x/vulndb: potential Go vuln in github.com/schollz/croc/v9: GHSA-hp56-xvf4-g6wr

[GoVulnBot]

In GitHub Security Advisory GHSA-hp56-xvf4-g6wr, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/schollz/croc/v9		<= 9.6.5

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/schollz/croc/v9
      versions:
        - {}
      vulnerable_at: 9.6.5
      packages:
        - package: github.com/schollz/croc/v9
summary: Cros secrets may be disclosed to untrusted relay
description: |-
    An issue was discovered in Croc through 9.6.5. When a custom shared secret is
    used, the sender and receiver may divulge parts of this secret to an untrusted
    Relay, as part of composing a room name.
cves:
    - CVE-2023-43617
ghsas:
    - GHSA-hp56-xvf4-g6wr
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-43617
    - report: https://github.com/schollz/croc/issues/596
    - web: https://www.openwall.com/lists/oss-security/2023/09/08/2
    - advisory: https://github.com/advisories/GHSA-hp56-xvf4-g6wr

[zpavlinovic]

Vulnerability in tool.

[gopherbot]

Change https://go.dev/cl/530118 mentions this issue: data/excluded: batch add 7 excluded reports

[gopherbot]

Change https://go.dev/cl/592763 mentions this issue: data/reports: unexclude 75 reports

[gopherbot]

Change https://go.dev/cl/606791 mentions this issue: data/reports: unexclude 20 reports (11)