x/vulndb: potential Go vuln in github.com/apache/trafficcontrol: GHSA-f2wr-c4c4-xjg7

[GoVulnBot]

In GitHub Security Advisory GHSA-f2wr-c4c4-xjg7, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/apache/trafficcontrol	2.1.0-RC1	= 2.1.0-RC0

Cross references:

• Module github.com/apache/trafficcontrol appears in issue x/vulndb: potential Go vuln in github.com/apache/trafficcontrol: GHSA-wp47-9r3h-xfgq #585 NOT_IMPORTABLE
• Module github.com/apache/trafficcontrol appears in issue x/vulndb: potential Go vuln in github.com/apache/trafficcontrol: GHSA-gw97-f6h8-gm94 #602 EFFECTIVELY_PRIVATE
• Module github.com/apache/trafficcontrol appears in issue x/vulndb: potential Go vuln in github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/login: GHSA-3f8r-4qwm-r7jf #624 EFFECTIVELY_PRIVATE
• Module github.com/apache/trafficcontrol appears in issue x/vulndb: potential Go vuln in github.com/apache/trafficcontrol: GHSA-pw59-4qgf-jxr8 #702 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/apache/trafficcontrol
      versions:
        - introduced: TODO (earliest fixed "2.1.0-RC1", vuln range "= 2.1.0-RC0")
      packages:
        - package: github.com/apache/trafficcontrol
    - module: github.com/apache/trafficcontrol
      versions:
        - introduced: 2.0.0-RC0
          fixed: 2.0.0
      packages:
        - package: github.com/apache/trafficcontrol
    - module: github.com/apache/trafficcontrol
      versions:
        - introduced: 1.8.0
          fixed: 1.8.1
      packages:
        - package: github.com/apache/trafficcontrol
summary: Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack in github.com/apache/trafficcontrol
cves:
    - CVE-2017-7670
ghsas:
    - GHSA-f2wr-c4c4-xjg7
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2017-7670
    - web: https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0@<users.trafficcontrol.apache.org>
    - web: https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c@<commits.trafficcontrol.apache.org>
    - web: https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8@<commits.trafficcontrol.apache.org>
    - fix: https://github.com/apache/trafficcontrol/pull/633
    - fix: https://github.com/apache/trafficcontrol/pull/634
    - fix: https://github.com/apache/trafficcontrol/commit/738c10fa1b5861e4cc3944dc7c3065d16f4a708c
    - advisory: https://github.com/advisories/GHSA-f2wr-c4c4-xjg7
source:
    id: GHSA-f2wr-c4c4-xjg7

[gopherbot]

Change https://go.dev/cl/590855 mentions this issue: data/excluded: add 20 excluded reports