[GHSA-rm3r-35x9-jv93] A supply chain attack compromised the official...#7702
[GHSA-rm3r-35x9-jv93] A supply chain attack compromised the official...#7702Vendetaaaa wants to merge 1 commit into
Conversation
|
👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the |
|
hi @Vendetaaaa , thank you for your contribution! After review, we're unable to accept this submission because the affected package isn't part of an ecosystem currently supported by the GitHub Advisory Database. Our database is scoped to advisories for packages published in the supported ecosystems listed here, so we're unable to publish or curate advisories for this at this time. We've closed this PR as out of scope, but really appreciate you taking the time to report this. If you believe the affected package is published in one of our supported ecosystems and we've misidentified it, please let us know and we'll take another look! |
Updates
Comments
Populated precise version boundaries (12.5.0.2421 through 12.5.0.2434), mapped the definitive patched version milestone (12.6.0.2445), added the technical breakdown of the supply chain compromise based on threat intelligence findings, and applied the official CWE-506 designation.