x/vulndb: potential Go vuln in github.com/go-mysql-org/go-mysql: GHSA-rc7v-65v6-m2v3

[GoVulnBot]

Advisory GHSA-rc7v-65v6-m2v3 references a vulnerability in the following Go modules:

Module
github.com/go-mysql-org/go-mysql

Description: Affected by CVE-2021-3538

References:

• ADVISORY: https://github.com/advisories/GHSA-rc7v-65v6-m2v3
• ADVISORY: https://github.com/go-mysql-org/go-mysql/security/advisories/GHSA-rc7v-65v6-m2v3
• WEB: https://github.com/apptainer/sif/security/advisories/GHSA-33m6-q9v5-62r7
• WEB: https://github.com/hpcng/sif/security/advisories/GHSA-33m6-q9v5-62r7

No existing reports found with this module or alias. See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/go-mysql-org/go-mysql
      versions:
        - fixed: 1.5.0
      vulnerable_at: 1.4.0
summary: go-mysql affected by go.uuid's Predictable UUID Identifiers in github.com/go-mysql-org/go-mysql
ghsas:
    - GHSA-rc7v-65v6-m2v3
references:
    - advisory: https://github.com/advisories/GHSA-rc7v-65v6-m2v3
    - advisory: https://github.com/go-mysql-org/go-mysql/security/advisories/GHSA-rc7v-65v6-m2v3
    - web: https://github.com/apptainer/sif/security/advisories/GHSA-33m6-q9v5-62r7
    - web: https://github.com/hpcng/sif/security/advisories/GHSA-33m6-q9v5-62r7
source:
    id: GHSA-rc7v-65v6-m2v3
    created: 2024-10-28T16:01:24.840580531Z
review_status: UNREVIEWED

[zpavlinovic]

The apparent issue is in the dependency (satori uuid).

[gopherbot]

Change https://go.dev/cl/624535 mentions this issue: data/excluded: add GO-2024-3225