GO-2024-2936
- Source
- https://pkg.go.dev/vuln/GO-2024-2936
- Import Source
- https://vuln.go.dev/ID/GO-2024-2936.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2024-2936
- Aliases
-
- CVE-2024-38351
- GHSA-m93w-4fxv-r35v
- Published
- 2024-07-01T19:59:12Z
- Modified
- 2024-07-01T20:29:10.679879Z
- Summary
- PocketBase performs password auth and OAuth2 unverified email linking in github.com/pocketbase/pocketbase
- Details
-
PocketBase performs password auth and OAuth2 unverified email linking in github.com/pocketbase/pocketbase
- Database specific
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2024-2936" }- References
Affected packages
Go / github.com/pocketbase/pocketbase
Package
- Name
- github.com/pocketbase/pocketbase
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/pocketbase/pocketbase
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.22.14
Ecosystem specific
{
"imports": [
{
"path": "github.com/pocketbase/pocketbase/apis",
"symbols": [
"EnrichRecord",
"EnrichRecords",
"RecordAuthResponse",
"Serve",
"recordAuthApi.authWithOAuth2",
"recordAuthApi.authWithPassword"
]
},
{
"path": "github.com/pocketbase/pocketbase/models",
"symbols": [
"NewRecordFromNullStringMap",
"NewRecordsFromNullStringMaps",
"Record.CleanCopy",
"Record.ColumnValueMap",
"Record.Email",
"Record.EmailVisibility",
"Record.FindFileFieldByFile",
"Record.Get",
"Record.GetBool",
"Record.GetDateTime",
"Record.GetFloat",
"Record.GetInt",
"Record.GetString",
"Record.GetStringSlice",
"Record.GetTime",
"Record.LastResetSentAt",
"Record.LastVerificationSentAt",
"Record.Load",
"Record.MarshalJSON",
"Record.OriginalCopy",
"Record.PasswordHash",
"Record.PublicExport",
"Record.RefreshTokenKey",
"Record.ReplaceModifers",
"Record.Set",
"Record.SetEmail",
"Record.SetEmailVisibility",
"Record.SetLastResetSentAt",
"Record.SetLastVerificationSentAt",
"Record.SetPassword",
"Record.SetTokenKey",
"Record.SetUsername",
"Record.SetVerified",
"Record.TokenKey",
"Record.UnknownData",
"Record.UnmarshalJSON",
"Record.UnmarshalJSONField",
"Record.Username",
"Record.ValidatePassword",
"Record.Verified",
"Record.getNormalizeDataValueForDB"
]
},
{
"path": "github.com/pocketbase/pocketbase/models/schema",
"symbols": [
"AuthFieldNames"
]
},
{
"path": "github.com/pocketbase/pocketbase/daos",
"symbols": [
"Dao.CanAccessRecord",
"Dao.CreateViewSchema",
"Dao.Delete",
"Dao.DeleteAdmin",
"Dao.DeleteCollection",
"Dao.DeleteExternalAuth",
"Dao.DeleteOldLogs",
"Dao.DeleteParam",
"Dao.DeleteRecord",
"Dao.DeleteTable",
"Dao.DeleteView",
"Dao.ExpandRecord",
"Dao.ExpandRecords",
"Dao.FindAdminByEmail",
"Dao.FindAdminById",
"Dao.FindAdminByToken",
"Dao.FindAllExternalAuthsByRecord",
"Dao.FindAuthRecordByEmail",
"Dao.FindAuthRecordByToken",
"Dao.FindAuthRecordByUsername",
"Dao.FindById",
"Dao.FindCollectionByNameOrId",
"Dao.FindCollectionReferences",
"Dao.FindCollectionsByType",
"Dao.FindExternalAuthByRecordAndProvider",
"Dao.FindFirstExternalAuthByExpr",
"Dao.FindFirstRecordByData",
"Dao.FindFirstRecordByFilter",
"Dao.FindLogById",
"Dao.FindParamByKey",
"Dao.FindRecordById",
"Dao.FindRecordByViewFile",
"Dao.FindRecordsByExpr",
"Dao.FindRecordsByFilter",
"Dao.FindRecordsByIds",
"Dao.FindSettings",
"Dao.HasTable",
"Dao.ImportCollections",
"Dao.IsAdminEmailUnique",
"Dao.IsCollectionNameUnique",
"Dao.IsRecordValueUnique",
"Dao.LogsStats",
"Dao.RecordQuery",
"Dao.RunInTransaction",
"Dao.Save",
"Dao.SaveAdmin",
"Dao.SaveCollection",
"Dao.SaveExternalAuth",
"Dao.SaveLog",
"Dao.SaveParam",
"Dao.SaveRecord",
"Dao.SaveSettings",
"Dao.SaveView",
"Dao.SuggestUniqueAuthRecordUsername",
"Dao.SyncRecordTableSchema",
"Dao.TableColumns",
"Dao.TableIndexes",
"Dao.TableInfo",
"Dao.TotalAdmins",
"Dao.Vacuum"
]
},
{
"path": "github.com/pocketbase/pocketbase/forms",
"symbols": [
"AdminLogin.Submit",
"AdminLogin.Validate",
"AdminPasswordResetConfirm.Submit",
"AdminPasswordResetConfirm.Validate",
"AdminPasswordResetRequest.Submit",
"AdminPasswordResetRequest.Validate",
"AdminUpsert.Submit",
"AdminUpsert.Validate",
"AppleClientSecretCreate.Submit",
"AppleClientSecretCreate.Validate",
"BackupCreate.Submit",
"BackupCreate.Validate",
"BackupUpload.Submit",
"BackupUpload.Validate",
"CollectionUpsert.Submit",
"CollectionUpsert.Validate",
"CollectionsImport.Submit",
"CollectionsImport.Validate",
"NewRecordUpsert",
"RealtimeSubscribe.Validate",
"RecordEmailChangeConfirm.Submit",
"RecordEmailChangeConfirm.Validate",
"RecordEmailChangeRequest.Submit",
"RecordEmailChangeRequest.Validate",
"RecordOAuth2Login.Submit",
"RecordOAuth2Login.Validate",
"RecordOAuth2Login.submit",
"RecordPasswordLogin.Submit",
"RecordPasswordLogin.Validate",
"RecordPasswordResetConfirm.Submit",
"RecordPasswordResetConfirm.Validate",
"RecordPasswordResetRequest.Submit",
"RecordPasswordResetRequest.Validate",
"RecordUpsert.DrySubmit",
"RecordUpsert.LoadData",
"RecordUpsert.LoadRequest",
"RecordUpsert.Submit",
"RecordUpsert.Validate",
"RecordUpsert.ValidateAndFill",
"RecordVerificationConfirm.Submit",
"RecordVerificationConfirm.Validate",
"RecordVerificationRequest.Submit",
"RecordVerificationRequest.Validate",
"SettingsUpsert.Submit",
"SettingsUpsert.Validate",
"TestEmailSend.Submit",
"TestEmailSend.Validate",
"TestS3Filesystem.Submit",
"TestS3Filesystem.Validate"
]
}
]
}