From 090fbeafa2d3d720b9880c8bc25cdc07ae649977 Mon Sep 17 00:00:00 2001 From: Brian Clozel Date: Fri, 10 Jan 2025 11:12:15 +0100 Subject: [PATCH] Improve GHSA-q3v6-hm2v-pw99 --- .../GHSA-q3v6-hm2v-pw99.json | 55 +++++++++++-------- 1 file changed, 31 insertions(+), 24 deletions(-) diff --git a/advisories/github-reviewed/2024/12/GHSA-q3v6-hm2v-pw99/GHSA-q3v6-hm2v-pw99.json b/advisories/github-reviewed/2024/12/GHSA-q3v6-hm2v-pw99/GHSA-q3v6-hm2v-pw99.json index 12b41a346a0df..f4eeb4f6479f9 100644 --- a/advisories/github-reviewed/2024/12/GHSA-q3v6-hm2v-pw99/GHSA-q3v6-hm2v-pw99.json +++ b/advisories/github-reviewed/2024/12/GHSA-q3v6-hm2v-pw99/GHSA-q3v6-hm2v-pw99.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-q3v6-hm2v-pw99", - "modified": "2024-12-02T20:04:17Z", + "modified": "2024-12-02T20:04:18Z", "published": "2024-12-02T15:31:41Z", "aliases": [ "CVE-2024-38827" @@ -12,17 +12,13 @@ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" - }, - { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" } ], "affected": [ { "package": { "ecosystem": "Maven", - "name": "org.springframework:spring-beans" + "name": "org.springframework.security:spring-security-core" }, "ranges": [ { @@ -32,7 +28,7 @@ "introduced": "0" }, { - "fixed": "6.1.14" + "fixed": "5.7.14" } ] } @@ -41,7 +37,7 @@ { "package": { "ecosystem": "Maven", - "name": "org.springframework:spring-context" + "name": "org.springframework.security:spring-security-core" }, "ranges": [ { @@ -51,7 +47,7 @@ "introduced": "0" }, { - "fixed": "6.1.14" + "fixed": "5.8.16" } ] } @@ -60,7 +56,7 @@ { "package": { "ecosystem": "Maven", - "name": "org.springframework:spring-core" + "name": "org.springframework.security:spring-security-core" }, "ranges": [ { @@ -70,7 +66,7 @@ "introduced": "0" }, { - "fixed": "6.1.14" + "fixed": "6.0.14" } ] } @@ -79,7 +75,7 @@ { "package": { "ecosystem": "Maven", - "name": "org.springframework:spring-expression" + "name": "org.springframework.security:spring-security-core" }, "ranges": [ { @@ -89,7 +85,7 @@ "introduced": "0" }, { - "fixed": "6.1.14" + "fixed": "6.1.12" } ] } @@ -98,7 +94,7 @@ { "package": { "ecosystem": "Maven", - "name": "org.springframework:spring-jdbc" + "name": "org.springframework.security:spring-security-core" }, "ranges": [ { @@ -108,7 +104,26 @@ "introduced": "0" }, { - "fixed": "6.1.14" + "fixed": "6.2.8" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.springframework.security:spring-security-core" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "6.3.5" } ] } @@ -120,17 +135,9 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38827" }, - { - "type": "WEB", - "url": "https://github.com/spring-projects/spring-framework/issues/33708" - }, - { - "type": "WEB", - "url": "https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9" - }, { "type": "PACKAGE", - "url": "https://github.com/spring-projects/spring-framework" + "url": "https://github.com/spring-projects/spring-security" }, { "type": "WEB",