Skip to content

x/vulndb: potential Go vuln in github.com/IceWhaleTech/CasaOS: GHSA-jh63-28gx-7p26 #606

New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/IceWhaleTech/CasaOS: GHSA-jh63-28gx-7p26#606
Assignees
neild
Labels
excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.
@julieqiu

Description

@julieqiu
julieqiu
opened on Aug 1, 2022

In GitHub Security Advisory GHSA-jh63-28gx-7p26, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/IceWhaleTech/CasaOS 0.2.8 < 0.2.7

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/IceWhaleTech/CasaOS
    versions:
      - introduced: TODO (earliest fixed "0.2.8", vuln range "< 0.2.7")
description: CasaOS before v0.2.7 was discovered to contain a command injection vulnerability
    via the component leave or join zerotier api.
published: 2022-03-11T00:02:17Z
last_modified: 2022-05-05T13:34:12Z
cves:
  - CVE-2022-24193
ghsas:
  - GHSA-jh63-28gx-7p26
links:
    context:
      - https://github.com/advisories/GHSA-jh63-28gx-7p26

Metadata

Metadata

Assignees

Labels

excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions