commit 0bb227e94b996e0fb187226c694665548efa404b
author Tatiana Bradley <tatianabradley@google.com> Tue Jan 10 16:36:31 2023 -0500
committer Tatiana Bradley <tatiana@golang.org> Tue Jan 10 21:45:49 2023 +0000
tree 2c4413bb042554b72792c84f789c3105a80db649
parent 53753e44508a2eba7535eda49f40cb8a979f4aa2

data/reports: add alias for GO-2020-0020.yaml

Aliases: CVE-2017-20146, GHSA-jcr6-mmjj-pchw

Updates golang/vulndb#20
Fixes golang/vulndb#1237

Change-Id: I7b8f6229cd5a05580918edc9f8110c39568039d4
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461438
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>

data/osv/GO-2020-0020.json

diff --git a/data/osv/GO-2020-0020.json b/data/osv/GO-2020-0020.json
index e4be481..cd95485 100644
--- a/data/osv/GO-2020-0020.json
+++ b/data/osv/GO-2020-0020.json
@@ -3,7 +3,8 @@
   "published": "2021-04-14T20:04:52Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2017-20146"
+    "CVE-2017-20146",
+    "GHSA-jcr6-mmjj-pchw"
   ],
   "details": "Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.",
   "affected": [

data/reports/GO-2020-0020.yaml

diff --git a/data/reports/GO-2020-0020.yaml b/data/reports/GO-2020-0020.yaml
index 9733473..27eae4c 100644
--- a/data/reports/GO-2020-0020.yaml
+++ b/data/reports/GO-2020-0020.yaml
@@ -11,6 +11,8 @@
     the requester to explicitly control the value of the Access-Control-Allow-Origin
     header, which bypasses the expected behavior of the Same Origin Policy.
 published: 2021-04-14T20:04:52Z
+ghsas:
+  - GHSA-jcr6-mmjj-pchw
 credit: Evan J Johnson
 references:
   - fix: https://github.com/gorilla/handlers/pull/116