Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: track file changes in a commit related to the CVE #49462

Open
julieqiu opened this issue Nov 8, 2021 · 0 comments
Open

x/vulndb: track file changes in a commit related to the CVE #49462

julieqiu opened this issue Nov 8, 2021 · 0 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@julieqiu
Copy link
Member

julieqiu commented Nov 8, 2021

There are times when a CVE is identified as a Go vulnerability because of the module path, but it is actually not related to Go and no Go files will be updated in the commit. It would be useful to use the GitHub API to check which files actually changed, if a commit URL is available in the reference data section.

For example, see the tensorflow block from CVE-2021-29512 through CVE-2021-29619.
@gopherbot gopherbot added this to the Unreleased milestone Nov 8, 2021
@cagedmantis cagedmantis added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 9, 2021
@gopherbot gopherbot added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Dec 22, 2021
@julieqiu julieqiu changed the title x/vuln: track file changes in a commit related to the CVE x/vulndb: track file changes in a commit related to the CVE Jan 5, 2022
@julieqiu julieqiu removed the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Jan 5, 2022
@jba jba self-assigned this Jan 27, 2022
@julieqiu julieqiu assigned neild and unassigned jba Mar 2, 2022
@neild neild removed their assignment Jul 18, 2022
@julieqiu julieqiu added vulncheck or vulndb Issues for the x/vuln or x/vulndb repo and removed vulndb labels Sep 2, 2022
@julieqiu julieqiu modified the milestones: Unreleased, vuln/unplanned Sep 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Go Security
Status: No status
Milestone
vuln/unplanned
Development

No branches or pull requests
5 participants
@neild @cagedmantis @julieqiu @gopherbot @jba