x/vulndb: potential Go vuln in github.com/1Panel-dev/1Panel: CVE-2023-36457

[GoVulnBot]

CVE-2023-36457 references github.com/1Panel-dev/1Panel, which may be a Go module.

Description:
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-36457
• JSON: https://github.com/CVEProject/cvelist/tree/8f68496b383774d91698a6d78b09674534632fdc/2023/36xxx/CVE-2023-36457.json
• advisory: GHSA-q2mx-gpjf-3h8x
• web: https://github.com/1Panel-dev/1Panel/releases/tag/v1.3.6
• Imported by: https://pkg.go.dev/github.com/1Panel-dev/1Panel?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/1Panel-dev/1Panel
      vulnerable_at: 1.3.6
      packages:
        - package: 1Panel
description: |-
    1Panel is an open source Linux server operation and maintenance management
    panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious
    payload to achieve command injection when adding container repositories. The
    vulnerability has been fixed in v1.3.6.
cves:
    - CVE-2023-36457
references:
    - advisory: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-q2mx-gpjf-3h8x
    - web: https://github.com/1Panel-dev/1Panel/releases/tag/v1.3.6

[gopherbot]

Change https://go.dev/cl/508456 mentions this issue: data/excluded: batch add 14 excluded reports

[gopherbot]

Change https://go.dev/cl/592761 mentions this issue: data/reports: unexclude 75 reports