8000 x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-gwmc-6795-qghj · Issue #600 · golang/vulndb · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
{"payload":{"preloaded_records":{},"preloadedQueries":[{"queryId":"d13deef885e0eff9a0d4adb1cd86086e","queryName":"IssueViewerViewQuery","variables":{"id":"repository","number":600,"owner":"golang","repo":"vulndb"},"result":{"data":{"repository":{"isOwnerEnterpriseManaged":false,"issue":{"id":"I_kwDOFV-OBs5O9rmf","updatedAt":"2024-08-20T19:35:51Z","title":"x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-gwmc-6795-qghj","number":600,"repository":{"nameWithOwner":"golang/vulndb","id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ=","name":"vulndb","owner":{"__typename":"Organization","login":"golang","id":"MDEyOk9yZ2FuaXphdGlvbjQzMTQwOTI=","url":"https://github.com/golang"},"isArchived":false,"isPrivate":false,"databaseId":358583814,"slashCommandsEnabled":false,"viewerCanInteract":false,"viewerInteractionLimitReasonHTML":"","planFeatures":{"maximumAssignees":10},"visibility":"PUBLIC","pinnedIssues":{"totalCount":0},"viewerCanPinIssues":false,"issueTypes":{"edges":[{"node":{"id":"IT_kwDOAEHT7M4ABYTN"}},{"node":{"id":"IT_kwDOAEHT7M4ABYTO"}},{"node":{"id":"IT_kwDOAEHT7M4ABYTQ"}}]}},"titleHTML":"x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-gwmc-6795-qghj","url":"https://github.com/golang/vulndb/issues/600","viewerCanUpdateNext":false,"issueType":null,"state":"CLOSED","stateReason":"COMPLETED","duplicateOf":null,"linkedPullRequests":{"nodes":[]},"subIssuesSummary":{"total":0,"completed":0},"__isLabelable":"Issue","labels":{"edges":[{"node":{"id":"LA_kwDOFV-OBs8AAAABBvNKlQ","color":"e99695","name":"excluded: EFFECTIVELY_PRIVATE","nameHTML":"excluded: EFFECTIVELY_PRIVATE","description":"This vulnerability exists in a package can be imported, but isn't meant to be outside that module.","url":"https://github.com/golang/vulndb/labels/excluded%3A%20EFFECTIVELY_PRIVATE","__typename":"Label"},"cursor":"MQ"}],"pageInfo":{"endCursor":"MQ","hasNextPage":false}},"__isNode":"Issue","assignedActors":{"nodes":[{"__typename":"User","__isActor":"User","id":"MDQ6VXNlcjU5NDM1MjE=","login":"julieqiu","name":"Julie Qiu","profileResourcePath":"/julieqiu","avatarUrl":"https://avatars.githubusercontent.com/u/5943521?s=64\u0026u=b7766f1296014718a62fed3c8b2017587e51bd5e\u0026v=4","__isNode":"User"}]},"milestone":null,"databaseId":1324792223,"viewerDidAuthor":false,"locked":false,"author":{"__typename":"User","__isActor":"User","login":"julieqiu","id":"MDQ6VXNlcjU5NDM1MjE=","profileUrl":"https://github.com/julieqiu","avatarUrl":"https://avatars.githubusercontent.com/u/5943521?u=b7766f1296014718a62fed3c8b2017587e51bd5e\u0026v=4"},"__isComment":"Issue","body":"In GitHub Security Advisory [GHSA-gwmc-6795-qghj](https://github.com/advisories/GHSA-gwmc-6795-qghj), there is a vulnerability in the following Go packages or modules:\n\n| Unit | Fixed | Vulnerable Ranges |\n| - | - | - |\n| [github.com/hashicorp/nomad](https://pkg.go.dev/github.com/hashicorp/nomad) | 1.2.6 | \u003e= 1.2.0, \u003c 1.2.6 || [github.com/hashicorp/nomad](https://pkg.go.dev/github.com/hashicorp/nomad) | 1.1.12 | \u003e= 1.1.0, \u003c 1.1.12 || [github.com/hashicorp/nomad](https://pkg.go.dev/github.com/hashicorp/nomad) | 1.0.18 | \u003e= 0.3.0, \u003c 1.0.18 |\n\nSee [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.\n\n```\npackages:\n - package: github.com/hashicorp/nomad\n versions:\n - introduced: 1.2.0\n fixed: 1.2.6\n - package: github.com/hashicorp/nomad\n versions:\n - introduced: 1.1.0\n fixed: 1.1.12\n - package: github.com/hashicorp/nomad\n versions:\n - introduced: 0.3.0\n fixed: 1.0.18\ndescription: HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and\n 1.2.5 artifact download functionality has a race condition such that the Nomad\n client agent could download the wrong artifact into the wrong destination. This\n issue is fixed in 1.0.18, 1.1.12, and 1.2.6.\npublished: 2022-02-15T00:02:46Z\nlast_modified: 2022-03-28T15:24:37Z\ncves:\n - CVE-2022-24686\nghsas:\n - GHSA-gwmc-6795-qghj\nlinks:\n context:\n - https://github.com/advisories/GHSA-gwmc-6795-qghj\n\n```","bodyHTML":"\u003cp dir=\"auto\"\u003eIn GitHub Security Advisory \u003ca href=\"https://github.com/advisories/GHSA-gwmc-6795-qghj\"\u003eGHSA-gwmc-6795-qghj\u003c/a\u003e, there is a vulnerability in the following Go packages or modules:\u003c/p\u003e\n\u003cmarkdown-accessiblity-table\u003e\u003ctable role=\"table\"\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eUnit\u003c/th\u003e\n\u003cth\u003eFixed\u003c/th\u003e\n\u003cth\u003eVulnerable Ranges\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://pkg.go.dev/github.com/hashicorp/nomad\" rel=\"nofollow\"\u003egithub.com/hashicorp/nomad\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e1.2.6\u003c/td\u003e\n\u003ctd\u003e\u0026gt;= 1.2.0, \u0026lt; 1.2.6\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\u003c/markdown-accessiblity-table\u003e\n\u003cp dir=\"auto\"\u003eSee \u003ca href=\"https://github.com/golang/vulndb/blob/master/doc/triage.md\"\u003edoc/triage.md\u003c/a\u003e for instructions on how to triage this report.\u003c/p\u003e\n\u003cdiv class=\"snippet-clipboard-content notranslate position-relative overflow-auto\" data-snippet-clipboard-copy-content=\"packages:\n - package: github.com/hashicorp/nomad\n versions:\n - introduced: 1.2.0\n fixed: 1.2.6\n - package: github.com/hashicorp/nomad\n versions:\n - introduced: 1.1.0\n fixed: 1.1.12\n - package: github.com/hashicorp/nomad\n versions:\n - introduced: 0.3.0\n fixed: 1.0.18\ndescription: HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and\n 1.2.5 artifact download functionality has a race condition such that the Nomad\n client agent could download the wrong artifact into the wrong destination. This\n issue is fixed in 1.0.18, 1.1.12, and 1.2.6.\npublished: 2022-02-15T00:02:46Z\nlast_modified: 2022-03-28T15:24:37Z\ncves:\n - CVE-2022-24686\nghsas:\n - GHSA-gwmc-6795-qghj\nlinks:\n context:\n - https://github.com/advisories/GHSA-gwmc-6795-qghj\n\"\u003e\u003cpre class=\"notranslate\"\u003e\u003ccode class=\"notranslate\"\u003epackages:\n - package: github.com/hashicorp/nomad\n versions:\n - introduced: 1.2.0\n fixed: 1.2.6\n - package: github.com/hashicorp/nomad\n versions:\n - introduced: 1.1.0\n fixed: 1.1.12\n - package: github.com/hashicorp/nomad\n versions:\n - introduced: 0.3.0\n fixed: 1.0.18\ndescription: HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and\n 1.2.5 artifact download functionality has a race condition such that the Nomad\n client agent could download the wrong artifact into the wrong destination. This\n issue is fixed in 1.0.18, 1.1.12, and 1.2.6.\npublished: 2022-02-15T00:02:46Z\nlast_modified: 2022-03-28T15:24:37Z\ncves:\n - CVE-2022-24686\nghsas:\n - GHSA-gwmc-6795-qghj\nlinks:\n context:\n - https://github.com/advisories/GHSA-gwmc-6795-qghj\n\n\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","bodyVersion":"e1ac9f1a05e139e0416cfe8e89706f9e02e8c398f3445285fc4c359a9ca1e7e3","createdAt":"2022-08-01T18:14:51Z","__isReactable":"Issue","reactionGroups":[{"content":"THUMBS_UP","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"THUMBS_DOWN","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"LAUGH","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"HOORAY","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"CONFUSED","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"HEART","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"ROCKET","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"EYES","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}}],"viewerCanUpdateMetadata":false,"viewerCanComment":false,"viewerCanAssign":false,"viewerCanLabel":false,"__isIssueOrPullRequest":"Issue","projectItemsNext":{"edges":[],"pageInfo":{"endCursor":null,"hasNextPage":false}},"viewerCanSetMilestone":false,"isPinned":false,"viewerCanDelete":false,"viewerCanTransfer":false,"viewerCanConvertToDiscussion":false,"viewerCanLock":false,"viewerCanType":false,"issueFieldValues":{"nodes":[]},"frontTimelineItems":{"pageInfo":{"hasNextPage":true,"endCursor":"Y3Vyc29yOnYyOpPPAAABjY6aYrgCqjEzNTUwODc1NDU="},"totalCount":25,"edges":[{"node":{"__typename":"AssignedEvent","__isIssueTimelineItems":"AssignedEvent","__isTimelineEvent":"AssignedEvent","databaseId":7119770266,"createdAt":"2022-08-03T15:35:01Z","actor":{"__typename":"User","login":"julieqiu","id":"MDQ6VXNlcjU5NDM1MjE=","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/5943521?s=64\u0026u=b7766f1296014718a62fed3c8b2017587e51bd5e\u0026v=4","profileResourcePath":"/julieqiu"},"assignee":{"__typename":"User","id":"MDQ6VXNlcjUwODA2NzQ=","__isNode":"User","__isActor":"User","login":"rolandshoemaker","resourcePath":"/rolandshoemaker"},"__isNode":"AssignedEvent","id":"AE_lADOFV-OBs5O9rmfzwAAAAGoXxKa"},"cursor":"Y3Vyc29yOnYyOpPPAAABgmRYjIgBqjcxMTk3NzAyNjY="},{"node":{"__typename":"AssignedEvent","__isIssueTimelineItems":"AssignedEvent","__isTimelineEvent":"AssignedEvent","databaseId":7119799549,"createdAt":"2022-08-03T15:38:34Z","actor":{"__typename":"User","login":"julieqiu","id":"MDQ6VXNlcjU5NDM1MjE=","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/5943521?s=64\u0026u=b7766f1296014718a62fed3c8b2017587e51bd5e\u0026v=4","profileResourcePath":"/julieqiu"},"assignee":{"__typename":"User","id":"MDQ6VXNlcjU5NDM1MjE=","__isNode":"User","__isActor":"User","login":"julieqiu","resourcePath":"/julieqiu"},"__isNode":"AssignedEvent","id":"AE_lADOFV-OBs5O9rmfzwAAAAGoX4T9"},"cursor":"Y3Vyc29yOnYyOpPPAAABgmRbzJABqjcxMTk3OTk1NDk="},{"node":{"__typename":"UnassignedEvent","__isIssueTimelineItems":"UnassignedEvent","__isTimelineEvent":"UnassignedEvent","databaseId":7119803124,"createdAt":"2022-08-03T15:39:03Z","actor":{"__typename":"User","login":"julieqiu","id":"MDQ6VXNlcjU5NDM1MjE=","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/5943521?s=64\u0026u=b7766f1296014718a62fed3c8b2017587e51bd5e\u0026v=4","profileResourcePath":"/julieqiu"},"assignee":{"__typename":"User","id":"MDQ6VXNlcjUwODA2NzQ=","__isNode":"User","__isActor":"User","login":"rolandshoemaker","resourcePath":"/rolandshoemaker"},"__isNode":"UnassignedEvent","id":"UNE_lADOFV-OBs5O9rmfzwAAAAGoX5L0"},"cursor":"Y3Vyc29yOnYyOpPPAAABgmRcPdgBqjcxMTk4MDMxMjQ="},{"node":{"__typename":"IssueComment","__isIssueTimelineItems":"IssueComment","databaseId":1204255063,"viewerDidAuthor":false,"issue":{"author":{"__typename":"User","login":"julieqiu","id":"MDQ6VXNlcjU5NDM1MjE="},"id":"I_kwDOFV-OBs5O9rmf","number":600,"locked":false,"databaseId":1324792223},"author":{"__typename":"User","login":"julieqiu","avatarUrl":"https://avatars.githubusercontent.com/u/5943521?u=b7766f1296014718a62fed3c8b2017587e51bd5e\u0026v=4","profileUrl":"https://github.com/julieqiu","id":"MDQ6VXNlcjU5NDM1MjE="},"id":"IC_kwDOFV-OBs5Hx3lX","body":"Vulnerability in tool.","bodyHTML":"\u003cp dir=\"auto\"\u003eVulnerability in tool.\u003c/p\u003e","bodyVersion":"211860564b74ca7757d1e36da44bbc476dda418e2292ec7db113161fdd92c422","viewerCanUpdate":false,"url":"https://github.com/golang/vulndb/issues/600#issuecomment-1204255063","createdAt":"2022-08-03T17:20:16Z","authorAssociation":"MEMBER","viewerCanDelete":false,"viewerCanMinimize":false,"viewerCanReport":false,"viewerCanReportToMaintainer":false,"viewerCanBlockFromOrg":false,"viewerCanUnblockFromOrg":false,"isHidden":false,"minimizedReason":null,"showSpammyBadge":false,"createdViaEmail":false,"authorToRepoOwnerSponsorship":null,"repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ=","name":"vulndb","owner":{"__typename":"Organization","id":"MDEyOk9yZ2FuaXphdGlvbjQzMTQwOTI=","login":"golang","url":"https://github.com/golang"},"isPrivate":false,"slashCommandsEnabled":false,"nameWithOwner":"golang/vulndb","databaseId":358583814},"__isComment":"IssueComment","viewerCanReadUserContentEdits":true,"lastEditedAt":null,"lastUserContentEdit":null,"__isReactable":"IssueComment","reactionGroups":[{"content":"THUMBS_UP","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"THUMBS_DOWN","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"LAUGH","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"HOORAY","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"CONFUSED","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"HEART","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"ROCKET","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}},{"content":"EYES","viewerHasReacted":false,"reactors":{"totalCount":0,"nodes":[]}}],"__isNode":"IssueComment"},"cursor":"Y3Vyc29yOnYyOpPPAAABgmS46IAAqjEyMDQyNTUwNjM="},{"node":{"__typename":"ClosedEvent","__isIssueTimelineItems":"ClosedEvent","__isTimelineEvent":"ClosedEvent","databaseId":7120769476,"createdAt":"2022-08-03T17:20:16Z","actor":{"__typename":"User","login":"julieqiu","id":"MDQ6VXNlcjU5NDM1MjE=","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/5943521?s=64\u0026u=b7766f1296014718a62fed3c8b2017587e51bd5e\u0026v=4","profileResourcePath":"/julieqiu"},"stateReason":"COMPLETED","duplicateOf":null,"closingProjectItemStatus":null,"closer":null,"__isNode":"ClosedEvent","id":"CE_lADOFV-OBs5O9rmfzwAAAAGoblHE"},"cursor":"Y3Vyc29yOnYyOpPPAAABgmS46IABqjcxMjA3Njk0NzY="},{"node":{"__typename":"LabeledEvent","__isIssueTimelineItems":"LabeledEvent","__isTimelineEvent":"LabeledEvent","databaseId":7120770415,"createdAt":"2022-08-03T17:20:22Z","actor":{"__typename":"User","login":"julieqiu","id":"MDQ6VXNlcjU5NDM1MjE=","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/5943521?s=64\u0026u=b7766f1296014718a62fed3c8b2017587e51bd5e\u0026v=4","profileResourcePath":"/julieqiu"},"label":{"id":"LA_kwDOFV-OBs7aW7f0","nameHTML":"NotGoVuln","name":"NotGoVuln","color":"B32F71","description":null},"__isNode":"LabeledEvent","id":"LE_lADOFV-OBs5O9rmfzwAAAAGoblVv"},"cursor":"Y3Vyc29yOnYyOpPPAAABgmS4__ABqjcxMjA3NzA0MTU="},{"node":{"__typename":"UnlabeledEvent","__isIssueTimelineItems":"UnlabeledEvent","__isTimelineEvent":"UnlabeledEvent","databaseId":7167725961,"createdAt":"2022-08-10T22:59:54Z","actor":{"__typename":"User","login":"neild","id":"MDQ6VXNlcjUyNTQ0","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/52544?s=64\u0026u=41bff20219d93918578944360c3930f30df4693b\u0026v=4","profileResourcePath":"/neild"},"label":{"id":"LA_kwDOFV-OBs7aW7f0","nameHTML":"NotGoVuln","name":"NotGoVuln","color":"B32F71","description":null},"__isNode":"UnlabeledEvent","id":"UNLE_lADOFV-OBs5O9rmfzwAAAAGrOtGJ"},"cursor":"Y3Vyc29yOnYyOpPPAAABgon8XhABqjcxNjc3MjU5NjE="},{"node":{"__typename":"LabeledEvent","__isIssueTimelineItems":"LabeledEvent","__isTimelineEvent":"LabeledEvent","databaseId":7167725968,"createdAt":"2022-08-10T22:59:54Z","actor":{"__typename":"User","login":"neild","id":"MDQ6VXNlcjUyNTQ0","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/52544?s=64\u0026u=41bff20219d93918578944360c3930f30df4693b\u0026v=4","profileResourcePath":"/neild"},"label":{"id":"LA_kwDOFV-OBs8AAAABBvNKlQ","nameHTML":"excluded: EFFECTIVELY_PRIVATE","name":"excluded: EFFECTIVELY_PRIVATE","color":"e99695","description":"This vulnerability exists in a package can be imported, but isn't meant to be outside that module."},"__isNode":"LabeledEvent","id":"LE_lADOFV-OBs5O9rmfzwAAAAGrOtGQ"},"cursor":"Y3Vyc29yOnYyOpPPAAABgon8XhABqjcxNjc3MjU5Njg="},{"node":{"__typename":"CrossReferencedEvent","__isIssueTimelineItems":"CrossReferencedEvent","__isTimelineEvent":"CrossReferencedEvent","databaseId":1243711904,"createdAt":"2023-01-11T06:01:34Z","actor":{"__typename":"User","login":"GoVulnBot","id":"U_kgDOBcBgjA","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/96493708?s=64\u0026v=4","profileResourcePath":"/GoVulnBot"},"source":{"__typename":"Issue","__isNode":"Issue","id":"I_kwDOFV-OBs5bGsGp"},"willCloseTarget":false,"referencedAt":"2023-01-11T06:01:34Z","target":{"__typename":"Issue","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ="},"__isNode":"Issue","id":"I_kwDOFV-OBs5O9rmf"},"innerSource":{"__typename":"Issue","__isReferencedSubject":"Issue","id":"I_kwDOFV-OBs5bGsGp","issueTitleHTML":"x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-5x92-p4p5-33c4","url":"https://github.com/golang/vulndb/issues/1476","number":1476,"stateReason":"COMPLETED","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ=","name":"vulndb","isPrivate":false,"owner":{"__typename":"Organization","login":"golang","id":"MDEyOk9yZ2FuaXphdGlvbjQzMTQwOTI="}},"__isNode":"Issue"},"__isNode":"CrossReferencedEvent","id":"CRE_kwDOFV-OBs5KIYmg"},"cursor":"Y3Vyc29yOnYyOpPPAAABhZ9rZjACqjEyNDM3MTE5MDQ="},{"node":{"__typename":"CrossReferencedEvent","__isIssueTimelineItems":"CrossReferencedEvent","__isTimelineEvent":"CrossReferencedEvent","databaseId":1264845666,"createdAt":"2023-02-17T14:01:24Z","actor":{"__typename":"User","login":"GoVulnBot","id":"U_kgDOBcBgjA","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/96493708?s=64\u0026v=4","profileResourcePath":"/GoVulnBot"},"source":{"__typename":"Issue","__isNode":"Issue","id":"I_kwDOFV-OBs5evGCS"},"willCloseTarget":false,"referencedAt":"2023-02-17T14:01:24Z","target":{"__typename":"Issue","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ="},"__isNode":"Issue","id":"I_kwDOFV-OBs5O9rmf"},"innerSource":{"__typename":"Issue","__isReferencedSubject":"Issue","id":"I_kwDOFV-OBs5evGCS","issueTitleHTML":"x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-w479-w22g-cffh","url":"https://github.com/golang/vulndb/issues/1581","number":1581,"stateReason":"COMPLETED","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ=","name":"vulndb","isPrivate":false,"owner":{"__typename":"Organization","login":"golang","id":"MDEyOk9yZ2FuaXphdGlvbjQzMTQwOTI="}},"__isNode":"Issue"},"__isNode":"CrossReferencedEvent","id":"CRE_kwDOFV-OBs5LZANi"},"cursor":"Y3Vyc29yOnYyOpPPAAABhl-t_yACqjEyNjQ4NDU2NjY="},{"node":{"__typename":"CrossReferencedEvent","__isIssueTimelineItems":"CrossReferencedEvent","__isTimelineEvent":"CrossReferencedEvent","databaseId":1271651036,"createdAt":"2023-03-14T19:01:11Z","actor":{"__typename":"User","login":"GoVulnBot","id":"U_kgDOBcBgjA","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/96493708?s=64\u0026v=4","profileResourcePath":"/GoVulnBot"},"source":{"__typename":"Issue","__isNode":"Issue","id":"I_kwDOFV-OBs5gzjVg"},"willCloseTarget":false,"referencedAt":"2023-03-14T19:01:10Z","target":{"__typename":"Issue","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ="},"__isNode":"Issue","id":"I_kwDOFV-OBs5O9rmf"},"innerSource":{"__typename":"Issue","__isReferencedSubject":"Issue","id":"I_kwDOFV-OBs5gzjVg","issueTitleHTML":"x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-rqm8-q8j9-662f","url":"https://github.com/golang/vulndb/issues/1633","number":1633,"stateReason":"COMPLETED","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ=","name":"vulndb","isPrivate":false,"owner":{"__typename":"Organization","login":"golang","id":"MDEyOk9yZ2FuaXphdGlvbjQzMTQwOTI="}},"__isNode":"Issue"},"__isNode":"CrossReferencedEvent","id":"CRE_kwDOFV-OBs5Ly9rc"},"cursor":"Y3Vyc29yOnYyOpPPAAABhuF_cNgCqjEyNzE2NTEwMzY="},{"node":{"__typename":"CrossReferencedEvent","__isIssueTimelineItems":"CrossReferencedEvent","__isTimelineEvent":"CrossReferencedEvent","databaseId":1277208536,"createdAt":"2023-04-06T17:01:29Z","actor":{"__typename":"User","login":"GoVulnBot","id":"U_kgDOBcBgjA","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/96493708?s=64\u0026v=4","profileResourcePath":"/GoVulnBot"},"source":{"__typename":"Issue","__isNode":"Issue","id":"I_kwDOFV-OBs5iz4O6"},"willCloseTarget":false,"referencedAt":"2023-04-06T17:01:28Z","target":{"__typename":"Issue","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ="},"__isNode":"Issue","id":"I_kwDOFV-OBs5O9rmf"},"innerSource":{"__typename":"Issue","__isReferencedSubject":"Issue","id":"I_kwDOFV-OBs5iz4O6","issueTitleHTML":"x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-f8r8-h93m-mj77","url":"https://github.com/golang/vulndb/issues/1707","number":1707,"stateReason":"COMPLETED","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ=","name":"vulndb","isPrivate":false,"owner":{"__typename":"Organization","login":"golang","id":"MDEyOk9yZ2FuaXphdGlvbjQzMTQwOTI="}},"__isNode":"Issue"},"__isNode":"CrossReferencedEvent","id":"CRE_kwDOFV-OBs5MIKfY"},"cursor":"Y3Vyc29yOnYyOpPPAAABh1eEHigCqjEyNzcyMDg1MzY="},{"node":{"__typename":"CrossReferencedEvent","__isIssueTimelineItems":"CrossReferencedEvent","__isTimelineEvent":"CrossReferencedEvent","databaseId":1298658363,"createdAt":"2023-07-06T22:01:09Z","actor":{"__typename":"User","login":"GoVulnBot","id":"U_kgDOBcBgjA","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/96493708?s=64\u0026v=4","profileResourcePath":"/GoVulnBot"},"source":{"__typename":"Issue","__isNode":"Issue","id":"I_kwDOFV-OBs5q1NRG"},"willCloseTarget":false,"referencedAt":"2023-07-06T22:01:08Z","target":{"__typename":"Issue","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ="},"__isNode":"Issue","id":"I_kwDOFV-OBs5O9rmf"},"innerSource":{"__typename":"Issue","__isReferencedSubject":"Issue","id":"I_kwDOFV-OBs5q1NRG","issueTitleHTML":"x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-hhvx-8755-4cvw","url":"https://github.com/golang/vulndb/issues/1899","number":1899,"stateReason":"COMPLETED","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ=","name":"vulndb","isPrivate":false,"owner":{"__typename":"Organization","login":"golang","id":"MDEyOk9yZ2FuaXphdGlvbjQzMTQwOTI="}},"__isNode":"Issue"},"__isNode":"CrossReferencedEvent","id":"CRE_kwDOFV-OBs5NZ_Q7"},"cursor":"Y3Vyc29yOnYyOpPPAAABiS05LIgCqjEyOTg2NTgzNjM="},{"node":{"__typename":"CrossReferencedEvent","__isIssueTimelineItems":"CrossReferencedEvent","__isTimelineEvent":"CrossReferencedEvent","databaseId":1300729938,"createdAt":"2023-07-15T00:01:19Z","actor":{"__typename":"User","login":"GoVulnBot","id":"U_kgDOBcBgjA","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/96493708?s=64\u0026v=4","profileResourcePath":"/GoVulnBot"},"source":{"__typename":"Issue","__isNode":"Issue","id":"I_kwDOFV-OBs5roWJR"},"willCloseTarget":false,"referencedAt":"2023-07-15T00:01:18Z","target":{"__typename":"Issue","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ="},"__isNode":"Issue","id":"I_kwDOFV-OBs5O9rmf"},"innerSource":{"__typename":"Issue","__isReferencedSubject":"Issue","id":"I_kwDOFV-OBs5roWJR","issueTitleHTML":"x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2w2v-xcr9-mj4m","url":"https://github.com/golang/vulndb/issues/1928","number":1928,"stateReason":"COMPLETED","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ=","name":"vulndb","isPrivate":false,"owner":{"__typename":"Organization","login":"golang","id":"MDEyOk9yZ2FuaXphdGlvbjQzMTQwOTI="}},"__isNode":"Issue"},"__isNode":"CrossReferencedEvent","id":"CRE_kwDOFV-OBs5Nh5BS"},"cursor":"Y3Vyc29yOnYyOpPPAAABiVbaEJgCqjEzMDA3Mjk5Mzg="},{"node":{"__typename":"CrossReferencedEvent","__isIssueTimelineItems":"CrossReferencedEvent","__isTimelineEvent":"CrossReferencedEvent","databaseId":1355087545,"createdAt":"2024-02-09T16:01:39Z","actor":{"__typename":"User","login":"GoVulnBot","id":"U_kgDOBcBgjA","__isActor":"User","avatarUrl":"https://avatars.githubusercontent.com/u/96493708?s=64\u0026v=4","profileResourcePath":"/GoVulnBot"},"source":{"__typename":"Issue","__isNode":"Issue","id":"I_kwDOFV-OBs5-zfZR"},"willCloseTarget":false,"referencedAt":"2024-02-09T16:01:38Z","target":{"__typename":"Issue","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ="},"__isNode":"Issue","id":"I_kwDOFV-OBs5O9rmf"},"innerSource":{"__typename":"Issue","__isReferencedSubject":"Issue","id":"I_kwDOFV-OBs5-zfZR","issueTitleHTML":"x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-c866-8gpw-p3mv","url":"https://github.com/golang/vulndb/issues/2538","number":2538,"stateReason":"COMPLETED","repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ=","name":"vulndb","isPrivate":false,"owner":{"__typename":"Organization","login":"golang","id":"MDEyOk9yZ2FuaXphdGlvbjQzMTQwOTI="}},"__isNode":"Issue"},"__isNode":"CrossReferencedEvent","id":"CRE_kwDOFV-OBs5QxP65"},"cursor":"Y3Vyc29yOnYyOpPPAAABjY6aYrgCqjEzNTUwODc1NDU="}]},"backTimelineItems":{"pageInfo":{"hasPreviousPage":true,"startCursor":null},"totalCount":25,"edges":[]}},"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ="},"safeViewer":null}},"timestamp":1749432884}]},"title":null,"appPayload":{"initial_view_content":{"team_id":null,"can_edit_view":true},"current_user":null,"current_user_settings":{"use_monospace_font":false,"use_single_key_shortcut":false,"preferred_emoji_skin_tone":null,"copilot_show_functionality":false},"paste_url_link_as_plain_text":false,"base_avatar_url":"https://avatars.githubusercontent.com","help_url":"https://docs.github.com","sso_organizations":null,"multi_tenant":false,"tracing":false,"tracing_flamegraph":false,"catalog_service":"github/issues","scoped_repository":{"id":"MDEwOlJlcG9zaXRvcnkzNTg1ODM4MTQ=","owner":"golang","name":"vulndb","is_archived":false},"copilot_api_url":null,"enabled_features":{"use_pull_request_subscriptions_enabled":false,"pull_request_single_subscription":true,"disable_issues_react_ssr":false,"issue_dependencies":false,"issue_dependencies_internal_dev":false,"issue_fields":false,"copilot_natural_language_github_search":false,"private_avatars":false,"reserved_domain":true,"projects_classic_sunset_override":false,"issues_react_bypass_es_limits":true,"notifyd_issue_watch_activity_notify":false,"notifyd_enable_issue_thread_subscriptions":false,"timeline_best_effort_count_optimization":false,"copilot_auto_assign_metadata":false,"issues_react_create_milestone":true,"issues_react_preload_labels":true,"copilot_workspace_cross_repo_selection":false,"copilot_agent_mode":true,"issues_react_duplicate_issue":false,"issues_react_force_turbo_nav":false,"copilot_swe_agent":false,"copilot_plan_brainstorm_with_blackbird":false,"copilot_find_relevant_files":false,"copilot_find_relevant_files_debug":false,"issues_react_create_issue_with_copilot_cta":false,"copilot_immersive_issue_creation_cta":false,"copilot_workspace":null,"tasklist_block":false,"issues_react_perf_test":false}}}
x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-gwmc-6795-qghj #600
New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-gwmc-6795-qghj#600
Assignees
julieqiu
Labels
excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.
@julieqiu

Description

@julieqiu
julieqiu
opened on Aug 1, 2022

In GitHub Security Advisory GHSA-gwmc-6795-qghj, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/hashicorp/nomad 1.2.6 >= 1.2.0, < 1.2.6

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/hashicorp/nomad
    versions:
      - introduced: 1.2.0
        fixed: 1.2.6
  - package: github.com/hashicorp/nomad
    versions:
      - introduced: 1.1.0
        fixed: 1.1.12
  - package: github.com/hashicorp/nomad
    versions:
      - introduced: 0.3.0
        fixed: 1.0.18
description: HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and
    1.2.5 artifact download functionality has a race condition such that the Nomad
    client agent could download the wrong artifact into the wrong destination. This
    issue is fixed in 1.0.18, 1.1.12, and 1.2.6.
published: 2022-02-15T00:02:46Z
last_modified: 2022-03-28T15:24:37Z
cves:
  - CVE-2022-24686
ghsas:
  - GHSA-gwmc-6795-qghj
links:
    context:
      - https://github.com/advisories/GHSA-gwmc-6795-qghj

Metadata

Metadata

Assignees

Labels

excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0