[GHSA-v6h2-p8h4-qcjw] brace-expansion Regular Expression Denial of Service vulnerability #5742
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR updates the advisory for the "[GHSA-v6h2-p8h4-qcjw] brace-expansion Regular Expression Denial of Service vulnerability" by revising metadata and severity scores. Key changes include updating the modified timestamp, replacing existing CVSS entries with a revised CVSS_V3 score, and changing the ecosystem designation from "npm" to "SwiftURL" for the affected package.
Comments suppressed due to low confidence (3)
advisories/github-reviewed/2025/06/GHSA-v6h2-p8h4-qcjw/GHSA-v6h2-p8h4-qcjw.json:20
- Confirm that updating the 'ecosystem' field from 'npm' to 'SwiftURL' correctly reflects the affected product and that all related references are consistent.
"ecosystem": "SwiftURL",
advisories/github-reviewed/2025/06/GHSA-v6h2-p8h4-qcjw/GHSA-v6h2-p8h4-qcjw.json:42
- Confirm that updating the 'ecosystem' field from 'npm' to 'SwiftURL' for this advisory entry is intentional and accurately represents the affected product.
"ecosystem": "SwiftURL",
advisories/github-reviewed/2025/06/GHSA-v6h2-p8h4-qcjw/GHSA-v6h2-p8h4-qcjw.json:14
- The CVSS_V4 entry has been removed and the CVSS_V3 score updated; please confirm that this change accurately reflects the vulnerability severity as intended.
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
github-actions
bot
changed the base branch from
main
to
V1j2t3/advisory-improvement-5742
|
Hi @V1j2t3, I am closing this PR due to the proposed changes in the CVSS scoring. Removing the system impact metrics does not properly reflect the scope of this vulnerability. Thank you for your interest in helping improve GHSA-v6h2-p8h4-qcjw and have a great day! |
Updates
Comments
Yes