data/reports: review GO-2025-3683

thatnealpatel · thatnealpatel · commit c1bba6117636 · 2025-06-12T07:09:57.000-07:00
- data/reports/GO-2025-3683.yaml Fixes #3683 Change-Id: I2f0a1b842b8f7fea756b2ec7cf05bbd3ccb4e290 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/681015 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/osv/GO-2025-3683.json b/data/osv/GO-2025-3683.json
@@ -7,8 +7,8 @@
     "CVE-2025-46721",
     "GHSA-w9hf-35q4-vcjw"
   ],
-  "summary": "nosurf vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf",
-  "details": "nosurf vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf",
+  "summary": "Vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf",
+  "details": "Vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf",
   "affected": [
     {
       "package": {
@@ -47,10 +47,6 @@
       "type": "ADVISORY",
       "url": "https://github.com/justinas/nosurf/security/advisories/GHSA-w9hf-35q4-vcjw"
     },
-    {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46721"
-    },
     {
       "type": "FIX",
       "url": "https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee"
@@ -70,6 +66,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2025-3683",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
diff --git a/data/reports/GO-2025-3683.yaml b/data/reports/GO-2025-3683.yaml
@@ -11,19 +11,20 @@ modules:
             - CSRFHandler.ServeHTTP
           derived_symbols:
             - NewPure
-summary: nosurf vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf
+summary: |-
+    Vulnerable to CSRF due to non-functional same-origin request checks in
+    github.com/justinas/nosurf
 cves:
     - CVE-2025-46721
 ghsas:
     - GHSA-w9hf-35q4-vcjw
 references:
     - advisory: https://github.com/justinas/nosurf/security/advisories/GHSA-w9hf-35q4-vcjw
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-46721
     - fix: https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee
     - web: https://github.com/advisories/GHSA-rq77-p4h8-4crw
     - web: https://github.com/justinas/nosurf-cve-2025-46721
     - web: https://github.com/justinas/nosurf/releases/tag/v1.2.0
 source:
     id: GHSA-w9hf-35q4-vcjw
     created: 2025-05-15T14:37:40.720845-04:00
-review_status: NEEDS_REVIEW
+review_status: REVIEWED
