You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, unfortunately, version 3.0.1 is in fact affected by this problem. Since we have a policy of not widening affected version ranges for already-published CVEs, we have created the follow-up CVE-2024-23952 CVE for this issue.
I see GHSA-95mg-jgfx-54v9 still suggests 3.0.1 is not affected, but there doesn't appear to be a GHSA for CVE-2024-23952.
Would you prefer we widen the range of GHSA-95mg-jgfx-54v9 and add CVE-2024-23952 as an alias, or allocate a new GHSA?
The text was updated successfully, but these errors were encountered:
The version range of GHSA-95mg-jgfx-54v9 follows the version range of CVE-2023-46104 which suggests version 3.0.1 is unaffected.
However, unfortunately, version 3.0.1 is in fact affected by this problem. Since we have a policy of not widening affected version ranges for already-published CVEs, we have created the follow-up CVE-2024-23952 CVE for this issue.
I see GHSA-95mg-jgfx-54v9 still suggests 3.0.1 is not affected, but there doesn't appear to be a GHSA for CVE-2024-23952.
Would you prefer we widen the range of GHSA-95mg-jgfx-54v9 and add CVE-2024-23952 as an alias, or allocate a new GHSA?
The text was updated successfully, but these errors were encountered: