data/reports: add missing alias to GO-2023-1495.yaml
Aliases: CVE-2022-41721, GHSA-fxg5-wq6x-vr4w
Updates golang/vulndb#1495
Fixes golang/vulndb#1507
Change-Id: I1dec284a79c4e52195d1e07a2d878bb840d50041
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/464318
Auto-Submit: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Julie Qiu <julieqiu@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2023-1495.json b/data/osv/GO-2023-1495.json
index 4ad7191..d12398c 100644
--- a/data/osv/GO-2023-1495.json
+++ b/data/osv/GO-2023-1495.json
@@ -3,7 +3,8 @@
"published": "0001-01-01T00:00:00Z",
"modified": "0001-01-01T00:00:00Z",
"aliases": [
- "CVE-2022-41721"
+ "CVE-2022-41721",
+ "GHSA-fxg5-wq6x-vr4w"
],
"details": "A request smuggling attack is possible when using MaxBytesHandler.\n\nWhen using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.",
"affected": [
diff --git a/data/reports/GO-2023-1495.yaml b/data/reports/GO-2023-1495.yaml
index 067a9c8..c6c63a4 100644
--- a/data/reports/GO-2023-1495.yaml
+++ b/data/reports/GO-2023-1495.yaml
@@ -16,6 +16,8 @@
consumed. When the server attempts to read HTTP2 frames from the
connection, it will instead be reading the body of the HTTP request,
which could be attacker-manipulated to represent arbitrary HTTP2 requests.
+ghsas:
+ - GHSA-fxg5-wq6x-vr4w
credit: John Howard (Google)
references:
- report: https://go.dev/issue/56352
