Google Git
Sign in
go / vulndb / c1bba611763631f2aae0938db7686975631054b2^! / .
commitc1bba611763631f2aae0938db7686975631054b2[log] [tgz]
authorNeal Patel <nealpatel@google.com>Wed Jun 11 13:22:09 2025 -0400
committerNeal Patel <nealpatel@google.com>Thu Jun 12 07:09:57 2025 -0700
tree88b64d07b102137f8c4a580cf1f46b8bf02976d6
parentd7ec7804f21801aa27b82331acb9b7618fb4245a [diff]
data/reports: review GO-2025-3683

  - data/reports/GO-2025-3683.yaml

Fixes golang/vulndb#3683

Change-Id: I2f0a1b842b8f7fea756b2ec7cf05bbd3ccb4e290
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/681015
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

diff --git a/data/osv/GO-2025-3683.json b/data/osv/GO-2025-3683.json
index d674e8b..3846e47 100644
--- a/data/osv/GO-2025-3683.json
+++ b/data/osv/GO-2025-3683.json

@@ -7,8 +7,8 @@
     "CVE-2025-46721",
     "GHSA-w9hf-35q4-vcjw"
   ],
-  "summary": "nosurf vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf",
-  "details": "nosurf vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf",
+  "summary": "Vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf",
+  "details": "Vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf",
   "affected": [
     {
       "package": {
@@ -48,10 +48,6 @@
       "url": "https://github.com/justinas/nosurf/security/advisories/GHSA-w9hf-35q4-vcjw"
     },
     {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46721"
-    },
-    {
       "type": "FIX",
       "url": "https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee"
     },
@@ -70,6 +66,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2025-3683",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
\ No newline at end of file

diff --git a/data/reports/GO-2025-3683.yaml b/data/reports/GO-2025-3683.yaml
index ff54b5b..2eeaf91 100644
--- a/data/reports/GO-2025-3683.yaml
+++ b/data/reports/GO-2025-3683.yaml

@@ -11,14 +11,15 @@
             - CSRFHandler.ServeHTTP
           derived_symbols:
             - NewPure
-summary: nosurf vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf
+summary: |-
+    Vulnerable to CSRF due to non-functional same-origin request checks in
+    github.com/justinas/nosurf
 cves:
     - CVE-2025-46721
 ghsas:
     - GHSA-w9hf-35q4-vcjw
 references:
     - advisory: https://github.com/justinas/nosurf/security/advisories/GHSA-w9hf-35q4-vcjw
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-46721
     - fix: https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee
     - web: https://github.com/advisories/GHSA-rq77-p4h8-4crw
     - web: https://github.com/justinas/nosurf-cve-2025-46721
@@ -26,4 +27,4 @@
 source:
     id: GHSA-w9hf-35q4-vcjw
     created: 2025-05-15T14:37:40.720845-04:00
-review_status: NEEDS_REVIEW
+review_status: REVIEWED