Skip to content

[GHSA-qrgf-jqqm-x7xv] High severity vulnerability that affects dragonfly#484

Closed
G-Rath wants to merge 1 commit into
G-Rath/advisory-improvement-484from
G-Rath-GHSA-qrgf-jqqm-x7xv
Closed

[GHSA-qrgf-jqqm-x7xv] High severity vulnerability that affects dragonfly#484
G-Rath wants to merge 1 commit into
G-Rath/advisory-improvement-484from
G-Rath-GHSA-qrgf-jqqm-x7xv

Conversation

@G-Rath
Copy link
Copy Markdown

@G-Rath G-Rath commented Jul 7, 2022

Updates

  • Affected products

@github-actions github-actions Bot changed the base branch from main to G-Rath/advisory-improvement-484 July 7, 2022 19:10
@G-Rath G-Rath closed this Jul 7, 2022
ilyajob05 added a commit to ilyajob05/advisory-database that referenced this pull request Mar 24, 2026
@ilyajob05
Mark CVE-2023-37365 (hnswlib double free) as fixed in 0.8.0
acadfb1 
The double-free vulnerability (CVE-2023-37365) was fixed by capping the M parameter to 10000. The fix was merged via nmslib/hnswlib#508 (original fix by @emollier in github#484, integrated and improved by @jlmelville in github#508).
  The fix is included in release v0.8.0.
  This change updates the advisory to specify the fixed version so downstream scanners (Snyk, Dependabot, Trivy) correctly identify patched installations.
@ilyajob05 ilyajob05 mentioned this pull request Mar 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@G-Rath