[GHSA-w35j-pv5h-q9q9] Apache Log4j's JsonTemplateLayout produces invalid JSON output when log events contain non-finite floating-point values#7362
Open
ppkarwasz wants to merge 1 commit intoppkarwasz/advisory-improvement-7362from
Conversation
github-actions
bot
changed the base branch from
main
to
ppkarwasz/advisory-improvement-7362
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the OSV advisory for GHSA-w35j-pv5h-q9q9 / CVE-2026-34481 to improve the written description and correct the affected version range representation for the 3.x pre-release line.
Changes:
- Refines the advisory summary and details text (formatting and clarity).
- Corrects the 3.x affected range by changing the event from
fixed: 3.0.0-beta3tolast_affected: 3.0.0-beta3. - Updates the advisory
modifiedtimestamp.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "schema_version": "1.4.0", | ||
| "id": "GHSA-w35j-pv5h-q9q9", | ||
| "modified": "2026-04-10T21:16:54Z", | ||
| "modified": "2026-04-10T21:16:55Z", |
There was a problem hiding this comment.
modified was updated, but database_specific.github_reviewed_at remains 2026-04-10T21:16:54Z, which is now earlier than the advisory's modified timestamp (2026-04-10T21:16:55Z). Since github_reviewed_at is defined as the timestamp of the last curator review, it should be updated to be >= modified (typically matching it) to avoid inconsistent metadata.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates
Comments
lessThanOrEqual3.0.0-beta3are affected.