| # Test of verbose mode. |
| |
| # No vulnerabilities, no output. |
| $ cdmodule novuln |
| $ govulncheck -v . |
| govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. |
| |
| Scanning for dependencies with known vulnerabilities... |
| No vulnerabilities found. |
| |
| $ cdmodule vuln |
| $ govulncheck -v . --> FAIL 3 |
| govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. |
| |
| Scanning for dependencies with known vulnerabilities... |
| Found 1 known vulnerability. |
| ------------------------------------------------------- |
| |
| GO-2021-0113 |
| Due to improper index calculation, an incorrectly formatted language tag can cause Parse |
| to panic via an out of bounds read. If Parse is used to process untrusted user inputs, |
| this may be used as a vector for a denial of service attack. |
| |
| Call stacks in your code: |
| #1: for function Parse |
| vuln.main |
| .../vuln.go:11:16 |
| golang.org/x/text/language.Parse |
| |
| |
| Found in: golang.org/x/text/language@v0.3.0 |
| Fixed in: golang.org/x/text/language@v0.3.7 |
| More info: https://pkg.go.dev/vuln/GO-2021-0113 |