Google Git
Sign in
go / vulndb / a697eb6faead301392ac87845c8d47ad4207cfdc^! / .
commita697eb6faead301392ac87845c8d47ad4207cfdc[log] [tgz]
authorTim King <taking@google.com>Fri Jan 27 16:58:16 2023 -0800
committerTatiana Bradley <tatianabradley@google.com>Mon Jan 30 16:20:24 2023 +0000
treec8ffd8684513444decd0daa4da8f6f4420f3e226
parente2604b9ce8cd9a7892f2bb15074842c6aa56692c [diff]
data/reports: apply vulnreport fix to 1187, 1201, 1213

Change-Id: Iff1f384ec351ee17e835f55118e0e1b945e26302
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/463114
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

diff --git a/data/osv/GO-2022-1187.json b/data/osv/GO-2022-1187.json
index 7d300b0..45a8a7a 100644
--- a/data/osv/GO-2022-1187.json
+++ b/data/osv/GO-2022-1187.json

@@ -3,7 +3,8 @@
   "published": "0001-01-01T00:00:00Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2020-36627"
+    "CVE-2020-36627",
+    "GHSA-jwrv-x6rx-8vfm"
   ],
   "details": "A user controlled string could lead to open redirect.",
   "affected": [

diff --git a/data/osv/GO-2022-1201.json b/data/osv/GO-2022-1201.json
index 7d75c41..43e7dff 100644
--- a/data/osv/GO-2022-1201.json
+++ b/data/osv/GO-2022-1201.json

@@ -3,7 +3,8 @@
   "published": "0001-01-01T00:00:00Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2021-4294"
+    "CVE-2021-4294",
+    "GHSA-m7qp-cj9p-gj85"
   ],
   "details": "Client secret checks are vulnerable to timing attacks, which could permit an attacker to determine client secrets.",
   "affected": [

diff --git a/data/osv/GO-2022-1213.json b/data/osv/GO-2022-1213.json
index 9da73c8..ee9a488 100644
--- a/data/osv/GO-2022-1213.json
+++ b/data/osv/GO-2022-1213.json

@@ -3,7 +3,8 @@
   "published": "0001-01-01T00:00:00Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2018-25060"
+    "CVE-2018-25060",
+    "GHSA-hhxg-px5h-jc32"
   ],
   "details": "The Options.Secure value is ignored, and cookies created by Generate never have the secure attribute.",
   "affected": [

diff --git a/data/reports/GO-2022-1187.yaml b/data/reports/GO-2022-1187.yaml
index 20b975e..3b0d2f5 100644
--- a/data/reports/GO-2022-1187.yaml
+++ b/data/reports/GO-2022-1187.yaml

@@ -11,6 +11,8 @@
     A user controlled string could lead to open redirect.
 cves:
   - CVE-2020-36627
+ghsas:
+  - GHSA-jwrv-x6rx-8vfm
 references:
   - web: https://vuldb.com/?id.216745
   - fix: https://github.com/go-macaron/i18n/commit/329b0c4844cc16a5a253c011b55180598e707735

diff --git a/data/reports/GO-2022-1201.yaml b/data/reports/GO-2022-1201.yaml
index 214022b..ea3709b 100644
--- a/data/reports/GO-2022-1201.yaml
+++ b/data/reports/GO-2022-1201.yaml

@@ -16,6 +16,8 @@
     permit an attacker to determine client secrets.
 cves:
   - CVE-2021-4294
+ghsas:
+  - GHSA-m7qp-cj9p-gj85
 references:
   - fix: https://github.com/openshift/osin/pull/200
   - fix: https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29

diff --git a/data/reports/GO-2022-1213.yaml b/data/reports/GO-2022-1213.yaml
index 5a3490d..6086ef3 100644
--- a/data/reports/GO-2022-1213.yaml
+++ b/data/reports/GO-2022-1213.yaml

@@ -10,6 +10,8 @@
     have the secure attribute.
 cves:
   - CVE-2018-25060
+ghsas:
+  - GHSA-hhxg-px5h-jc32
 references:
   - fix: https://github.com/go-macaron/csrf/pull/7
   - fix: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c