| # Test of default mode. |
| |
| # All vulnerabilities imported, but never called. |
| $ govulncheck -dir ${moddir}/vuln3 . |
| govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. |
| |
| Scanning for dependencies with known vulnerabilities... |
| No vulnerabilities found. |
| |
| === Informational === |
| |
| The vulnerabilities below are in packages that you import, but your code |
| doesn't appear to call any vulnerable functions. You may not need to take any |
| action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck |
| for details. |
| |
| Vulnerability #1: GO-2021-0113 |
| Due to improper index calculation, an incorrectly formatted language tag can cause Parse |
| to panic via an out of bounds read. If Parse is used to process untrusted user inputs, |
| this may be used as a vector for a denial of service attack. |
| |
| Found in: golang.org/x/text/language@v0.3.0 |
| Fixed in: golang.org/x/text/language@v0.3.7 |
| More info: https://pkg.go.dev/vuln/GO-2021-0113 |