x/vulndb: potential Go vuln in github.com/mayswind/ezbookkeeping: GHSA-mpg8-8x9c-p9gv

[GoVulnBot]

Advisory GHSA-mpg8-8x9c-p9gv references a vulnerability in the following Go modules:

Module
github.com/mayswind/ezbookkeeping

Description:
An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.

References:

• ADVISORY: GHSA-mpg8-8x9c-p9gv
• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-57604
• REPORT: Multiple bruteforce vulnerabilities in ezbookkeeping 0.7.0 mayswind/ezbookkeeping#33
• WEB: https://hkohi.ca/vulnerability/2

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/mayswind/ezbookkeeping
      vulnerable_at: 0.7.0
summary: MaysWind ezBookkeeping has Improper Privilege Management in github.com/mayswind/ezbookkeeping
cves:
    - CVE-2024-57604
ghsas:
    - GHSA-mpg8-8x9c-p9gv
references:
    - advisory: https://github.com/advisories/GHSA-mpg8-8x9c-p9gv
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-57604
    - report: https://github.com/mayswind/ezbookkeeping/issues/33
    - web: https://hkohi.ca/vulnerability/2
source:
    id: GHSA-mpg8-8x9c-p9gv
    created: 2025-02-20T01:01:25.40792442Z
review_status: UNREVIEWED