data/reports: add alias and fix symbol in GO-2020-0004.yaml

Adds GHSA and fixes typo in symbol.

Aliases: CVE-2020-36569, GHSA-hrm3-3xm6-x33h

Updates #4
Fixes #1227
Updates #1282

Change-Id: I027596c711959a8704c674a7e377dcb0dca535e6
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461235
Run-TryBot: Tatiana Bradley <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
Reviewed-by: Tatiana Bradley <[email protected]>

Author: tatianab

data/cve/v5/GO-2020-0004.json

@@ -31,7 +31,7 @@
           ],
           "programRoutines": [
             {
-              "name": "Auth.ServerHTTP"
+              "name": "Auth.ServeHTTP"
             },
             {
               "name": "Auth.ListenAndServeTLS"

data/osv/GO-2020-0004.json

@@ -3,9 +3,10 @@
   "published": "2021-04-14T20:04:52Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2020-36569"
+    "CVE-2020-36569",
+    "GHSA-hrm3-3xm6-x33h"
   ],
-  "details": "If any of the ListenAndServe functions are called with an empty token, token authentication is disabled globally for all listeners.\n\nAlso, a minor timing side channel was present allowing attackers with very low latency and able to make a lot of requests to potentially recover the token.",
+  "details": "If any of the ListenAndServe functions are called with an empty token, token authentication is disabled globally for all listeners.\n\nAlso, a minor timing side channel was present allowing attackers with very low latency and able to make many requests to potentially recover the token.",
   "affected": [
     {
       "package": {
@@ -35,7 +36,7 @@
             "symbols": [
               "Auth.ListenAndServe",
               "Auth.ListenAndServeTLS",
-              "Auth.ServerHTTP",
+              "Auth.ServeHTTP",
               "ListenAndServe",
               "ListenAndServeTLS"
             ]

data/reports/GO-2020-0004.yaml

@@ -3,10 +3,11 @@ modules:
     versions:
       - introduced: 0.0.0-20160722212129-ac0cc4484ad4
         fixed: 0.0.0-20200131131040-063a3fb69896
+    vulnerable_at: 0.0.0-20190311151057-c2ebbac481bb
     packages:
       - package: github.com/nanobox-io/golang-nanoauth
         symbols:
-          - Auth.ServerHTTP
+          - Auth.ServeHTTP
           - Auth.ListenAndServeTLS
           - Auth.ListenAndServe
         derived_symbols:
@@ -17,9 +18,11 @@ description: |
     token authentication is disabled globally for all listeners.
 
     Also, a minor timing side channel was present allowing attackers with
-    very low latency and able to make a lot of requests to potentially
+    very low latency and able to make many requests to potentially
     recover the token.
 published: 2021-04-14T20:04:52Z
+ghsas:
+  - GHSA-hrm3-3xm6-x33h
 credit: '@bouk'
 references:
   - fix: https://github.com/nanobox-io/golang-nanoauth/pull/5