Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in k8s.io.apimachinery #965

Closed
neild opened this issue Sep 2, 2022 · 2 comments
Closed

x/vulndb: potential Go vuln in k8s.io.apimachinery #965

neild opened this issue Sep 2, 2022 · 2 comments
Labels
Direct External Report

Comments

@neild
Copy link
Contributor

neild commented Sep 2, 2022

Description

Unbounded recursion in JSON decoding.

This is the root cause of the vuln reported in #703, but that CVE is about k8s.io/kubernetes/pkg/apiserver specifically, not the underlying library. Creating a separate report for the library vuln in case we need to keep these distinct.

Affected Modules, Packages, Versions and Symbols

Module: github.com/example/module
Package: github.com/example/module/package
Versions:
  - Introduced: 1.2.0
  - Fixed: 1.2.4
Symbols:
  - aFunction
  - SomeType.AMethod

Module: github.com/example/module/v2
Package: github.com/example/module/v2/package
Versions:
  - Fixed: 2.4.5
Symbols:
  - anotherFunction

Does this vulnerability already have an associated CVE ID?

No

CVE ID

No response

Credit

No response

CWE ID

No response

Pull Request

No response

Commit

No response

References

No response

Additional information

No response
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/428038 mentions this issue: data/reports: add GO-2022-0965.yaml

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/467438 mentions this issue: data/reports: add GHSA to GO-2022-0965.yaml

gopherbot pushed a commit that referenced this issue Feb 13, 2023
@tatianab
data/reports: add GHSA to GO-2022-0965.yaml
dce001e 
Aliases: GHSA-74fp-r6jw-h4mp

Updates #965
Fixes #1538

Change-Id: I383dea54817354e002a0738dfb699cf2d351f577
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/467438
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
@GoVulnBot GoVulnBot mentioned this issue Apr 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Direct External Report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neild @gopherbot