In GitHub Security Advisory GHSA-735r-hv67-g38f, there is a vulnerability in the following Go packages or modules:
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
modules:
- module: vitess.io/vitess
versions:
- fixed: 0.16.1
packages:
- package: vitess.io/vitess
summary: vitess allows users to create keyspaces that can deny access to already existing
keyspaces
description: "### Impact\nUsers can either intentionally or inadvertently create a
keyspace containing `/` characters such that from that point on, anyone who tries
to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces
using `vtctldclient GetKeyspaces` will also return an error.\nNote that all other
keyspaces can still be administered using the CLI (vtctldclient).\n\n### Patches\nv16.0.1
(corresponding to 0.16.1 on pkg.go.dev)\n\n### Workarounds\nDelete the offending
keyspace using a CLI client (vtctldclient) \n```\nvtctldclient --server ... DeleteKeyspace
a/b\n```\n\nFound during a security audit sponsored by the [CNCF](https://cncf.io)
and facilitated by [OSTIF](https://ostif.org)."
cves:
- CVE-2023-29194
ghsas:
- GHSA-735r-hv67-g38f
references:
- advisory: https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f
- fix: https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88
- fix: https://github.com/vitessio/vitess/commits/v0.16.1/
- advisory: https://github.com/advisories/GHSA-735r-hv67-g38f
In GitHub Security Advisory GHSA-735r-hv67-g38f, there is a vulnerability in the following Go packages or modules:
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.