x/vulndb: potential Go vuln in github.com/cactus/go-camo: CVE-2019-18923

[tatianab]

CVE-2019-18923 references github.com/cactus/go-camo, which may be a Go module.

Description:
Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-18923
• web: https://github.com/cactus/go-camo/blob/505862f7bf14c8b6ff945734d5f3fdcd929e45dd/pkg/camo/proxy.go#L453-L460
• advisory: GHSA-jg2r-qf99-4wvr
• Imported by: https://pkg.go.dev/github.com/cactus/go-camo?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/cactus/go-camo
      vulnerable_at: 1.1.7
      packages:
        - package: n/a
cves:
    - CVE-2019-18923
references:
    - web: https://github.com/cactus/go-camo/blob/505862f7bf14c8b6ff945734d5f3fdcd929e45dd/pkg/camo/proxy.go#L453-L460
    - advisory: https://github.com/cactus/go-camo/security/advisories/GHSA-jg2r-qf99-4wvr

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports