From 3ebfd85ce0a5e63ab7454d36c9727908b0528d4e Mon Sep 17 00:00:00 2001 From: adamus2 <93228314+adamus2@users.noreply.github.com> Date: Fri, 26 Jun 2026 22:09:42 -0500 Subject: [PATCH] Improve GHSA-6q7j-xr26-3h2c --- .../GHSA-6q7j-xr26-3h2c.json | 26 +++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2026/06/GHSA-6q7j-xr26-3h2c/GHSA-6q7j-xr26-3h2c.json b/advisories/github-reviewed/2026/06/GHSA-6q7j-xr26-3h2c/GHSA-6q7j-xr26-3h2c.json index 465c0aa69b295..5e09d8a663587 100644 --- a/advisories/github-reviewed/2026/06/GHSA-6q7j-xr26-3h2c/GHSA-6q7j-xr26-3h2c.json +++ b/advisories/github-reviewed/2026/06/GHSA-6q7j-xr26-3h2c/GHSA-6q7j-xr26-3h2c.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-6q7j-xr26-3h2c", - "modified": "2026-06-26T21:02:14Z", + "modified": "2026-06-26T21:02:15Z", "published": "2026-06-26T21:02:14Z", "aliases": [], "summary": "Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)", @@ -9,7 +9,7 @@ "severity": [ { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" } ], "affected": [ @@ -34,6 +34,28 @@ "database_specific": { "last_known_affected_version_range": "<= 7.2.0" } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Scriban.Signed" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "6.6.0" + }, + { + "fixed": "7.2.1" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 7.2.0" + } } ], "references": [