commit 84266ddac0acd402afb6890a07ccda1c1e1adbd4
author Tatiana Bradley <tatianabradley@google.com> Mon Jan 09 16:22:22 2023 -0500
committer Tatiana Bradley <tatiana@golang.org> Tue Jan 10 21:46:25 2023 +0000
tree 9d1f1dcfd6d71536761d66adbdf9f297b4a699f5
parent 84da7db5d51b403d172cfb8c4c992add09d6535c

data/reports: add alias to GO-2020-0032.yaml

Aliases: CVE-2019-25073, GHSA-fjgq-224f-fq37

Updates golang/vulndb#32
Fixes golang/vulndb#1288

Change-Id: Ibc47c21fccd1ba73dcd1fa9dc318c4ab4dccb42c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461236
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>

data/osv/GO-2020-0032.json

diff --git a/data/osv/GO-2020-0032.json b/data/osv/GO-2020-0032.json
index 5d94d06..7438a72 100644
--- a/data/osv/GO-2020-0032.json
+++ b/data/osv/GO-2020-0032.json
@@ -3,7 +3,8 @@
   "published": "2021-04-14T20:04:52Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2019-25073"
+    "CVE-2019-25073",
+    "GHSA-fjgq-224f-fq37"
   ],
   "details": "Due to improper santization of user input, Controller.FileHandler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.",
   "affected": [

data/reports/GO-2020-0032.yaml

diff --git a/data/reports/GO-2020-0032.yaml b/data/reports/GO-2020-0032.yaml
index ee34fd4..823b8ea 100644
--- a/data/reports/GO-2020-0032.yaml
+++ b/data/reports/GO-2020-0032.yaml
@@ -25,6 +25,8 @@
     for directory traversal, allowing an attacker to read files outside of
     the target directory that the server has permission to read.
 published: 2021-04-14T20:04:52Z
+ghsas:
+  - GHSA-fjgq-224f-fq37
 credit: '@christi3k'
 references:
   - fix: https://github.com/goadesign/goa/pull/2388