data/reports: apply vulnreport fix to 0380 and 0384
Change-Id: Ifffda89da2ac3d170e9ff21931a90bb837427605
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/463109
Run-TryBot: Tim King <taking@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/reports/GO-2022-0380.yaml b/data/reports/GO-2022-0380.yaml
index 30fa396..b3810b8 100644
--- a/data/reports/GO-2022-0380.yaml
+++ b/data/reports/GO-2022-0380.yaml
@@ -1,13 +1,13 @@
modules:
- - module: github.com/nats-io/jwt
- versions:
- - fixed: 1.1.0
- vulnerable_at: 1.0.1
- packages:
- - package: github.com/nats-io/jwt
- symbols:
- - AccountClaims.IsRevoked
- - Export.IsRevoked
+ - module: github.com/nats-io/jwt
+ versions:
+ - fixed: 1.1.0
+ vulnerable_at: 1.0.1
+ packages:
+ - package: github.com/nats-io/jwt
+ symbols:
+ - AccountClaims.IsRevoked
+ - Export.IsRevoked
description: |
The AccountClaims.IsRevoked and Export.IsRevoked functions improperly
validate expired credentials using the current system time rather than
@@ -18,10 +18,10 @@
In these versions, the IsRevoked method always return true.
published: 2022-07-15T23:29:36Z
cves:
- - CVE-2020-26892
+ - CVE-2020-26892
ghsas:
- - GHSA-2c64-vj8g-vwrq
- - GHSA-4w5x-x539-ppf5
+ - GHSA-2c64-vj8g-vwrq
+ - GHSA-4w5x-x539-ppf5
references:
- - advisory: https://advisories.nats.io/CVE/CVE-2020-26892.txt
- - fix: https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a
+ - advisory: https://advisories.nats.io/CVE/CVE-2020-26892.txt
+ - fix: https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a
diff --git a/data/reports/GO-2022-0384.yaml b/data/reports/GO-2022-0384.yaml
index 1cb6774..5b6396e 100644
--- a/data/reports/GO-2022-0384.yaml
+++ b/data/reports/GO-2022-0384.yaml
@@ -1,16 +1,16 @@
modules:
- - module: helm.sh/helm/v3
- versions:
- - fixed: 3.6.1
- vulnerable_at: 3.6.0
- packages:
- - package: helm.sh/helm/v3/pkg/downloader
- symbols:
- - ChartDownloader.ResolveChartVersion
- derived_symbols:
- - ChartDownloader.DownloadTo
- - Manager.Build
- - Manager.Update
+ - module: helm.sh/helm/v3
+ versions:
+ - fixed: 3.6.1
+ vulnerable_at: 3.6.0
+ packages:
+ - package: helm.sh/helm/v3/pkg/downloader
+ symbols:
+ - ChartDownloader.ResolveChartVersion
+ derived_symbols:
+ - ChartDownloader.DownloadTo
+ - Manager.Build
+ - Manager.Update
description: |
The username and password credentials associated with a Helm repository
can be passed to another domain referenced by that Helm repository.
@@ -21,10 +21,10 @@
archives.
published: 2022-07-15T23:29:45Z
cves:
- - CVE-2021-32690
+ - CVE-2021-32690
ghsas:
- - GHSA-56hp-xqp3-w2jf
- - GHSA-7jr6-prv4-5wf5
+ - GHSA-56hp-xqp3-w2jf
+ - GHSA-7jr6-prv4-5wf5
references:
- - advisory: https://github.com/advisories/GHSA-56hp-xqp3-w2jf
- - fix: https://github.com/helm/helm/commit/61d8e8c4a6f95540c15c6a65f36a6dd0a45e7a2f
+ - advisory: https://github.com/advisories/GHSA-56hp-xqp3-w2jf
+ - fix: https://github.com/helm/helm/commit/61d8e8c4a6f95540c15c6a65f36a6dd0a45e7a2f
