From b423d1d4ad78cf86bced7fa3e6466bb397c3a3eb Mon Sep 17 00:00:00 2001 From: dulay4201 <170053858+dulay4201@users.noreply.github.com> Date: Mon, 18 Nov 2024 03:22:45 -0500 Subject: [PATCH] Improve GHSA-c7qv-q95q-8v27 --- .../GHSA-c7qv-q95q-8v27.json | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/advisories/github-reviewed/2024/10/GHSA-c7qv-q95q-8v27/GHSA-c7qv-q95q-8v27.json b/advisories/github-reviewed/2024/10/GHSA-c7qv-q95q-8v27/GHSA-c7qv-q95q-8v27.json index b5875d3e27018..94860f96c7a11 100644 --- a/advisories/github-reviewed/2024/10/GHSA-c7qv-q95q-8v27/GHSA-c7qv-q95q-8v27.json +++ b/advisories/github-reviewed/2024/10/GHSA-c7qv-q95q-8v27/GHSA-c7qv-q95q-8v27.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-c7qv-q95q-8v27", - "modified": "2024-10-22T19:47:41Z", + "modified": "2024-10-22T19:47:42Z", "published": "2024-10-19T06:30:30Z", "aliases": [ "CVE-2024-21536" @@ -10,8 +10,8 @@ "details": "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.", "severity": [ { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" } ], "affected": [ @@ -52,6 +52,22 @@ ] } ] + }, + { + "package": { + "ecosystem": "GitHub Actions", + "name": "http-proxy-middleware" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ], "references": [ @@ -82,9 +98,9 @@ ], "database_specific": { "cwe_ids": [ - "CWE-400" + ], - "severity": "HIGH", + "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-10-22T19:47:41Z", "nvd_published_at": "2024-10-19T05:15:13Z"