| # Test of default mode. |
| |
| # No vulnerabilities, no output. |
| $ cdmodule novuln |
| $ govulncheck . |
| govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. |
| |
| Scanning for dependencies with known vulnerabilities... |
| No vulnerabilities found. |
| |
| $ cdmodule vuln |
| $ govulncheck . --> FAIL 3 |
| govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. |
| |
| Scanning for dependencies with known vulnerabilities... |
| Found 1 known vulnerability. |
| ------------------------------------------------------- |
| |
| package: golang.org/x/text/language |
| your version: v0.3.0 |
| fixed version: v0.3.7 |
| sample call stacks: |
| vuln.main calls golang.org/x/text/language.Parse |
| reference: https://pkg.go.dev/vuln/GO-2021-0113 |
| description: Due to improper index calculation, an incorrectly formatted |
| language tag can cause Parse to panic via an out of bounds read. |
| If Parse is used to process untrusted user inputs, this may be |
| used as a vector for a denial of service attack. |
