Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 035e8c202146 · 2026-01-23T22:51:08.000Z
GHSA-qr32-j4j6-3m7r GHSA-8whr-v3gm-w8h9
diff --git a/advisories/github-reviewed/2019/05/GHSA-qr32-j4j6-3m7r/GHSA-qr32-j4j6-3m7r.json b/advisories/github-reviewed/2019/05/GHSA-qr32-j4j6-3m7r/GHSA-qr32-j4j6-3m7r.json
@@ -1,13 +1,14 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qr32-j4j6-3m7r",
-  "modified": "2020-08-31T18:20:27Z",
+  "modified": "2026-01-23T22:50:14Z",
   "published": "2019-05-29T20:23:00Z",
+  "withdrawn": "2026-01-23T22:50:14Z",
   "aliases": [
     "CVE-2017-16087"
   ],
-  "summary": "Command Injection in fs-git",
-  "details": "Affected versions of `fs-git` do not sanitize strings passed into the `buildCommand` method, resulting in arbitrary code execution.\n\n\n## Recommendation\n\nUpdate to version 1.0.2 or later. ",
+  "summary": "Duplicate Advisory: Command Injection in fs-git",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-wp3j-gv53-4pg8. This link is maintained to preserve external references.\n\n## Original Description\nAffected versions of `fs-git` do not sanitize strings passed into the `buildCommand` method, resulting in arbitrary code execution.\n\n\n## Recommendation\n\nUpdate to version 1.0.2 or later.",
   "severity": [],
   "affected": [
     {
diff --git a/advisories/github-reviewed/2020/09/GHSA-8whr-v3gm-w8h9/GHSA-8whr-v3gm-w8h9.json b/advisories/github-reviewed/2020/09/GHSA-8whr-v3gm-w8h9/GHSA-8whr-v3gm-w8h9.json
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8whr-v3gm-w8h9",
-  "modified": "2021-10-04T21:08:30Z",
+  "modified": "2026-01-23T22:49:42Z",
   "published": "2020-09-03T15:51:04Z",
+  "withdrawn": "2026-01-23T22:49:42Z",
   "aliases": [],
-  "summary": "Command Injection in node-rules",
-  "details": "Versions of `node-rules` prior to 5.0.0 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an `eval` call when using the `fromJSON` function. This may allow attackers to execute arbitrary code in the system if the rules are user-controlled.\n\n\n## Recommendation\n\nUpgrade to version 5.0.0 or later.",
+  "summary": "Duplicate Advisory: Command Injection in node-rules",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-f78f-353m-cf4j. This link is maintained to preserve external references.\n\n## Original Description\nVersions of `node-rules` prior to 5.0.0 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an `eval` call when using the `fromJSON` function. This may allow attackers to execute arbitrary code in the system if the rules are user-controlled.\n\n\n## Recommendation\n\nUpgrade to version 5.0.0 or later.",
   "severity": [
     {
       "type": "CVSS_V3",
