data/reports: update GO-2023-2328.yaml

Add fixed version and fix commit. Aliases: CVE-2023-45286, GHSA-xwh9-gc39-5298 Updates #2328 Updates #2427 Change-Id: Ia8373db660975a01f455d2b60d5e1d9f73a2c30b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/554155 Reviewed-by: Tim King <taking@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
golang · Jan 4, 2024 · aca7204 · aca7204
1 parent e7ffd94
commit aca7204
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 4 deletions.
diff --git a/data/cve/v5/GO-2023-2328.json b/data/cve/v5/GO-2023-2328.json
@@ -24,9 +24,9 @@
           "packageName": "github.com/go-resty/resty/v2",
           "versions": [
             {
-              "version": "0",
-              "lessThan": "2.10.0",
-              "status": "unaffected",
+              "version": "2.10.0",
+              "lessThan": "2.11.0",
+              "status": "affected",
               "versionType": "semver"
             }
           ],
@@ -65,7 +65,7 @@
               "name": "Request.Send"
             }
           ],
-          "defaultStatus": "affected"
+          "defaultStatus": "unaffected"
         }
       ],
       "problemTypes": [
@@ -88,6 +88,9 @@
         {
           "url": "https://github.com/go-resty/resty/pull/745"
         },
+        {
+          "url": "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e"
+        },
         {
           "url": "https://pkg.go.dev/vuln/GO-2023-2328"
         }

diff --git a/data/osv/GO-2023-2328.json b/data/osv/GO-2023-2328.json
@@ -21,6 +21,9 @@
           "events": [
             {
               "introduced": "2.10.0"
+            },
+            {
+              "fixed": "2.11.0"
             }
           ]
         }
@@ -59,6 +62,10 @@
     {
       "type": "FIX",
       "url": "https://github.com/go-resty/resty/pull/745"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e"
     }
   ],
   "credits": [

diff --git a/data/reports/GO-2023-2328.yaml b/data/reports/GO-2023-2328.yaml
@@ -3,6 +3,7 @@ modules:
     - module: github.com/go-resty/resty/v2
       versions:
         - introduced: 2.10.0
+          fixed: 2.11.0
       vulnerable_at: 2.10.0
       packages:
         - package: github.com/go-resty/resty/v2
@@ -41,6 +42,7 @@ references:
     - report: https://github.com/go-resty/resty/issues/743
     - report: https://github.com/go-resty/resty/issues/739
     - fix: https://github.com/go-resty/resty/pull/745
+    - fix: https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e
 cve_metadata:
     id: CVE-2023-45286
     cwe: 'CWE-200: Exposure of Sensitive Information to an Unauthorized Actor'