data/reports: add GHSA to GO-2021-0094.yaml

tatianab · gopherbot · commit 3d42cf3203ca · 2023-02-07T21:49:55.000Z
Aliases: CVE-2020-29529, GHSA-2g5j-5x95-r6hr Updates #94 Change-Id: I87c8fec4db7e920b2335ffb56e9851b1f7bd9a34 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466142 Reviewed-by: Tim King <taking@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/osv/GO-2021-0094.json b/data/osv/GO-2021-0094.json
@@ -3,7 +3,8 @@
   "published": "2021-04-14T20:04:52Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2020-29529"
+    "CVE-2020-29529",
+    "GHSA-2g5j-5x95-r6hr"
   ],
   "details": "Protections against directory traversal during archive extraction can be bypassed by chaining multiple symbolic links within the archive. This allows a malicious attacker to cause files to be created outside of the target directory. Additionally if the attacker is able to read extracted files they may create symbolic links to arbitrary files on the system which the unpacker has permissions to read.",
   "affected": [
diff --git a/data/reports/GO-2021-0094.yaml b/data/reports/GO-2021-0094.yaml
@@ -17,6 +17,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2020-29529
+ghsas:
+  - GHSA-2g5j-5x95-r6hr
 references:
   - fix: https://github.com/hashicorp/go-slug/pull/12
   - fix: https://github.com/hashicorp/go-slug/commit/28cafc59c8da6126a3ae94dfa84181df4073454f
