vulndb/data/osv/GO-2021-0054.json

{
  "id": "GO-2021-0054",
  "published": "2021-04-14T20:04:52Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2020-36067"
  ],
  "details": "Due to improper bounds checking, maliciously crafted JSON objects\ncan cause an out-of-bounds panic. If parsing user input, this may\nbe used as a denial of service vector.\n",
  "affected": [
    {
      "package": {
        "name": "github.com/tidwall/gjson",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.6"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2021-0054"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/tidwall/gjson",
            "symbols": [
              "Result.ForEach",
              "unwrap"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tidwall/gjson/issues/196"
    }
  ],
  "credits": [
    {
      "name": "@toptotu"
    }
  ]
}
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`{`
			`"id": "GO-2021-0054",`
			`"published": "2021-04-14T20:04:52Z",`
			`"modified": "0001-01-01T00:00:00Z",`
			`"aliases": [`
			`"CVE-2020-36067"`
			`],`
			`"details": "Due to improper bounds checking, maliciously crafted JSON objects\ncan cause an out-of-bounds panic. If parsing user input, this may\nbe used as a denial of service vector.\n",`
			`"affected": [`
			`{`
			`"package": {`
			`"name": "github.com/tidwall/gjson",`
			`"ecosystem": "Go"`
			`},`
			`"ranges": [`
			`{`
			`"type": "SEMVER",`
			`"events": [`
			`{`
			`"introduced": "0"`
			`},`
			`{`
			`"fixed": "1.6.6"`
			`}`
			`]`
			`}`
			`],`
			`"database_specific": {`
			`"url": "https://pkg.go.dev/vuln/GO-2021-0054"`
			`},`
			`"ecosystem_specific": {`
			`"imports": [`
			`{`
			`"path": "github.com/tidwall/gjson",`
			`"symbols": [`
			`"Result.ForEach",`
			`"unwrap"`
			`]`
			`}`
			`]`
			`}`
			`}`
			`],`
			`"references": [`
			`{`
			`"type": "FIX",`
			`"url": "https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b"`
			`},`
			`{`
			`"type": "WEB",`
			`"url": "https://github.com/tidwall/gjson/issues/196"`
			`}`
internal/database: add credits in the osv report - Update `golang.org/x/vuln/osv`. - Output credits in the OSV report from the YAML report. - Update `data/osv` to include `credits`. Fixes golang/go#55956 Change-Id: I8b1a81f33ca7b2832394be316b7d015c8a281220 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/435976 Reviewed-by: Tatiana Bradley <tatiana@golang.org> Auto-Submit: Damien Neil <dneil@google.com> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2022-10-01 17:10:57 +03:00			`],`
			`"credits": [`
			`{`
			`"name": "@toptotu"`
			`}`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`]`
			`}`