data/reports: merge GO-2021-0107 and GO-2022-0385

These reports are duplicates of each other. For #107 For #385 Change-Id: I7b86695338a53834089252e67df36c8800e96c53 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/426574 Run-TryBot: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Julie Qiu <julieqiu@google.com> Auto-Submit: Julie Qiu <julieqiu@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
golang · Aug 30, 2022 · 04c3b9f · 04c3b9f
1 parent e53667a
commit 04c3b9f
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 31 deletions.
diff --git a/data/reports/GO-2021-0107.yaml b/data/reports/GO-2021-0107.yaml
@@ -1,17 +1,23 @@
 modules:
   - module: github.com/ecnepsnai/web
     versions:
-      - fixed: 1.5.2
+      - introduced: 1.4.0
+        fixed: 1.5.2
+    vulnerable_at: 1.5.1
     packages:
       - package: github.com/ecnepsnai/web
         symbols:
           - Server.socketHandler
         derived_symbols:
           - Server.Socket
 description: |
-    Web Sockets do not execute any AuthenticateMethod methods which may be set,leading to a
-    nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or
-    authentication bypass.
+    Web Sockets do not execute any AuthenticateMethod methods which may be set,
+    leading to a nil pointer dereference if the returned UserData pointer is
+    assumed to be non-nil, or authentication bypass.
+
+    This issue only affects WebSockets with an AuthenticateMethod hook.
+    Request handlers that do not explicitly use WebSockets are not
+    vulnerable.
 published: 2021-07-28T18:08:05Z
 ghsas:
   - GHSA-5gjg-jgh4-gppm

diff --git a/data/reports/GO-2022-0385.yaml b/data/reports/GO-2022-0385.yaml