Merge pull request #6539 from github/oschwald-GHSA-mj73-j457-8x9q

Author: advisory-database[bot]

advisories/github-reviewed/2025/12/GHSA-mj73-j457-8x9q/GHSA-mj73-j457-8x9q.json

@@ -1,15 +1,15 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mj73-j457-8x9q",
-  "modified": "2025-12-02T00:29:11Z",
+  "modified": "2025-12-02T00:29:14Z",
   "published": "2025-12-02T00:29:11Z",
   "aliases": [],
   "summary": "maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe",
   "details": "maxminddb prior to version 0.27 declared `Reader::open_mmap` as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active.",
   "severity": [
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [