Google Git
Sign in
go / vulndb / aca72046e69d9a92886ebdb31727c6600aea3989^! / .
commitaca72046e69d9a92886ebdb31727c6600aea3989[log] [tgz]
authorTatiana Bradley <tatianabradley@google.com>Thu Jan 04 13:04:49 2024 -0500
committerTatiana Bradley <tatianabradley@google.com>Thu Jan 04 18:39:51 2024 +0000
tree4bcc078554e50b4fd6f9ca845e6bc39ceb4e4725
parente7ffd94ca9e17addb8a47cbc571fa525ef3e2d08 [diff]
data/reports: update GO-2023-2328.yaml

Add fixed version and fix commit.

Aliases: CVE-2023-45286, GHSA-xwh9-gc39-5298

Updates golang/vulndb#2328
Updates golang/vulndb#2427

Change-Id: Ia8373db660975a01f455d2b60d5e1d9f73a2c30b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/554155
Reviewed-by: Tim King <taking@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

diff --git a/data/cve/v5/GO-2023-2328.json b/data/cve/v5/GO-2023-2328.json
index 5679738..80db7bb 100644
--- a/data/cve/v5/GO-2023-2328.json
+++ b/data/cve/v5/GO-2023-2328.json

@@ -24,9 +24,9 @@
           "packageName": "github.com/go-resty/resty/v2",
           "versions": [
             {
-              "version": "0",
-              "lessThan": "2.10.0",
-              "status": "unaffected",
+              "version": "2.10.0",
+              "lessThan": "2.11.0",
+              "status": "affected",
               "versionType": "semver"
             }
           ],
@@ -65,7 +65,7 @@
               "name": "Request.Send"
             }
           ],
-          "defaultStatus": "affected"
+          "defaultStatus": "unaffected"
         }
       ],
       "problemTypes": [
@@ -89,6 +89,9 @@
           "url": "https://github.com/go-resty/resty/pull/745"
         },
         {
+          "url": "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e"
+        },
+        {
           "url": "https://pkg.go.dev/vuln/GO-2023-2328"
         }
       ],

diff --git a/data/osv/GO-2023-2328.json b/data/osv/GO-2023-2328.json
index f9287f0..3c6d464 100644
--- a/data/osv/GO-2023-2328.json
+++ b/data/osv/GO-2023-2328.json

@@ -21,6 +21,9 @@
           "events": [
             {
               "introduced": "2.10.0"
+            },
+            {
+              "fixed": "2.11.0"
             }
           ]
         }
@@ -59,6 +62,10 @@
     {
       "type": "FIX",
       "url": "https://github.com/go-resty/resty/pull/745"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e"
     }
   ],
   "credits": [

diff --git a/data/reports/GO-2023-2328.yaml b/data/reports/GO-2023-2328.yaml
index d0b5473..8d83582 100644
--- a/data/reports/GO-2023-2328.yaml
+++ b/data/reports/GO-2023-2328.yaml

@@ -3,6 +3,7 @@
     - module: github.com/go-resty/resty/v2
       versions:
         - introduced: 2.10.0
+          fixed: 2.11.0
       vulnerable_at: 2.10.0
       packages:
         - package: github.com/go-resty/resty/v2
@@ -41,6 +42,7 @@
     - report: https://github.com/go-resty/resty/issues/743
     - report: https://github.com/go-resty/resty/issues/739
     - fix: https://github.com/go-resty/resty/pull/745
+    - fix: https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e
 cve_metadata:
     id: CVE-2023-45286
     cwe: 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor'