x/vulndb: potential Go vuln in github.com/yahoo/athenz: CVE-2019-6035

[tatianab]

CVE-2019-6035 references github.com/yahoo/athenz, which may be a Go module.

Description:
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-6035
• web: https://github.com/yahoo/athenz
• fix: fix UI open redirect vulnerability AthenZ/athenz#700
• web: http://jvn.jp/en/jp/JVN57070811/index.html
• Imported by: https://pkg.go.dev/github.com/yahoo/athenz?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/yahoo/athenz
      vulnerable_at: 1.11.46
      packages:
        - package: Athenz
cves:
    - CVE-2019-6035
references:
    - web: https://github.com/yahoo/athenz
    - fix: https://github.com/yahoo/athenz/pull/700
    - web: http://jvn.jp/en/jp/JVN57070811/index.html

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports