cmd/govulncheck/testdata/convert_text.ct - vuln - Git at Google

 #####
 # Test using the conversion from json on stdin to text on stdout
 $ govulncheck -mode=convert < convert_input.json
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

 Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
 vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

 Scanning your code and P packages across M dependent modules for known vulnerabilities...
 Your code is affected by 2 vulnerabilities from 2 modules.

 Vulnerability #1: GO-2021-0265
     A maliciously crafted path can cause Get and other query
     functions to consume excessive amounts of CPU and time.
   More info: https://pkg.go.dev/vuln/GO-2021-0265
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.9.3
     Call stacks in your code:
       .../vuln.go:14:20: golang.org/vuln.main calls github.com/tidwall/gjson.Result.Get


 Vulnerability #2: GO-2021-0113
     Due to improper index calculation, an incorrectly formatted
     language tag can cause Parse to panic via an out of bounds read.
     If Parse is used to process untrusted user inputs, this may be
     used as a vector for a denial of service attack.
   More info: https://pkg.go.dev/vuln/GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
     Call stacks in your code:
       .../vuln.go:13:16: golang.org/vuln.main calls golang.org/x/text/language.Parse

 === Informational ===

 Found 1 vulnerability in packages that you import, but there are no call
 stacks leading to the use of this vulnerability. You may not need to
 take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
 for details.

 Vulnerability #1: GO-2021-0054
     Due to improper bounds checking, maliciously crafted JSON
     objects can cause an out-of-bounds panic. If parsing user input,
     this may be used as a denial of service vector.
   More info: https://pkg.go.dev/vuln/GO-2021-0054
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.6.6
	#####
	# Test using the conversion from json on stdin to text on stdout
	$ govulncheck -mode=convert < convert_input.json
	govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

	Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with
	vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

	Scanning your code and P packages across M dependent modules for known vulnerabilities...
	Your code is affected by 2 vulnerabilities from 2 modules.

	Vulnerability #1: GO-2021-0265
	A maliciously crafted path can cause Get and other query
	functions to consume excessive amounts of CPU and time.
	More info: https://pkg.go.dev/vuln/GO-2021-0265
	Module: github.com/tidwall/gjson
	Found in: github.com/tidwall/gjson@v1.6.5
	Fixed in: github.com/tidwall/gjson@v1.9.3
	Call stacks in your code:
	.../vuln.go:14:20: golang.org/vuln.main calls github.com/tidwall/gjson.Result.Get


	Vulnerability #2: GO-2021-0113
	Due to improper index calculation, an incorrectly formatted
	language tag can cause Parse to panic via an out of bounds read.
	If Parse is used to process untrusted user inputs, this may be
	used as a vector for a denial of service attack.
	More info: https://pkg.go.dev/vuln/GO-2021-0113
	Module: golang.org/x/text
	Found in: golang.org/x/text@v0.3.0
	Fixed in: golang.org/x/text@v0.3.7
	Call stacks in your code:
	.../vuln.go:13:16: golang.org/vuln.main calls golang.org/x/text/language.Parse

	=== Informational ===

	Found 1 vulnerability in packages that you import, but there are no call
	stacks leading to the use of this vulnerability. You may not need to
	take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
	for details.

	Vulnerability #1: GO-2021-0054
	Due to improper bounds checking, maliciously crafted JSON
	objects can cause an out-of-bounds panic. If parsing user input,
	this may be used as a denial of service vector.
	More info: https://pkg.go.dev/vuln/GO-2021-0054
	Module: github.com/tidwall/gjson
	Found in: github.com/tidwall/gjson@v1.6.5
	Fixed in: github.com/tidwall/gjson@v1.6.6