Hi team,
I reported GHSA-jg8m-mc94-2g3x (Remote Code Execution via vm2 Sandbox Escape) which was confirmed as Critical severity and I'm listed as credited reporter.
The advisory was closed but no CVE was assigned. I notice that 52 of your other advisories have CVEs issued (including similar severity ones from other reporters).
Could you publish the advisory so a CVE-ID can be requested? Or if this was remediated as part of another fix, could the CVE credit be added to the related advisory?
Thanks for your time.
— Kartik
Hi team,
I reported GHSA-jg8m-mc94-2g3x (Remote Code Execution via vm2 Sandbox Escape) which was confirmed as Critical severity and I'm listed as credited reporter.
The advisory was closed but no CVE was assigned. I notice that 52 of your other advisories have CVEs issued (including similar severity ones from other reporters).
Could you publish the advisory so a CVE-ID can be requested? Or if this was remediated as part of another fix, could the CVE credit be added to the related advisory?
Thanks for your time.
— Kartik