Skip to content

Add OctoPrint upload exfiltration fixed references#8439

Open
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8439from
cookesan:octoprint-j4h9-fixed-references
Open

Add OctoPrint upload exfiltration fixed references#8439
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8439from
cookesan:octoprint-j4h9-fixed-references

Conversation

@cookesan

@cookesan cookesan commented Jun 30, 2026

Copy link
Copy Markdown

Adds OctoPrint upload exfiltration fixed references to GHSA-j4h9-pm27-4rfw.

Audit refresh, July 8, 2026:

  • Confirmed the live PR is open, ready for review, merge-clean, and the visible advisory check is green.
  • Rechecked the merge-base diff: exactly one advisory JSON file changes (advisories/github-reviewed/2026/06/GHSA-j4h9-pm27-4rfw/GHSA-j4h9-pm27-4rfw.json), JSON parses, git diff --check passes, and the exact-head worktree is clean.
  • Revalidated the added public references and package-version evidence in the diff; all resolve through their source site or registry.

@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-8439 June 30, 2026 14:17
@cookesan

cookesan commented Jul 7, 2026

Copy link
Copy Markdown
Author

Review note: this expands GHSA-j4h9-pm27-4rfw with the OctoPrint upload exfiltration fix commit plus 1.11.8 and 2.0.0rc3 tag/package evidence. I checked the PR head JSON against the OSV schema, confirmed commit 8e3348197db867c30a32d13984f0bd0d664be413 resolves to the relevant OctoPrint API fix, confirmed both tag URLs resolve, and confirmed PyPI has OctoPrint==1.11.8 and OctoPrint==2.0.0rc3; the affected PyPI ranges, CVSS 4.0 score, alias, and package metadata stay unchanged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant