[GHSA-28g4-38q8-3cwc] Flowise: Cypher Injection in GraphCypherQAChain#7449
[GHSA-28g4-38q8-3cwc] Flowise: Cypher Injection in GraphCypherQAChain#7449nikpivkin wants to merge 1 commit intonikpivkin/advisory-improvement-7449from
Conversation
|
Hi there @igor-magun-wd! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
bot
changed the base branch from
main
to
nikpivkin/advisory-improvement-7449
There was a problem hiding this comment.
Pull request overview
Updates the GitHub-reviewed advisory for GHSA-28g4-38q8-3cwc to correct the CVSS v4.0 vector string metric ordering so it complies with the CVSS v4.0 specification.
Changes:
- Reordered CVSS v4.0 impact metrics to the required
VC/VI/VA/SC/SI/SAorder in the vector string. - Bumped the advisory
modifiedtimestamp to reflect the update.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Updates
Comments
The CVSSv4.0 vector string has metrics in invalid order. According to CVSS v4.0 specification (Section 7), the required order is
VC/VI/VA/SC/SI/SA, but the current vector hasVC/SC/VI/SI/VA/SA.