From ec30cb9c60ba93296d1c3ff16584fdf118aec2ae Mon Sep 17 00:00:00 2001 From: jwasnoggin <61854346+jwasnoggin@users.noreply.github.com> Date: Tue, 5 May 2026 08:43:57 +1000 Subject: [PATCH] Improve GHSA-w5hq-g745-h8pq --- .../GHSA-w5hq-g745-h8pq.json | 60 ++++++++++++++++++- 1 file changed, 58 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2026/04/GHSA-w5hq-g745-h8pq/GHSA-w5hq-g745-h8pq.json b/advisories/github-reviewed/2026/04/GHSA-w5hq-g745-h8pq/GHSA-w5hq-g745-h8pq.json index 174fde063d763..67952565fc9c7 100644 --- a/advisories/github-reviewed/2026/04/GHSA-w5hq-g745-h8pq/GHSA-w5hq-g745-h8pq.json +++ b/advisories/github-reviewed/2026/04/GHSA-w5hq-g745-h8pq/GHSA-w5hq-g745-h8pq.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-w5hq-g745-h8pq", - "modified": "2026-04-22T20:53:24Z", + "modified": "2026-04-22T20:53:25Z", "published": "2026-04-22T20:53:24Z", "aliases": [], "summary": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", @@ -26,11 +26,55 @@ "introduced": "0" }, { - "fixed": "14.0.0" + "fixed": "11.1.1" } ] } ] + }, + { + "package": { + "ecosystem": "npm", + "name": "uuid" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "12.0.0" + }, + { + "fixed": "12.0.1" + } + ] + } + ], + "versions": [ + "12.0.0" + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "uuid" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "13.0.0" + }, + { + "fixed": "13.0.1" + } + ] + } + ], + "versions": [ + "13.0.0" + ] } ], "references": [ @@ -46,6 +90,18 @@ "type": "PACKAGE", "url": "https://github.com/uuidjs/uuid" }, + { + "type": "WEB", + "url": "https://github.com/uuidjs/uuid/releases/tag/v11.1.1" + }, + { + "type": "WEB", + "url": "https://github.com/uuidjs/uuid/releases/tag/v12.0.1" + }, + { + "type": "WEB", + "url": "https://github.com/uuidjs/uuid/releases/tag/v13.0.1" + }, { "type": "WEB", "url": "https://github.com/uuidjs/uuid/releases/tag/v14.0.0"