From 9ae7c33c94c453031a924c8146e069640b0e3864 Mon Sep 17 00:00:00 2001 From: Tim White Date: Sat, 7 Oct 2023 16:40:54 +1300 Subject: [PATCH 1/2] Improve GHSA-7g54-vgp6-jj5w --- .../GHSA-7g54-vgp6-jj5w/GHSA-7g54-vgp6-jj5w.json | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/advisories/github-reviewed/2022/05/GHSA-7g54-vgp6-jj5w/GHSA-7g54-vgp6-jj5w.json b/advisories/github-reviewed/2022/05/GHSA-7g54-vgp6-jj5w/GHSA-7g54-vgp6-jj5w.json index e8b54e9d1ce4d..dabdc102d2210 100644 --- a/advisories/github-reviewed/2022/05/GHSA-7g54-vgp6-jj5w/GHSA-7g54-vgp6-jj5w.json +++ b/advisories/github-reviewed/2022/05/GHSA-7g54-vgp6-jj5w/GHSA-7g54-vgp6-jj5w.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-7g54-vgp6-jj5w", - "modified": "2022-11-03T20:48:21Z", + "modified": "2023-10-07T03:39:01Z", "published": "2022-05-17T02:26:22Z", "aliases": [ "CVE-2016-6798" @@ -33,6 +33,15 @@ ] } ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.sling:org.apache.sling.xss.compat" + }, + "versions": [ + "1.0.0" + ] } ], "references": [ @@ -47,6 +56,10 @@ { "type": "WEB", "url": "http://www.securityfocus.com/bid/99873" + }, + { + "type": "WEB", + "url": "https://github.com/jensdietrich/xshady-release/tree/main/CVE-2016-6798" } ], "database_specific": { From 002cc26e700602e125ac05db4a9101e012f2205b Mon Sep 17 00:00:00 2001 From: Tim White Date: Wed, 11 Oct 2023 10:07:29 +1300 Subject: [PATCH 2/2] Confirmed vuln absent from org.apache.sling:org.apache.sling.xss.compat:1.1.0 --- .../GHSA-7g54-vgp6-jj5w.json | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2022/05/GHSA-7g54-vgp6-jj5w/GHSA-7g54-vgp6-jj5w.json b/advisories/github-reviewed/2022/05/GHSA-7g54-vgp6-jj5w/GHSA-7g54-vgp6-jj5w.json index dabdc102d2210..0c74574268a1d 100644 --- a/advisories/github-reviewed/2022/05/GHSA-7g54-vgp6-jj5w/GHSA-7g54-vgp6-jj5w.json +++ b/advisories/github-reviewed/2022/05/GHSA-7g54-vgp6-jj5w/GHSA-7g54-vgp6-jj5w.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-7g54-vgp6-jj5w", - "modified": "2023-10-07T03:39:01Z", + "modified": "2023-10-10T21:05:51Z", "published": "2022-05-17T02:26:22Z", "aliases": [ "CVE-2016-6798" @@ -39,6 +39,19 @@ "ecosystem": "Maven", "name": "org.apache.sling:org.apache.sling.xss.compat" }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.1.0" + } + ] + } + ], "versions": [ "1.0.0" ] @@ -71,4 +84,4 @@ "github_reviewed_at": "2022-11-03T20:48:21Z", "nvd_published_at": "2017-07-19T15:29:00Z" } -} \ No newline at end of file +}