Skip to content

x/vulndb: import paths do not uniquely identify packages #50005

New issue
New issue
Open
Open
x/vulndb: import paths do not uniquely identify packages#50005
Labels
NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.vulncheck or vulndbIssues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned
@julieqiu

Description

@julieqiu
julieqiu
opened on Dec 6, 2021

The DB is constructed assuming that package import paths are unique. But it's possible to have two different packages with the same import path, even at the same version. Example:

https://pkg.go.dev/github.com/hashicorp/[email protected]/api
https://pkg.go.dev/github.com/hashicorp/vault/[email protected]

Moved from golang/vulndb#5.

Metadata

Metadata

Assignees

No one assigned

    Labels

    NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.vulncheck or vulndbIssues for the x/vuln or x/vulndb repo

    Type

    No type

    Projects

    Go Security

    Status

    No status

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions