Go Vulnerability Database

• CVE-2024-6468, GHSA-2qmw-pvf7-4mw6
• Affects: github.com/hashicorp/vault
• Published: Jul 12, 2024
• Unreviewed

Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/hashicorp/vault before v1.15.12.

• CVE-2024-39909, GHSA-5248-h45p-9pgw
• Affects: github.com/openclarity/kubeclarity/backend
• Published: Jul 12, 2024
• Unreviewed

SQL Injection in the KubeClarity REST API in github.com/openclarity/kubeclarity/backend

• CVE-2022-29946, GHSA-2h2x-8hh2-mfq8
• Affects: github.com/nats-io/nats-server, github.com/nats-io/nats-server/v2, and 1 more
• Published: Jul 12, 2024
• Unreviewed

NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects in github.com/nats-io/nats-server

• CVE-2024-39897, GHSA-55r9-5mx9-qq7r
• Affects: zotregistry.dev/zot, zotregistry.io/zot
• Published: Jul 10, 2024
• Unreviewed

Cache driver GetBlob() allows read access to any blob without access control check in zotregistry.dev/zot. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: zotregistry.dev/zot before v2.1.0.; zotregistry.io/zot before v2.1.0.

• GHSA-xr7q-jx4m-x55m
• Affects: google.golang.org/grpc
• Published: Jul 09, 2024

If applications print or log a context containing gRPC metadata, the output will contain all the metadata, which may include private information. This represents a potential PII concern.