Merge pull request #747 from github/bchew-GHSA-9pgh-qqpf-7wqj

github · Oct 17, 2022 · 66d5477 · 66d5477
2 parents fa16e5a + dab9ac0
commit 66d5477
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/advisories/github-reviewed/2022/10/GHSA-9pgh-qqpf-7wqj/GHSA-9pgh-qqpf-7wqj.json b/advisories/github-reviewed/2022/10/GHSA-9pgh-qqpf-7wqj/GHSA-9pgh-qqpf-7wqj.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-9pgh-qqpf-7wqj",
-  "modified": "2022-10-11T20:42:57Z",
+  "modified": "2022-10-17T11:03:29Z",
   "published": "2022-10-11T20:42:57Z",
   "aliases": [
     "CVE-2022-37616"
   ],
   "summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom",
-  "details": "### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3.\n\n### Patches\nUpdate to `@xmldom/xmldom@0.8.3` or higher or to `@xmldom/xmldom@0.9.0-beta.2` or higher if you are on the dist-tag `next`.\n\n### Workarounds\nNo, if you can not update to v0.8.3, please let us know, we would be able to also provide a patch update for version 0.7.x if required.\n\n### References\nhttps://github.com/xmldom/xmldom/pull/437\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n* Add information to https://github.com/xmldom/xmldom/issue/436",
+  "details": "### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 on 0.8.x and 0.7.6 on 0.7.x.\n\n### Patches\nUpdate to `@xmldom/xmldom@0.7.6` on 0.7.x,`@xmldom/xmldom@0.8.3` or higher or to `@xmldom/xmldom@0.9.0-beta.2` or higher if you are on the dist-tag `next`.\n\n### Workarounds\n\n### References\nhttps://github.com/xmldom/xmldom/pull/437\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n* Add information to https://github.com/xmldom/xmldom/issue/436",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "0.8.0"
             },
             {
               "fixed": "0.8.3"
@@ -47,7 +47,7 @@
               "introduced": "0"
             },
             {
-              "last_affected": "0.6.0"
+              "fixed": "0.7.6"
             }
           ]
         }