Publish GHSA-ghc4-35x6-crw5

advisory-database[bot] · advisory-database[bot] · commit 113e0fd94e32 · 2026-04-13T17:32:17.000Z
diff --git a/advisories/github-reviewed/2026/03/GHSA-ghc4-35x6-crw5/GHSA-ghc4-35x6-crw5.json b/advisories/github-reviewed/2026/03/GHSA-ghc4-35x6-crw5/GHSA-ghc4-35x6-crw5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ghc4-35x6-crw5",
-  "modified": "2026-03-10T22:24:17Z",
+  "modified": "2026-04-13T17:29:34Z",
   "published": "2026-03-10T18:30:42Z",
   "aliases": [
     "CVE-2026-26308"
@@ -20,6 +20,19 @@
         "ecosystem": "Go",
         "name": "github.com/envoyproxy/envoy"
       },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.37.0"
+            },
+            {
+              "fixed": "1.37.1"
+            }
+          ]
+        }
+      ],
       "versions": [
         "1.37.0"
       ]
@@ -37,11 +50,14 @@
               "introduced": "1.36.0"
             },
             {
-              "last_affected": "1.36.4"
+              "fixed": "1.36.5"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.36.4"
+      }
     },
     {
       "package": {
@@ -56,11 +72,14 @@
               "introduced": "1.35.0"
             },
             {
-              "last_affected": "1.35.8"
+              "fixed": "1.35.9"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.35.8"
+      }
     },
     {
       "package": {
@@ -75,11 +94,14 @@
               "introduced": "0"
             },
             {
-              "last_affected": "1.34.12"
+              "fixed": "1.34.13"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.34.12"
+      }
     }
   ],
   "references": [

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-ghc4-35x6-crw5",`
`4`		`- "modified": "2026-03-10T22:24:17Z",`
	`4`	`+ "modified": "2026-04-13T17:29:34Z",`
`5`	`5`	`"published": "2026-03-10T18:30:42Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-26308"`
`@@ -20,6 +20,19 @@`
`20`	`20`	`"ecosystem": "Go",`
`21`	`21`	`"name": "github.com/envoyproxy/envoy"`
`22`	`22`	`},`
	`23`	`+ "ranges": [`
	`24`	`+ {`
	`25`	`+ "type": "ECOSYSTEM",`
	`26`	`+ "events": [`
	`27`	`+ {`
	`28`	`+ "introduced": "1.37.0"`
	`29`	`+ },`
	`30`	`+ {`
	`31`	`+ "fixed": "1.37.1"`
	`32`	`+ }`
	`33`	`+ ]`
	`34`	`+ }`
	`35`	`+ ],`
`23`	`36`	`"versions": [`
`24`	`37`	`"1.37.0"`
`25`	`38`	`]`
`@@ -37,11 +50,14 @@`
`37`	`50`	`"introduced": "1.36.0"`
`38`	`51`	`},`
`39`	`52`	`{`
`40`		`- "last_affected": "1.36.4"`
	`53`	`+ "fixed": "1.36.5"`
`41`	`54`	`}`
`42`	`55`	`]`
`43`	`56`	`}`
`44`		`- ]`
	`57`	`+ ],`
	`58`	`+ "database_specific": {`
	`59`	`+ "last_known_affected_version_range": "<= 1.36.4"`
	`60`	`+ }`
`45`	`61`	`},`
`46`	`62`	`{`
`47`	`63`	`"package": {`
`@@ -56,11 +72,14 @@`
`56`	`72`	`"introduced": "1.35.0"`
`57`	`73`	`},`
`58`	`74`	`{`
`59`		`- "last_affected": "1.35.8"`
	`75`	`+ "fixed": "1.35.9"`
`60`	`76`	`}`
`61`	`77`	`]`
`62`	`78`	`}`
`63`		`- ]`
	`79`	`+ ],`
	`80`	`+ "database_specific": {`
	`81`	`+ "last_known_affected_version_range": "<= 1.35.8"`
	`82`	`+ }`
`64`	`83`	`},`
`65`	`84`	`{`
`66`	`85`	`"package": {`
`@@ -75,11 +94,14 @@`
`75`	`94`	`"introduced": "0"`
`76`	`95`	`},`
`77`	`96`	`{`
`78`		`- "last_affected": "1.34.12"`
	`97`	`+ "fixed": "1.34.13"`
`79`	`98`	`}`
`80`	`99`	`]`
`81`	`100`	`}`
`82`		`- ]`
	`101`	`+ ],`
	`102`	`+ "database_specific": {`
	`103`	`+ "last_known_affected_version_range": "<= 1.34.12"`
	`104`	`+ }`
`83`	`105`	`}`
`84`	`106`	`],`
`85`	`107`	`"references": [`