GO-2024-2664

See a problem?

Source

https://pkg.go.dev/vuln/GO-2024-2664

Import Source

https://vuln.go.dev/ID/GO-2024-2664.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2024-2664

Aliases

CVE-2024-29892
GHSA-gp8g-f42f-95q2

Published

2024-06-05T15:10:52Z

Modified

2024-07-09T19:33:56Z

Summary

ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel

Details

ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/zitadel/zitadel before v2.42.17, from v2.43.0 before v2.43.11, from v2.44.0 before v2.44.7, from v2.45.0 before v2.45.5, from v2.46.0 before v2.46.5, from v2.47.0 before v2.47.8, from v2.48.0 before v2.48.3.

References

Affected packages

Go / github.com/zitadel/zitadel

Package

Name: github.com/zitadel/zitadel; View open source insights on deps.dev
Purl: pkg:golang/github.com/zitadel/zitadel

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Ecosystem specific

{
    "custom_ranges": [
        {
            "events": [
                {
                    "introduced": "0"
                },
                {
                    "fixed": "2.42.17"
                },
                {
                    "introduced": "2.43.0"
                },
                {
                    "fixed": "2.43.11"
                },
                {
                    "introduced": "2.44.0"
                },
                {
                    "fixed": "2.44.7"
                },
                {
                    "introduced": "2.45.0"
                },
                {
                    "fixed": "2.45.5"
                },
                {
                    "introduced": "2.46.0"
                },
                {
                    "fixed": "2.46.5"
                },
                {
                    "introduced": "2.47.0"
                },
                {
                    "fixed": "2.47.8"
                },
                {
                    "introduced": "2.48.0"
                },
                {
                    "fixed": "2.48.3"
                }
            ],
            "type": "ECOSYSTEM"
        }
    ]
}