x/vulndb: add reports/GO-2022-0411.yaml for GHSA-xg2h-wx96-xgxr
Fixes golang/vulndb#0411
Change-Id: I57b986d8c2035d87140da8086698e94e45f9934b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414817
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
diff --git a/reports/GO-2022-0411.yaml b/reports/GO-2022-0411.yaml
new file mode 100644
index 0000000..56e862e
--- /dev/null
+++ b/reports/GO-2022-0411.yaml
@@ -0,0 +1,19 @@
+packages:
+ - module: github.com/Masterminds/goutils
+ symbols:
+ - RandomAlphaNumeric
+ - CryptoRandomAlphaNumeric
+ versions:
+ - fixed: 1.1.1
+ vulnerable_at: 1.1.0
+description: |
+ Randomly-generated alphanumeric strings contain significantly less entropy
+ than expected.
+
+ The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return
+ strings containing at least one digit from 0 to 9. This significantly
+ reduces the amount of entropy in short strings generated by these functions.
+ghsas:
+ - GHSA-xg2h-wx96-xgxr
+links:
+ commit: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1