[GHSA-rm3r-35x9-jv93] A supply chain attack compromised the official...

[Vendetaaaa]

Updates

• Affected products
• CVSS v4
• Description
• Summary

Comments
Populated precise version boundaries (12.5.0.2421 through 12.5.0.2434), mapped the definitive patched version milestone (12.6.0.2445), added the technical breakdown of the supply chain compromise based on threat intelligence findings, and applied the official CWE-506 designation.

[github-actions]

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

[taladrane]

hi @Vendetaaaa , thank you for your contribution! After review, we're unable to accept this submission because the affected package isn't part of an ecosystem currently supported by the GitHub Advisory Database. Our database is scoped to advisories for packages published in the supported ecosystems listed here, so we're unable to publish or curate advisories for this at this time.

We've closed this PR as out of scope, but really appreciate you taking the time to report this. If you believe the affected package is published in one of our supported ecosystems and we've misidentified it, please let us know and we'll take another look!