| ##### |
| # Test using the conversion from json on stdin to text on stdout |
| # location of convert input is subdirectory/convert_intput |
| $ govulncheck -mode=convert < convert/convert_input.json --> FAIL 3 |
| === Symbol Results === |
| |
| Vulnerability #1: GO-2021-0265 |
| A maliciously crafted path can cause Get and other query functions to |
| consume excessive amounts of CPU and time. |
| More info: https://pkg.go.dev/vuln/GO-2021-0265 |
| Module: github.com/tidwall/gjson |
| Found in: github.com/tidwall/gjson@v1.6.5 |
| Fixed in: github.com/tidwall/gjson@v1.9.3 |
| Example traces found: |
| #1: .../vuln.go:14:20: vuln.main calls gjson.Result.Get |
| |
| Vulnerability #2: GO-2021-0113 |
| Due to improper index calculation, an incorrectly formatted language tag can |
| cause Parse to panic via an out of bounds read. If Parse is used to process |
| untrusted user inputs, this may be used as a vector for a denial of service |
| attack. |
| More info: https://pkg.go.dev/vuln/GO-2021-0113 |
| Module: golang.org/x/text |
| Found in: golang.org/x/text@v0.3.0 |
| Fixed in: golang.org/x/text@v0.3.7 |
| Example traces found: |
| #1: .../vuln.go:13:16: vuln.main calls language.Parse |
| |
| Your code is affected by 2 vulnerabilities from 2 modules. |
| This scan also found 1 vulnerability in packages you import and 0 |
| vulnerabilities in modules you require, but your code doesn't appear to call |
| these vulnerabilities. |
| Use '-show verbose' for more details. |
