Skip to content

Commit b80abdd

Browse files
thatnealpatelgopherbot
thatnealpatel
authored and
gopherbot
committed
data/reports: add 3 reports
 - data/reports/GO-2025-3642.yaml - data/reports/GO-2025-3643.yaml - data/reports/GO-2025-3644.yaml Fixes #3642 Fixes #3643 Fixes #3644 Change-Id: I9afd205b145cf5ad53649ca245d9201d29fda492 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/667895 Commit-Queue: Neal Patel <[email protected]> Reviewed-by: Zvonimir Pavlinovic <[email protected]> Auto-Submit: Neal Patel <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
1 parent 117c14b commit b80abdd

File tree

6 files changed

+895
-0
lines changed

6 files changed

+895
-0
lines changed

data/osv/GO-2025-3642.json

Lines changed: 244 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,244 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3642",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-41395",
8+
"GHSA-3g36-gf7c-75qw"
9+
],
10+
"summary": "Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks",
11+
"details": "Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: .",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-plugin-playbooks",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {
29+
"custom_ranges": [
30+
{
31+
"type": "ECOSYSTEM",
32+
"events": [
33+
{
34+
"introduced": "2.0.0"
35+
}
36+
]
37+
}
38+
]
39+
}
40+
},
41+
{
42+
"package": {
43+
"name": "github.com/mattermost/mattermost-plugin-playbooks",
44+
"ecosystem": "Go"
45+
},
46+
"ranges": [
47+
{
48+
"type": "SEMVER",
49+
"events": [
50+
{
51+
"introduced": "0"
52+
},
53+
{
54+
"fixed": "1.41.0"
55+
}
56+
]
57+
}
58+
],
59+
"ecosystem_specific": {}
60+
},
61+
{
62+
"package": {
63+
"name": "github.com/mattermost/mattermost-server",
64+
"ecosystem": "Go"
65+
},
66+
"ranges": [
67+
{
68+
"type": "SEMVER",
69+
"events": [
70+
{
71+
"introduced": "9.11.0+incompatible"
72+
}
73+
]
74+
}
75+
],
76+
"ecosystem_specific": {}
77+
},
78+
{
79+
"package": {
80+
"name": "github.com/mattermost/mattermost-server",
81+
"ecosystem": "Go"
82+
},
83+
"ranges": [
84+
{
85+
"type": "SEMVER",
86+
"events": [
87+
{
88+
"introduced": "10.4.0+incompatible"
89+
}
90+
]
91+
}
92+
],
93+
"ecosystem_specific": {}
94+
},
95+
{
96+
"package": {
97+
"name": "github.com/mattermost/mattermost-server",
98+
"ecosystem": "Go"
99+
},
100+
"ranges": [
101+
{
102+
"type": "SEMVER",
103+
"events": [
104+
{
105+
"introduced": "10.5.0+incompatible"
106+
}
107+
]
108+
}
109+
],
110+
"ecosystem_specific": {}
111+
},
112+
{
113+
"package": {
114+
"name": "github.com/mattermost/mattermost-server/v5",
115+
"ecosystem": "Go"
116+
},
117+
"ranges": [
118+
{
119+
"type": "SEMVER",
120+
"events": [
121+
{
122+
"introduced": "0"
123+
}
124+
]
125+
}
126+
],
127+
"ecosystem_specific": {}
128+
},
129+
{
130+
"package": {
131+
"name": "github.com/mattermost/mattermost-server/v6",
132+
"ecosystem": "Go"
133+
},
134+
"ranges": [
135+
{
136+
"type": "SEMVER",
137+
"events": [
138+
{
139+
"introduced": "0"
140+
}
141+
]
142+
}
143+
],
144+
"ecosystem_specific": {}
145+
},
146+
{
147+
"package": {
148+
"name": "github.com/mattermost/mattermost/server/v8",
149+
"ecosystem": "Go"
150+
},
151+
"ranges": [
152+
{
153+
"type": "SEMVER",
154+
"events": [
155+
{
156+
"introduced": "0"
157+
}
158+
]
159+
}
160+
],
161+
"ecosystem_specific": {}
162+
},
163+
{
164+
"package": {
165+
"name": "github.com/mattermost/mattermost/server/v8",
166+
"ecosystem": "Go"
167+
},
168+
"ranges": [
169+
{
170+
"type": "SEMVER",
171+
"events": [
172+
{
173+
"introduced": "0"
174+
}
175+
]
176+
}
177+
],
178+
"ecosystem_specific": {}
179+
},
180+
{
181+
"package": {
182+
"name": "github.com/mattermost/mattermost/server/v8",
183+
"ecosystem": "Go"
184+
},
185+
"ranges": [
186+
{
187+
"type": "SEMVER",
188+
"events": [
189+
{
190+
"introduced": "0"
191+
}
192+
]
193+
}
194+
],
195+
"ecosystem_specific": {}
196+
},
197+
{
198+
"package": {
199+
"name": "github.com/mattermost/mattermost/server/v8",
200+
"ecosystem": "Go"
201+
},
202+
"ranges": [
203+
{
204+
"type": "SEMVER",
205+
"events": [
206+
{
207+
"introduced": "0"
208+
},
209+
{
210+
"fixed": "8.0.0-20250218121836-2b5275d87136"
211+
}
212+
]
213+
}
214+
],
215+
"ecosystem_specific": {}
216+
}
217+
],
218+
"references": [
219+
{
220+
"type": "ADVISORY",
221+
"url": "https://github.com/advisories/GHSA-3g36-gf7c-75qw"
222+
},
223+
{
224+
"type": "ADVISORY",
225+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41395"
226+
},
227+
{
228+
"type": "FIX",
229+
"url": "https://github.com/mattermost/mattermost-plugin-playbooks/commit/4c823090e281cb9c0d5c17ee2e5db275117540d1"
230+
},
231+
{
232+
"type": "WEB",
233+
"url": "https://github.com/mattermost/mattermost/commit/2b5275d87136f07e016c8eca09a2f004b31afc8a"
234+
},
235+
{
236+
"type": "WEB",
237+
"url": "https://mattermost.com/security-updates"
238+
}
239+
],
240+
"database_specific": {
241+
"url": "https://pkg.go.dev/vuln/GO-2025-3642",
242+
"review_status": "UNREVIEWED"
243+
}
244+
}

0 commit comments

Comments
 (0)