-
Notifications
You must be signed in to change notification settings - Fork 66
/
Copy pathbazelisk.advisories.yaml
170 lines (154 loc) · 3.86 KB
/
bazelisk.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
schema-version: 2.0.2
package:
name: bazelisk
advisories:
- id: CGA-2q35-5w7x-632c
aliases:
- CVE-2024-34156
- GHSA-crqm-pwhx-j97f
events:
- timestamp: 2024-09-10T09:20:08Z
type: fixed
data:
fixed-version: 1.21.0-r0
- id: CGA-3qwr-qhqf-q9f2
aliases:
- CVE-2024-24789
- GHSA-236w-p7wf-5ph8
events:
- timestamp: 2024-06-08T11:17:22Z
type: fixed
data:
fixed-version: 1.20.0-r1
- id: CGA-52vw-3688-3wgm
aliases:
- CVE-2023-45288
- GHSA-4v7x-pqxf-cx7m
events:
- timestamp: 2024-04-13T07:06:35Z
type: fixed
data:
fixed-version: 1.19.0-r2
- id: CGA-66vm-mcr5-frh3
aliases:
- CVE-2023-45290
- GHSA-rr6r-cfgf-gc6h
events:
- timestamp: 2024-03-12T07:10:39Z
type: fixed
data:
fixed-version: 1.19.0-r1
- id: CGA-7g5m-p7gg-xw82
aliases:
- CVE-2024-24785
- GHSA-j6m3-gc37-6r6q
events:
- timestamp: 2024-03-12T07:10:38Z
type: fixed
data:
fixed-version: 1.19.0-r1
- id: CGA-cqr9-5p77-qpfj
aliases:
- CVE-2024-24783
- GHSA-3q2c-pvp5-3cqp
events:
- timestamp: 2024-03-12T07:10:39Z
type: fixed
data:
fixed-version: 1.19.0-r1
- id: CGA-crvh-48rr-669m
aliases:
- CVE-2024-34158
- GHSA-j7vj-rw65-4v26
events:
- timestamp: 2024-09-10T09:20:11Z
type: fixed
data:
fixed-version: 1.21.0-r0
- id: CGA-hqj3-pwvq-gcvq
aliases:
- CVE-2024-45336
- GHSA-7wrw-r4p8-38rx
events:
- timestamp: 2025-02-01T16:29:01Z
type: fixed
data:
fixed-version: 1.25.0-r1
- id: CGA-hx92-c57f-j8m9
aliases:
- CVE-2024-34155
- GHSA-8xfx-rj4p-23jm
events:
- timestamp: 2024-09-10T09:20:04Z
type: fixed
data:
fixed-version: 1.21.0-r0
- id: CGA-j7p4-rf92-m6wq
aliases:
- CVE-2024-24784
- GHSA-fgq5-q76c-gx78
events:
- timestamp: 2024-03-12T07:10:38Z
type: fixed
data:
fixed-version: 1.19.0-r1
- id: CGA-j89x-6v9p-7fgq
aliases:
- CVE-2025-22866
- GHSA-3whm-j4xm-rv8x
events:
- timestamp: 2025-02-08T10:40:59Z
type: detection
data:
type: scan/v1
data:
subpackageName: bazelisk
componentID: 96705eb83878ea17
componentName: stdlib
componentVersion: go1.23.5
componentType: go-module
componentLocation: /usr/bin/bazelisk
scanner: grype
- timestamp: 2025-02-11T03:39:00Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: |
This vulnerability relates to p256NegCond within the crypto/internal/fips140/nistec package, specifically affecting the ppc64le architecture.
We are not affected by this vulnerability as we do not build or support ppc64le.
- id: CGA-jf69-v2j8-8fg3
aliases:
- CVE-2024-24791
- GHSA-hw49-2p59-3mhj
events:
- timestamp: 2024-07-04T07:02:03Z
type: fixed
data:
fixed-version: 1.20.0-r4
- id: CGA-jwrv-6j3h-cw27
aliases:
- CVE-2023-45289
- GHSA-32ch-6x54-q4h9
events:
- timestamp: 2024-03-12T07:10:39Z
type: fixed
data:
fixed-version: 1.19.0-r1
- id: CGA-vg9r-2hc4-2qj6
aliases:
- CVE-2024-45341
- GHSA-3f6r-qh9c-x6mm
events:
- timestamp: 2025-02-01T16:29:04Z
type: fixed
data:
fixed-version: 1.25.0-r1
- id: CGA-xj4j-hg3g-4j45
aliases:
- CVE-2024-24790
- GHSA-49gw-vxvf-fc2g
events:
- timestamp: 2024-06-08T11:17:20Z
type: fixed
data:
fixed-version: 1.20.0-r1