Adding Fixed Advisory GHSA-683x-4444-jxh8 for dependency-track (#6079)

Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
wolfi-dev · Jun 26, 2024 · 86414c0 · 86414c0
1 parent 5c8d430
commit 86414c0
Showing 1 changed file with 24 additions and 14 deletions.
diff --git a/dependency-track.advisories.yaml b/dependency-track.advisories.yaml
@@ -4,6 +4,16 @@ package:
   name: dependency-track
 
 advisories:
+  - id: CGA-6ffw-f2qw-rxwj
+    aliases:
+      - CVE-2024-38374
+      - GHSA-683x-4444-jxh8
+    events:
+      - timestamp: 2024-06-26T07:08:51Z
+        type: fixed
+        data:
+          fixed-version: 4.11.4-r0
+
   - id: CGA-7847-h394-6rg8
     aliases:
       - CVE-2023-52428
@@ -49,44 +59,44 @@ advisories:
         data:
           fixed-version: 4.10.1-r1
 
-  - id: CGA-w8q8-p4r5-xxg9
+  - id: CGA-ppj7-32h7-rr4m
     aliases:
-      - CVE-2024-25710
-      - GHSA-4g9r-vxhx-9pgx
+      - CVE-2024-26308
+      - GHSA-4265-ccf5-phj5
     events:
-      - timestamp: 2024-03-01T07:20:10Z
+      - timestamp: 2024-02-21T07:09:22Z
         type: detection
         data:
           type: scan/v1
           data:
-            subpackageName: dependency-track
-            componentID: df378e6669f6aac2
+            subpackageName: dependency-track-bundled
+            componentID: 775e69b9cbee0987
             componentName: commons-compress
             componentVersion: 1.25.0
             componentType: java-archive
-            componentLocation: /usr/share/java/dependency-track/dependency-track-apiserver.jar
+            componentLocation: /usr/share/java/dependency-track/dependency-track-bundled.jar
             scanner: grype
       - timestamp: 2024-03-05T17:08:23Z
         type: fixed
         data:
           fixed-version: 4.10.1-r2
 
-  - id: CGA-ppj7-32h7-rr4m
+  - id: CGA-w8q8-p4r5-xxg9
     aliases:
-      - CVE-2024-26308
-      - GHSA-4265-ccf5-phj5
+      - CVE-2024-25710
+      - GHSA-4g9r-vxhx-9pgx
     events:
-      - timestamp: 2024-02-21T07:09:22Z
+      - timestamp: 2024-03-01T07:20:10Z
         type: detection
         data:
           type: scan/v1
           data:
-            subpackageName: dependency-track-bundled
-            componentID: 775e69b9cbee0987
+            subpackageName: dependency-track
+            componentID: df378e6669f6aac2
             componentName: commons-compress
             componentVersion: 1.25.0
             componentType: java-archive
-            componentLocation: /usr/share/java/dependency-track/dependency-track-bundled.jar
+            componentLocation: /usr/share/java/dependency-track/dependency-track-apiserver.jar
             scanner: grype
       - timestamp: 2024-03-05T17:08:23Z
         type: fixed