Google Git
Sign in
go/vulndb/9eaa78d13081df956754e3271f1c327c362bb292
commit
9eaa78d13081df956754e3271f1c327c362bb292
[log]
author
Damien Neil <dneil@google.com>
Tue Sep 16 15:37:47 2025 -0700
committer
Gopher Robot <gobot@golang.org>
Thu Sep 18 11:23:15 2025 -0700
tree
85938669ff3148bb6ceb78d88d25681f7a7302f9
parent
5032ebc6646b39ccd6400efe9d15993f25e99ed2 [diff]
data/reports: set better CWE for GO-2025-3420

This report was assigned CWE-116 ("Improper Encoding or Escaping of Output"),
but CWE-201 ("Insertion of Sensitive Information Into Sent Data") better
describes the incorrect behavior of sending a cookie or Authorization header
when the header should have been stripped.

Change-Id: I8d3266c7348d3ed9d60d903b7a7afb39bdee212b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/704036
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Neal Patel <nealpatel@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2 files changed
tree: 85938669ff3148bb6ceb78d88d25681f7a7302f9
  1. .github/
  2. cmd/
  3. data/
  4. deploy/
  5. devtools/
  6. doc/
  7. internal/
  8. terraform/
  9. webconfig/
  10. .gitignore
  11. all_test.go
  12. checks.bash
  13. CONTRIBUTING.md
  14. go.mod
  15. go.sum
  16. LICENSE
  17. PATENTS
  18. README.md
  19. tools_test.go
README.md

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.