VYPR
Medium severity4.3OSV Advisory· Published Apr 9, 2024· Updated Jun 17, 2026

CVE-2024-31455

CVE-2024-31455

Description

Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit 5c381cf added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to 5c381cf, or roll forward past 2eb94e7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/stacklok/minderGo
>= 0.0.39, < 0.0.400.0.40

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.