[GHSA-w35j-pv5h-q9q9] Apache Log4j's JsonTemplateLayout produces invalid JSON output when log events contain non-finite floating-point values#7362
Conversation
github-actions
bot
changed the base branch from
main
to
ppkarwasz/advisory-improvement-7362
There was a problem hiding this comment.
Pull request overview
Updates the OSV advisory for GHSA-w35j-pv5h-q9q9 / CVE-2026-34481 to improve the written description and correct the affected version range representation for the 3.x pre-release line.
Changes:
- Refines the advisory summary and details text (formatting and clarity).
- Corrects the 3.x affected range by changing the event from
fixed: 3.0.0-beta3tolast_affected: 3.0.0-beta3. - Updates the advisory
modifiedtimestamp.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "schema_version": "1.4.0", | ||
| "id": "GHSA-w35j-pv5h-q9q9", | ||
| "modified": "2026-04-10T21:16:54Z", | ||
| "modified": "2026-04-10T21:16:55Z", |
There was a problem hiding this comment.
modified was updated, but database_specific.github_reviewed_at remains 2026-04-10T21:16:54Z, which is now earlier than the advisory's modified timestamp (2026-04-10T21:16:55Z). Since github_reviewed_at is defined as the timestamp of the last curator review, it should be updated to be >= modified (typically matching it) to avoid inconsistent metadata.
advisory-database
bot
merged commit a195406
into
ppkarwasz/advisory-improvement-7362
|
Hi @ppkarwasz! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future! |
Updates
Comments
lessThanOrEqual3.0.0-beta3are affected.