x/vulndb: potential Go vuln in github.com/hashicorp/vault/vault: GHSA-m979-w9wj-qfj9

[GoVulnBot]

In GitHub Security Advisory GHSA-m979-w9wj-qfj9, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/vault/vault	1.3.4	>= 0.9.0, < 1.3.4

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/hashicorp/vault/vault
      versions:
        - introduced: 0.9.0
          fixed: 1.3.4
      packages:
        - package: github.com/hashicorp/vault/vault
summary: HashiCorp Vault Improper Privilege Management
cves:
    - CVE-2020-10660
ghsas:
    - GHSA-m979-w9wj-qfj9
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2020-10660
    - fix: https://github.com/hashicorp/vault/pull/8606
    - fix: https://github.com/hashicorp/vault/commit/18485ee9d4352ac8e8396c580b5941ccf8e5b31a
    - web: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020
    - web: https://www.hashicorp.com/blog/category/vault/
    - advisory: https://github.com/advisories/GHSA-m979-w9wj-qfj9

[timothy-king]

I am moving this to EFFECTIVELY_PRIVATE. The fix is not in code not intended to be used outside of the module according to https://github.com/hashicorp/vault?tab=readme-ov-file#importing-vault.

[gopherbot]

Change https://go.dev/cl/561835 mentions this issue: data/excluded: batch add 9 excluded reports

[gopherbot]

Change https://go.dev/cl/592778 mentions this issue: data/reports: unexclude 80 reports

[gopherbot]

Change https://go.dev/cl/606358 mentions this issue: data/reports: regenerate 50 reports