internal/cve5/testdata/cve/TestToReport/CVE-2021-27919.txtar - vulndb - Git at Google

 Copyright 2024 The Go Authors. All rights reserved.
 Use of this source code is governed by a BSD-style
 license that can be found in the LICENSE file.

 Expected output of TestToReport/CVE-2021-27919.

 -- CVE-2021-27919_UNREVIEWED --
 id: GO-ID-PENDING
 modules:
     - module: std
       packages:
         - package: archive/zip
 summary: CVE-2021-27919 in archive/zip
 cves:
     - CVE-2021-27919
 references:
     - advisory: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/
     - advisory: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
     - advisory: https://security.gentoo.org/glsa/202208-02
     - web: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
 notes:
     - fix: 'std: could not add vulnerable_at: not implemented for std/cmd'
     - lint: 'modules[0] "std": packages[0] "archive/zip": at least one of vulnerable_at and skip_fix must be set'
     - lint: 'references: must contain at least one fix'
     - lint: 'references: must contain at least one report'
     - lint: 'references[0] "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/": advisory reference must not be set for first-party issues'
     - lint: 'references[1] "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/": advisory reference must not be set for first-party issues'
     - lint: 'references[2] "https://nvd.nist.gov/vuln/detail/CVE-2021-27919": "https://nvd.nist.gov/vuln/detail/CVE-2021-27919": advisory reference must not be set for first-party issues'
     - lint: 'references[3] "https://security.gentoo.org/glsa/202208-02": "https://security.gentoo.org/glsa/202208-02": advisory reference must not be set for first-party issues'
 source:
     id: CVE-2021-27919
     created: 1999-01-01T00:00:00Z
 review_status: UNREVIEWED
 -- CVE-2021-27919_REVIEWED --
 id: GO-ID-PENDING
 modules:
     - module: std
       packages:
         - package: archive/zip
 summary: CVE-2021-27919 in archive/zip
 description: |-
     archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of
     service (panic) upon attempted use of the Reader.Open API for a ZIP archive in
     which ../ occurs at the beginning of any filename.
 cves:
     - CVE-2021-27919
 references:
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
     - web: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
 notes:
     - fix: 'std: could not add vulnerable_at: not implemented for std/cmd'
     - lint: 'modules[0] "std": packages[0] "archive/zip": at least one of vulnerable_at and skip_fix must be set'
     - lint: 'references: must contain at least one fix'
     - lint: 'references: must contain at least one report'
     - lint: 'references[0] "https://nvd.nist.gov/vuln/detail/CVE-2021-27919": "https://nvd.nist.gov/vuln/detail/CVE-2021-27919": advisory reference must not be set for first-party issues'
 source:
     id: CVE-2021-27919
     created: 1999-01-01T00:00:00Z
 review_status: REVIEWED
	Copyright 2024 The Go Authors. All rights reserved.
	Use of this source code is governed by a BSD-style
	license that can be found in the LICENSE file.

	Expected output of TestToReport/CVE-2021-27919.

	-- CVE-2021-27919_UNREVIEWED --
	id: GO-ID-PENDING
	modules:
	- module: std
	packages:
	- package: archive/zip
	summary: CVE-2021-27919 in archive/zip
	cves:
	- CVE-2021-27919
	references:
	- advisory: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/
	- advisory: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
	- advisory: https://security.gentoo.org/glsa/202208-02
	- web: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
	notes:
	- fix: 'std: could not add vulnerable_at: not implemented for std/cmd'
	- lint: 'modules[0] "std": packages[0] "archive/zip": at least one of vulnerable_at and skip_fix must be set'
	- lint: 'references: must contain at least one fix'
	- lint: 'references: must contain at least one report'
	- lint: 'references[0] "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/": advisory reference must not be set for first-party issues'
	- lint: 'references[1] "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/": advisory reference must not be set for first-party issues'
	- lint: 'references[2] "https://nvd.nist.gov/vuln/detail/CVE-2021-27919": "https://nvd.nist.gov/vuln/detail/CVE-2021-27919": advisory reference must not be set for first-party issues'
	- lint: 'references[3] "https://security.gentoo.org/glsa/202208-02": "https://security.gentoo.org/glsa/202208-02": advisory reference must not be set for first-party issues'
	source:
	id: CVE-2021-27919
	created: 1999-01-01T00:00:00Z
	review_status: UNREVIEWED
	-- CVE-2021-27919_REVIEWED --
	id: GO-ID-PENDING
	modules:
	- module: std
	packages:
	- package: archive/zip
	summary: CVE-2021-27919 in archive/zip
	description: \|-
	archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of
	service (panic) upon attempted use of the Reader.Open API for a ZIP archive in
	which ../ occurs at the beginning of any filename.
	cves:
	- CVE-2021-27919
	references:
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-27919
	- web: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
	notes:
	- fix: 'std: could not add vulnerable_at: not implemented for std/cmd'
	- lint: 'modules[0] "std": packages[0] "archive/zip": at least one of vulnerable_at and skip_fix must be set'
	- lint: 'references: must contain at least one fix'
	- lint: 'references: must contain at least one report'
	- lint: 'references[0] "https://nvd.nist.gov/vuln/detail/CVE-2021-27919": "https://nvd.nist.gov/vuln/detail/CVE-2021-27919": advisory reference must not be set for first-party issues'
	source:
	id: CVE-2021-27919
	created: 1999-01-01T00:00:00Z
	review_status: REVIEWED