data/reports: update GO-2023-1737.yaml

Add fixed version. Updates golang/vulndb#1737 Fixes golang/vulndb#1810 Change-Id: I0e4f5224c2dfe2bac98a389c25ac526cfd06d36f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/499895 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
2023-06-01 10:06:26 -04:00 · 2023-06-01 10:06:26 -04:00 · 42c71d8ab3
--- a/data/cve/v5/GO-2023-1737.json
+++ b/data/cve/v5/GO-2023-1737.json
@ -24,7 +24,7 @@
          "versions": [
            {
              "version": "1.3.1-0.20190301021747-ccb9e902956d",
-              "lessThan": "",
+              "lessThan": "1.9.1",
              "status": "affected",
              "versionType": "semver"
            }
@ -54,6 +54,9 @@
        {
          "url": "https://github.com/gin-gonic/gin/pull/3556"
        },
+        {
+          "url": "https://github.com/gin-gonic/gin/releases/tag/v1.9.1"
+        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1737"
        }
--- a/data/osv/GO-2023-1737.json
+++ b/data/osv/GO-2023-1737.json
@ -20,6 +20,9 @@
          "events": [
            {
              "introduced": "1.3.1-0.20190301021747-ccb9e902956d"
+            },
+            {
+              "fixed": "1.9.1"
            }
          ]
        }
@ -44,6 +47,10 @@
    {
      "type": "FIX",
      "url": "https://github.com/gin-gonic/gin/pull/3556"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/gin-gonic/gin/releases/tag/v1.9.1"
    }
  ],
  "credits": [
--- a/data/reports/GO-2023-1737.yaml
+++ b/data/reports/GO-2023-1737.yaml
@ -1,13 +1,14 @@
 id: GO-2023-1737
 modules:
-  - module: github.com/gin-gonic/gin
-    versions:
-      - introduced: 1.3.1-0.20190301021747-ccb9e902956d
-    vulnerable_at: 1.9.0
-    packages:
-      - package: github.com/gin-gonic/gin
-        symbols:
-          - Context.FileAttachment
+    - module: github.com/gin-gonic/gin
+      versions:
+        - introduced: 1.3.1-0.20190301021747-ccb9e902956d
+          fixed: 1.9.1
+      vulnerable_at: 1.9.0
+      packages:
+        - package: github.com/gin-gonic/gin
+          symbols:
+            - Context.FileAttachment
 summary: Improper handling of file names in Content-Disposition HTTP header
 description: |
    The filename parameter of the Context.FileAttachment function is
@ -22,12 +23,13 @@ description: |
    be served with a name different than provided. Maliciously crafted
    attachment file name can modify the Content-Disposition header.
 ghsas:
-  - GHSA-2c4m-59x9-fr2g
+    - GHSA-2c4m-59x9-fr2g
 credits:
-  - motoyasu-saburi
+    - motoyasu-saburi
 references:
-  - report: https://github.com/gin-gonic/gin/issues/3555
-  - fix: https://github.com/gin-gonic/gin/pull/3556
+    - report: https://github.com/gin-gonic/gin/issues/3555
+    - fix: https://github.com/gin-gonic/gin/pull/3556
+    - web: https://github.com/gin-gonic/gin/releases/tag/v1.9.1
 cve_metadata:
    id: CVE-2023-29401
    cwe: 'CWE 20: Improper Input Validation'