data/reports: add vulnerable_at to GO-2021-0089.yaml
Also update "fixed" version to be more readable tagged version.
Aliases: CVE-2020-10675, GHSA-rmh2-65xw-9m6q
Updates golang/vulndb#89
Change-Id: I79113d52a4bab02e17c8cda8882b7b792084e89c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462575
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatiana@golang.org>
diff --git a/data/osv/GO-2021-0089.json b/data/osv/GO-2021-0089.json
index cea5334..8a4061a 100644
--- a/data/osv/GO-2021-0089.json
+++ b/data/osv/GO-2021-0089.json
@@ -21,7 +21,7 @@
"introduced": "0"
},
{
- "fixed": "0.0.0-20200321185410-91ac96899e49"
+ "fixed": "1.0.0"
}
]
}
@@ -34,6 +34,7 @@
{
"path": "github.com/buger/jsonparser",
"symbols": [
+ "Delete",
"findKeyStart"
]
}
diff --git a/data/reports/GO-2021-0089.yaml b/data/reports/GO-2021-0089.yaml
index 64d2dbd..5e4c9cb 100644
--- a/data/reports/GO-2021-0089.yaml
+++ b/data/reports/GO-2021-0089.yaml
@@ -1,11 +1,14 @@
modules:
- module: github.com/buger/jsonparser
versions:
- - fixed: 0.0.0-20200321185410-91ac96899e49
+ - fixed: 1.0.0
+ vulnerable_at: 0.0.0-20191204142016-1a29609e0929
packages:
- package: github.com/buger/jsonparser
symbols:
- findKeyStart
+ derived_symbols:
+ - Delete
description: |
Parsing malformed JSON which contain opening brackets, but not closing brackets,
leads to an infinite loop. If operating on untrusted user input this can be