File: source_module_text.ct

package info (click to toggle)
golang-golang-x-vuln 1.0.4-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 4,400 kB
  • sloc: sh: 161; asm: 40; makefile: 7
file content (58 lines) | stat: -rw-r--r-- 2,367 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
#####
# Testing that govulncheck doesn't mention calls when it doesn't
# have callstack information
$ govulncheck -scan module -C ${moddir}/multientry --> FAIL 3
Scanning your code across 2 dependent modules for known vulnerabilities...

=== Module Results ===

Vulnerability #1: GO-2022-0969
    HTTP/2 server connections can hang forever waiting for a clean shutdown that
    was preempted by a fatal error. This condition can be exploited by a
    malicious client to cause a denial of service.
  More info: https://pkg.go.dev/vuln/GO-2022-0969
  Standard library
    Found in: net/http@go1.18
    Fixed in: net/http@go1.18.6

Vulnerability #2: GO-2021-0113
    Due to improper index calculation, an incorrectly formatted language tag can
    cause Parse to panic via an out of bounds read. If Parse is used to process
    untrusted user inputs, this may be used as a vector for a denial of service
    attack.
  More info: https://pkg.go.dev/vuln/GO-2021-0113
  Module: golang.org/x/text
    Found in: golang.org/x/text@v0.3.5
    Fixed in: golang.org/x/text@v0.3.7

Your code may be affected by 2 vulnerabilities.
Use '-scan symbol' for more fine grained vulnerability detection.

#####
# -show verbose flag should only show module results with scan level module
$ govulncheck -scan module -show verbose -C ${moddir}/multientry --> FAIL 3
Scanning your code across 2 dependent modules for known vulnerabilities...

=== Module Results ===

Vulnerability #1: GO-2022-0969
    HTTP/2 server connections can hang forever waiting for a clean shutdown that
    was preempted by a fatal error. This condition can be exploited by a
    malicious client to cause a denial of service.
  More info: https://pkg.go.dev/vuln/GO-2022-0969
  Standard library
    Found in: net/http@go1.18
    Fixed in: net/http@go1.18.6

Vulnerability #2: GO-2021-0113
    Due to improper index calculation, an incorrectly formatted language tag can
    cause Parse to panic via an out of bounds read. If Parse is used to process
    untrusted user inputs, this may be used as a vector for a denial of service
    attack.
  More info: https://pkg.go.dev/vuln/GO-2021-0113
  Module: golang.org/x/text
    Found in: golang.org/x/text@v0.3.5
    Fixed in: golang.org/x/text@v0.3.7

Your code may be affected by 2 vulnerabilities.
Use '-scan symbol' for more fine grained vulnerability detection.