Google Git
Sign in
go / vulndb / 1d6dedf4dda71e78f356d4bd7ea144e8daf637e8^! / .
commit1d6dedf4dda71e78f356d4bd7ea144e8daf637e8[log] [tgz]
authorTatiana Bradley <tatianabradley@google.com>Mon Dec 11 10:28:00 2023 -0500
committerGopher Robot <gobot@golang.org>Mon Dec 11 21:02:58 2023 +0000
treed18f88499a70cc98acf28d38a5020eb4ada57002
parentc621656f85fd8d505798512dfed0d119e869a4b9 [diff]
data/reports: update GO-2023-2386.yaml

Adds fixed version and commit links provided by reporter.

Aliases: CVE-2023-45292

Updates golang/vulndb#2386

Change-Id: I8a7d08bd02bdbdfdb161f105a9324301a0e85396
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/548755
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>

diff --git a/data/cve/v5/GO-2023-2386.json b/data/cve/v5/GO-2023-2386.json
index b99455f..7799ec1 100644
--- a/data/cve/v5/GO-2023-2386.json
+++ b/data/cve/v5/GO-2023-2386.json

@@ -22,12 +22,20 @@
           "product": "github.com/mojocn/base64Captcha",
           "collectionURL": "https://pkg.go.dev",
           "packageName": "github.com/mojocn/base64Captcha",
+          "versions": [
+            {
+              "version": "0",
+              "lessThan": "1.3.6",
+              "status": "affected",
+              "versionType": "semver"
+            }
+          ],
           "programRoutines": [
             {
               "name": "memoryStore.Verify"
             }
           ],
-          "defaultStatus": "affected"
+          "defaultStatus": "unaffected"
         }
       ],
       "problemTypes": [
@@ -45,6 +53,12 @@
           "url": "https://github.com/mojocn/base64Captcha/issues/120"
         },
         {
+          "url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"
+        },
+        {
+          "url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"
+        },
+        {
           "url": "https://pkg.go.dev/vuln/GO-2023-2386"
         }
       ],

diff --git a/data/osv/GO-2023-2386.json b/data/osv/GO-2023-2386.json
index 462af46..5468cb0 100644
--- a/data/osv/GO-2023-2386.json
+++ b/data/osv/GO-2023-2386.json

@@ -20,6 +20,9 @@
           "events": [
             {
               "introduced": "0"
+            },
+            {
+              "fixed": "1.3.6"
             }
           ]
         }
@@ -40,6 +43,14 @@
     {
       "type": "REPORT",
       "url": "https://github.com/mojocn/base64Captcha/issues/120"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"
     }
   ],
   "credits": [

diff --git a/data/reports/GO-2023-2386.yaml b/data/reports/GO-2023-2386.yaml
index c97134a..c2a3593 100644
--- a/data/reports/GO-2023-2386.yaml
+++ b/data/reports/GO-2023-2386.yaml

@@ -1,6 +1,8 @@
 id: GO-2023-2386
 modules:
     - module: github.com/mojocn/base64Captcha
+      versions:
+        - fixed: 1.3.6
       vulnerable_at: 1.3.5
       packages:
         - package: github.com/mojocn/base64Captcha
@@ -18,6 +20,8 @@
     - '@cangkuai'
 references:
     - report: https://github.com/mojocn/base64Captcha/issues/120
+    - fix: https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13
+    - fix: https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7
 cve_metadata:
     id: CVE-2023-45292
     cwe: 'CWE-305: Authentication Bypass by Primary Weakness'