github.com/go-playground/webhooks/v6@v6.3.0/testdata/github/security-advisory.json (about) 1 { 2 "action": "published", 3 "security_advisory": { 4 "ghsa_id": "GHSA-rf4j-j272-fj86", 5 "summary": "Moderate severity vulnerability that affects django", 6 "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", 7 "severity": "moderate", 8 "identifiers": [ 9 { 10 "value": "GHSA-rf4j-j272-fj86", 11 "type": "GHSA" 12 }, 13 { 14 "value": "CVE-2018-6188", 15 "type": "CVE" 16 } 17 ], 18 "references": [ 19 { 20 "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" 21 } 22 ], 23 "published_at": "2018-10-03T21:13:54Z", 24 "updated_at": "2018-10-03T21:13:54Z", 25 "withdrawn_at": null, 26 "vulnerabilities": [ 27 { 28 "package": { 29 "ecosystem": "pip", 30 "name": "django" 31 }, 32 "severity": "moderate", 33 "vulnerable_version_range": ">= 2.0.0, < 2.0.2", 34 "first_patched_version": { 35 "identifier": "2.0.2" 36 } 37 }, 38 { 39 "package": { 40 "ecosystem": "pip", 41 "name": "django" 42 }, 43 "severity": "moderate", 44 "vulnerable_version_range": ">= 1.11.8, < 1.11.10", 45 "first_patched_version": { 46 "identifier": "1.11.10" 47 } 48 } 49 ] 50 } 51 }