data/reports: update GO-2023-2386.yaml
Adds fixed version and commit links provided by reporter.
Aliases: CVE-2023-45292
Updates golang/vulndb#2386
Change-Id: I8a7d08bd02bdbdfdb161f105a9324301a0e85396
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/548755
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/data/cve/v5/GO-2023-2386.json b/data/cve/v5/GO-2023-2386.json
index b99455f..7799ec1 100644
--- a/data/cve/v5/GO-2023-2386.json
+++ b/data/cve/v5/GO-2023-2386.json
@@ -22,12 +22,20 @@
"product": "github.com/mojocn/base64Captcha",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/mojocn/base64Captcha",
+ "versions": [
+ {
+ "version": "0",
+ "lessThan": "1.3.6",
+ "status": "affected",
+ "versionType": "semver"
+ }
+ ],
"programRoutines": [
{
"name": "memoryStore.Verify"
}
],
- "defaultStatus": "affected"
+ "defaultStatus": "unaffected"
}
],
"problemTypes": [
@@ -45,6 +53,12 @@
"url": "https://github.com/mojocn/base64Captcha/issues/120"
},
{
+ "url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"
+ },
+ {
+ "url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"
+ },
+ {
"url": "https://pkg.go.dev/vuln/GO-2023-2386"
}
],
diff --git a/data/osv/GO-2023-2386.json b/data/osv/GO-2023-2386.json
index 462af46..5468cb0 100644
--- a/data/osv/GO-2023-2386.json
+++ b/data/osv/GO-2023-2386.json
@@ -20,6 +20,9 @@
"events": [
{
"introduced": "0"
+ },
+ {
+ "fixed": "1.3.6"
}
]
}
@@ -40,6 +43,14 @@
{
"type": "REPORT",
"url": "https://github.com/mojocn/base64Captcha/issues/120"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"
}
],
"credits": [
diff --git a/data/reports/GO-2023-2386.yaml b/data/reports/GO-2023-2386.yaml
index c97134a..c2a3593 100644
--- a/data/reports/GO-2023-2386.yaml
+++ b/data/reports/GO-2023-2386.yaml
@@ -1,6 +1,8 @@
id: GO-2023-2386
modules:
- module: github.com/mojocn/base64Captcha
+ versions:
+ - fixed: 1.3.6
vulnerable_at: 1.3.5
packages:
- package: github.com/mojocn/base64Captcha
@@ -18,6 +20,8 @@
- '@cangkuai'
references:
- report: https://github.com/mojocn/base64Captcha/issues/120
+ - fix: https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13
+ - fix: https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7
cve_metadata:
id: CVE-2023-45292
cwe: 'CWE-305: Authentication Bypass by Primary Weakness'