Tatiana Bradley
Tatiana Bradley
Implements mitigation for the simplest class of injection attacks: attacks which cause an immediate failure, and that can be performed by injecting a single packet without keeping state. Mitigation strategy...
#55956 recently added the "credits" field to OSV JSON files. This info should be surfaced on pkg.go.dev/vuln/ID/GO-YYYY-XXXX
This would require adding a corresponding notion in YAML (or perhaps pulling the first sentence from the description for the "summary"). Also need to think about how (if) these would...
### Describe the issue Some deprecated functions, e.g., `NewEncryptionClient` in https://github.com/aws/aws-sdk-go/blob/v1.44.146/service/s3/s3crypto/encryption_client.go, are marked "deprecated:". This should be capitalized ("Deprecated:") so that they are understood as deprecated by integrations such as...
Currently, the Go advisory URL is published under `affected.database_specific.url` in OSV. It should instead be published under the top-level `database_specific.url` field, because it applies to the whole vulnerability.
state as of my last day at Cloudflare
Currently, the `CertificateSelection` function calls the `schemeValidForKey` function, which checks if the signature type (RSA_PKCS1, RSA_PSS, or ECDSA) is correct for the given key, but does not check if the...