Skip to main content

Fix example vulnerable method for Go

These example steps provide a fix for a Denial of Service (DoS) attack vulnerable method in golang.org/x/text, which is included in the example-go-modules repository.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.

  2. Click the Agent-Based Scan tab.

  3. Select your workspace.

  4. Click Projects.

  5. Click the veracode/example-go-modules project.

  6. From the Issues tab, search for CVE-2021-38561 and click the issue number.

  7. Go to the Vulnerable Methods tab where it shows that the Parse method is the vulnerable part of the library.

  8. To address the identified vulnerable method, do one of these tasks:

    • Change your code to perform in the same manner without relying on this particular method.
    • Follow the provided instructions to update the library to a safe version.

  9. Validate the fix.