data/reports: update GO-2023-2328.yaml
Add fixed version and fix commit.
Aliases: CVE-2023-45286, GHSA-xwh9-gc39-5298
Updates golang/vulndb#2328
Updates golang/vulndb#2427
Change-Id: Ia8373db660975a01f455d2b60d5e1d9f73a2c30b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/554155
Reviewed-by: Tim King <taking@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/cve/v5/GO-2023-2328.json b/data/cve/v5/GO-2023-2328.json
index 5679738..80db7bb 100644
--- a/data/cve/v5/GO-2023-2328.json
+++ b/data/cve/v5/GO-2023-2328.json
@@ -24,9 +24,9 @@
"packageName": "github.com/go-resty/resty/v2",
"versions": [
{
- "version": "0",
- "lessThan": "2.10.0",
- "status": "unaffected",
+ "version": "2.10.0",
+ "lessThan": "2.11.0",
+ "status": "affected",
"versionType": "semver"
}
],
@@ -65,7 +65,7 @@
"name": "Request.Send"
}
],
- "defaultStatus": "affected"
+ "defaultStatus": "unaffected"
}
],
"problemTypes": [
@@ -89,6 +89,9 @@
"url": "https://github.com/go-resty/resty/pull/745"
},
{
+ "url": "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e"
+ },
+ {
"url": "https://pkg.go.dev/vuln/GO-2023-2328"
}
],
diff --git a/data/osv/GO-2023-2328.json b/data/osv/GO-2023-2328.json
index f9287f0..3c6d464 100644
--- a/data/osv/GO-2023-2328.json
+++ b/data/osv/GO-2023-2328.json
@@ -21,6 +21,9 @@
"events": [
{
"introduced": "2.10.0"
+ },
+ {
+ "fixed": "2.11.0"
}
]
}
@@ -59,6 +62,10 @@
{
"type": "FIX",
"url": "https://github.com/go-resty/resty/pull/745"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e"
}
],
"credits": [
diff --git a/data/reports/GO-2023-2328.yaml b/data/reports/GO-2023-2328.yaml
index d0b5473..8d83582 100644
--- a/data/reports/GO-2023-2328.yaml
+++ b/data/reports/GO-2023-2328.yaml
@@ -3,6 +3,7 @@
- module: github.com/go-resty/resty/v2
versions:
- introduced: 2.10.0
+ fixed: 2.11.0
vulnerable_at: 2.10.0
packages:
- package: github.com/go-resty/resty/v2
@@ -41,6 +42,7 @@
- report: https://github.com/go-resty/resty/issues/743
- report: https://github.com/go-resty/resty/issues/739
- fix: https://github.com/go-resty/resty/pull/745
+ - fix: https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e
cve_metadata:
id: CVE-2023-45286
cwe: 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor'