From a8172ffe9b9b5cb26e8d21ad6be81cbe7c27cd5f Mon Sep 17 00:00:00 2001 From: Tim White Date: Sat, 7 Oct 2023 11:43:13 +1300 Subject: [PATCH 1/2] Improve GHSA-xwf4-88xr-hx2j --- .../GHSA-xwf4-88xr-hx2j/GHSA-xwf4-88xr-hx2j.json | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/advisories/github-reviewed/2022/05/GHSA-xwf4-88xr-hx2j/GHSA-xwf4-88xr-hx2j.json b/advisories/github-reviewed/2022/05/GHSA-xwf4-88xr-hx2j/GHSA-xwf4-88xr-hx2j.json index ae626215e9095..07b35cb10a00a 100644 --- a/advisories/github-reviewed/2022/05/GHSA-xwf4-88xr-hx2j/GHSA-xwf4-88xr-hx2j.json +++ b/advisories/github-reviewed/2022/05/GHSA-xwf4-88xr-hx2j/GHSA-xwf4-88xr-hx2j.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-xwf4-88xr-hx2j", - "modified": "2022-11-03T19:12:07Z", + "modified": "2023-10-06T22:38:28Z", "published": "2022-05-13T01:25:29Z", "aliases": [ "CVE-2016-5394" @@ -33,6 +33,15 @@ ] } ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.sling:org.apache.sling.xss.compat" + }, + "versions": [ + "1.0.0" + ] } ], "references": [ @@ -47,6 +56,10 @@ { "type": "WEB", "url": "http://www.securityfocus.com/bid/99870" + }, + { + "type": "WEB", + "url": "https://github.com/jensdietrich/xshady-release/tree/main/CVE-2016-5394" } ], "database_specific": { From b236a07b71aaf628483fdf938f191b3e0586db07 Mon Sep 17 00:00:00 2001 From: Tim White Date: Tue, 10 Oct 2023 18:27:55 +1300 Subject: [PATCH 2/2] Confirmed vuln absent from org.apache.sling:org.apache.sling.xss.compat:1.1.0 --- .../GHSA-xwf4-88xr-hx2j/GHSA-xwf4-88xr-hx2j.json | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/advisories/github-reviewed/2022/05/GHSA-xwf4-88xr-hx2j/GHSA-xwf4-88xr-hx2j.json b/advisories/github-reviewed/2022/05/GHSA-xwf4-88xr-hx2j/GHSA-xwf4-88xr-hx2j.json index 07b35cb10a00a..acea0bd188bc7 100644 --- a/advisories/github-reviewed/2022/05/GHSA-xwf4-88xr-hx2j/GHSA-xwf4-88xr-hx2j.json +++ b/advisories/github-reviewed/2022/05/GHSA-xwf4-88xr-hx2j/GHSA-xwf4-88xr-hx2j.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-xwf4-88xr-hx2j", - "modified": "2023-10-06T22:38:28Z", + "modified": "2023-10-10T05:19:57Z", "published": "2022-05-13T01:25:29Z", "aliases": [ "CVE-2016-5394" @@ -39,6 +39,19 @@ "ecosystem": "Maven", "name": "org.apache.sling:org.apache.sling.xss.compat" }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.1.0" + } + ] + } + ], "versions": [ "1.0.0" ]