x/vulndb: potential Go vuln in github.com/Azure/azure-sdk-for-go/sdk/azidentity: GHSA-m5vv-6r4h-3vj9

[GoVulnBot]

In GitHub Security Advisory GHSA-m5vv-6r4h-3vj9, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/Azure/azure-sdk-for-go/sdk/azidentity	1.6.0	< 1.6.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/Azure/azure-sdk-for-go/sdk/azidentity
      versions:
        - fixed: 1.6.0
      vulnerable_at: 1.6.0-beta.4
      packages:
        - package: github.com/Azure/azure-sdk-for-go/sdk/azidentity
summary: |-
    Azure Identity Libraries and Microsoft Authentication Library Elevation of
    Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity
cves:
    - CVE-2024-35255
ghsas:
    - GHSA-m5vv-6r4h-3vj9
references:
    - advisory: https://github.com/advisories/GHSA-m5vv-6r4h-3vj9
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-35255
    - fix: https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499
    - fix: https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492
    - fix: https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178
    - web: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255
source:
    id: GHSA-m5vv-6r4h-3vj9
    created: 2024-06-11T20:01:16.451619929Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/595960 mentions this issue: data/reports: review 3 reports, add 2 reports