From 3d42cf3203ca5258d2c80db9f77e0e0d3a3c76ed Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Tue, 7 Feb 2023 19:30:28 +0000 Subject: [PATCH] data/reports: add GHSA to GO-2021-0094.yaml Aliases: CVE-2020-29529, GHSA-2g5j-5x95-r6hr Updates golang/vulndb#94 Change-Id: I87c8fec4db7e920b2335ffb56e9851b1f7bd9a34 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466142 Reviewed-by: Tim King Auto-Submit: Tatiana Bradley Run-TryBot: Tatiana Bradley TryBot-Result: Gopher Robot --- data/osv/GO-2021-0094.json | 3 ++- data/reports/GO-2021-0094.yaml | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/data/osv/GO-2021-0094.json b/data/osv/GO-2021-0094.json index d18f001d..6d860368 100644 --- a/data/osv/GO-2021-0094.json +++ b/data/osv/GO-2021-0094.json @@ -3,7 +3,8 @@ "published": "2021-04-14T20:04:52Z", "modified": "0001-01-01T00:00:00Z", "aliases": [ - "CVE-2020-29529" + "CVE-2020-29529", + "GHSA-2g5j-5x95-r6hr" ], "details": "Protections against directory traversal during archive extraction can be bypassed by chaining multiple symbolic links within the archive. This allows a malicious attacker to cause files to be created outside of the target directory. Additionally if the attacker is able to read extracted files they may create symbolic links to arbitrary files on the system which the unpacker has permissions to read.", "affected": [ diff --git a/data/reports/GO-2021-0094.yaml b/data/reports/GO-2021-0094.yaml index 3b59e255..0d7d3faa 100644 --- a/data/reports/GO-2021-0094.yaml +++ b/data/reports/GO-2021-0094.yaml @@ -17,6 +17,8 @@ description: | published: 2021-04-14T20:04:52Z cves: - CVE-2020-29529 +ghsas: + - GHSA-2g5j-5x95-r6hr references: - fix: https://github.com/hashicorp/go-slug/pull/12 - fix: https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f