[GHSA-w5hq-g745-h8pq] uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided#7585
Conversation
|
Hi there @broofa! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
Bot
changed the base branch from
main
to
milenkotomic/advisory-improvement-7585
There was a problem hiding this comment.
Pull request overview
Updates the GHSA advisory record for uuid (npm) to reflect additional affected/fixed version information for the buffer bounds-check issue in v3/v5/v6, aligning the advisory’s affected products metadata with the upstream security advisory.
Changes:
- Updated the advisory
modifiedtimestamp. - Added additional
affectedentries foruuidwith new fixed versions (11.1.1, 12.0.1, 13.0.1) andlast_known_affected_version_rangemetadata.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| }, | ||
| { | ||
| "package": { | ||
| "ecosystem": "npm", | ||
| "name": "uuid" | ||
| }, | ||
| "ranges": [ |
| ], | ||
| "database_specific": { | ||
| "last_known_affected_version_range": "< 12.0.0" | ||
| } |
| } | ||
| ], | ||
| "database_specific": { | ||
| "last_known_affected_version_range": "< 13.0.0" |
Updates
Comments
GHSA-w5hq-g745-h8pq