reports: fix typos and remove markdown
This CL covers the range 2021-0046 to 2021-0079.
Trust: Jonathan Amsterdam <firstname.lastname@example.org>
Run-TryBot: Jonathan Amsterdam <email@example.com>
TryBot-Result: Gopher Robot <firstname.lastname@example.org>
Reviewed-by: Julie Qiu <email@example.com>
diff --git a/reports/GO-2020-0048.yaml b/reports/GO-2020-0048.yaml
index cc2e11d..8e52b06 100644
@@ -2,7 +2,7 @@
- fixed: v1.3.1
- [`LoadURL`] does not check the Content-Type of loaded resources,
+ LoadURL does not check the Content-Type of loaded resources,
which can cause a panic due to nil pointer deference if the loaded
resource is not XML. If user supplied URLs are loaded, this may be
used as a denial of service vector.
diff --git a/reports/GO-2021-0051.yaml b/reports/GO-2021-0051.yaml
index 390d43b..22c9f8a 100644
@@ -2,7 +2,7 @@
- fixed: v4.1.18-0.20201215153152-4422e3b66b9f
- Due to improper santization of user input on Windows, the static file handler
+ Due to improper sanitization of user input on Windows, the static file handler
allows for directory traversal, allowing an attacker to read files outside of
the target directory that the server has permission to read.
credit: "@little-cui (Apache ServiceComb)"
diff --git a/reports/GO-2021-0070.yaml b/reports/GO-2021-0070.yaml
index 4575ce2..46e3605 100644
@@ -4,9 +4,9 @@
- fixed: v0.1.0
GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
- improperly interpred numeric UIDs as usernames. If the method is used without
- verify usernames are formatted as expected, it may allow a user to gain unexpected
+ improperly interpret numeric UIDs as usernames. If the method is used without
+ verifying that usernames are formatted as expected, it may allow a user to
+ gain unexpected privileges.