Google Git
Sign in
go / vulndb / 5bfc9ea899114c0240df2054ead9468c965ba1fe^! / .
commit5bfc9ea899114c0240df2054ead9468c965ba1fe[log] [tgz]
authorTatiana Bradley <tatianabradley@google.com>Wed Jan 18 11:13:09 2023 -0500
committerGopher Robot <gobot@golang.org>Wed Jan 18 18:06:46 2023 +0000
tree613114c2cd73735b185fa4df0627b5cfc5cd4e93
parent1cbeb4f75b9827e8b4fa5be3f63988b6d8c547a7 [diff]
data/reports: add vulnerable_at to GO-2021-0089.yaml

Also update "fixed" version to be more readable tagged version.

Aliases: CVE-2020-10675, GHSA-rmh2-65xw-9m6q

Updates golang/vulndb#89

Change-Id: I79113d52a4bab02e17c8cda8882b7b792084e89c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462575
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatiana@golang.org>

diff --git a/data/osv/GO-2021-0089.json b/data/osv/GO-2021-0089.json
index cea5334..8a4061a 100644
--- a/data/osv/GO-2021-0089.json
+++ b/data/osv/GO-2021-0089.json

@@ -21,7 +21,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "0.0.0-20200321185410-91ac96899e49"
+              "fixed": "1.0.0"
             }
           ]
         }
@@ -34,6 +34,7 @@
           {
             "path": "github.com/buger/jsonparser",
             "symbols": [
+              "Delete",
               "findKeyStart"
             ]
           }

diff --git a/data/reports/GO-2021-0089.yaml b/data/reports/GO-2021-0089.yaml
index 64d2dbd..5e4c9cb 100644
--- a/data/reports/GO-2021-0089.yaml
+++ b/data/reports/GO-2021-0089.yaml

@@ -1,11 +1,14 @@
 modules:
   - module: github.com/buger/jsonparser
     versions:
-      - fixed: 0.0.0-20200321185410-91ac96899e49
+      - fixed: 1.0.0
+    vulnerable_at: 0.0.0-20191204142016-1a29609e0929
     packages:
       - package: github.com/buger/jsonparser
         symbols:
           - findKeyStart
+        derived_symbols:
+          - Delete
 description: |
     Parsing malformed JSON which contain opening brackets, but not closing brackets,
     leads to an infinite loop. If operating on untrusted user input this can be