From e8a9a978e8805074233b1b3e1822fb182b827bbe Mon Sep 17 00:00:00 2001
From: Daniel Budris <budris@amazon.com>
Date: Tue, 26 Sep 2023 11:54:17 -0400
Subject: [PATCH] add 1.19 and another 1.18 cve entry to the go vex document

---
 .../eks-distro-golang-vex.json                | 66 +++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/projects/golang/go/VulnerabilityManagement/eks-distro-golang-vex.json b/projects/golang/go/VulnerabilityManagement/eks-distro-golang-vex.json
index 0ff0fbf42..f7799efbe 100644
--- a/projects/golang/go/VulnerabilityManagement/eks-distro-golang-vex.json
+++ b/projects/golang/go/VulnerabilityManagement/eks-distro-golang-vex.json
@@ -96,6 +96,72 @@
           "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41723"
         }
       ]
+    },
+    {
+      "cve": "CVE-2022-41724",
+      "notes": [
+        {
+          "category": "description",
+          "text": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).",
+          "title": "CVE description"
+        }
+      ],
+      "product_status": {
+        "fixed": [
+          "eks-distro-golang:v1-18-10-eks-8"
+        ]
+      },
+      "references": [
+        {
+          "category": "external",
+          "summary": "NVD - CVE-2022-41724",
+          "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41724"
+        }
+      ]
+    },
+    {
+      "cve": "CVE-2023-39318",
+      "notes": [
+        {
+          "category": "description",
+          "text": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.",
+          "title": "CVE description"
+        }
+      ],
+      "product_status": {
+        "fixed": [
+          "eks-distro-golang:v1-19-12-eks-10"
+        ]
+      },
+      "references": [
+        {
+          "category": "external",
+          "summary": "NVD - CVE-2023-39318",
+          "url": "https://nvd.nist.gov/vuln/detail/cve-2023-39318"
+        }
+      ]
+    },
+    {
+      "cve": "CVE-2023-39319",
+      "notes": [
+        {
+          "category": "description",
+          "text": "The html/template package does not apply the proper rules for handling occurrences of \"<script\", \"<!--\", and \"</script\" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.",
+          "title": "CVE description"
+        }
+      ],
+      "product_status": {
+        "fixed": [
+          "eks-distro-golang:v1-19-12-eks-10"
+        ]
+      },
+      "references": [
+        {
+          "category": "external",
+          "summary": "NVD - CVE-2023-39318",
+          "url": "https://nvd.nist.gov/vuln/detail/cve-2023-39319"
+        }
+      ]
     }
   ]
 }