data/reports: add alias for GO-2021-0107.yaml
Aliases: CVE-2021-4236, GHSA-5gjg-jgh4-gppm, GHSA-jpgg-cp2x-qrw3
Updates golang/vulndb#107
Fixes golang/vulndb#1274
Change-Id: I38cce3acbddbe420449e9df7c804d0a1159b86ff
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461444
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/data/osv/GO-2021-0107.json b/data/osv/GO-2021-0107.json
index 44a056a..3eeb8ba 100644
--- a/data/osv/GO-2021-0107.json
+++ b/data/osv/GO-2021-0107.json
@@ -4,7 +4,8 @@
"modified": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2021-4236",
- "GHSA-5gjg-jgh4-gppm"
+ "GHSA-5gjg-jgh4-gppm",
+ "GHSA-jpgg-cp2x-qrw3"
],
"details": "Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass.\n\nThis issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.",
"affected": [
diff --git a/data/reports/GO-2021-0107.yaml b/data/reports/GO-2021-0107.yaml
index e0afe9c..9fd02e4 100644
--- a/data/reports/GO-2021-0107.yaml
+++ b/data/reports/GO-2021-0107.yaml
@@ -21,6 +21,7 @@
published: 2021-07-28T18:08:05Z
ghsas:
- GHSA-5gjg-jgh4-gppm
+ - GHSA-jpgg-cp2x-qrw3
references:
- fix: https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f
cve_metadata:
