GO-2024-2936

See a problem?
Source
https://pkg.go.dev/vuln/GO-2024-2936
Import Source
https://vuln.go.dev/ID/GO-2024-2936.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2024-2936
Aliases
Published
2024-07-01T19:59:12Z
Modified
2024-07-01T20:29:10.679879Z
Summary
PocketBase performs password auth and OAuth2 unverified email linking in github.com/pocketbase/pocketbase
Details

PocketBase performs password auth and OAuth2 unverified email linking in github.com/pocketbase/pocketbase

References

Affected packages

Go / github.com/pocketbase/pocketbase

Package

Name
github.com/pocketbase/pocketbase
View open source insights on deps.dev
Purl
pkg:golang/github.com/pocketbase/pocketbase

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.22.14

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/pocketbase/pocketbase/apis",
            "symbols": [
                "EnrichRecord",
                "EnrichRecords",
                "RecordAuthResponse",
                "Serve",
                "recordAuthApi.authWithOAuth2",
                "recordAuthApi.authWithPassword"
            ]
        },
        {
            "path": "github.com/pocketbase/pocketbase/models",
            "symbols": [
                "NewRecordFromNullStringMap",
                "NewRecordsFromNullStringMaps",
                "Record.CleanCopy",
                "Record.ColumnValueMap",
                "Record.Email",
                "Record.EmailVisibility",
                "Record.FindFileFieldByFile",
                "Record.Get",
                "Record.GetBool",
                "Record.GetDateTime",
                "Record.GetFloat",
                "Record.GetInt",
                "Record.GetString",
                "Record.GetStringSlice",
                "Record.GetTime",
                "Record.LastResetSentAt",
                "Record.LastVerificationSentAt",
                "Record.Load",
                "Record.MarshalJSON",
                "Record.OriginalCopy",
                "Record.PasswordHash",
                "Record.PublicExport",
                "Record.RefreshTokenKey",
                "Record.ReplaceModifers",
                "Record.Set",
                "Record.SetEmail",
                "Record.SetEmailVisibility",
                "Record.SetLastResetSentAt",
                "Record.SetLastVerificationSentAt",
                "Record.SetPassword",
                "Record.SetTokenKey",
                "Record.SetUsername",
                "Record.SetVerified",
                "Record.TokenKey",
                "Record.UnknownData",
                "Record.UnmarshalJSON",
                "Record.UnmarshalJSONField",
                "Record.Username",
                "Record.ValidatePassword",
                "Record.Verified",
                "Record.getNormalizeDataValueForDB"
            ]
        },
        {
            "path": "github.com/pocketbase/pocketbase/models/schema",
            "symbols": [
                "AuthFieldNames"
            ]
        },
        {
            "path": "github.com/pocketbase/pocketbase/daos",
            "symbols": [
                "Dao.CanAccessRecord",
                "Dao.CreateViewSchema",
                "Dao.Delete",
                "Dao.DeleteAdmin",
                "Dao.DeleteCollection",
                "Dao.DeleteExternalAuth",
                "Dao.DeleteOldLogs",
                "Dao.DeleteParam",
                "Dao.DeleteRecord",
                "Dao.DeleteTable",
                "Dao.DeleteView",
                "Dao.ExpandRecord",
                "Dao.ExpandRecords",
                "Dao.FindAdminByEmail",
                "Dao.FindAdminById",
                "Dao.FindAdminByToken",
                "Dao.FindAllExternalAuthsByRecord",
                "Dao.FindAuthRecordByEmail",
                "Dao.FindAuthRecordByToken",
                "Dao.FindAuthRecordByUsername",
                "Dao.FindById",
                "Dao.FindCollectionByNameOrId",
                "Dao.FindCollectionReferences",
                "Dao.FindCollectionsByType",
                "Dao.FindExternalAuthByRecordAndProvider",
                "Dao.FindFirstExternalAuthByExpr",
                "Dao.FindFirstRecordByData",
                "Dao.FindFirstRecordByFilter",
                "Dao.FindLogById",
                "Dao.FindParamByKey",
                "Dao.FindRecordById",
                "Dao.FindRecordByViewFile",
                "Dao.FindRecordsByExpr",
                "Dao.FindRecordsByFilter",
                "Dao.FindRecordsByIds",
                "Dao.FindSettings",
                "Dao.HasTable",
                "Dao.ImportCollections",
                "Dao.IsAdminEmailUnique",
                "Dao.IsCollectionNameUnique",
                "Dao.IsRecordValueUnique",
                "Dao.LogsStats",
                "Dao.RecordQuery",
                "Dao.RunInTransaction",
                "Dao.Save",
                "Dao.SaveAdmin",
                "Dao.SaveCollection",
                "Dao.SaveExternalAuth",
                "Dao.SaveLog",
                "Dao.SaveParam",
                "Dao.SaveRecord",
                "Dao.SaveSettings",
                "Dao.SaveView",
                "Dao.SuggestUniqueAuthRecordUsername",
                "Dao.SyncRecordTableSchema",
                "Dao.TableColumns",
                "Dao.TableIndexes",
                "Dao.TableInfo",
                "Dao.TotalAdmins",
                "Dao.Vacuum"
            ]
        },
        {
            "path": "github.com/pocketbase/pocketbase/forms",
            "symbols": [
                "AdminLogin.Submit",
                "AdminLogin.Validate",
                "AdminPasswordResetConfirm.Submit",
                "AdminPasswordResetConfirm.Validate",
                "AdminPasswordResetRequest.Submit",
                "AdminPasswordResetRequest.Validate",
                "AdminUpsert.Submit",
                "AdminUpsert.Validate",
                "AppleClientSecretCreate.Submit",
                "AppleClientSecretCreate.Validate",
                "BackupCreate.Submit",
                "BackupCreate.Validate",
                "BackupUpload.Submit",
                "BackupUpload.Validate",
                "CollectionUpsert.Submit",
                "CollectionUpsert.Validate",
                "CollectionsImport.Submit",
                "CollectionsImport.Validate",
                "NewRecordUpsert",
                "RealtimeSubscribe.Validate",
                "RecordEmailChangeConfirm.Submit",
                "RecordEmailChangeConfirm.Validate",
                "RecordEmailChangeRequest.Submit",
                "RecordEmailChangeRequest.Validate",
                "RecordOAuth2Login.Submit",
                "RecordOAuth2Login.Validate",
                "RecordOAuth2Login.submit",
                "RecordPasswordLogin.Submit",
                "RecordPasswordLogin.Validate",
                "RecordPasswordResetConfirm.Submit",
                "RecordPasswordResetConfirm.Validate",
                "RecordPasswordResetRequest.Submit",
                "RecordPasswordResetRequest.Validate",
                "RecordUpsert.DrySubmit",
                "RecordUpsert.LoadData",
                "RecordUpsert.LoadRequest",
                "RecordUpsert.Submit",
                "RecordUpsert.Validate",
                "RecordUpsert.ValidateAndFill",
                "RecordVerificationConfirm.Submit",
                "RecordVerificationConfirm.Validate",
                "RecordVerificationRequest.Submit",
                "RecordVerificationRequest.Validate",
                "SettingsUpsert.Submit",
                "SettingsUpsert.Validate",
                "TestEmailSend.Submit",
                "TestEmailSend.Validate",
                "TestS3Filesystem.Submit",
                "TestS3Filesystem.Validate"
            ]
        }
    ]
}