From 600a3d28a2b98975e23855cc971fff2b5fa7896c Mon Sep 17 00:00:00 2001
From: Tobias G <Xyaren@users.noreply.github.com>
Date: Thu, 30 Jan 2025 16:24:34 +0100
Subject: [PATCH] Improve GHSA-54xq-cgqr-rpm3

---
 .../GHSA-54xq-cgqr-rpm3.json                   | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/advisories/github-reviewed/2023/11/GHSA-54xq-cgqr-rpm3/GHSA-54xq-cgqr-rpm3.json b/advisories/github-reviewed/2023/11/GHSA-54xq-cgqr-rpm3/GHSA-54xq-cgqr-rpm3.json
index b37f75db38d76..5a5732a41f1c2 100644
--- a/advisories/github-reviewed/2023/11/GHSA-54xq-cgqr-rpm3/GHSA-54xq-cgqr-rpm3.json
+++ b/advisories/github-reviewed/2023/11/GHSA-54xq-cgqr-rpm3/GHSA-54xq-cgqr-rpm3.json
@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-54xq-cgqr-rpm3",
-  "modified": "2023-11-16T17:14:15Z",
+  "modified": "2023-11-16T17:14:17Z",
   "published": "2023-11-16T17:14:15Z",
-  "aliases": [],
+  "aliases": [
+
+  ],
   "summary": "sharp vulnerability in libwebp dependency CVE-2023-4863",
   "details": "## Overview\n\nsharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity https://github.com/advisories/GHSA-j7hp-h8jx-5ppr.\n\n## Who does this affect?\n\nAlmost anyone processing untrusted input with versions of sharp prior to 0.32.6.\n\n## How to resolve this?\n\n### Using prebuilt binaries provided by sharp?\n\nMost people rely on the prebuilt binaries provided by sharp.\n\nPlease upgrade sharp to the latest 0.32.6, which provides libwebp 1.3.2.\n\n### Using a globally-installed libvips?\n\nPlease ensure you are using the latest libwebp 1.3.2.\n\n## Possible workaround\n\nAdd the following to your code to prevent sharp from decoding WebP images.\n```js\nsharp.block({ operation: [\"VipsForeignLoadWebp\"] });\n```",
   "severity": [
@@ -24,13 +26,13 @@
           "events": [
             {
               "introduced": "0"
-            },
-            {
-              "fixed": "0.32.6"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "< 0.32.6"
+      }
     }
   ],
   "references": [
@@ -48,7 +50,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+
+    ],
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2023-11-16T17:14:15Z",