Skip to content

Commit 42c71d8

Browse files
committed
data/reports: update GO-2023-1737.yaml
Add fixed version. Updates #1737 Fixes #1810 Change-Id: I0e4f5224c2dfe2bac98a389c25ac526cfd06d36f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/499895 Run-TryBot: Tatiana Bradley <[email protected]> Reviewed-by: Zvonimir Pavlinovic <[email protected]> TryBot-Result: Gopher Robot <[email protected]>
1 parent 3ffc445 commit 42c71d8

File tree

3 files changed

+25
-13
lines changed

3 files changed

+25
-13
lines changed

data/cve/v5/GO-2023-1737.json

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
"versions": [
2525
{
2626
"version": "1.3.1-0.20190301021747-ccb9e902956d",
27-
"lessThan": "",
27+
"lessThan": "1.9.1",
2828
"status": "affected",
2929
"versionType": "semver"
3030
}
@@ -54,6 +54,9 @@
5454
{
5555
"url": "https://github.com/gin-gonic/gin/pull/3556"
5656
},
57+
{
58+
"url": "https://github.com/gin-gonic/gin/releases/tag/v1.9.1"
59+
},
5760
{
5861
"url": "https://pkg.go.dev/vuln/GO-2023-1737"
5962
}

data/osv/GO-2023-1737.json

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,9 @@
2020
"events": [
2121
{
2222
"introduced": "1.3.1-0.20190301021747-ccb9e902956d"
23+
},
24+
{
25+
"fixed": "1.9.1"
2326
}
2427
]
2528
}
@@ -44,6 +47,10 @@
4447
{
4548
"type": "FIX",
4649
"url": "https://github.com/gin-gonic/gin/pull/3556"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/gin-gonic/gin/releases/tag/v1.9.1"
4754
}
4855
],
4956
"credits": [

data/reports/GO-2023-1737.yaml

Lines changed: 14 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,14 @@
11
id: GO-2023-1737
22
modules:
3-
- module: github.com/gin-gonic/gin
4-
versions:
5-
- introduced: 1.3.1-0.20190301021747-ccb9e902956d
6-
vulnerable_at: 1.9.0
7-
packages:
8-
- package: github.com/gin-gonic/gin
9-
symbols:
10-
- Context.FileAttachment
3+
- module: github.com/gin-gonic/gin
4+
versions:
5+
- introduced: 1.3.1-0.20190301021747-ccb9e902956d
6+
fixed: 1.9.1
7+
vulnerable_at: 1.9.0
8+
packages:
9+
- package: github.com/gin-gonic/gin
10+
symbols:
11+
- Context.FileAttachment
1112
summary: Improper handling of file names in Content-Disposition HTTP header
1213
description: |
1314
The filename parameter of the Context.FileAttachment function is
@@ -22,12 +23,13 @@ description: |
2223
be served with a name different than provided. Maliciously crafted
2324
attachment file name can modify the Content-Disposition header.
2425
ghsas:
25-
- GHSA-2c4m-59x9-fr2g
26+
- GHSA-2c4m-59x9-fr2g
2627
credits:
27-
- motoyasu-saburi
28+
- motoyasu-saburi
2829
references:
29-
- report: https://github.com/gin-gonic/gin/issues/3555
30-
- fix: https://github.com/gin-gonic/gin/pull/3556
30+
- report: https://github.com/gin-gonic/gin/issues/3555
31+
- fix: https://github.com/gin-gonic/gin/pull/3556
32+
- web: https://github.com/gin-gonic/gin/releases/tag/v1.9.1
3133
cve_metadata:
3234
id: CVE-2023-29401
3335
cwe: 'CWE 20: Improper Input Validation'

0 commit comments

Comments
 (0)