| ##### |
| # Test for multiple call stacks in source mode with expanded traces |
| $ govulncheck -C ${moddir}/multientry . --> FAIL 3 |
| Scanning your code and P packages across M dependent module for known vulnerabilities... |
| |
| Vulnerability #1: GO-2021-0113 |
| Due to improper index calculation, an incorrectly formatted language tag can |
| cause Parse to panic via an out of bounds read. If Parse is used to process |
| untrusted user inputs, this may be used as a vector for a denial of service |
| attack. |
| More info: https://pkg.go.dev/vuln/GO-2021-0113 |
| Module: golang.org/x/text |
| Found in: golang.org/x/text@v0.3.5 |
| Fixed in: golang.org/x/text@v0.3.7 |
| Example traces found: |
| #1: .../main.go:99:20: multientry.foobar calls language.MustParse |
| #2: .../main.go:44:23: multientry.C calls language.Parse |
| |
| === Informational === |
| |
| Found 0 vulnerabilities in packages that you import, but there are no |
| call stacks leading to the use of these vulnerabilities. You may not |
| need to take any action. There is also 1 vulnerability in modules |
| that you require that is neither imported nor called. |
| See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details. |
| |
| Vulnerability #1: GO-2022-0969 |
| HTTP/2 server connections can hang forever waiting for a clean shutdown that |
| was preempted by a fatal error. This condition can be exploited by a |
| malicious client to cause a denial of service. |
| More info: https://pkg.go.dev/vuln/GO-2022-0969 |
| Standard library |
| Found in: net/http@go1.18 |
| Fixed in: net/http@go1.18.6 |
| |
| Your code is affected by 1 vulnerability from 1 module. |
| |
| Share feedback at https://go.dev/s/govulncheck-feedback. |
| |
| ##### |
| # Test for multple call stacks in source mode with expanded traces |
| $ govulncheck -C ${moddir}/multientry -show=traces ./... --> FAIL 3 |
| Scanning your code and P packages across M dependent module for known vulnerabilities... |
| |
| Vulnerability #1: GO-2021-0113 |
| Due to improper index calculation, an incorrectly formatted language tag can |
| cause Parse to panic via an out of bounds read. If Parse is used to process |
| untrusted user inputs, this may be used as a vector for a denial of service |
| attack. |
| More info: https://pkg.go.dev/vuln/GO-2021-0113 |
| Module: golang.org/x/text |
| Found in: golang.org/x/text@v0.3.5 |
| Fixed in: golang.org/x/text@v0.3.7 |
| Example traces found: |
| #1: for function golang.org/x/text/language.MustParse |
| .../main.go:26:3: golang.org/multientry.main |
| .../main.go:48:8: golang.org/multientry.D |
| .../main.go:99:20: golang.org/multientry.foobar |
| golang.org/x/text/language.MustParse |
| #2: for function golang.org/x/text/language.Parse |
| .../main.go:22:3: golang.org/multientry.main |
| .../main.go:44:23: golang.org/multientry.C |
| golang.org/x/text/language.Parse |
| |
| === Informational === |
| |
| Found 0 vulnerabilities in packages that you import, but there are no |
| call stacks leading to the use of these vulnerabilities. You may not |
| need to take any action. There is also 1 vulnerability in modules |
| that you require that is neither imported nor called. |
| See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details. |
| |
| Vulnerability #1: GO-2022-0969 |
| HTTP/2 server connections can hang forever waiting for a clean shutdown that |
| was preempted by a fatal error. This condition can be exploited by a |
| malicious client to cause a denial of service. |
| More info: https://pkg.go.dev/vuln/GO-2022-0969 |
| Standard library |
| Found in: net/http@go1.18 |
| Fixed in: net/http@go1.18.6 |
| |
| Your code is affected by 1 vulnerability from 1 module. |
| |
| Share feedback at https://go.dev/s/govulncheck-feedback. |
