data/reports: add vulnerable_at to GO-2021-0083.yaml
Aliases: CVE-2019-12496
Updates golang/vulndb#83
Change-Id: I37939aee2d68b200f4d9641f63517f782b5469a3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462776
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2021-0083.json b/data/osv/GO-2021-0083.json
index 0143643..29ae659 100644
--- a/data/osv/GO-2021-0083.json
+++ b/data/osv/GO-2021-0083.json
@@ -33,6 +33,7 @@
{
"path": "github.com/hybridgroup/gobot/platforms/mqtt",
"symbols": [
+ "Adaptor.Connect",
"Adaptor.newTLSConfig"
]
}
diff --git a/data/reports/GO-2021-0083.yaml b/data/reports/GO-2021-0083.yaml
index af77633..d7c2dfd 100644
--- a/data/reports/GO-2021-0083.yaml
+++ b/data/reports/GO-2021-0083.yaml
@@ -2,10 +2,13 @@
- module: github.com/hybridgroup/gobot
versions:
- fixed: 1.12.1-0.20190521122906-c1aa4f867846
+ vulnerable_at: 1.12.1-0.20190521122836-07d9e09b1ea5
packages:
- package: github.com/hybridgroup/gobot/platforms/mqtt
symbols:
- Adaptor.newTLSConfig
+ derived_symbols:
+ - Adaptor.Connect
description: |
TLS certificate verification is skipped when connecting to a MQTT server.
This allows an attacker who can MITM the connection to read, or forge,
