Skip to content

Comments

Add CVSS 3.1 severity for GHSA-vm74-j4wq-82xj#6945

Merged
advisory-database[bot] merged 1 commit intogithub:sunnypatell/advisory-improvement-6945from
sunnypatell:add-cvss31-GHSA-vm74-j4wq-82xj
Feb 17, 2026
Merged

Add CVSS 3.1 severity for GHSA-vm74-j4wq-82xj#6945
advisory-database[bot] merged 1 commit intogithub:sunnypatell/advisory-improvement-6945from
sunnypatell:add-cvss31-GHSA-vm74-j4wq-82xj

Conversation

@sunnypatell
Copy link

@sunnypatell sunnypatell commented Feb 17, 2026

adds CNA-sourced CVSS 3.1 severity score to this advisory which currently has no CVSS scoring.

  • source: NVD (CNA-provided)
  • score: 3.5 (LOW)
  • vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Copilot AI review requested due to automatic review settings February 17, 2026 20:08
@github-actions github-actions bot changed the base branch from main to sunnypatell/advisory-improvement-6945 February 17, 2026 20:09
@sunnypatell sunnypatell force-pushed the add-cvss31-GHSA-vm74-j4wq-82xj branch from 391a359 to 032ece6 Compare February 17, 2026 20:11
Copilot AI reviewed Feb 17, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds CVSS 3.1 severity scoring to security advisory GHSA-vm74-j4wq-82xj, which previously lacked any CVSS scoring information. The CNA-provided score from NVD rates this vulnerability as LOW severity (3.5) with the vector CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.

Changes:

  • Added CVSS 3.1 severity score entry to the advisory JSON file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@advisory-database advisory-database bot merged commit ef5b8a9 into github:sunnypatell/advisory-improvement-6945 Feb 17, 2026
1 check passed
@advisory-database
Copy link
Contributor

advisory-database bot commented Feb 17, 2026

Hi @sunnypatell! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

@shelbyc
Copy link
Contributor

shelbyc commented Feb 17, 2026

Hi @sunnypatell, as with #6944, the only change I made was to set attack vector to network instead of adjacent.

@sunnypatell sunnypatell mentioned this pull request Feb 18, 2026
Merged
@sunnypatell
Copy link
Author

sunnypatell commented Feb 18, 2026

same situation as #6944 @shelbyc. sisimai parses RFC 5322 bounce emails, so the malicious input literally arrives over SMTP/network. VulDB's AV:A was clearly wrong here. appreciate the correction.

@sunnypatell sunnypatell mentioned this pull request Feb 18, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sunnypatell @shelbyc