aws-ebs-csi-driver.advisories.yaml

schema-version: 2.0.1

package:
  name: aws-ebs-csi-driver

advisories:
  - id: CVE-2019-11255
    aliases:
      - GHSA-f4w6-3rh6-6q4q
    events:
      - timestamp: 2023-08-11T20:10:42Z
        type: false-positive-determination
        data:
          type: component-vulnerability-mismatch
          note: Vulnerable code is present in external-csi-driver which is outside of aws-ebs-csi-driver

  - id: CVE-2020-8552
    aliases:
      - GHSA-82hx-w2r5-c2wq
    events:
      - timestamp: 2023-09-19T16:39:53Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Go vulndb has marked this code NOT_IMPORTABLE.

  - id: CVE-2023-39325
    aliases:
      - GHSA-4374-p667-p6c8
    events:
      - timestamp: 2023-10-13T12:39:01Z
        type: fixed
        data:
          fixed-version: 1.23.1-r4

  - id: CVE-2023-3978
    aliases:
      - GHSA-2wrh-6pvc-2jm9
    events:
      - timestamp: 2023-10-13T12:38:16Z
        type: fixed
        data:
          fixed-version: 1.23.1-r4

  - id: CVE-2023-45283
    aliases:
      - GHSA-vvjp-q62m-2vph
    events:
      - timestamp: 2023-11-07T19:23:17Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-45284
    aliases:
      - GHSA-rq3x-83w4-p28c
    events:
      - timestamp: 2023-11-07T19:23:19Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-47108
    aliases:
      - GHSA-8pgv-569h-w5rw
    events:
      - timestamp: 2023-11-17T10:01:34Z
        type: fixed
        data:
          fixed-version: 1.25.0-r2

  - id: CVE-2023-5528
    aliases:
      - GHSA-hq6q-c2x6-hmch
    events:
      - timestamp: 2023-11-17T10:01:52Z
        type: fixed
        data:
          fixed-version: 1.25.0-r2