Update README.md

2026-05-20 07:05:24 +00:00 · 2026-05-20 07:05:24 +00:00 · 536980b306
commit 536980b306
parent 352d79e5fc
1 changed files with 2 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -2,14 +2,14 @@

 Minimal Go HTTP service used by the RHADS supply-chain demo.

-## The deliberate CVE
+## Demo CVE

 `go.mod` pins `github.com/dgrijalva/jwt-go v3.2.0+incompatible`, which has a
 documented vulnerability (CVE-2020-26160 — `alg=none` not rejected). The
 `/verify` handler actually calls into this library, so SBOM scanners pick the
 dependency up as in-use and RHTPA flags it.

-## Fixing the CVE (the "patch" act)
+## Fixing the CVE

 1. `go get github.com/golang-jwt/jwt/v5`
 2. `go mod tidy`