commit 5d35d1ed75d7a4dde6d5ae7d8d608eaffda72a6b
author Damien Neil <dneil@google.com> Fri Jan 07 15:16:38 2022 -0800
committer Damien Neil <dneil@google.com> Thu Feb 17 17:32:24 2022 +0000
tree fc039898d91116d89b11a1501864e3d0d7e0601c
parent c2fd94672103b6dd986dd64fbfd4a5553c1fada7

reports: add GO-2021-0245.yaml for CVE-2021-36221

Fixes golang/vulndb#245

Change-Id: I3c5067725dfb72b2c1b0c4126709a048195bfce8
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/376754
Trust: Damien Neil <dneil@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>

reports/GO-2021-0245.yaml

diff --git a/reports/GO-2021-0245.yaml b/reports/GO-2021-0245.yaml
new file mode 100644
index 0000000..7b8a29f
--- /dev/null
+++ b/reports/GO-2021-0245.yaml
@@ -0,0 +1,20 @@
+module: std
+package: net/http/httputil
+versions:
+- fixed: go1.15.15
+- fixed: go1.16.7
+- fixed: go1.17.0
+description: |
+  ReverseProxy can panic after encountering a problem copying
+  a proxied response body.
+cves:
+- CVE-2021-36221
+credit: Andrew Crump
+symbols:
+- ReverseProxy.ServeHTTP
+links:
+  pr: https://go.dev/cl/333191
+  commit: https://go.googlesource.com/go/+/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e
+  context:
+  - https://groups.google.com/g/golang-announce/c/uHACNfXAZqk
+  - https://go.dev/issue/46866