Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GHSA-4cpg-3vgw-4877 need to be updated, it doesn't have a fix yet. #107

Closed
mario-canva opened this issue Mar 14, 2022 · 4 comments
Closed

GHSA-4cpg-3vgw-4877 need to be updated, it doesn't have a fix yet. #107

mario-canva opened this issue Mar 14, 2022 · 4 comments

Comments

@mario-canva
Copy link

The prototype pollution vulnerability for plist is marked as fixed on 3.0.4 but this version doesn't fix this issue.
GHSA-4cpg-3vgw-4877

I added more details here, could you please update the advisory accordingly? Or point me on how to do it?

Thank you.
@KateCatlin
Copy link
Collaborator

Hey @mario-canva!

If I'm understanding you correctly, you want to submit a change in the affected and patched version for this advisory: https://github.com/advisories/GHSA-4cpg-3

You can do that through our new community contributions feature!

That means you can either:

  1. Create a pull request to the file for that advisory in this repository to change the affected version, or
  2. (Recommended) Go through our UI to submit the change on https://github.com/advisories/GHSA-4cpg-3:
    Screen Shot 2022-03-14 at 2 52 58 PM
    vgw-4877

In either case, a member of our experienced Curation team will review the change and merge it into our database if approved. Including a link to references of how you know this information will help us move faster.

Thanks in advance for making our community stronger!

Kate

@mario-canva mario-canva mentioned this issue Mar 21, 2022
Merged
@mario-canva
Copy link
Author

mario-canva commented Mar 25, 2022
edited

Hey @darakian not sure why you closed this, but this issue is not fully resolved and should not be closed. Please re-open this issue and only close it once #150 is merged.

@darakian darakian reopened this Mar 26, 2022
@darakian
Copy link
Contributor

@mario-canva, my bad. It's back open.

@darakian
Copy link
Contributor

And re-closing since it's now actually updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@darakian @KateCatlin @mario-canva