search

golang / vulndb

[mirror] The Go Vulnerability Database
Other
562 stars 60 forks source link

x/vulndb: suggestion regarding GO-2022-0578 #3115

Closed gannett-ggreer closed 1 month ago

gannett-ggreer commented 1 month ago

Report ID

GO-2022-0578

Suggestion/Comment

The GHSA and CVE say this vulnerability was only from v1.8.0 to v1.8.4 but govulncheck is applying this to every version, even the current one. Commit 89edd0b912c77b71696e8f30156c58b74e191dde had it correct in data/reports/GO-2022-0578.yaml but incorrect in data/osv/GO-2022-0578.json.

(Additionally, we're only using this Vault package as a client and not as a server with the Google Secrets engine so it triggering at all is unfortunate.)

gopherbot commented 1 month ago

Change https://go.dev/cl/610798 mentions this issue: data/reports: update GO-2022-0578