cmd/govulncheck/testdata/testfiles/binary-module/binary_module_text.ct - vuln - Git at Google

 #####
 # Test binary scanning at the module level
 $ govulncheck -mode=binary -scan module ${vuln_binary} --> FAIL 3
 Scanning your binary for known vulnerabilities...

 === Module Results ===

 Vulnerability #1: GO-2021-0265
     A maliciously crafted path can cause Get and other query functions to
     consume excessive amounts of CPU and time.
   More info: https://pkg.go.dev/vuln/GO-2021-0265
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.9.3

 Vulnerability #2: GO-2021-0113
     Due to improper index calculation, an incorrectly formatted language tag can
     cause Parse to panic via an out of bounds read. If Parse is used to process
     untrusted user inputs, this may be used as a vector for a denial of service
     attack.
   More info: https://pkg.go.dev/vuln/GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7

 Vulnerability #3: GO-2021-0054
     Due to improper bounds checking, maliciously crafted JSON objects can cause
     an out-of-bounds panic. If parsing user input, this may be used as a denial
     of service vector.
   More info: https://pkg.go.dev/vuln/GO-2021-0054
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.6.6

 Vulnerability #4: GO-2020-0015
     An attacker could provide a single byte to a UTF16 decoder instantiated with
     UseBOM or ExpectBOM to trigger an infinite loop if the String function on
     the Decoder is called, or the Decoder is passed to transform.String. If used
     to parse user supplied input, this may be used as a denial of service
     vector.
   More info: https://pkg.go.dev/vuln/GO-2020-0015
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.3

 Your code may be affected by 4 vulnerabilities.
 Use '-scan symbol' for more fine grained vulnerability detection.
	#####
	# Test binary scanning at the module level
	$ govulncheck -mode=binary -scan module ${vuln_binary} --> FAIL 3
	Scanning your binary for known vulnerabilities...

	=== Module Results ===

	Vulnerability #1: GO-2021-0265
	A maliciously crafted path can cause Get and other query functions to
	consume excessive amounts of CPU and time.
	More info: https://pkg.go.dev/vuln/GO-2021-0265
	Module: github.com/tidwall/gjson
	Found in: github.com/tidwall/gjson@v1.6.5
	Fixed in: github.com/tidwall/gjson@v1.9.3

	Vulnerability #2: GO-2021-0113
	Due to improper index calculation, an incorrectly formatted language tag can
	cause Parse to panic via an out of bounds read. If Parse is used to process
	untrusted user inputs, this may be used as a vector for a denial of service
	attack.
	More info: https://pkg.go.dev/vuln/GO-2021-0113
	Module: golang.org/x/text
	Found in: golang.org/x/text@v0.3.0
	Fixed in: golang.org/x/text@v0.3.7

	Vulnerability #3: GO-2021-0054
	Due to improper bounds checking, maliciously crafted JSON objects can cause
	an out-of-bounds panic. If parsing user input, this may be used as a denial
	of service vector.
	More info: https://pkg.go.dev/vuln/GO-2021-0054
	Module: github.com/tidwall/gjson
	Found in: github.com/tidwall/gjson@v1.6.5
	Fixed in: github.com/tidwall/gjson@v1.6.6

	Vulnerability #4: GO-2020-0015
	An attacker could provide a single byte to a UTF16 decoder instantiated with
	UseBOM or ExpectBOM to trigger an infinite loop if the String function on
	the Decoder is called, or the Decoder is passed to transform.String. If used
	to parse user supplied input, this may be used as a denial of service
	vector.
	More info: https://pkg.go.dev/vuln/GO-2020-0015
	Module: golang.org/x/text
	Found in: golang.org/x/text@v0.3.0
	Fixed in: golang.org/x/text@v0.3.3

	Your code may be affected by 4 vulnerabilities.
	Use '-scan symbol' for more fine grained vulnerability detection.