From 51aef85e3a0e39c1a61b357551dcabe06bc45db0 Mon Sep 17 00:00:00 2001 From: Adam Wolfe Gordon Date: Wed, 8 Jul 2026 10:00:07 -0600 Subject: [PATCH] Improve GHSA-wfqx-gjrf-g28r --- .../GHSA-wfqx-gjrf-g28r/GHSA-wfqx-gjrf-g28r.json | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/advisories/github-reviewed/2026/06/GHSA-wfqx-gjrf-g28r/GHSA-wfqx-gjrf-g28r.json b/advisories/github-reviewed/2026/06/GHSA-wfqx-gjrf-g28r/GHSA-wfqx-gjrf-g28r.json index ed3dd6f46c7be..012689ce47008 100644 --- a/advisories/github-reviewed/2026/06/GHSA-wfqx-gjrf-g28r/GHSA-wfqx-gjrf-g28r.json +++ b/advisories/github-reviewed/2026/06/GHSA-wfqx-gjrf-g28r/GHSA-wfqx-gjrf-g28r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-wfqx-gjrf-g28r", - "modified": "2026-06-19T20:47:55Z", + "modified": "2026-06-19T20:47:56Z", "published": "2026-06-19T20:47:55Z", "aliases": [], "summary": "Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag", @@ -26,11 +26,14 @@ "introduced": "2.3.0-rc.0" }, { - "last_affected": "2.3.2" + "fixed": "v2.3.3" } ] } - ] + ], + "database_specific": { + "last_known_affected_version_range": "<= 2.3.2" + } }, { "package": { @@ -45,11 +48,14 @@ "introduced": "0" }, { - "last_affected": "2.2.2" + "fixed": "v2.2.3" } ] } - ] + ], + "database_specific": { + "last_known_affected_version_range": "<= 2.2.2" + } }, { "package": {