cloudflared.advisories.yaml

schema-version: 2.0.2

package:
  name: cloudflared

advisories:
  - id: CVE-2023-45283
    aliases:
      - GHSA-vvjp-q62m-2vph
    events:
      - timestamp: 2023-11-07T19:24:26Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-45284
    aliases:
      - GHSA-rq3x-83w4-p28c
    events:
      - timestamp: 2023-11-07T19:24:27Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-48795
    aliases:
      - GHSA-45x7-px36-x8w8
    events:
      - timestamp: 2024-01-08T11:54:35Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cloudflared
            componentID: 38ae55ba19d25ab9
            componentName: golang.org/x/crypto
            componentVersion: v0.16.0
            componentType: go-module
            componentLocation: /usr/bin/cloudflared
            scanner: grype
      - timestamp: 2024-01-26T07:06:35Z
        type: fixed
        data:
          fixed-version: 2024.1.0-r1

  - id: GHSA-2c7c-3mj9-8fqh
    events:
      - timestamp: 2024-01-08T11:54:34Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cloudflared
            componentID: 37c5a062f537ff89
            componentName: github.com/go-jose/go-jose/v3
            componentVersion: v3.0.0
            componentType: go-module
            componentLocation: /usr/bin/cloudflared
            scanner: grype
      - timestamp: 2024-01-26T07:06:35Z
        type: fixed
        data:
          fixed-version: 2024.1.0-r1