From ce0a8b82f3bd65952e52acba92074fe9541ecd82 Mon Sep 17 00:00:00 2001
From: Tatiana Bradley <tatianabradley@google.com>
Date: Thu, 26 Sep 2024 13:51:27 -0400
Subject: [PATCH] data/reports: update GO-2024-3134

  - data/reports/GO-2024-3134.yaml

Updates golang/vulndb#3134
Fixes golang/vulndb#3159

Change-Id: Ic39b8e8695e8a759860ddffae684465ad64999db
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/616058
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
---
 data/osv/GO-2024-3134.json     | 22 +++++++++++++++++-----
 data/reports/GO-2024-3134.yaml | 19 +++++++++++++------
 2 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/data/osv/GO-2024-3134.json b/data/osv/GO-2024-3134.json
index e718b1c0..b67672b9 100644
--- a/data/osv/GO-2024-3134.json
+++ b/data/osv/GO-2024-3134.json
@@ -8,7 +8,7 @@
     "GHSA-h92q-fgpp-qhrq"
   ],
   "summary": "CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns",
-  "details": "CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns",
+  "details": "CoreDNS enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.",
   "affected": [
     {
       "package": {
@@ -21,11 +21,23 @@
           "events": [
             {
               "introduced": "0"
+            },
+            {
+              "fixed": "1.11.0"
             }
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/coredns/coredns/plugin/pkg/proxy",
+            "symbols": [
+              "Proxy.Connect"
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
@@ -34,8 +46,8 @@
       "url": "https://github.com/advisories/GHSA-h92q-fgpp-qhrq"
     },
     {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30464"
+      "type": "FIX",
+      "url": "https://github.com/coredns/coredns/commit/604a902e2c7e0317aecaa3666124079c75a31573"
     },
     {
       "type": "WEB",
@@ -44,6 +56,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-3134",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
\ No newline at end of file
diff --git a/data/reports/GO-2024-3134.yaml b/data/reports/GO-2024-3134.yaml
index c9a0c39b..ae4ba0e3 100644
--- a/data/reports/GO-2024-3134.yaml
+++ b/data/reports/GO-2024-3134.yaml
@@ -1,19 +1,26 @@
 id: GO-2024-3134
 modules:
     - module: github.com/coredns/coredns
-      unsupported_versions:
-        - last_affected: 1.10.1
-      vulnerable_at: 1.11.3
+      versions:
+        - fixed: 1.11.0
+      vulnerable_at: 1.10.1
+      packages:
+        - package: github.com/coredns/coredns/plugin/pkg/proxy
+          symbols:
+            - Proxy.Connect
 summary: CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns
+description: |-
+    CoreDNS enables attackers to achieve DNS cache poisoning and inject fake
+    responses via a birthday attack.
 cves:
     - CVE-2023-30464
 ghsas:
     - GHSA-h92q-fgpp-qhrq
 references:
     - advisory: https://github.com/advisories/GHSA-h92q-fgpp-qhrq
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-30464
+    - fix: https://github.com/coredns/coredns/commit/604a902e2c7e0317aecaa3666124079c75a31573
     - web: https://gist.github.com/idealeer/e41c7fb3b661d4262d0b6f21e12168ba
 source:
     id: GHSA-h92q-fgpp-qhrq
-    created: 2024-09-19T14:01:01.383066775Z
-review_status: UNREVIEWED
+    created: 2024-09-26T13:39:52.381917-04:00
+review_status: REVIEWED