From 300d1ce56372f508f8326750be3c88d8a65eea95 Mon Sep 17 00:00:00 2001
From: Bader <127010643+sealbenb@users.noreply.github.com>
Date: Thu, 25 Jun 2026 21:07:18 +0300
Subject: [PATCH] Improve GHSA-c4q5-6c82-3qpw

---
 .../2024/10/GHSA-c4q5-6c82-3qpw/GHSA-c4q5-6c82-3qpw.json  | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/advisories/github-reviewed/2024/10/GHSA-c4q5-6c82-3qpw/GHSA-c4q5-6c82-3qpw.json b/advisories/github-reviewed/2024/10/GHSA-c4q5-6c82-3qpw/GHSA-c4q5-6c82-3qpw.json
index bd6487f3f7bea..8ed350c3103eb 100644
--- a/advisories/github-reviewed/2024/10/GHSA-c4q5-6c82-3qpw/GHSA-c4q5-6c82-3qpw.json
+++ b/advisories/github-reviewed/2024/10/GHSA-c4q5-6c82-3qpw/GHSA-c4q5-6c82-3qpw.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c4q5-6c82-3qpw",
-  "modified": "2025-01-24T21:31:27Z",
+  "modified": "2025-01-24T21:31:28Z",
   "published": "2024-10-28T09:30:53Z",
   "aliases": [
     "CVE-2024-38821"
@@ -9,10 +9,6 @@
   "summary": "Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications",
   "details": "Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.\n\nFor this to impact an application, all of the following must be true:\n\n  *  It must be a WebFlux application\n  *  It must be using Spring's static resources support\n  *  It must have a non-permitAll authorization rule applied to the static resources support",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
-    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
@@ -29,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "5.0.0"
             },
             {
               "fixed": "5.7.13"