907
WEB: GHSA-5grx-v727-qmq6

Cross references:

Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-36457 #1887 NOT_IMPORTABLE
Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-36458 #1888 EFFECTIVELY_PRIVATE
Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-37477 #1940 EFFECTIVELY_PRIVATE
Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-39964 #2004 EFFECTIVELY_PRIVATE
Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-39965 #2005 EFFECTIVELY_PRIVATE
Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-39966 #2006 EFFECTIVELY_PRIVATE
Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-24768 #2531
Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: GHSA-26w3-q4j8-4xjp #2613
Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: GHSA-x2vg-5wrf-vj6v #2636
Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-30257 #2734
Module github.com/1Panel-dev/1Panel appears in issue x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-34352 #2830

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/1Panel-dev/1Panel
      vulnerable_at: 1.9.6
summary: CVE-2024-39907 in github.com/1Panel-dev/1Panel
cves:
    - CVE-2024-39907
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39907
    - web: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6
source:
    id: CVE-2024-39907
    created: 2024-07-18T17:01:20.291747321Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

tatianab · 2024-07-18T20:15:18Z

Duplicate of #2990

tatianab added possible duplicate triaged and removed possible duplicate triaged labels Jul 18, 2024

tatianab marked this as a duplicate of #2990 Jul 18, 2024

tatianab closed this as completed Jul 18, 2024

tatianab added duplicate and removed possible duplicate labels Jul 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-39907 #2991

x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-39907 #2991

GoVulnBot commented Jul 18, 2024

tatianab commented Jul 18, 2024

x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-39907 #2991

x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2024-39907 #2991

Comments

GoVulnBot commented Jul 18, 2024

tatianab commented Jul 18, 2024