Merge pull request #5098 from github/G-Rath-GHSA-8x94-hmjh-97hq

github · Dec 18, 2024 · e661e3b · e661e3b
2 parents 65a5e18 + 88a6a89
commit e661e3b
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/advisories/github-reviewed/2022/08/GHSA-8x94-hmjh-97hq/GHSA-8x94-hmjh-97hq.json b/advisories/github-reviewed/2022/08/GHSA-8x94-hmjh-97hq/GHSA-8x94-hmjh-97hq.json
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8x94-hmjh-97hq",
-  "modified": "2024-09-03T14:59:09Z",
+  "modified": "2024-09-03T14:59:11Z",
   "published": "2022-08-11T14:49:12Z",
   "aliases": [
     "CVE-2022-36359"
   ],
-  "summary": "Django vulnerable to Reflected File Download attack ",
+  "summary": "Django vulnerable to Reflected File Download attack",
   "details": "An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.",
   "severity": [
     {
@@ -25,10 +25,10 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "4.0"
             },
             {
-              "fixed": "3.2.15"
+              "fixed": "4.0.7"
             }
           ]
         }
@@ -44,10 +44,10 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "4.0"
+              "introduced": "0"
             },
             {
-              "fixed": "4.0.7"
+              "fixed": "3.2.15"
             }
           ]
         }