GO-2024-2999
- Source
- https://pkg.go.dev/vuln/GO-2024-2999
- Import Source
- https://vuln.go.dev/ID/GO-2024-2999.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2024-2999
- Aliases
- Published
- 2024-08-06T22:03:16Z
- Modified
- 2024-08-06T22:27:06.135841Z
- Summary
- Woodpecker's custom workspace allow to overwrite plugin entrypoint executable in go.woodpecker-ci.org/woodpecker
- Details
-
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable in go.woodpecker-ci.org/woodpecker
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2024-2999", "review_status": "UNREVIEWED" }- References
-
- https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-xw35-rrcp-g7xm
- https://nvd.nist.gov/vuln/detail/CVE-2024-41121
- https://github.com/woodpecker-ci/woodpecker/commit/764329ed1dbc47c4a517ccc749e3feb34059fac8
- https://github.com/woodpecker-ci/woodpecker/issues/3924
- https://github.com/woodpecker-ci/woodpecker/pull/3933
Affected packages
Go / go.woodpecker-ci.org/woodpecker
Package
- Name
- go.woodpecker-ci.org/woodpecker
- View open source insights on deps.dev
- Purl
- pkg:golang/go.woodpecker-ci.org/woodpecker
Go / go.woodpecker-ci.org/woodpecker/v2
Package
- Name
- go.woodpecker-ci.org/woodpecker/v2
- View open source insights on deps.dev
- Purl
- pkg:golang/go.woodpecker-ci.org/woodpecker/v2