data/reports: add vulnerable_at to GO-2021-0238.yaml
Aliases: CVE-2021-33194
Updates golang/vulndb#238
Change-Id: I63ad9814791f782d90c2f1e0fad0df235e68456a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/463677
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
diff --git a/data/osv/GO-2021-0238.json b/data/osv/GO-2021-0238.json
index 12be8b3..be48a68 100644
--- a/data/osv/GO-2021-0238.json
+++ b/data/osv/GO-2021-0238.json
@@ -33,6 +33,10 @@
{
"path": "golang.org/x/net/html",
"symbols": [
+ "Parse",
+ "ParseFragment",
+ "ParseFragmentWithOptions",
+ "ParseWithOptions",
"inHeadIM"
]
}
diff --git a/data/reports/GO-2021-0238.yaml b/data/reports/GO-2021-0238.yaml
index 2a1cdce..f0ca1ef 100644
--- a/data/reports/GO-2021-0238.yaml
+++ b/data/reports/GO-2021-0238.yaml
@@ -2,10 +2,16 @@
- module: golang.org/x/net
versions:
- fixed: 0.0.0-20210520170846-37e1c6afe023
+ vulnerable_at: 0.0.0-20210510120150-4163338589ed
packages:
- package: golang.org/x/net/html
symbols:
- inHeadIM
+ derived_symbols:
+ - Parse
+ - ParseFragment
+ - ParseFragmentWithOptions
+ - ParseWithOptions
description: |
An attacker can craft an input to ParseFragment that causes it
to enter an infinite loop and never return.