data/reports: apply vulnreport fix to 0113
Change-Id: If8300491d03b08130a7fe616ef85f09491810e6e
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/464024
Run-TryBot: Tim King <taking@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/osv/GO-2021-0113.json b/data/osv/GO-2021-0113.json
index bdf32be..36c6e37 100644
--- a/data/osv/GO-2021-0113.json
+++ b/data/osv/GO-2021-0113.json
@@ -3,7 +3,8 @@
"published": "2021-10-06T17:51:21Z",
"modified": "0001-01-01T00:00:00Z",
"aliases": [
- "CVE-2021-38561"
+ "CVE-2021-38561",
+ "GHSA-ppp9-7jff-5vj2"
],
"details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic via an out of bounds read. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.",
"affected": [
diff --git a/data/reports/GO-2021-0113.yaml b/data/reports/GO-2021-0113.yaml
index 60cf0d0..81a626c 100644
--- a/data/reports/GO-2021-0113.yaml
+++ b/data/reports/GO-2021-0113.yaml
@@ -10,6 +10,7 @@
- MatchStrings
- MustParse
- ParseAcceptLanguage
+ skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
description: |
Due to improper index calculation, an incorrectly formatted language tag can cause Parse
to panic via an out of bounds read. If Parse is used to process untrusted user inputs,
@@ -17,6 +18,8 @@
published: 2021-10-06T17:51:21Z
cves:
- CVE-2021-38561
+ghsas:
+ - GHSA-ppp9-7jff-5vj2
credit: Guido Vranken
references:
- fix: https://go.dev/cl/340830