Open
Description
I'm writing to report a metadata issue in the advisory GHSA-3wqh-h42r-x8fq for the @hapi/subtext package.
The affected version ranges are currently incorrect. Based on my analysis and comparison with GHSA-5854-jvxx-2cg9, which describes the same vulnerability, the correct vulnerable version ranges for the scoped package @hapi/subtext are >=6.1.0 <=6.1.3 & >=7.0.0 <7.0.3
Additionally, as noted on the npm package page, versions within this range (6.1.0 to 7.0.2) have been deprecated, which aligns with the identified vulnerability. Please consider updating the advisory metadata to reflect these accurate ranges.
Metadata
Metadata
Assignees
Labels
No labels