lightning RCE is not fixed in 2.2.2

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.67k stars 304 forks source link

lightning RCE is not fixed in 2.2.2 #4533

Open anderruiz opened 3 weeks ago

anderruiz commented 3 weeks ago

GHSA-cgwc-qvrx-rf7f advisory is not solved in version 2.2.2 for lightning, at least version 2.2.5 is vulnerable

darakian commented 3 weeks ago

Hey @anderruiz, any chance there's some public documentation supporting that? What we have on file now is not that 2.2.2 fixes the issue but rather that 2.2.1 is the last known version which is affected. If it's shown that other versions are also affected that would be fantastic to know 😄