[GHSA-98m9-hrrm-r99r] Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters#8113
Conversation
|
Hi there @iMacTia! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
Bot
changed the base branch from
main
to
Starfox64/advisory-improvement-8113
There was a problem hiding this comment.
Pull request overview
Updates the GitHub-reviewed advisory for GHSA-98m9-hrrm-r99r (Faraday) to reflect corrected/expanded affected version information, including the stated 1.x backport fix.
Changes:
- Adjusts the 2.x affected range start to
2.0.0. - Adds a new affected range covering the 1.x line with fix in
1.10.6. - Updates the advisory
modifiedtimestamp.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" |
| { | ||
| "fixed": "1.10.6" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "last_known_affected_version_range": "<= 1.10.5" | ||
| } |
Updates
Comments
Fix backported to 1.x
https://github.com/lostisland/faraday/releases/tag/v1.10.6