data/reports: add alias for GO-2020-0049.yaml

Aliases: CVE-2020-36564, GHSA-5x84-q523-vvwr

Updates golang/vulndb#49
Fixes golang/vulndb#1233

Change-Id: I3baa1428f90d71ec24e8e1713178715e03d52adf
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461483
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>

data/osv/GO-2020-0049.json

@@ -3,7 +3,8 @@
   "published": "2021-04-14T20:04:52Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2020-36564"
+    "CVE-2020-36564",
+    "GHSA-5x84-q523-vvwr"
   ],
   "details": "Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.",
   "affected": [

data/reports/GO-2020-0049.yaml

@@ -2,6 +2,7 @@ modules:
   - module: github.com/justinas/nosurf
     versions:
       - fixed: 1.1.1
+    vulnerable_at: 1.1.0
     packages:
       - package: github.com/justinas/nosurf
         symbols:
@@ -14,6 +15,8 @@ description: |
     if the provided expected token is malformed, causing any user supplied token
     to be considered valid.
 published: 2021-04-14T20:04:52Z
+ghsas:
+  - GHSA-5x84-q523-vvwr
 credit: '@aeneasr'
 references:
   - fix: https://github.com/justinas/nosurf/pull/60