| ##### |
| # Test finding stdlib vulnerability in source mode |
| $ govulncheck -C ${moddir}/stdlib . --> FAIL 3 |
| === Symbol Results === |
| |
| Vulnerability #1: GO-2022-0969 |
| HTTP/2 server connections can hang forever waiting for a clean shutdown that |
| was preempted by a fatal error. This condition can be exploited by a |
| malicious client to cause a denial of service. |
| More info: https://pkg.go.dev/vuln/GO-2022-0969 |
| Standard library |
| Found in: net/http@go1.18 |
| Fixed in: net/http@go1.18.6 |
| Example traces found: |
| #1: stdlib.go:<l>:<c>: stdlib.main calls http.ListenAndServe |
| #2: stdlib.go:<l>:<c>: stdlib.work[string] calls http.Serve |
| |
| Your code is affected by 1 vulnerability from the Go standard library. |
| This scan found no other vulnerabilities in packages you import or modules you |
| require. |
| Use '-show verbose' for more details. |
| |
| ##### |
| # Test finding stdlib vulnerability in source mode with expanded traces |
| $ govulncheck -C ${moddir}/stdlib -show=traces . --> FAIL 3 |
| === Symbol Results === |
| |
| Vulnerability #1: GO-2022-0969 |
| HTTP/2 server connections can hang forever waiting for a clean shutdown that |
| was preempted by a fatal error. This condition can be exploited by a |
| malicious client to cause a denial of service. |
| More info: https://pkg.go.dev/vuln/GO-2022-0969 |
| Standard library |
| Found in: net/http@go1.18 |
| Fixed in: net/http@go1.18.6 |
| Example traces found: |
| #1: for function net/http.ListenAndServe |
| stdlib.go:<l>:<c>: golang.org/stdlib.main |
| src/net/http/server.go:<l>:<c>: net/http.ListenAndServe |
| #2: for function net/http.Serve |
| stdlib.go:<l>:<c>: golang.org/stdlib.main |
| stdlib.go:<l>:<c>: golang.org/stdlib.work[string] |
| src/net/http/server.go:<l>:<c>: net/http.Serve |
| |
| Your code is affected by 1 vulnerability from the Go standard library. |
| This scan found no other vulnerabilities in packages you import or modules you |
| require. |
| Use '-show verbose' for more details. |
| |
| |
| ##### |
| # Test finding stdlib vulnerability in source mode at the package level |
| $ govulncheck -C ${moddir}/stdlib -scan package . --> FAIL 3 |
| === Package Results === |
| |
| Vulnerability #1: GO-2022-0969 |
| HTTP/2 server connections can hang forever waiting for a clean shutdown that |
| was preempted by a fatal error. This condition can be exploited by a |
| malicious client to cause a denial of service. |
| More info: https://pkg.go.dev/vuln/GO-2022-0969 |
| Standard library |
| Found in: net/http@go1.18 |
| Fixed in: net/http@go1.18.6 |
| |
| Your code may be affected by 1 vulnerability. |
| This scan also found 0 vulnerabilities in modules you require. |
| Use '-scan symbol' for more fine grained vulnerability detection and '-show |
| verbose' for more details. |
| |
| |
| ##### |
| # Test finding stdlib vulnerability in source mode at the module level |
| $ govulncheck -C ${moddir}/stdlib -scan module --> FAIL 3 |
| === Module Results === |
| |
| Vulnerability #1: GO-2022-0969 |
| HTTP/2 server connections can hang forever waiting for a clean shutdown that |
| was preempted by a fatal error. This condition can be exploited by a |
| malicious client to cause a denial of service. |
| More info: https://pkg.go.dev/vuln/GO-2022-0969 |
| Standard library |
| Found in: stdlib@go1.18 |
| Fixed in: stdlib@go1.18.6 |
| |
| Your code may be affected by 1 vulnerability. |
| Use '-scan symbol' for more fine grained vulnerability detection. |