internal/genericosv/testdata/yaml/GHSA-627p-rr78-99rj_UNREVIEWED.yaml - vulndb - Git at Google

 id: GO-ID-PENDING
 modules:
     - module: github.com/concourse/concourse
       non_go_versions:
         - introduced: 6.3.0
         - fixed: 6.3.1
         - introduced: 6.4.0
         - fixed: 6.4.1
       vulnerable_at: 4.2.3+incompatible
     - module: github.com/concourse/dex
       non_go_versions:
         - introduced: 6.3.0
         - fixed: 6.3.1
         - introduced: 6.4.0
         - fixed: 6.4.1
       vulnerable_at: 1.8.0
 summary: |-
     GitLab auth uses full name instead of username as user ID, allowing
     impersonation in github.com/concourse/concourse
 cves:
     - CVE-2020-5415
 ghsas:
     - GHSA-627p-rr78-99rj
 references:
     - advisory: https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-5415
     - web: https://tanzu.vmware.com/security/cve-2020-5415
 source:
     id: GHSA-627p-rr78-99rj
     created: 1999-01-01T00:00:00Z
 review_status: UNREVIEWED
	id: GO-ID-PENDING
	modules:
	- module: github.com/concourse/concourse
	non_go_versions:
	- introduced: 6.3.0
	- fixed: 6.3.1
	- introduced: 6.4.0
	- fixed: 6.4.1
	vulnerable_at: 4.2.3+incompatible
	- module: github.com/concourse/dex
	non_go_versions:
	- introduced: 6.3.0
	- fixed: 6.3.1
	- introduced: 6.4.0
	- fixed: 6.4.1
	vulnerable_at: 1.8.0
	summary: \|-
	GitLab auth uses full name instead of username as user ID, allowing
	impersonation in github.com/concourse/concourse
	cves:
	- CVE-2020-5415
	ghsas:
	- GHSA-627p-rr78-99rj
	references:
	- advisory: https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-5415
	- web: https://tanzu.vmware.com/security/cve-2020-5415
	source:
	id: GHSA-627p-rr78-99rj
	created: 1999-01-01T00:00:00Z
	review_status: UNREVIEWED