x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2020-24707

[tatianab]

CVE-2020-24707 references github.com/gophish/gophish, which may be a Go module.

Description:
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-24707
• web: https://herolab.usd.de/security-advisories/usd-2020-0052/
• web: https://github.com/gophish/gophish/releases/tag/v0.11.0
• fix: gophish/gophish@b25f5ac
• Imported by: https://pkg.go.dev/github.com/gophish/gophish?tab=importedby

Cross references:

• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-25295 #987 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-45003 #1665 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: CVE-2022-45004 #1666 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-9h9f-9q8g-6764 #1936 NOT_IMPORTABLE
• Module github.com/gophish/gophish appears in issue x/vulndb: potential Go vuln in github.com/gophish/gophish: GHSA-9c9w-9pq7-f35h #1982 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/gophish/gophish
      vulnerable_at: 0.12.1
      packages:
        - package: n/a
cves:
    - CVE-2020-24707
references:
    - web: https://herolab.usd.de/security-advisories/usd-2020-0052/
    - web: https://github.com/gophish/gophish/releases/tag/v0.11.0
    - fix: https://github.com/gophish/gophish/commit/b25f5ac5e468f6730e377f43c7995e18f8fccc2b

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports