cmd/govulncheck/testdata/two-symbols.ct - vuln - Git at Google

 $ govulncheck -dir ${moddir}/vuln2 . --> FAIL 3
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

 Scanning for dependencies with known vulnerabilities...
 Found 2 known vulnerabilities.

 Vulnerability #1: GO-2022-0592
   A maliciously crafted path can cause Get and other query
   functions to consume excessive amounts of CPU and time.

   Call stacks in your code:
       .../vuln.go:14:15: golang.org/vuln2.main calls github.com/tidwall/gjson.Get
       .../vuln.go:15:20: golang.org/vuln2.main calls github.com/tidwall/gjson.GetBytes

   Found in: github.com/tidwall/gjson@v1.9.2
   Fixed in: github.com/tidwall/gjson@v1.9.3
   More info: https://pkg.go.dev/vuln/GO-2022-0592

 Vulnerability #2: GO-2021-0113
   Due to improper index calculation, an incorrectly formatted
   language tag can cause Parse to panic via an out of bounds read.
   If Parse is used to process untrusted user inputs, this may be
   used as a vector for a denial of service attack.

   Call stacks in your code:
       .../vuln.go:12:16: golang.org/vuln2.main calls golang.org/x/text/language.Parse

   Found in: golang.org/x/text/language@v0.3.0
   Fixed in: golang.org/x/text/language@v0.3.7
   More info: https://pkg.go.dev/vuln/GO-2021-0113

 === Informational ===

 The vulnerabilities below are in packages that you import, but your code
 doesn't appear to call any vulnerable functions. You may not need to take any
 action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
 for details.

 Vulnerability #1: GO-2021-0265
   GJSON allowed a ReDoS (regular expression denial of service) attack.
   Found in: github.com/tidwall/gjson@v1.9.2
   Fixed in: github.com/tidwall/gjson@v1.9.3
   Platforms: linux/amd64, windows/amd64
   More info: https://pkg.go.dev/vuln/GO-2021-0265
	$ govulncheck -dir ${moddir}/vuln2 . --> FAIL 3
	govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

	Scanning for dependencies with known vulnerabilities...
	Found 2 known vulnerabilities.

	Vulnerability #1: GO-2022-0592
	A maliciously crafted path can cause Get and other query
	functions to consume excessive amounts of CPU and time.

	Call stacks in your code:
	.../vuln.go:14:15: golang.org/vuln2.main calls github.com/tidwall/gjson.Get
	.../vuln.go:15:20: golang.org/vuln2.main calls github.com/tidwall/gjson.GetBytes

	Found in: github.com/tidwall/gjson@v1.9.2
	Fixed in: github.com/tidwall/gjson@v1.9.3
	More info: https://pkg.go.dev/vuln/GO-2022-0592

	Vulnerability #2: GO-2021-0113
	Due to improper index calculation, an incorrectly formatted
	language tag can cause Parse to panic via an out of bounds read.
	If Parse is used to process untrusted user inputs, this may be
	used as a vector for a denial of service attack.

	Call stacks in your code:
	.../vuln.go:12:16: golang.org/vuln2.main calls golang.org/x/text/language.Parse

	Found in: golang.org/x/text/language@v0.3.0
	Fixed in: golang.org/x/text/language@v0.3.7
	More info: https://pkg.go.dev/vuln/GO-2021-0113

	=== Informational ===

	The vulnerabilities below are in packages that you import, but your code
	doesn't appear to call any vulnerable functions. You may not need to take any
	action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
	for details.

	Vulnerability #1: GO-2021-0265
	GJSON allowed a ReDoS (regular expression denial of service) attack.
	Found in: github.com/tidwall/gjson@v1.9.2
	Fixed in: github.com/tidwall/gjson@v1.9.3
	Platforms: linux/amd64, windows/amd64
	More info: https://pkg.go.dev/vuln/GO-2021-0265