reports: add GO-2021-0265 for CVE-2021-42836 Fixes golang/vulndb#265 Change-Id: I540af3ef9281fc99f544481bf4c2be9e1c7a5b52 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/377614 Trust: Julie Qiu <julie@golang.org> Run-TryBot: Julie Qiu <julie@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>

commit: 13f2b09ad2e84e9b07f840f80283aed74fe0472e [log] [tgz]
author: Julie Qiu <julie@golang.org> Mon Jan 10 22:40:00 2022 -0500
committer: Julie Qiu <julie@golang.org> Fri Jan 14 17:30:24 2022 +0000
tree: 02633ab8caa4fe96011c02e7f4fd5eb0960d9b52
parent: 92762389bb4c1d604afa738e8b427137d85769ca [diff]
diff --git a/reports/GO-2021-0265.yaml b/reports/GO-2021-0265.yaml
new file mode 100644
index 0000000..4ac4ac1
--- /dev/null
+++ b/reports/GO-2021-0265.yaml

@@ -0,0 +1,15 @@
+module: github.com/tidwall/gjson
+versions:
+- fixed: v1.9.3
+description: |
+  GJSON allowed a ReDoS (regular expression denial of service) attack.
+cves:
+- CVE-2021-42836
+symbols:
+- match.Match
+links:
+  commit: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
+  context:
+  - https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3
+  - https://github.com/tidwall/gjson/issues/236
+  - https://github.com/tidwall/gjson/issues/237
commit	13f2b09ad2e84e9b07f840f80283aed74fe0472e	[log] [tgz]
author	Julie Qiu <julie@golang.org>	Mon Jan 10 22:40:00 2022 -0500
committer	Julie Qiu <julie@golang.org>	Fri Jan 14 17:30:24 2022 +0000
tree	02633ab8caa4fe96011c02e7f4fd5eb0960d9b52
parent	92762389bb4c1d604afa738e8b427137d85769ca [diff]