diff --git a/advisories/github-reviewed/2026/06/GHSA-6q7j-xr26-3h2c/GHSA-6q7j-xr26-3h2c.json b/advisories/github-reviewed/2026/06/GHSA-6q7j-xr26-3h2c/GHSA-6q7j-xr26-3h2c.json index 465c0aa69b295..5e09d8a663587 100644 --- a/advisories/github-reviewed/2026/06/GHSA-6q7j-xr26-3h2c/GHSA-6q7j-xr26-3h2c.json +++ b/advisories/github-reviewed/2026/06/GHSA-6q7j-xr26-3h2c/GHSA-6q7j-xr26-3h2c.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-6q7j-xr26-3h2c", - "modified": "2026-06-26T21:02:14Z", + "modified": "2026-06-26T21:02:15Z", "published": "2026-06-26T21:02:14Z", "aliases": [], "summary": "Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)", @@ -9,7 +9,7 @@ "severity": [ { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" } ], "affected": [ @@ -34,6 +34,28 @@ "database_specific": { "last_known_affected_version_range": "<= 7.2.0" } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Scriban.Signed" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "6.6.0" + }, + { + "fixed": "7.2.1" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 7.2.0" + } } ], "references": [