data/reports: add GHSA for GO-2024-2611
Fixes golang/vulndb#2639
Change-Id: I3dc640d35313d33eea15d043a7e3df3e6aee82d5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/576677
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/osv/GO-2024-2611.json b/data/osv/GO-2024-2611.json
index d23a86b..f548a7d 100644
--- a/data/osv/GO-2024-2611.json
+++ b/data/osv/GO-2024-2611.json
@@ -4,7 +4,8 @@
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
- "CVE-2024-24786"
+ "CVE-2024-24786",
+ "GHSA-8r3f-844c-mc37"
],
"summary": "Infinite loop in JSON unmarshaling in google.golang.org/protobuf",
"details": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
diff --git a/data/reports/GO-2024-2611.yaml b/data/reports/GO-2024-2611.yaml
index 745f99b..98ca60d 100644
--- a/data/reports/GO-2024-2611.yaml
+++ b/data/reports/GO-2024-2611.yaml
@@ -22,6 +22,8 @@
certain forms of invalid JSON. This condition can occur when unmarshaling into a
message which contains a google.protobuf.Any value, or when the
UnmarshalOptions.DiscardUnknown option is set.
+ghsas:
+ - GHSA-8r3f-844c-mc37
references:
- fix: https://go.dev/cl/569356
cve_metadata:
