data/reports: set better CWE for GO-2025-3420

neild · gopherbot · commit 9eaa78d13081 · 2025-09-18T11:23:15.000-07:00
This report was assigned CWE-116 ("Improper Encoding or Escaping of Output"), but CWE-201 ("Insertion of Sensitive Information Into Sent Data") better describes the incorrect behavior of sending a cookie or Authorization header when the header should have been stripped. Change-Id: I8d3266c7348d3ed9d60d903b7a7afb39bdee212b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/704036 Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Neal Patel <nealpatel@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/cve/v5/GO-2025-3420.json b/data/cve/v5/GO-2025-3420.json
@@ -88,7 +88,7 @@
           "descriptions": [
             {
               "lang": "en",
-              "description": "CWE-116: Improper Encoding or Escaping of Output"
+              "description": "CWE-201: Insertion of Sensitive Information Into Sent Data"
             }
           ]
         }
diff --git a/data/reports/GO-2025-3420.yaml b/data/reports/GO-2025-3420.yaml
@@ -43,7 +43,7 @@ references:
     - web: https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ
 cve_metadata:
     id: CVE-2024-45336
-    cwe: 'CWE-116: Improper Encoding or Escaping of Output'
+    cwe: 'CWE-201: Insertion of Sensitive Information Into Sent Data'
 source:
     id: go-security-team
     created: 2025-01-27T15:30:48.203009-05:00

Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@`
`88`	`88`	`"descriptions": [`
`89`	`89`	`{`
`90`	`90`	`"lang": "en",`
`91`		`- "description": "CWE-116: Improper Encoding or Escaping of Output"`
	`91`	`+ "description": "CWE-201: Insertion of Sensitive Information Into Sent Data"`
`92`	`92`	`}`
`93`	`93`	`]`
`94`	`94`	`}`