x/vulndb: missing goos metadata for GO-2023-2170 #3322
Assignees
Labels
Comments
|
Change https://go.dev/cl/635706 mentions this issue: |
|
Hi, thanks for pointing this out. I have updated the vulnerability reports. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Report ID
GO-2023-2170
Suggestion/Comment
What is the URL of the page with the issue?
https://pkg.go.dev/vuln/GO-2023-2170
https://pkg.go.dev/vuln/GO-2023-2330
What is your user agent?
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Screenshot
No response
What did you do?
I retrieved and processed vulnerability data from https://pkg.go.dev/vuln/GO-2023-2170.
What did you see happen?
I've observed a discrepancy between the OSV Go data and NVD data for the vulnerability distribution in CVE-2023-3955.
What did you expect to see?
In the NVD data, the vulnerability is specific to Windows (running on Windows), but the GO OSV advisory does not include the expected "goos": ["windows"] flag.
This discrepancy leads to problems when matching the vulnerability with the appropriate distribution.
Same issue for https://pkg.go.dev/vuln/GO-2023-2330 - GHSA-7fxm-f474-hf8w
The text was updated successfully, but these errors were encountered: