data/reports: update 2 reports

Add GHSAs for reports we created. - data/reports/GO-2024-2567.yaml - data/reports/GO-2024-2883.yaml Updates #2567 Updates #2883 Fixes #2976 Fixes #2975 Change-Id: I4c4a975148abd1e81fd75dd2d74c8e9951f568b1 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/597156 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Tim King <taking@google.com>
golang · Jul 9, 2024 · 002e9e9 · 002e9e9
1 parent 7c2244f
commit 002e9e9
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 0 deletions.
diff --git a/data/osv/GO-2024-2567.json b/data/osv/GO-2024-2567.json
@@ -3,6 +3,9 @@
   "id": "GO-2024-2567",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-fqpg-rq76-99pq"
+  ],
   "summary": "Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx",
   "details": "Pipeline can panic when PgConn is busy or closed.",
   "affected": [

diff --git a/data/osv/GO-2024-2883.json b/data/osv/GO-2024-2883.json
@@ -3,6 +3,9 @@
   "id": "GO-2024-2883",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-mh55-gqvf-xfwm"
+  ],
   "summary": "Denial of service via malicious preflight requests in github.com/rs/cors",
   "details": "Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.",
   "affected": [

diff --git a/data/reports/GO-2024-2567.yaml b/data/reports/GO-2024-2567.yaml
@@ -11,6 +11,8 @@ modules:
             - Pipeline.Sync
 summary: Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
 description: Pipeline can panic when PgConn is busy or closed.
+ghsas:
+    - GHSA-fqpg-rq76-99pq
 references:
     - fix: https://github.com/jackc/pgx/commit/dfd198003a03dbb96e4607b0d3a0bb9a7398ccb7
 source:

diff --git a/data/reports/GO-2024-2883.yaml b/data/reports/GO-2024-2883.yaml
@@ -24,6 +24,8 @@ description: |-
     (ACRH) header whose value contains many commas. This behavior can be abused by
     attackers to produce undue load on the middleware/server as an attempt to cause
     a denial of service.
+ghsas:
+    - GHSA-mh55-gqvf-xfwm
 credits:
     - '@jub0bs'
 references: