data: add some missing GHSAs
Change-Id: I24b94c796e9f2b8b934465ec9ac377ffeb7cc1c2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/497636
Reviewed-by: Maceo Thompson <maceothompson@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/excluded/GO-2023-1689.yaml b/data/excluded/GO-2023-1689.yaml
index 7f32b65..67b6c61 100644
--- a/data/excluded/GO-2023-1689.yaml
+++ b/data/excluded/GO-2023-1689.yaml
@@ -3,3 +3,5 @@
- module: github.com/etcd-io/etcd
cves:
- CVE-2021-28235
+ghsas:
+ - GHSA-gmph-wf7j-9gcm
diff --git a/data/excluded/GO-2023-1761.yaml b/data/excluded/GO-2023-1761.yaml
index 737f13b..3c0f343 100644
--- a/data/excluded/GO-2023-1761.yaml
+++ b/data/excluded/GO-2023-1761.yaml
@@ -3,3 +3,5 @@
- module: github.com/imgproxy/imgproxy
cves:
- CVE-2023-30019
+ghsas:
+ - GHSA-9x7h-ggc3-xg47
diff --git a/data/excluded/GO-2023-1763.yaml b/data/excluded/GO-2023-1763.yaml
index dcee045..5ab5323 100644
--- a/data/excluded/GO-2023-1763.yaml
+++ b/data/excluded/GO-2023-1763.yaml
@@ -3,3 +3,5 @@
- module: github.com/fluid-cloudnative/fluid
cves:
- CVE-2023-30840
+ghsas:
+ - GHSA-93xx-cvmc-9w3v
diff --git a/data/osv/GO-2022-0244.json b/data/osv/GO-2022-0244.json
index abefd4a..80acd85 100644
--- a/data/osv/GO-2022-0244.json
+++ b/data/osv/GO-2022-0244.json
@@ -4,7 +4,8 @@
"modified": "0001-01-01T00:00:00Z",
"published": "2022-07-15T23:06:26Z",
"aliases": [
- "CVE-2021-3538"
+ "CVE-2021-3538",
+ "GHSA-33m6-q9v5-62r7"
],
"details": "Random data used to create UUIDs can contain zeros, resulting in predictable UUIDs and possible collisions.",
"affected": [
diff --git a/data/osv/GO-2023-1737.json b/data/osv/GO-2023-1737.json
index 0633f51..5b3339d 100644
--- a/data/osv/GO-2023-1737.json
+++ b/data/osv/GO-2023-1737.json
@@ -4,7 +4,8 @@
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
- "CVE-2023-29401"
+ "CVE-2023-29401",
+ "GHSA-2c4m-59x9-fr2g"
],
"details": "The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of \"setup.bat\u0026quot;;x=.txt\" will be sent as a file named \"setup.bat\".\n\nIf the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.",
"affected": [
diff --git a/data/reports/GO-2022-0244.yaml b/data/reports/GO-2022-0244.yaml
index b1f949d..2cf72bd 100644
--- a/data/reports/GO-2022-0244.yaml
+++ b/data/reports/GO-2022-0244.yaml
@@ -23,6 +23,8 @@
published: 2022-07-15T23:06:26Z
cves:
- CVE-2021-3538
+ghsas:
+ - GHSA-33m6-q9v5-62r7
credits:
- '@josselin-c'
references:
diff --git a/data/reports/GO-2023-1737.yaml b/data/reports/GO-2023-1737.yaml
index a9939ab..6a0a20b 100644
--- a/data/reports/GO-2023-1737.yaml
+++ b/data/reports/GO-2023-1737.yaml
@@ -20,6 +20,8 @@
untrusted source, this may permit an attacker to cause a file to
be served with a name different than provided. Maliciously crafted
attachment file name can modify the Content-Disposition header.
+ghsas:
+ - GHSA-2c4m-59x9-fr2g
credits:
- motoyasu-saburi
references:
