golang.org/x/tools/gopls@v0.15.3/internal/vulncheck/vulntest/testdata/GO-2020-0001.json

golang.org/x/tools/gopls@v0.15.3/internal/vulncheck/vulntest/testdata/GO-2020-0001.json (about)

     1  {
     2  	"id": "GO-2020-0001",
     3  	"modified": "0001-01-01T00:00:00Z",
     4  	"published": "0001-01-01T00:00:00Z",
     5  	"details": "The default Formatter for the Logger middleware (LoggerConfig.Formatter),\nwhich is included in the Default engine, allows attackers to inject arbitrary\nlog entries by manipulating the request path.\n",
     6  	"affected": [
     7  		{
     8  			"package": {
     9  				"name": "github.com/gin-gonic/gin",
    10  				"ecosystem": "Go"
    11  			},
    12  			"ranges": [
    13  				{
    14  					"type": "SEMVER",
    15  					"events": [
    16  						{
    17  							"introduced": "0"
    18  						},
    19  						{
    20  							"fixed": "1.6.0"
    21  						}
    22  					]
    23  				}
    24  			],
    25  			"ecosystem_specific": {
    26  				"imports": [
    27  					{
    28  						"path": "github.com/gin-gonic/gin",
    29  						"symbols": [
    30  							"defaultLogFormatter"
    31  						]
    32  					}
    33  				]
    34  			}
    35  		}
    36  	],
    37  	"references": [
    38  		{
    39  			"type": "FIX",
    40  			"url": "https://github.com/gin-gonic/gin/pull/1234"
    41  		},
    42  		{
    43  			"type": "FIX",
    44  			"url": "https://github.com/gin-gonic/gin/commit/abcdefg"
    45  		}
    46  	],
    47  	"database_specific": {
    48  		"url": "https://pkg.go.dev/vuln/GO-2020-0001"
    49  	}
    50  }