[GHSA-c4j6-fc7j-m34r] Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades#7719
Conversation
|
Hi there @timneutkens! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
Bot
changed the base branch from
main
to
Drbambi7/advisory-improvement-7719
There was a problem hiding this comment.
Pull request overview
Updates the CVSS v3 vector and severity rating for the Next.js SSRF advisory (GHSA-c4j6-fc7j-m34r), lowering it from HIGH to MODERATE.
Changes:
- Updated CVSS v3 vector to reflect higher attack complexity, required privileges, and user interaction.
- Lowered severity from HIGH to MODERATE.
- Bumped the
modifiedtimestamp.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Hi there @timneutkens! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
Updates
Comments
שפר הכי שניתן