x/vulndb: potential Go vuln in github.com/pomerium/pomerium: CVE-2021-41230

[GoVulnBot]

In CVE-2021-41230, the reference URL github.com/pomerium/pomerium (and possibly others) refers to something in Go.

• PR: identity: fix user refresh pomerium/pomerium#2724

module: github.com/pomerium/pomerium
package: pomerium
description: |
  Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_claims` as part of policy. If using `allowed_idp_claims` and a user's claims are changed, Pomerium can make incorrect authorization decisions. This issue has been resolved in v0.15.6. For users unable to upgrade clear data on `databroker` service by clearing redis or restarting the in-memory databroker to force claims to be updated.
cves:
- CVE-2021-41230
links:
  pr: https://github.com/pomerium/pomerium/pull/2724
  context:
  - https://github.com/pomerium/pomerium/security/advisories/GHSA-j6wp-3859-vxfg

See doc/triage.md for instructions on how to triage this report.