vulndb/data/osv/GO-2020-0045.json

{
  "id": "GO-2020-0045",
  "published": "2021-04-14T20:04:52Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2016-15005",
    "GHSA-q9qr-jwpw-3qvv"
  ],
  "details": "CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.",
  "affected": [
    {
      "package": {
        "name": "github.com/dinever/golf",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.0"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2020-0045"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/dinever/golf",
            "symbols": [
              "Context.Render",
              "Context.RenderFromString",
              "randomBytes"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/dinever/golf/pull/24"
    },
    {
      "type": "FIX",
      "url": "https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/dinever/golf/issues/20"
    }
  ],
  "credits": [
    {
      "name": "@elithrar"
    }
  ],
  "schema_version": "1.3.1"
}
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`{`
			`"id": "GO-2020-0045",`
			`"published": "2021-04-14T20:04:52Z",`
			`"modified": "0001-01-01T00:00:00Z",`
			`"aliases": [`
data/reports: add alias for GO-2020-0045.yaml Aliases: CVE-2016-15005, GHSA-q9qr-jwpw-3qvv Updates golang/vulndb#45 Fixes golang/vulndb#1242 Change-Id: I355ee475b495a51804e5dc1de34842fa5cb69066 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461478 Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2023-01-11 00:59:16 +03:00			`"CVE-2016-15005",`
			`"GHSA-q9qr-jwpw-3qvv"`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`],`
data/reports: add alias for GO-2020-0045.yaml Aliases: CVE-2016-15005, GHSA-q9qr-jwpw-3qvv Updates golang/vulndb#45 Fixes golang/vulndb#1242 Change-Id: I355ee475b495a51804e5dc1de34842fa5cb69066 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461478 Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2023-01-11 00:59:16 +03:00			`"details": "CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.",`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`"affected": [`
			`{`
			`"package": {`
			`"name": "github.com/dinever/golf",`
			`"ecosystem": "Go"`
			`},`
			`"ranges": [`
			`{`
			`"type": "SEMVER",`
			`"events": [`
			`{`
			`"introduced": "0"`
			`},`
			`{`
			`"fixed": "0.3.0"`
			`}`
			`]`
			`}`
			`],`
			`"database_specific": {`
			`"url": "https://pkg.go.dev/vuln/GO-2020-0045"`
			`},`
			`"ecosystem_specific": {`
			`"imports": [`
			`{`
			`"path": "github.com/dinever/golf",`
			`"symbols": [`
			`"Context.Render",`
			`"Context.RenderFromString",`
			`"randomBytes"`
			`]`
			`}`
			`]`
			`}`
			`}`
			`],`
			`"references": [`
			`{`
			`"type": "FIX",`
			`"url": "https://github.com/dinever/golf/pull/24"`
			`},`
			`{`
			`"type": "FIX",`
			`"url": "https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe"`
			`},`
			`{`
data/reports: add alias for GO-2020-0045.yaml Aliases: CVE-2016-15005, GHSA-q9qr-jwpw-3qvv Updates golang/vulndb#45 Fixes golang/vulndb#1242 Change-Id: I355ee475b495a51804e5dc1de34842fa5cb69066 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461478 Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2023-01-11 00:59:16 +03:00			`"type": "REPORT",`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`"url": "https://github.com/dinever/golf/issues/20"`
			`}`
internal/database: add credits in the osv report - Update `golang.org/x/vuln/osv`. - Output credits in the OSV report from the YAML report. - Update `data/osv` to include `credits`. Fixes golang/go#55956 Change-Id: I8b1a81f33ca7b2832394be316b7d015c8a281220 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/435976 Reviewed-by: Tatiana Bradley <tatiana@golang.org> Auto-Submit: Damien Neil <dneil@google.com> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2022-10-01 17:10:57 +03:00			`],`
			`"credits": [`
			`{`
			`"name": "@elithrar"`
			`}`
internal/report, data/osv: populate schema_version field in osv entries The vulnreport osv command now populates all generated osvs with the current schema version (1.3.1). This CL also updates all previous OSV entries to also have the current schema version. Change-Id: Ie95c91aae0ee623bbf50ff047190a0bbe59893d9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/452440 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Maceo Thompson <maceothompson@google.com> 2022-11-21 21:47:08 +03:00			`],`
			`"schema_version": "1.3.1"`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`}`