Add CVSS 3.1 severity for GHSA-r67w-f99w-mgxj#6877
Add CVSS 3.1 severity for GHSA-r67w-f99w-mgxj#6877sunnypatell wants to merge 1 commit intogithub:sunnypatell/advisory-improvement-6877from
Conversation
github-actions
bot
changed the base branch from
main
to
sunnypatell/advisory-improvement-6877
There was a problem hiding this comment.
Pull request overview
This pull request adds CVSS 3.1 severity scoring to the GitHub Security Advisory GHSA-r67w-f99w-mgxj, which documents a Regular Expression Denial of Service (ReDoS) vulnerability in the Embedchain JSON loader (CVE-2024-23732). The CVSS vector string indicates a base score of 7.5 (HIGH severity) for this availability-impacting vulnerability.
Changes:
- Added CVSS 3.1 severity scoring with vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:Hto the advisory JSON file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" | ||
| } | ||
| ], |
There was a problem hiding this comment.
The CVSS 3.1 vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H calculates to a base score of 7.5, which is classified as HIGH severity (7.0-8.9 range), not MODERATE. However, the database_specific.severity field at line 60 still shows "MODERATE". This field should be updated to "HIGH" to match the CVSS score. All other advisories in the repository with this same CVSS vector have "HIGH" severity in their database_specific section.
1 participant
Changes
Added CVSS 3.1 scoring to GHSA-r67w-f99w-mgxj (Embedchain ReDoS in JSON loader).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H(7.5 High)CVSS justification
References