blob: de356fe9e97aa496c4412b344566fe3570196c2b [file] [log] [blame]
id: GO-TEST-ID
modules:
- module: github.com/zhaojh329/rttys
versions:
- introduced: 4.0.0
unsupported_versions:
- version: 4.0.2
type: last_affected
summary: rttys SQL Injection vulnerability
description: |-
SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go,
allows attackers to execute arbitrary code.
cves:
- CVE-2022-38867
ghsas:
- GHSA-54q4-74p3-mgcw
references:
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-38867
- report: https://github.com/zhaojh329/rttys/issues/117
notes:
- lint: 'modules[0] "github.com/zhaojh329/rttys": unsupported_versions: found 1 (want none)'
- lint: 'modules[0] "github.com/zhaojh329/rttys": version 4.0.0 does not exist'
- lint: 'summary: must begin with a capital letter'
- lint: 'summary: must contain an affected module or package path (e.g. "github.com/zhaojh329/rttys")'