x/vulndb: potential Go vuln in github.com/nanobox-io/golang-nanoauth: GHSA-hrm3-3xm6-x33h

[GoVulnBot]

In GitHub Security Advisory GHSA-hrm3-3xm6-x33h, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/nanobox-io/golang-nanoauth		>= 0.0.0-20160722212129-ac0cc4484ad4, < 0.0.0-20200131131040-063a3fb69896

Cross references:

• CVE-2020-36569 appears in issue fix json tests #4

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - introduced: TODO (earliest fixed "", vuln range ">= 0.0.0-20160722212129-ac0cc4484ad4,
            < 0.0.0-20200131131040-063a3fb69896")
    packages:
      - package: github.com/nanobox-io/golang-nanoauth
description: Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth
    between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896
    if ListenAndServe is called with an empty token.
cves:
  - CVE-2020-36569
ghsas:
  - GHSA-hrm3-3xm6-x33h

[tatianab]

Duplicate of #4

[gopherbot]

Change https://go.dev/cl/461235 mentions this issue: data/reports: update GO-2020-0004.yaml

[tatianab]

Duplicate of #4