[GHSA-q8mj-m7cp-5q26] qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set#7873
Conversation
|
Hi there @ljharb! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates a GitHub Security Advisory JSON record for GHSA-q8mj-m7cp-5q26.
Changes:
- Bumped the advisory
modifiedtimestamp. - Removed the
CVSS_V3entry from theseverityarray, leaving onlyCVSS_V4.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" |
github-actions
Bot
changed the base branch from
main
to
Lokeninfinitypoint/advisory-improvement-7873
Updates
Comments
imporvemnet