data/reports: add GO-2022-0965.yaml

Fixes #965

Change-Id: I9264290c514657fb559301bb1d34c57b4a597945
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/428038
Run-TryBot: Damien Neil <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Tatiana Bradley <[email protected]>

Author: neild

data/reports/GO-2022-0965.yaml

@@ -0,0 +1,22 @@
+modules:
+  - module: k8s.io/apimachinery
+    versions:
+      - fixed: 0.0.0-20190927203648-9ce6eca90e73
+    vulnerable_at: 0.0.0-20190925125216-3ddb1b485b38
+    packages:
+      - package: k8s.io/apimachinery/pkg/runtime/serializer/json
+        symbols:
+          - customNumberDecoder.Decode
+        derived_symbols:
+          - Serializer.Decode
+          - Serializer.Encode
+      - package: k8s.io/apimachinery/pkg/util/json
+        symbols:
+          - Unmarshal
+description: |-
+    Unbounded recursion in JSON parsing allows malicious JSON input to
+    cause excessive memory consumption or panics.
+references:
+  - fix: https://github.com/kubernetes/kubernetes/pull/83261
+  - web: https://github.com/advisories/GHSA-pmqp-h87c-mr78
+  - web: https://nvd.nist.gov/vuln/detail/CVE-2019-11253