[GHSA-j4fx-xxwh-2485] Update advisory references#7890
Conversation
|
Hi @yuki-matsuhashi, The reference came from the CVE records. You cannot update the CVE record using this form. Please contact Snyk (the assigning CNA) via report@snyk.io to get the CVE record updated. |
|
Hi @JonathanLEvans, Thanks for taking a look, and sorry that my original description was unclear. This PR is only intended to update the GitHub Advisory Database entry, not the CVE record itself. I have already reached out to the CNA separately about the CVE record. My understanding, based on the behavior I observed in #7862, is that updates to the CVE record are not automatically reflected in the corresponding GitHub Advisory entry. That is why I opened this PR separately from the CVE record update. If my understanding is correct, could you reopen this PR for the advisory update? |
Updates
Comments
This updates the advisory references by removing a reference that is no longer available. No vulnerability metadata is changed.
As the reporter, I created the referenced material in accordance with a third-party OSS vulnerability reporting process. It was intended only as temporary submission material, and was not intended by me as a public advisory reference. It was deleted early on and is no longer available, so the corresponding reference should also be removed from this advisory.