data/reports: add alias for GO-2021-0107.yaml

tatianab · Tatiana Bradley · commit f63fe31a0fd1 · 2023-01-11T16:09:24.000Z
Aliases: CVE-2021-4236, GHSA-5gjg-jgh4-gppm, GHSA-jpgg-cp2x-qrw3 Updates #107 Fixes #1274 Change-Id: I38cce3acbddbe420449e9df7c804d0a1159b86ff Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461444 Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/data/osv/GO-2021-0107.json b/data/osv/GO-2021-0107.json
@@ -4,7 +4,8 @@
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
     "CVE-2021-4236",
-    "GHSA-5gjg-jgh4-gppm"
+    "GHSA-5gjg-jgh4-gppm",
+    "GHSA-jpgg-cp2x-qrw3"
   ],
   "details": "Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass.\n\nThis issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.",
   "affected": [
diff --git a/data/reports/GO-2021-0107.yaml b/data/reports/GO-2021-0107.yaml
@@ -21,6 +21,7 @@ description: |
 published: 2021-07-28T18:08:05Z
 ghsas:
   - GHSA-5gjg-jgh4-gppm
+  - GHSA-jpgg-cp2x-qrw3
 references:
   - fix: https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f
 cve_metadata:
