forked from wolfi-dev/advisories
-
Notifications
You must be signed in to change notification settings - Fork 0
/
atlantis.advisories.yaml
104 lines (95 loc) · 2.87 KB
/
atlantis.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
schema-version: 2.0.2
package:
name: atlantis
advisories:
- id: CVE-2022-24912
aliases:
- GHSA-jxqv-jcvh-7gr4
events:
- timestamp: 2024-04-26T01:00:34Z
type: detection
data:
type: scan/v1
data:
subpackageName: atlantis
componentID: 07b3a75bc99d65d0
componentName: github.com/runatlantis/atlantis
componentVersion: v0.0.0-20240425021020-565fd9d08832
componentType: go-module
componentLocation: /usr/bin/atlantis
scanner: grype
- timestamp: 2024-05-04T17:00:50Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: 'Module "github.com/runatlantis/atlantis" at "/usr/bin/atlantis": the commit of the fixed version (700cffd57ddc12c456e1094f5a60f7d61c86c4db) is an ancestor of installed commit (565fd9d0883285511fa3175c4657d55f9215dc00), which means the installed version was misidentified by the scanner and the vulnerability has actually been fixed.'
- id: CVE-2023-39325
aliases:
- GHSA-4374-p667-p6c8
events:
- timestamp: 2023-10-19T18:28:26Z
type: fixed
data:
fixed-version: 0.26.0-r3
- id: CVE-2023-44487
aliases:
- GHSA-qppj-fm5r-hxr3
events:
- timestamp: 2023-10-19T18:29:42Z
type: fixed
data:
fixed-version: 0.26.0-r3
- id: CVE-2023-45283
aliases:
- GHSA-vvjp-q62m-2vph
events:
- timestamp: 2023-11-07T19:23:14Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: Only affects Windows
- id: CVE-2023-45284
aliases:
- GHSA-rq3x-83w4-p28c
events:
- timestamp: 2023-11-07T19:23:16Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: Only affects Windows
- id: CVE-2023-45288
aliases:
- GHSA-4v7x-pqxf-cx7m
events:
- timestamp: 2024-04-13T07:06:09Z
type: fixed
data:
fixed-version: 0.27.2-r2
- id: CVE-2023-48795
aliases:
- GHSA-45x7-px36-x8w8
events:
- timestamp: 2023-12-19T10:16:12Z
type: fixed
data:
fixed-version: 0.27.0-r3
- id: CVE-2024-24786
aliases:
- GHSA-8r3f-844c-mc37
events:
- timestamp: 2024-03-14T07:16:32Z
type: detection
data:
type: scan/v1
data:
subpackageName: atlantis
componentID: 5015b8bcde67212c
componentName: google.golang.org/protobuf
componentVersion: v1.31.0
componentType: go-module
componentLocation: /usr/bin/atlantis
scanner: grype
- timestamp: 2024-03-14T15:19:08Z
type: fixed
data:
fixed-version: 0.27.2-r1