data/reports: review GO-2024-3286

- data/reports/GO-2024-3286.yaml Fixes #3286 Updates #3301 Change-Id: I9530c44251daaa221d883403800779477cd929de Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/635759 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
golang · Dec 13, 2024 · 06de138 · 06de138
1 parent cb179ac
commit 06de138
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 9 deletions.
diff --git a/data/osv/GO-2024-3286.json b/data/osv/GO-2024-3286.json
@@ -40,18 +40,23 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "k8s.io/kubernetes/pkg/volume/git_repo",
+            "symbols": [
+              "validateVolume"
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://github.com/advisories/GHSA-27wf-5967-98gx"
     },
-    {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10220"
-    },
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2024/11/20/1"
@@ -71,6 +76,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-3286",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
diff --git a/data/reports/GO-2024-3286.yaml b/data/reports/GO-2024-3286.yaml
@@ -8,19 +8,22 @@ modules:
         - introduced: 1.30.0
         - fixed: 1.30.3
       vulnerable_at: 1.30.2
+      packages:
+        - package: k8s.io/kubernetes/pkg/volume/git_repo
+          symbols:
+            - validateVolume
 summary: Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes
 cves:
     - CVE-2024-10220
 ghsas:
     - GHSA-27wf-5967-98gx
 references:
     - advisory: https://github.com/advisories/GHSA-27wf-5967-98gx
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-10220
     - web: http://www.openwall.com/lists/oss-security/2024/11/20/1
     - web: https://github.com/kubernetes/kubernetes/commit/1ab06efe92d8e898ca1931471c9533ce94aba29b
     - web: https://github.com/kubernetes/kubernetes/issues/128885
     - web: https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko
 source:
     id: GHSA-27wf-5967-98gx
-    created: 2024-11-27T13:41:27.937873-05:00
-review_status: UNREVIEWED
+    created: 2024-12-13T09:59:18.294847-05:00
+review_status: REVIEWED