vulndb/data/osv/GO-2021-0172.json

{
  "id": "GO-2021-0172",
  "published": "2022-02-15T23:56:14Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2017-1000098"
  ],
  "details": "When parsing large multipart/form-data, an attacker can cause a HTTP server to open a large number of file descriptors. This may be used as a denial-of-service vector.",
  "affected": [
    {
      "package": {
        "name": "stdlib",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.4"
            },
            {
              "introduced": "1.7.0"
            },
            {
              "fixed": "1.7.4"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2021-0172"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "mime/multipart",
            "symbols": [
              "Reader.readForm"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "FIX",
      "url": "https://go.dev/cl/30410"
    },
    {
      "type": "FIX",
      "url": "https://go.googlesource.com/go/+/7478ea5dba7ed02ddffd91c1d17ec8141f7cf184"
    },
    {
      "type": "REPORT",
      "url": "https://go.dev/issue/16296"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ"
    }
  ],
  "credits": [
    {
      "name": "Simon Rawet"
    }
  ]
}
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`{`
			`"id": "GO-2021-0172",`
			`"published": "2022-02-15T23:56:14Z",`
			`"modified": "0001-01-01T00:00:00Z",`
			`"aliases": [`
			`"CVE-2017-1000098"`
			`],`
internal/database, data/osv: trim whitespace characters in OSV description In GenerateOSVEntry, replace all whitespace characters with single spaces except for paragraph breaks represented by "\n\n". Change-Id: Ia03f0b53c94979fada6316be1346df3f48b9fabe Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/439044 Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-10-05 19:05:17 +03:00			`"details": "When parsing large multipart/form-data, an attacker can cause a HTTP server to open a large number of file descriptors. This may be used as a denial-of-service vector.",`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`"affected": [`
			`{`
			`"package": {`
			`"name": "stdlib",`
			`"ecosystem": "Go"`
			`},`
			`"ranges": [`
			`{`
			`"type": "SEMVER",`
			`"events": [`
			`{`
			`"introduced": "0"`
			`},`
			`{`
			`"fixed": "1.6.4"`
			`},`
			`{`
			`"introduced": "1.7.0"`
			`},`
			`{`
			`"fixed": "1.7.4"`
			`}`
			`]`
			`}`
			`],`
			`"database_specific": {`
			`"url": "https://pkg.go.dev/vuln/GO-2021-0172"`
			`},`
			`"ecosystem_specific": {`
			`"imports": [`
			`{`
			`"path": "mime/multipart",`
			`"symbols": [`
			`"Reader.readForm"`
			`]`
			`}`
			`]`
			`}`
			`}`
			`],`
			`"references": [`
			`{`
			`"type": "FIX",`
			`"url": "https://go.dev/cl/30410"`
			`},`
			`{`
			`"type": "FIX",`
			`"url": "https://go.googlesource.com/go/+/7478ea5dba7ed02ddffd91c1d17ec8141f7cf184"`
			`},`
			`{`
			`"type": "REPORT",`
			`"url": "https://go.dev/issue/16296"`
			`},`
			`{`
			`"type": "WEB",`
			`"url": "https://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ"`
			`}`
internal/database: add credits in the osv report - Update `golang.org/x/vuln/osv`. - Output credits in the OSV report from the YAML report. - Update `data/osv` to include `credits`. Fixes golang/go#55956 Change-Id: I8b1a81f33ca7b2832394be316b7d015c8a281220 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/435976 Reviewed-by: Tatiana Bradley <tatiana@golang.org> Auto-Submit: Damien Neil <dneil@google.com> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2022-10-01 17:10:57 +03:00			`],`
			`"credits": [`
			`{`
			`"name": "Simon Rawet"`
			`}`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`]`
			`}`