diff --git a/advisories/unreviewed/2026/06/GHSA-r937-wjx7-w2jp/GHSA-r937-wjx7-w2jp.json b/advisories/unreviewed/2026/06/GHSA-r937-wjx7-w2jp/GHSA-r937-wjx7-w2jp.json index 031ebc159d695..d578c3499ef6a 100644 --- a/advisories/unreviewed/2026/06/GHSA-r937-wjx7-w2jp/GHSA-r937-wjx7-w2jp.json +++ b/advisories/unreviewed/2026/06/GHSA-r937-wjx7-w2jp/GHSA-r937-wjx7-w2jp.json @@ -1,11 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-r937-wjx7-w2jp", - "modified": "2026-06-27T21:30:28Z", + "modified": "2026-06-27T21:31:34Z", "published": "2026-06-26T15:32:13Z", "aliases": [ "CVE-2026-53914" ], + "summary": "Unsafe Java Serialization for Kapt Incremental Cache", "details": "In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata", "severity": [ { @@ -13,7 +14,27 @@ "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "org.jetbrains.kotlin:kotlin-stdlib" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.4.20" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY",