From 05264b9b1900f6d07c995899eaec782d0ae8a292 Mon Sep 17 00:00:00 2001
From: sampion88 <sammaertens@gmail.com>
Date: Tue, 4 Feb 2025 18:39:41 +0100
Subject: [PATCH 1/2] new vulnerability in ydb-go-sdk

---
 input/new.json | 35 +++++++++++++++++++++++------------
 1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/input/new.json b/input/new.json
index 87646b9..1e51e01 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,15 +1,26 @@
 {
-  "package_name": "",
-  "patch_versions": [],
-  "vulnerable_ranges": [],
-  "cwe": [],
-  "tldr": "",
-  "doest_this_affect_me": "",
-  "how_to_fix": "",
-  "vulnerable_to": "",
+  "package_name": "github.com/ydb-platform/ydb-go-sdk/v3",
+  "patch_versions": [
+    "3.99.3"
+  ],
+  "vulnerable_ranges": [
+    [
+      "3.26.0",
+      "3.99.2"
+    ]
+  ],
+  "cwe": [
+    "CWE-835",
+    "CWE-400"
+  ],
+  "tldr": "Affected versions of this package are vulnerable to an infinite loop in the `internal/balancer/local_dc.go::getRandomEndpoints` function. This flaw can cause the system to hang indefinitely, leading to a Denial of Service (DoS) by consuming resources and rendering the application unresponsive.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `github.com/ydb-platform/ydb-go-sdk/v3` library to the patch version.",
+  "reporter": "",
+  "vulnerable_to": "Infinite Loop",
   "related_cve_id": "",
-  "language": "",
-  "severity_class": "",
-  "aikido_score": 0,
-  "changelog": ""
+  "language": "GO",
+  "severity_class": "LOW",
+  "aikido_score": 16,
+  "changelog": "https://github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.99.3"
 }

From 4c4479a96a11fbedd4abe16853001656a55ba476 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 4 Feb 2025 17:53:30 +0000
Subject: [PATCH 2/2] Move new vulnerability to
 vulnerabilities/AIKIDO-2025-10072.json and reset new.json template

---
 input/new.json                         | 35 +++++++++-----------------
 vulnerabilities/AIKIDO-2025-10072.json | 28 +++++++++++++++++++++
 2 files changed, 40 insertions(+), 23 deletions(-)
 create mode 100644 vulnerabilities/AIKIDO-2025-10072.json

diff --git a/input/new.json b/input/new.json
index 1e51e01..87646b9 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,26 +1,15 @@
 {
-  "package_name": "github.com/ydb-platform/ydb-go-sdk/v3",
-  "patch_versions": [
-    "3.99.3"
-  ],
-  "vulnerable_ranges": [
-    [
-      "3.26.0",
-      "3.99.2"
-    ]
-  ],
-  "cwe": [
-    "CWE-835",
-    "CWE-400"
-  ],
-  "tldr": "Affected versions of this package are vulnerable to an infinite loop in the `internal/balancer/local_dc.go::getRandomEndpoints` function. This flaw can cause the system to hang indefinitely, leading to a Denial of Service (DoS) by consuming resources and rendering the application unresponsive.",
-  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
-  "how_to_fix": "Upgrade the `github.com/ydb-platform/ydb-go-sdk/v3` library to the patch version.",
-  "reporter": "",
-  "vulnerable_to": "Infinite Loop",
+  "package_name": "",
+  "patch_versions": [],
+  "vulnerable_ranges": [],
+  "cwe": [],
+  "tldr": "",
+  "doest_this_affect_me": "",
+  "how_to_fix": "",
+  "vulnerable_to": "",
   "related_cve_id": "",
-  "language": "GO",
-  "severity_class": "LOW",
-  "aikido_score": 16,
-  "changelog": "https://github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.99.3"
+  "language": "",
+  "severity_class": "",
+  "aikido_score": 0,
+  "changelog": ""
 }
diff --git a/vulnerabilities/AIKIDO-2025-10072.json b/vulnerabilities/AIKIDO-2025-10072.json
new file mode 100644
index 0000000..e2c84c0
--- /dev/null
+++ b/vulnerabilities/AIKIDO-2025-10072.json
@@ -0,0 +1,28 @@
+{
+  "package_name": "github.com/ydb-platform/ydb-go-sdk/v3",
+  "patch_versions": [
+    "3.99.3"
+  ],
+  "vulnerable_ranges": [
+    [
+      "3.26.0",
+      "3.99.2"
+    ]
+  ],
+  "cwe": [
+    "CWE-835",
+    "CWE-400"
+  ],
+  "tldr": "Affected versions of this package are vulnerable to an infinite loop in the `internal/balancer/local_dc.go::getRandomEndpoints` function. This flaw can cause the system to hang indefinitely, leading to a Denial of Service (DoS) by consuming resources and rendering the application unresponsive.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `github.com/ydb-platform/ydb-go-sdk/v3` library to the patch version.",
+  "reporter": "",
+  "vulnerable_to": "Infinite Loop",
+  "related_cve_id": "",
+  "language": "GO",
+  "severity_class": "LOW",
+  "aikido_score": 16,
+  "changelog": "https://github.com/ydb-platform/ydb-go-sdk/releases/tag/v3.99.3",
+  "last_modified": "2025-02-04",
+  "published": "2025-02-04"
+}