High severityNVD Advisory· Published Jan 12, 2023· Updated Apr 7, 2025

Uncontrolled Search Path Element in bits-and-blooms/bloom

CVE-2023-0247

Description

Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/bits-and-blooms/bloomGo	< 3.3.1	3.3.1

Affected products

Bits And Blooms/Bits And Blooms/bloomv5
Range: unspecified

Patches

658f1393d4c5

Updating go.mod/go.sum

https://github.com/bits-and-blooms/bloomDaniel LemireSep 7, 2022via ghsa

commit

2 files changed · +3 −3

go.mod+1 −1 modified

@@ -3,6 +3,6 @@ module github.com/bits-and-blooms/bloom/v3
 go 1.14
 
 require (
-	github.com/bits-and-blooms/bitset v1.2.0
+	github.com/bits-and-blooms/bitset v1.3.1
 	github.com/twmb/murmur3 v1.1.6
 )

go.sum+2 −2 modified

@@ -1,4 +1,4 @@
-github.com/bits-and-blooms/bitset v1.2.0 h1:Kn4yilvwNtMACtf1eYDlG8H77R07mZSPbMjLyS07ChA=
-github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
+github.com/bits-and-blooms/bitset v1.3.1 h1:y+qrlmq3XsWi+xZqSaueaE8ry8Y127iMxlMfqcK8p0g=
+github.com/bits-and-blooms/bitset v1.3.1/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
 github.com/twmb/murmur3 v1.1.6 h1:mqrRot1BRxm+Yct+vavLMou2/iJt0tNVTTC0QoIjaZg=
 github.com/twmb/murmur3 v1.1.6/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ=

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

github.com/advisories/GHSA-fgwp-pwqq-g3w4ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-0247ghsaADVISORY
github.com/bits-and-blooms/bloom/commit/658f1393d4c52254a3d22f5f64f217405ec5fefbghsaWEB
huntr.dev/bounties/cab50e44-0995-4ac1-a5d5-889293b9704fghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000