Skip to content

[GHSA-j4fx-xxwh-2485] Update advisory references#7890

Closed
yuki-matsuhashi wants to merge 1 commit into
github:yuki-matsuhashi/advisory-improvement-7890from
yuki-matsuhashi:patch-2
Closed

[GHSA-j4fx-xxwh-2485] Update advisory references#7890
yuki-matsuhashi wants to merge 1 commit into
github:yuki-matsuhashi/advisory-improvement-7890from
yuki-matsuhashi:patch-2

Conversation

@yuki-matsuhashi

Copy link
Copy Markdown

Updates

  • References

Comments

This updates the advisory references by removing a reference that is no longer available. No vulnerability metadata is changed.

As the reporter, I created the referenced material in accordance with a third-party OSS vulnerability reporting process. It was intended only as temporary submission material, and was not intended by me as a public advisory reference. It was deleted early on and is no longer available, so the corresponding reference should also be removed from this advisory.

@github-actions github-actions Bot changed the base branch from main to yuki-matsuhashi/advisory-improvement-7890 June 4, 2026 12:39
@JonathanLEvans

Copy link
Copy Markdown

Hi @yuki-matsuhashi,

The reference came from the CVE records. You cannot update the CVE record using this form. Please contact Snyk (the assigning CNA) via report@snyk.io to get the CVE record updated.

@yuki-matsuhashi

Copy link
Copy Markdown
Author

Hi @JonathanLEvans,

Thanks for taking a look, and sorry that my original description was unclear.

This PR is only intended to update the GitHub Advisory Database entry, not the CVE record itself.

I have already reached out to the CNA separately about the CVE record. My understanding, based on the behavior I observed in #7862, is that updates to the CVE record are not automatically reflected in the corresponding GitHub Advisory entry. That is why I opened this PR separately from the CVE record update.

If my understanding is correct, could you reopen this PR for the advisory update?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants