x/vulndb: potential Go vuln in github.com/csaf-poc/csaf_distribution: GHSA-xxfx-w2rw-gh63

[GoVulnBot]

In GitHub Security Advisory GHSA-xxfx-w2rw-gh63, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/csaf-poc/csaf_distribution	0.8.2	< 0.8.2

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - fixed: 0.8.2
    packages:
      - package: github.com/csaf-poc/csaf_distribution
description: The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF
    document uploaded as text/html. The endpoint upload allows valid CSAF advisories
    (JSON format) to be uploaded with Content-Type text/html and filenames ending
    in .html. When subsequently accessed via web browser, these advisories are served
    and interpreted as HTML pages. Such uploaded advisories can contain JavaScript
    code that will execute within the browser context of users inspecting the advisory.
cves:
  - CVE-2022-43996
ghsas:
  - GHSA-xxfx-w2rw-gh63

[gopherbot]

Change https://go.dev/cl/457635 mentions this issue: data/excluded: batch add GO-2022-1164, GO-2022-1161, GO-2022-1160, GO-2022-1158, GO-2022-1154, GO-2022-1153, GO-2022-1152, GO-2022-1151, GO-2022-1147, GO-2022-1162, GO-2022-1150

[gopherbot]

Change https://go.dev/cl/457636 mentions this issue: data/excluded: batch add GO-2022-1164, GO-2022-1161, GO-2022-1160, GO-2022-1154, GO-2022-1153, GO-2022-1152, GO-2022-1151, GO-2022-1147, GO-2022-1162, GO-2022-1150

[gopherbot]

Change https://go.dev/cl/592835 mentions this issue: data/reports: unexclude 50 reports

[gopherbot]

Change https://go.dev/cl/607232 mentions this issue: data/reports: unexclude 20 reports (30)