[vulndb] data/reports: add 2 reports
1 view
Skip to first unread message
Nicholas Husin (Gerrit)
Dec 16, 2025, 11:29:40 AM (2 days ago) Dec 16
to Markus Kusano, Neal Patel, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Attention needed from Markus Kusano and Neal Patel
Nicholas Husin has uploaded the change for review![]( "Open in Gerrit")
Nicholas Husin would like Markus Kusano and Neal Patel to review this change.
Commit message
data/reports: add 2 reports
- data/reports/GO-2025-4239.yaml
- data/reports/GO-2025-4240.yaml
Fixes golang/vulndb#4239
Fixes golang/vulndb#4240
Change-Id: I1f82a46cd21defec0e6748cc1633a40048774a89
Change diff
diff --git a/data/osv/GO-2025-4239.json b/data/osv/GO-2025-4239.json
new file mode 100644
index 0000000..b2dc368
--- /dev/null
+++ b/data/osv/GO-2025-4239.json
@@ -0,0 +1,80 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-4239",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-68113",
+ "GHSA-6gvq-jcmp-8959"
+ ],
+ "summary": "ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay in github.com/altcha-org/altcha-lib-go",
+ "details": "ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay in github.com/altcha-org/altcha-lib-go",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/altcha-org/altcha-lib-go",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.0.0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/altcha-org/altcha-lib/security/advisories/GHSA-6gvq-jcmp-8959"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/altcha-org/altcha-lib-go/commit/4a5610745ef79895a67bac858b2e4f291c2614b8"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/altcha-org/altcha-lib-ex/commit/09b2bad466ad0338a5b24245380950ea9918333e"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/altcha-org/altcha-lib-java/commit/69277651fdd6418ae10bf3a088901506f9c62114"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/altcha-org/altcha-lib-java/releases/tag/v1.3.0"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/altcha-org/altcha-lib-php/commit/9e9e70c864a9db960d071c77c778be0c9ff1a4d0"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/altcha-org/altcha-lib-php/releases/tag/v1.3.1"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/altcha-org/altcha-lib-rb/commit/4fd7b64cbbfc713f3ca4e066c2dd466e3b8d359b"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/altcha-org/altcha-lib/commit/cb95d83a8d08e273b6be15e48988e7eaf60d5c08"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/altcha-org/altcha-lib/releases/tag/1.4.1"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-4239",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-4240.json b/data/osv/GO-2025-4240.json
new file mode 100644
index 0000000..728f9eb
--- /dev/null
+++ b/data/osv/GO-2025-4240.json
@@ -0,0 +1,80 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-4240",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-13281",
+ "GHSA-r6j8-c6r2-37rr"
+ ],
+ "summary": "Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes",
+ "details": "Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes",
+ "affected": [
+ {
+ "package": {
+ "name": "k8s.io/kubernetes",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.32.10"
+ },
+ {
+ "introduced": "1.33.0-alpha.0"
+ },
+ {
+ "fixed": "1.33.6"
+ },
+ {
+ "introduced": "1.34.0-alpha.0"
+ },
+ {
+ "fixed": "1.34.2"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-r6j8-c6r2-37rr"
+ },
+ {
+ "type": "WEB",
+ "url": "http://www.openwall.com/lists/oss-security/2025/12/01/4"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/kubernetes/kubernetes/commit/7506ce804c20696ba32cdb72126270ceaed06e24"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/kubernetes/kubernetes/commit/97650c1c4fe15cbb7756ba95b3edc8a8665063ca"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/kubernetes/kubernetes/commit/dbe17dfe7773563eac95534040f413ada6d2b421"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/kubernetes/kubernetes/issues/135525"
+ },
+ {
+ "type": "WEB",
+ "url": "https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-4240",
+ "review_status": "REVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/reports/GO-2025-4239.yaml b/data/reports/GO-2025-4239.yaml
new file mode 100644
index 0000000..53e1ec9
--- /dev/null
+++ b/data/reports/GO-2025-4239.yaml
@@ -0,0 +1,26 @@
+id: GO-2025-4239
+modules:
+ - module: github.com/altcha-org/altcha-lib-go
+ versions:
+ - fixed: 1.0.0
+ vulnerable_at: 0.2.2
+summary: ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay in github.com/altcha-org/altcha-lib-go
+cves:
+ - CVE-2025-68113
+ghsas:
+ - GHSA-6gvq-jcmp-8959
+references:
+ - advisory: https://github.com/altcha-org/altcha-lib/security/advisories/GHSA-6gvq-jcmp-8959
+ - fix: https://github.com/altcha-org/altcha-lib-go/commit/4a5610745ef79895a67bac858b2e4f291c2614b8
+ - web: https://github.com/altcha-org/altcha-lib-ex/commit/09b2bad466ad0338a5b24245380950ea9918333e
+ - web: https://github.com/altcha-org/altcha-lib-java/commit/69277651fdd6418ae10bf3a088901506f9c62114
+ - web: https://github.com/altcha-org/altcha-lib-java/releases/tag/v1.3.0
+ - web: https://github.com/altcha-org/altcha-lib-php/commit/9e9e70c864a9db960d071c77c778be0c9ff1a4d0
+ - web: https://github.com/altcha-org/altcha-lib-php/releases/tag/v1.3.1
+ - web: https://github.com/altcha-org/altcha-lib-rb/commit/4fd7b64cbbfc713f3ca4e066c2dd466e3b8d359b
+ - web: https://github.com/altcha-org/altcha-lib/commit/cb95d83a8d08e273b6be15e48988e7eaf60d5c08
+ - web: https://github.com/altcha-org/altcha-lib/releases/tag/1.4.1
+source:
+ id: GHSA-6gvq-jcmp-8959
+ created: 2025-12-16T10:47:39.330417262-05:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-4240.yaml b/data/reports/GO-2025-4240.yaml
new file mode 100644
index 0000000..f5afb6c
--- /dev/null
+++ b/data/reports/GO-2025-4240.yaml
@@ -0,0 +1,31 @@
+id: GO-2025-4240
+modules:
+ - module: k8s.io/kubernetes
+ versions:
+ - fixed: 1.32.10
+ - introduced: 1.33.0-alpha.0
+ - fixed: 1.33.6
+ - introduced: 1.34.0-alpha.0
+ - fixed: 1.34.2
+ vulnerable_at: 1.34.1
+summary: |-
+ Half-blind Server Side Request Forgery in kube-controller-manager through
+ in-tree Portworx StorageClass in k8s.io/kubernetes
+cves:
+ - CVE-2025-13281
+ghsas:
+ - GHSA-r6j8-c6r2-37rr
+references:
+ - advisory: https://github.com/advisories/GHSA-r6j8-c6r2-37rr
+ - web: http://www.openwall.com/lists/oss-security/2025/12/01/4
+ - web: https://github.com/kubernetes/kubernetes/commit/7506ce804c20696ba32cdb72126270ceaed06e24
+ - web: https://github.com/kubernetes/kubernetes/commit/97650c1c4fe15cbb7756ba95b3edc8a8665063ca
+ - web: https://github.com/kubernetes/kubernetes/commit/dbe17dfe7773563eac95534040f413ada6d2b421
+ - web: https://github.com/kubernetes/kubernetes/issues/135525
+ - web: https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ
+notes:
+ - failed to auto-populate symbols: no commits found for k8s.io/kubernetes
+source:
+ id: GHSA-r6j8-c6r2-37rr
+ created: 2025-12-16T10:47:29.124215196-05:00
+review_status: REVIEWED
Change information
Files:
- A data/osv/GO-2025-4239.json
- A data/osv/GO-2025-4240.json
- A data/reports/GO-2025-4239.yaml
- A data/reports/GO-2025-4240.yaml
Change size: M
Delta: 4 files changed, 217 insertions(+), 0 deletions(-)
Related details
Attention is currently required from:
- Markus Kusano
- Neal Patel
Submit Requirements:
Code-Review
LUCI-Pass
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Markus Kusano (Gerrit)
Dec 16, 2025, 1:58:37 PM (2 days ago) Dec 16
to Nicholas Husin, goph...@pubsubhelper.golang.org, Go LUCI, Neal Patel, golang-co...@googlegroups.com
Attention needed from Neal Patel and Nicholas Husin
Markus Kusano voted Code-Review+2![]( "Open in Gerrit")
Attention is currently required from:
- Neal Patel
- Nicholas Husin
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Neal Patel (Gerrit)
Dec 16, 2025, 2:38:33 PM (2 days ago) Dec 16
to Nicholas Husin, goph...@pubsubhelper.golang.org, Markus Kusano, Go LUCI, golang-co...@googlegroups.com
Attention needed from Nicholas Husin
Neal Patel voted Code-Review+2![]( "Open in Gerrit")
| Code-Review | +2 |
Related details
Attention is currently required from:
- Nicholas Husin
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Nicholas Husin (Gerrit)
Dec 16, 2025, 2:39:17 PM (2 days ago) Dec 16
to goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Neal Patel, Markus Kusano, Go LUCI, golang-co...@googlegroups.com
Nicholas Husin submitted the change![]( "Open in Gerrit")
Change information
Commit message:
data/reports: add 2 reports
- data/reports/GO-2025-4239.yaml
- data/reports/GO-2025-4240.yaml
Fixes golang/vulndb#4239
Fixes golang/vulndb#4240
Change-Id: I1f82a46cd21defec0e6748cc1633a40048774a89
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/730460
Reviewed-by: Markus Kusano <kus...@google.com>
Reviewed-by: Neal Patel <neal...@google.com>
LUCI-TryBot-Result: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>
Files:
- A data/osv/GO-2025-4239.json
- A data/osv/GO-2025-4240.json
- A data/reports/GO-2025-4239.yaml
- A data/reports/GO-2025-4240.yaml
Change size: M
Delta: 4 files changed, 217 insertions(+), 0 deletions(-)
Branch: refs/heads/master
Submit Requirements:
Code-Review: +2 by Markus Kusano, +2 by Neal Patel
TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages