data/reports: add vulnerable_at to GO-2021-0078.yaml
Aliases: CVE-2018-17075
Updates golang/vulndb#78
Change-Id: I9ebe78fc9cb8e9ab29251d6e915a9503e7d3cac2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462621
Auto-Submit: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
diff --git a/data/osv/GO-2021-0078.json b/data/osv/GO-2021-0078.json
index 232d977..1ec8756 100644
--- a/data/osv/GO-2021-0078.json
+++ b/data/osv/GO-2021-0078.json
@@ -33,6 +33,8 @@
{
"path": "golang.org/x/net/html",
"symbols": [
+ "Parse",
+ "ParseFragment",
"inBodyIM",
"inFramesetIM"
]
diff --git a/data/reports/GO-2021-0078.yaml b/data/reports/GO-2021-0078.yaml
index 4032c67..345d8fd 100644
--- a/data/reports/GO-2021-0078.yaml
+++ b/data/reports/GO-2021-0078.yaml
@@ -2,11 +2,15 @@
- module: golang.org/x/net
versions:
- fixed: 0.0.0-20180816102801-aaf60122140d
+ vulnerable_at: 0.0.0-20180811021610-c39426892332
packages:
- package: golang.org/x/net/html
symbols:
- inBodyIM
- inFramesetIM
+ derived_symbols:
+ - Parse
+ - ParseFragment
description: |
The HTML parser does not properly handle "in frameset" insertion mode, and can be made
to panic when operating on malformed HTML that contains <template> tags. If operating
