Skip to content

[GHSA-qqj3-g7mx-5p4w] NeuVector telemetry sender is vulnerable to MITM and DoS#7801

Merged
advisory-database[bot] merged 1 commit into
holyspectral/advisory-improvement-7801from
holyspectral-GHSA-qqj3-g7mx-5p4w
Jul 2, 2026
Merged

[GHSA-qqj3-g7mx-5p4w] NeuVector telemetry sender is vulnerable to MITM and DoS#7801
advisory-database[bot] merged 1 commit into
holyspectral/advisory-improvement-7801from
holyspectral-GHSA-qqj3-g7mx-5p4w

Conversation

@holyspectral

Copy link
Copy Markdown

Updates

  • Affected products

Comments
The 5.3.0, 5.4.6, 5.3.5 and 5.4.7 versions point to invalid golang module versions. The issue has been fixed in the upstream advisory by chaning the type to other GHSA-qqj3-g7mx-5p4w .

Copilot AI review requested due to automatic review settings May 22, 2026 14:24
@github-actions github-actions Bot changed the base branch from main to holyspectral/advisory-improvement-7801 May 22, 2026 14:25

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR updates a GitHub-reviewed advisory JSON for GHSA-qqj3-g7mx-5p4w by adjusting metadata and removing portions of the affected version ranges.

Changes:

  • Updated the advisory "modified" timestamp.
  • Removed two "affected" entries for github.com/neuvector/neuvector (Go) covering specific introduced/fixed ranges.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

"schema_version": "1.4.0",
"id": "GHSA-qqj3-g7mx-5p4w",
"modified": "2026-05-06T13:48:28Z",
"modified": "2025-10-30T17:15:02Z",
Comment on lines 17 to 20
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/neuvector/neuvector"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "5.3.0"
},
{
"fixed": "5.3.5"
}
]
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/neuvector/neuvector"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "5.4.0"
},
{
"fixed": "5.4.7"
}
]
}
],
"database_specific": {
"last_known_affected_version_range": "<= 5.4.6"
}
},
{
"package": {
"ecosystem": "Go",
@advisory-database advisory-database Bot merged commit 171aa46 into holyspectral/advisory-improvement-7801 Jul 2, 2026
4 checks passed
@advisory-database

Copy link
Copy Markdown
Contributor

Hi @holyspectral! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

@advisory-database advisory-database Bot deleted the holyspectral-GHSA-qqj3-g7mx-5p4w branch July 2, 2026 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants