Skip to content

[GHSA-8gw3-rxh4-v6jx] expr-eval vulnerable to Prototype Pollution#7806

Closed
vladko312 wants to merge 1 commit into
vladko312/advisory-improvement-7806from
vladko312-GHSA-8gw3-rxh4-v6jx
Closed

[GHSA-8gw3-rxh4-v6jx] expr-eval vulnerable to Prototype Pollution#7806
vladko312 wants to merge 1 commit into
vladko312/advisory-improvement-7806from
vladko312-GHSA-8gw3-rxh4-v6jx

Conversation

@vladko312

Copy link
Copy Markdown

Updates

  • Affected products
  • CVSS v3
  • Severity

Comments
CVSS assessment was taken from the original report about prototype pollution, while the full impact was not yet discovered. Since 2022, it is known that the vulnerability can be used for full remote code execution (exploit present in sources).

@github-actions github-actions Bot changed the base branch from main to vladko312/advisory-improvement-7806 May 22, 2026 19:41
@shelbyc

shelbyc commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

👋 Hi @vladko312, the organization that issued the CVSS is CISA-ADP. If you have concerns about the CVSS that they issued, I recommend opening an issue at https://github.com/cisagov/vulnrichment/issues to discuss the possibility of rescoring. Thank you for your interest in GHSA-8gw3-rxh4-v6jx.

@shelbyc shelbyc closed this Jul 1, 2026
@github-actions github-actions Bot deleted the vladko312-GHSA-8gw3-rxh4-v6jx branch July 1, 2026 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants