diff --git a/data/osv/GO-2024-3286.json b/data/osv/GO-2024-3286.json index eb789ab6..7b43b611 100644 --- a/data/osv/GO-2024-3286.json +++ b/data/osv/GO-2024-3286.json @@ -40,7 +40,16 @@ ] } ], - "ecosystem_specific": {} + "ecosystem_specific": { + "imports": [ + { + "path": "k8s.io/kubernetes/pkg/volume/git_repo", + "symbols": [ + "validateVolume" + ] + } + ] + } } ], "references": [ @@ -48,10 +57,6 @@ "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-27wf-5967-98gx" }, - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10220" - }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2024/11/20/1" @@ -71,6 +76,6 @@ ], "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2024-3286", - "review_status": "UNREVIEWED" + "review_status": "REVIEWED" } } \ No newline at end of file diff --git a/data/reports/GO-2024-3286.yaml b/data/reports/GO-2024-3286.yaml index 3949bd3e..30cd882c 100644 --- a/data/reports/GO-2024-3286.yaml +++ b/data/reports/GO-2024-3286.yaml @@ -8,6 +8,10 @@ modules: - introduced: 1.30.0 - fixed: 1.30.3 vulnerable_at: 1.30.2 + packages: + - package: k8s.io/kubernetes/pkg/volume/git_repo + symbols: + - validateVolume summary: Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes cves: - CVE-2024-10220 @@ -15,12 +19,11 @@ ghsas: - GHSA-27wf-5967-98gx references: - advisory: https://github.com/advisories/GHSA-27wf-5967-98gx - - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-10220 - web: http://www.openwall.com/lists/oss-security/2024/11/20/1 - web: https://github.com/kubernetes/kubernetes/commit/1ab06efe92d8e898ca1931471c9533ce94aba29b - web: https://github.com/kubernetes/kubernetes/issues/128885 - web: https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko source: id: GHSA-27wf-5967-98gx - created: 2024-11-27T13:41:27.937873-05:00 -review_status: UNREVIEWED + created: 2024-12-13T09:59:18.294847-05:00 +review_status: REVIEWED