Enrich GH-OSV details for CVE-2025-59013 through CVE-2025-59019#6106
Closed
ohader wants to merge 7 commits intogithub:ohader/advisory-improvement-6106from
Closed
Enrich GH-OSV details for CVE-2025-59013 through CVE-2025-59019#6106ohader wants to merge 7 commits intogithub:ohader/advisory-improvement-6106from
ohader wants to merge 7 commits intogithub:ohader/advisory-improvement-6106from
Conversation
github-actions
bot
changed the base branch from
main
to
ohader/advisory-improvement-6106
There was a problem hiding this comment.
Pull Request Overview
This PR enriches GitHub Security Advisory (GHSA) details for CVE-2025-59013 through CVE-2025-59019 by adding package information, version ranges, and credit attribution. The changes transform previously empty affected package arrays into complete package specifications with ecosystem details and vulnerability ranges, while also crediting security researchers and developers who contributed to identifying and fixing these TYPO3 vulnerabilities.
- Added affected package details for various TYPO3 CMS components with specific version ranges
- Populated credits sections with reporter and remediation developer information
- Completed OSV (Open Source Vulnerability) format compliance for all seven CVE entries
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| GHSA-xrcq-533q-8rxw.json | Added typo3/cms-backend package details and credits for CVE-2025-59013 |
| GHSA-w2pf-7q5w-2cgw.json | Added typo3/cms-workspaces package details and credits for CVE-2025-59014 |
| GHSA-p5jq-5383-qvc7.json | Added typo3/cms-core package details and credits for CVE-2025-59015 |
| GHSA-j8vm-7q52-2m2m.json | Added multiple package entries (backend/recordlist) and credits for CVE-2025-59016 |
| GHSA-cvm2-5f78-g9m8.json | Added typo3/cms-core package details and credits for CVE-2025-59017 |
| GHSA-72jf-5fg5-3cw3.json | Added typo3/cms-core package details and credits for CVE-2025-59018 |
| GHSA-2fhw-2j7m-mr4m.json | Added five TYPO3 packages and credits for CVE-2025-59019 |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Comment on lines
22
to
28
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } |
There was a problem hiding this comment.
The ranges structure should be an array according to OSV schema. It should be \"ranges\": [{ ... }] instead of \"ranges\": { ... }.
Suggested change
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| "ranges": [ | |
| { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| ] |
Comment on lines
22
to
28
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } |
There was a problem hiding this comment.
The ranges structure should be an array according to OSV schema. It should be \"ranges\": [{ ... }] instead of \"ranges\": { ... }.
Suggested change
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] |
Comment on lines
22
to
28
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } |
There was a problem hiding this comment.
The ranges structure should be an array according to OSV schema. It should be \"ranges\": [{ ... }] instead of \"ranges\": { ... }.
Suggested change
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| "ranges": [ | |
| { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| ] |
Comment on lines
22
to
41
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-recordlist" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "11.0.0", | ||
| "fixed": "11.5.48" | ||
| } | ||
| } |
There was a problem hiding this comment.
The ranges structure should be an array according to OSV schema. It should be \"ranges\": [{ ... }] instead of \"ranges\": { ... } for both package entries.
Suggested change
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recordlist" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "11.0.0", | |
| "fixed": "11.5.48" | |
| } | |
| } | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recordlist" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "11.0.0", | |
| "fixed": "11.5.48" | |
| } | |
| }] |
Comment on lines
22
to
41
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-recordlist" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "11.0.0", | ||
| "fixed": "11.5.48" | ||
| } | ||
| } |
There was a problem hiding this comment.
The ranges structure should be an array according to OSV schema. It should be \"ranges\": [{ ... }] instead of \"ranges\": { ... } for both package entries.
Suggested change
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recordlist" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "11.0.0", | |
| "fixed": "11.5.48" | |
| } | |
| } | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recordlist" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "11.0.0", | |
| "fixed": "11.5.48" | |
| } | |
| }] |
Comment on lines
22
to
80
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-beuser" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-dashboard" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-recycler" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-workspaces" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } |
There was a problem hiding this comment.
The ranges structure should be an array according to OSV schema. It should be \"ranges\": [{ ... }] instead of \"ranges\": { ... } for all five package entries.
Suggested change
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-beuser" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-dashboard" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recycler" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-workspaces" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-beuser" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-dashboard" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recycler" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-workspaces" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] |
Comment on lines
22
to
80
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-beuser" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-dashboard" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-recycler" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-workspaces" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } |
There was a problem hiding this comment.
The ranges structure should be an array according to OSV schema. It should be \"ranges\": [{ ... }] instead of \"ranges\": { ... } for all five package entries.
Suggested change
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-beuser" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-dashboard" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recycler" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-workspaces" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-beuser" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-dashboard" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recycler" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-workspaces" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] |
Comment on lines
22
to
80
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-beuser" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-dashboard" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-recycler" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-workspaces" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } |
There was a problem hiding this comment.
The ranges structure should be an array according to OSV schema. It should be \"ranges\": [{ ... }] instead of \"ranges\": { ... } for all five package entries.
Suggested change
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-beuser" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-dashboard" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recycler" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-workspaces" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-beuser" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-dashboard" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recycler" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-workspaces" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] |
Comment on lines
22
to
80
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-beuser" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-dashboard" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-recycler" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-workspaces" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } |
There was a problem hiding this comment.
The ranges structure should be an array according to OSV schema. It should be \"ranges\": [{ ... }] instead of \"ranges\": { ... } for all five package entries.
Suggested change
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-beuser" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-dashboard" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recycler" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-workspaces" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-beuser" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-dashboard" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recycler" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-workspaces" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] |
Comment on lines
22
to
80
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-beuser" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-dashboard" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-recycler" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "packageName": { | ||
| "ecosystem": "Packagist", | ||
| "name": "typo3/cms-workspaces" | ||
| }, | ||
| "ranges": { | ||
| "type": "SEMVER", | ||
| "events": { | ||
| "introduced": "13.0.0", | ||
| "fixed": "13.4.18" | ||
| } | ||
| } |
There was a problem hiding this comment.
The ranges structure should be an array according to OSV schema. It should be \"ranges\": [{ ... }] instead of \"ranges\": { ... } for all five package entries.
Suggested change
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-beuser" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-dashboard" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recycler" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-workspaces" | |
| }, | |
| "ranges": { | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| } | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-beuser" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-dashboard" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-recycler" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] | |
| }, | |
| { | |
| "packageName": { | |
| "ecosystem": "Packagist", | |
| "name": "typo3/cms-workspaces" | |
| }, | |
| "ranges": [{ | |
| "type": "SEMVER", | |
| "events": { | |
| "introduced": "13.0.0", | |
| "fixed": "13.4.18" | |
| } | |
| }] |
ohader
force-pushed
the
typo3-2025-09-09
branch
from
0453442 to
08a0ff7
Compare
* added affected[].package * added affected[].ranges[] * added credits[] Sources * https://cveawg.mitre.org/api/cve/CVE-2025-59013 * https://cveawg.mitre.org/api/cve/CVE-2025-59014 * https://cveawg.mitre.org/api/cve/CVE-2025-59015 * https://cveawg.mitre.org/api/cve/CVE-2025-59016 * https://cveawg.mitre.org/api/cve/CVE-2025-59017 * https://cveawg.mitre.org/api/cve/CVE-2025-59018 * https://cveawg.mitre.org/api/cve/CVE-2025-59019
ohader
force-pushed
the
typo3-2025-09-09
branch
from
08a0ff7 to
eefe7ed
Compare
|
Thank you for your contribution. We have reviewed the advisories. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sources