From 9f0b6d910d050eec0e5937b77befa02c104ca9f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=A1clav=20Haisman?= Date: Wed, 26 Oct 2022 14:49:21 +0200 Subject: [PATCH] Improve GHSA-3mq5-fq9h-gj7j --- .../GHSA-3mq5-fq9h-gj7j.json | 35 +++++++++++++++---- 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/advisories/github-reviewed/2022/09/GHSA-3mq5-fq9h-gj7j/GHSA-3mq5-fq9h-gj7j.json b/advisories/github-reviewed/2022/09/GHSA-3mq5-fq9h-gj7j/GHSA-3mq5-fq9h-gj7j.json index 3395010de1e4e..ab7e7d68ac86e 100644 --- a/advisories/github-reviewed/2022/09/GHSA-3mq5-fq9h-gj7j/GHSA-3mq5-fq9h-gj7j.json +++ b/advisories/github-reviewed/2022/09/GHSA-3mq5-fq9h-gj7j/GHSA-3mq5-fq9h-gj7j.json @@ -1,7 +1,7 @@ { "schema_version": "1.3.0", "id": "GHSA-3mq5-fq9h-gj7j", - "modified": "2022-09-20T21:21:26Z", + "modified": "2022-10-26T12:49:21Z", "published": "2022-09-17T00:00:41Z", "aliases": [ "CVE-2022-40151" @@ -15,7 +15,7 @@ { "package": { "ecosystem": "Maven", - "name": "com.thoughtworks.xstream:xstream" + "name": "com.fasterxml.woodstox:woodstox-core" }, "ranges": [ { @@ -23,13 +23,32 @@ "events": [ { "introduced": "0" - }, + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 6.4.0" + } + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.fasterxml.woodstox:woodstox-core" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ { - "last_affected": "1.5.0" + "introduced": "0" } ] } - ] + ], + "database_specific": { + "last_known_affected_version_range": "< 5.4.0" + } } ], "references": [ @@ -37,6 +56,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151" }, + { + "type": "WEB", + "url": "https://github.com/FasterXML/woodstox/issues/160" + }, { "type": "WEB", "url": "https://github.com/x-stream/xstream/issues/304" @@ -51,7 +74,7 @@ }, { "type": "PACKAGE", - "url": "https://github.com/x-stream/xstream" + "url": "https://github.com/FasterXML/woodstox" } ], "database_specific": {