data/reports: add vulnerable_at to GO-2021-0237.yaml
Aliases: CVE-2021-32721, GHSA-mj9r-wwm8-7q52
Updates golang/vulndb#237
Change-Id: I964cb407244c5b7b41b369400ff5ef0b15e32f7f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/463676
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2021-0237.json b/data/osv/GO-2021-0237.json
index e3f3cd9..5e771e3 100644
--- a/data/osv/GO-2021-0237.json
+++ b/data/osv/GO-2021-0237.json
@@ -34,7 +34,10 @@
{
"path": "github.com/AndrewBurian/powermux",
"symbols": [
- "Route.execute"
+ "Route.execute",
+ "ServeMux.Handler",
+ "ServeMux.HandlerAndMiddleware",
+ "ServeMux.ServeHTTP"
]
}
]
diff --git a/data/reports/GO-2021-0237.yaml b/data/reports/GO-2021-0237.yaml
index b4b6d17..5c160f7 100644
--- a/data/reports/GO-2021-0237.yaml
+++ b/data/reports/GO-2021-0237.yaml
@@ -2,10 +2,15 @@
- module: github.com/AndrewBurian/powermux
versions:
- fixed: 1.1.1
+ vulnerable_at: 1.1.0
packages:
- package: github.com/AndrewBurian/powermux
symbols:
- Route.execute
+ derived_symbols:
+ - ServeMux.Handler
+ - ServeMux.HandlerAndMiddleware
+ - ServeMux.ServeHTTP
description: |
Attackers may be able to craft phishing links and other open
redirects by exploiting PowerMux's trailing slash redirection