commit 4f2a170576fb0777419dd7d5ec2b69a56d946a14
author Damien Neil <dneil@google.com> Tue Jun 28 11:12:01 2022 -0700
committer Damien Neil <dneil@google.com> Fri Jul 01 20:08:24 2022 +0000
tree 0a664583fa189185d8a8cedd6d2cb3dbcf7272e8
parent 679b2da8b51ceebaabc254c4dfb9052b98f67c5c

x/vulndb: add reports/GO-2022-0411.yaml for GHSA-xg2h-wx96-xgxr

Fixes golang/vulndb#0411

Change-Id: I57b986d8c2035d87140da8086698e94e45f9934b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414817
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>

reports/GO-2022-0411.yaml

diff --git a/reports/GO-2022-0411.yaml b/reports/GO-2022-0411.yaml
new file mode 100644
index 0000000..56e862e
--- /dev/null
+++ b/reports/GO-2022-0411.yaml
@@ -0,0 +1,19 @@
+packages:
+  - module: github.com/Masterminds/goutils
+    symbols:
+      - RandomAlphaNumeric
+      - CryptoRandomAlphaNumeric
+    versions:
+      - fixed: 1.1.1
+    vulnerable_at: 1.1.0
+description: |
+    Randomly-generated alphanumeric strings contain significantly less entropy
+    than expected.
+
+    The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return
+    strings containing at least one digit from 0 to 9. This significantly
+    reduces the amount of entropy in short strings generated by these functions.
+ghsas:
+  - GHSA-xg2h-wx96-xgxr
+links:
+    commit: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1