diff --git a/advisories/github-reviewed/2026/06/GHSA-wfqx-gjrf-g28r/GHSA-wfqx-gjrf-g28r.json b/advisories/github-reviewed/2026/06/GHSA-wfqx-gjrf-g28r/GHSA-wfqx-gjrf-g28r.json index ed3dd6f46c7be..012689ce47008 100644 --- a/advisories/github-reviewed/2026/06/GHSA-wfqx-gjrf-g28r/GHSA-wfqx-gjrf-g28r.json +++ b/advisories/github-reviewed/2026/06/GHSA-wfqx-gjrf-g28r/GHSA-wfqx-gjrf-g28r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-wfqx-gjrf-g28r", - "modified": "2026-06-19T20:47:55Z", + "modified": "2026-06-19T20:47:56Z", "published": "2026-06-19T20:47:55Z", "aliases": [], "summary": "Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag", @@ -26,11 +26,14 @@ "introduced": "2.3.0-rc.0" }, { - "last_affected": "2.3.2" + "fixed": "v2.3.3" } ] } - ] + ], + "database_specific": { + "last_known_affected_version_range": "<= 2.3.2" + } }, { "package": { @@ -45,11 +48,14 @@ "introduced": "0" }, { - "last_affected": "2.2.2" + "fixed": "v2.2.3" } ] } - ] + ], + "database_specific": { + "last_known_affected_version_range": "<= 2.2.2" + } }, { "package": {