cmd/govulncheck/testdata/source_stdlib_text.ct - vuln - Git at Google

 #####
 # Test finding stdlib vulnerability in source mode
 $ govulncheck -C ${moddir}/stdlib . --> FAIL 3
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

 Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

 Scanning your code and P packages across M dependent modules for known vulnerabilities...

 Vulnerability #1: GO-2022-0969
     HTTP/2 server connections can hang forever waiting for a clean shutdown that
     was preempted by a fatal error. This condition can be exploited by a
     malicious client to cause a denial of service.
   More info: https://pkg.go.dev/vuln/GO-2022-0969
   Standard library
     Found in: net/http@go1.18
     Fixed in: net/http@go1.19.1
     Example traces found:
       #1: .../stdlib.go:17:31: stdlib.main calls http.ListenAndServe

 Your code is affected by 1 vulnerability from the Go standard library.

 #####
 # Test finding stdlib vulnerability in source mode with expanded traces
 $ govulncheck -C ${moddir}/stdlib -show=traces . --> FAIL 3
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

 Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

 Scanning your code and P packages across M dependent modules for known vulnerabilities...

 Vulnerability #1: GO-2022-0969
     HTTP/2 server connections can hang forever waiting for a clean shutdown that
     was preempted by a fatal error. This condition can be exploited by a
     malicious client to cause a denial of service.
   More info: https://pkg.go.dev/vuln/GO-2022-0969
   Standard library
     Found in: net/http@go1.18
     Fixed in: net/http@go1.19.1
     Example traces found:
       #1: for function net/http.ListenAndServe
         .../stdlib.go:17:31: golang.org/stdlib.main
         net/http.ListenAndServe

 Your code is affected by 1 vulnerability from the Go standard library.
	#####
	# Test finding stdlib vulnerability in source mode
	$ govulncheck -C ${moddir}/stdlib . --> FAIL 3
	govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

	Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

	Scanning your code and P packages across M dependent modules for known vulnerabilities...

	Vulnerability #1: GO-2022-0969
	HTTP/2 server connections can hang forever waiting for a clean shutdown that
	was preempted by a fatal error. This condition can be exploited by a
	malicious client to cause a denial of service.
	More info: https://pkg.go.dev/vuln/GO-2022-0969
	Standard library
	Found in: net/http@go1.18
	Fixed in: net/http@go1.19.1
	Example traces found:
	#1: .../stdlib.go:17:31: stdlib.main calls http.ListenAndServe

	Your code is affected by 1 vulnerability from the Go standard library.

	#####
	# Test finding stdlib vulnerability in source mode with expanded traces
	$ govulncheck -C ${moddir}/stdlib -show=traces . --> FAIL 3
	govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

	Using go1.18 and govulncheck@v0.0.0-00000000000-20000101010101 with vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).

	Scanning your code and P packages across M dependent modules for known vulnerabilities...

	Vulnerability #1: GO-2022-0969
	HTTP/2 server connections can hang forever waiting for a clean shutdown that
	was preempted by a fatal error. This condition can be exploited by a
	malicious client to cause a denial of service.
	More info: https://pkg.go.dev/vuln/GO-2022-0969
	Standard library
	Found in: net/http@go1.18
	Fixed in: net/http@go1.19.1
	Example traces found:
	#1: for function net/http.ListenAndServe
	.../stdlib.go:17:31: golang.org/stdlib.main
	net/http.ListenAndServe

	Your code is affected by 1 vulnerability from the Go standard library.