data/reports: updates GO-2024-2454.yaml
Updates golang/vulndb#2454
Fixes golang/vulndb#2555
Change-Id: If593547ce945ce821f8f695b743ec9ac9b4cf421
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/564537
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2024-2454.json b/data/osv/GO-2024-2454.json
index e4640cb..6c1fc04 100644
--- a/data/osv/GO-2024-2454.json
+++ b/data/osv/GO-2024-2454.json
@@ -21,6 +21,9 @@
"events": [
{
"introduced": "1.0.8"
+ },
+ {
+ "fixed": "1.2.28"
}
]
}
diff --git a/data/reports/GO-2024-2454.yaml b/data/reports/GO-2024-2454.yaml
index 83043a6..5b3a0e3 100644
--- a/data/reports/GO-2024-2454.yaml
+++ b/data/reports/GO-2024-2454.yaml
@@ -3,7 +3,8 @@
- module: github.com/lestrrat-go/jwx
versions:
- introduced: 1.0.8
- vulnerable_at: 1.2.28
+ - fixed: 1.2.28
+ vulnerable_at: 1.2.27
packages:
- package: github.com/lestrrat-go/jwx/jws
symbols:
@@ -28,3 +29,4 @@
notes:
- This report covers issues 2454, for v2, and 2455, for v1.
- The earliest v1 version with the vulnerable symbol is v1.0.8.
+ - The fix for v1 was not known initially, the GHSA got updated later.