GHSA SYNC: 1 brand new jwt advisory#1057
Conversation
jasnow
left a comment
jasnow
left a comment
There was a problem hiding this comment.
- Per CONTRIBUTING.md, please wrap text fields at 80 columns.
- CVE not in the NVD database. Please add "https://www.cve.org/CVERecord?id=CVE-2026-45363" to RELATED/URL field. Note that the CVE is reserved and empty.
Thanks for your contribution.
wlads
force-pushed
the
ghsa-syncbot-jwt-2026-05-19
branch
from
74e417f to
234d664
Compare
|
Thanks for the review @jasnow! Just pushed the requested changes — ready for another look when you get a chance 🙂 |
jasnow
left a comment
jasnow
left a comment
There was a problem hiding this comment.
Approved - Thanks for your contribution.
| - ">= 3.2.0" | ||
| related: | ||
| url: | ||
| - https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x |
| - https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x | ||
| - https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f | ||
| - https://github.com/jwt/ruby-jwt/releases/tag/v3.2.0 | ||
| - https://github.com/advisories/GHSA-c32j-vqhx-rx3x |
There was a problem hiding this comment.
Is it worth to keep this url also? It is almost the same page as the main url.
There was a problem hiding this comment.
Is there really any value in keeping both links?
There was a problem hiding this comment.
I also collect URLs and put them in the related: / url: field then pick an advisory URL to use in the url: field.
Never thought of it as duplicates and @postmodern asked for it.
| --- | ||
| gem: jwt | ||
| cve: 2026-45363 | ||
| notes: 'CVE has been reserved, but not filled in.' |
There was a problem hiding this comment.
Got CVE published meanwhile? https://nvd.nist.gov/vuln/detail/CVE-2026-44363
There was a problem hiding this comment.
I will add below Forgot this is not my PR.
3 participants
GHSA SYNC: 1 brand new jwt advisory