data/reports: update GO-2024-2605

  - data/reports/GO-2024-2605.yaml

Updates #2605
Updates golang/go#69392

Change-Id: Ib684227e0cae0c5ca7183a99753d09a39d250b2e
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/612856
Reviewed-by: Tatiana Bradley <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Zvonimir Pavlinovic <[email protected]>

data/osv/GO-2024-2605.json

@@ -10,6 +10,33 @@
   "summary": "SQL injection in github.com/jackc/pgx/v4",
   "details": "SQL injection is possible when the database uses the non-default simple protocol, a minus sign directly precedes a numeric placeholder followed by a string placeholder on the same line, and both parameter values are user-controlled.",
   "affected": [
+    {
+      "package": {
+        "name": "github.com/jackc/pgx",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/jackc/pgx/internal/sanitize",
+            "symbols": [
+              "Query.Sanitize",
+              "SanitizeSQL"
+            ]
+          }
+        ]
+      }
+    },
     {
       "package": {
         "name": "github.com/jackc/pgx/v4",

data/reports/GO-2024-2605.yaml

@@ -1,5 +1,13 @@
 id: GO-2024-2605
 modules:
+    - module: github.com/jackc/pgx
+      vulnerable_at: 3.6.2+incompatible
+      packages:
+        - package: github.com/jackc/pgx/internal/sanitize
+          symbols:
+            - Query.Sanitize
+          derived_symbols:
+            - SanitizeSQL
     - module: github.com/jackc/pgx/v4
       versions:
         - fixed: 4.18.2