VulnerableCode Package Details - pkg:golang/github.com/stacklok/minder@0.0.33

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:golang/github.com/stacklok/minder@0.0.33

purl	pkg:golang/github.com/stacklok/minder@0.0.33

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-p3et-zkgz-abct	Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue.	CVE-2024-27916 GHSA-v627-69v2-xx37

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T07:42:48.736580+00:00	GithubOSV Importer	Fixing	VCID-p3et-zkgz-abct	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-v627-69v2-xx37/GHSA-v627-69v2-xx37.json	38.6.0