Skip to content

Commit 002e9e9

Browse files
tatianabtatianab
committed
data/reports: update 2 reports
Add GHSAs for reports we created. - data/reports/GO-2024-2567.yaml - data/reports/GO-2024-2883.yaml Updates #2567 Updates #2883 Fixes #2976 Fixes #2975 Change-Id: I4c4a975148abd1e81fd75dd2d74c8e9951f568b1 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/597156 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Tim King <[email protected]>
1 parent 7c2244f commit 002e9e9

File tree

4 files changed

+10
-0
lines changed

4 files changed

+10
-0
lines changed

data/osv/GO-2024-2567.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@
33
"id": "GO-2024-2567",
44
"modified": "0001-01-01T00:00:00Z",
55
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"GHSA-fqpg-rq76-99pq"
8+
],
69
"summary": "Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx",
710
"details": "Pipeline can panic when PgConn is busy or closed.",
811
"affected": [

data/osv/GO-2024-2883.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@
33
"id": "GO-2024-2883",
44
"modified": "0001-01-01T00:00:00Z",
55
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"GHSA-mh55-gqvf-xfwm"
8+
],
69
"summary": "Denial of service via malicious preflight requests in github.com/rs/cors",
710
"details": "Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.",
811
"affected": [

data/reports/GO-2024-2567.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,8 @@ modules:
1111
- Pipeline.Sync
1212
summary: Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
1313
description: Pipeline can panic when PgConn is busy or closed.
14+
ghsas:
15+
- GHSA-fqpg-rq76-99pq
1416
references:
1517
- fix: https://github.com/jackc/pgx/commit/dfd198003a03dbb96e4607b0d3a0bb9a7398ccb7
1618
source:

data/reports/GO-2024-2883.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@ description: |-
2424
(ACRH) header whose value contains many commas. This behavior can be abused by
2525
attackers to produce undue load on the middleware/server as an attempt to cause
2626
a denial of service.
27+
ghsas:
28+
- GHSA-mh55-gqvf-xfwm
2729
credits:
2830
- '@jub0bs'
2931
references:

0 commit comments

Comments
 (0)