advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

Advisory GHSA-f4w8-cv6p-x6r5 lists incorrect fixed version

Open shivakumar-loginsoft opened this issue 5 months ago • 1 comments

I have noticed an issue with the details provided in the advisory GHSA-f4w8-cv6p-x6r5 regarding the fixed version.

The advisory lists 8.1.1 as the version where the issue is fixed. However, the vulnerable function was actually introduced in version 8.1.2 (commit reference, release notes).

Could you please review and update the advisory to reflect the correct information? Thank you.

shivakumar-loginsoft avatar Jul 23 '25 11:07 shivakumar-loginsoft

Hi @shivakumar-loginsoft,

Sorry for the slow reply and thank you for bring this to our attention!

You are correct, the vulnerability is fixed in 8.1.2. I will update the advisory.

In the process of investigated this, I noticed that the other vulnerabilities fixed in 8.1.2 are also incorrectly attributed to 8.1.1 so I will be updating them as well. I also notified MITRE to get the CVE records updated.

JonathanLEvans avatar Aug 14 '25 21:08 JonathanLEvans