Improve GHSA-9pgh-qqpf-7wqj

github · Nov 8, 2022 · dde4f6f · dde4f6f
1 parent c75eb47
commit dde4f6f
Showing 1 changed file with 9 additions and 18 deletions.
diff --git a/advisories/github-reviewed/2022/10/GHSA-9pgh-qqpf-7wqj/GHSA-9pgh-qqpf-7wqj.json b/advisories/github-reviewed/2022/10/GHSA-9pgh-qqpf-7wqj/GHSA-9pgh-qqpf-7wqj.json
@@ -1,18 +1,15 @@
 {
   "schema_version": "1.3.0",
   "id": "GHSA-9pgh-qqpf-7wqj",
-  "modified": "2022-11-08T17:16:33Z",
+  "modified": "2022-11-08T18:05:14Z",
   "published": "2022-10-11T20:42:57Z",
   "aliases": [
     "CVE-2022-37616"
   ],
   "summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom",
-  "details": "### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.\n\n### Patches\nUpdate to `@xmldom/xmldom@~0.7.6`, `@xmldom/xmldom@~0.8.3` (dist-tag `latest`) or `@xmldom/xmldom@>=0.9.0-beta.2` (dist-tag `next`).\n\n### Workarounds\nNone\n### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.\n\n### Patches\nUpdate to `@xmldom/xmldom@~0.7.6`, `@xmldom/xmldom@~0.8.3` (dist-tag `latest`) or `@xmldom/xmldom@>=0.9.0-beta.2` (dist-tag `next`).\n\n### Workarounds\nNone\n\n### References\nhttps://github.com/xmldom/xmldom/pull/437\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n* Add information to https://github.com/xmldom/xmldom/issues/436\n",
+  "details": "### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.\n**Please be aware that every attempt to provide an exploit, was not able to and we are in the process of marking this report as invalid.**\n\n### Patches\nUpdate to `@xmldom/xmldom@~0.7.6`, `@xmldom/xmldom@~0.8.3` (dist-tag `latest`) or `@xmldom/xmldom@>=0.9.0-beta.2` (dist-tag `next`).\n\n### Workarounds\nNone\n\n### References\nhttps://github.com/xmldom/xmldom/pull/437\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n* Add information to https://github.com/xmldom/xmldom/issues/436\n",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
-    }
+
   ],
   "affected": [
     {
@@ -47,7 +44,7 @@
               "introduced": "0.9.0-beta.1"
             },
             {
-              "fixed": ">=0.9.0-beta.2"
+              "fixed": "0.9.0-beta.2"
             }
           ]
         }
@@ -69,14 +66,11 @@
               "introduced": "0.8.0"
             },
             {
-              "fixed": "~0.8.3"
+              "fixed": "0.8.3"
             }
           ]
         }
-      ],
-      "database_specific": {
-        "last_known_affected_version_range": "< 0.8.3"
-      }
+      ]
     },
     {
       "package": {
@@ -91,14 +85,11 @@
               "introduced": "0"
             },
             {
-              "fixed": "~0.7.6"
+              "fixed": "0.7.6"
             }
           ]
         }
-      ],
-      "database_specific": {
-        "last_known_affected_version_range": "< 0.7.6"
-      }
+      ]
     }
   ],
   "references": [
@@ -143,7 +134,7 @@
     "cwe_ids": [
       "CWE-1321"
     ],
-    "severity": "CRITICAL",
+    "severity": "LOW",
     "github_reviewed": true
   }
 }