Improve GHSA-cj8w-v588-p8wx

github · Sep 1, 2023 · f278731 · f278731
1 parent 123abb4
commit f278731
Showing 1 changed file with 7 additions and 9 deletions.
diff --git a/advisories/github-reviewed/2023/08/GHSA-cj8w-v588-p8wx/GHSA-cj8w-v588-p8wx.json b/advisories/github-reviewed/2023/08/GHSA-cj8w-v588-p8wx/GHSA-cj8w-v588-p8wx.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cj8w-v588-p8wx",
-  "modified": "2023-08-31T14:49:19Z",
+  "modified": "2023-08-31T14:49:20Z",
   "published": "2023-08-29T00:32:04Z",
   "aliases": [
     "CVE-2023-40828"
   ],
   "summary": "pf4j vulnerable to remote code execution via expandIfZip method in the extract function",
-  "details": "An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.",
+  "details": "\nDescription\nAn issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.\n\n",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -20,11 +20,6 @@
         "ecosystem": "Maven",
         "name": "org.pf4j:pf4j"
       },
-      "ecosystem_specific": {
-        "affected_functions": [
-          ""
-        ]
-      },
       "ranges": [
         {
           "type": "ECOSYSTEM",
@@ -33,11 +28,14 @@
               "introduced": "0"
             },
             {
-              "last_affected": "3.9.0"
+              "fixed": "None"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 3.9.0"
+      }
     }
   ],
   "references": [