GHSA-2cpx-6pqp-wf35

Source

https://github.com/advisories/GHSA-2cpx-6pqp-wf35

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-2cpx-6pqp-wf35/GHSA-2cpx-6pqp-wf35.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-2cpx-6pqp-wf35

Aliases

CVE-2022-31183

Published

2022-07-29T22:24:10Z

Modified

2025-09-30T17:01:26.174825Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

fs2-io skips mTLS client verification

Details

Impact

When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds.

The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely independent. 2. TLSSockets in server-mode. Client-mode TLSSockets are implemented via a different API. 3. mTLS as enabled via requestCert = true in TLSParameters. The default setting is false for server-mode TLSSockets.

It was introduced with the initial Node.js implementation of fs2-io in v3.1.0.

Patches

A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised.

Workarounds

If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection.

References

https://github.com/nodejs/node/issues/43994
https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/

For more information

If you have any questions or comments about this advisory: * Open an issue. * Contact the Typelevel Security Team.

Database specific

{
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-295"
    ],
    "nvd_published_at": "2022-08-01T20:15:00Z",
    "github_reviewed_at": "2022-07-29T22:24:10Z",
    "github_reviewed": true
}

References

Affected packages

Maven

co.fs2:fs2-io

Package

Name: co.fs2:fs2-io; View open source insights on deps.dev
Purl: pkg:maven/co.fs2/fs2-io

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.2.11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-2cpx-6pqp-wf35/GHSA-2cpx-6pqp-wf35.json"

co.fs2:fs2-io_2.12

Package

Name: co.fs2:fs2-io_2.12; View open source insights on deps.dev
Purl: pkg:maven/co.fs2/fs2-io_2.12

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.2.11

Affected versions

3.*

3.1.0

3.1-2-0c2a32b

3.1-2-8dabe12

3.1-2-47f04f6

3.1-2-73a4eb7

3.1-2-0716b7f

3.1-4-cad30d2

3.1-4-7cff383

3.1-4-6163cc4

3.1-4-4785408

3.1-6-e7bcbb1

3.1-6-23f8499

3.1-6-265a230

3.1-6-0144914

3.1-7-f3dc074

3.1-8-cf93839

3.1-8-f45a357

3.1-8-1bb4d6f

3.1-8-935d1d9

3.1-10-abf6bb0

3.1-10-f3d23ce

3.1-10-500b366

3.1-11-d8073c7

3.1-11-28617f6

3.1-12-ae5aa01

3.1-12-4362ce3

3.1-13-e59977f

3.1-14-20a3d6b

3.1-14-125a019

3.1-16-d98156e

3.1-17-eb39fe4

3.1-18-a2a4740

3.1-19-c017858

3.1-19-c945743

3.1-20-eaba366

3.1-22-d0b358c

3.1-23-8ba9dc5

3.1-24-92c750d

3.1-26-b6790a0

3.1-26-1d4f250

3.1-26-5d4436a

3.1-27-dafd577

3.1-29-da7a21c

3.1-30-d9bcdf6

3.1-31-67ff901

3.1-32-4f6e5c3

3.1-33-506d273

3.1-36-a2c5135

3.1-37-6fe2fd6

3.1-37-271f8b8

3.1-42-91938ac

3.1-46-f537af0

3.1-46-1de1e8b

3.1-48-7f7e165

3.1-48-18e0eb9

3.1-50-a7749f1

3.1-52-0f20c99

3.1-52-2ac85a2

3.1-52-5c8346c

3.1-52-780511a

3.1-54-89bc222

3.1-56-d85f878

3.1-56-17e8653

3.1-58-6fdba0a

3.1-60-6764ba4

3.1-62-4403401

3.1-69-b2a90a1

3.1-72-e345809

3.1-74-6149851

3.1-79-7f5fedf

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.2.0

3.2-2-ce09286

3.2-4-49a4a88

3.2-5-33f78a2

3.2-7-144eccc

3.2-8-45ae436

3.2-10-ea04dd1

3.2-10-421c242

3.2-12-ee8ebbc

3.2-12-0040f2d

3.2-14-a2508ec

3.2-15-0d747bc

3.2-15-39799ec

3.2-16-ca69991

3.2-17-0747c57

3.2-19-474755e

3.2-21-fce9438

3.2-24-aee10a7

3.2-24-e80dc1e

3.2-26-8b285a6

3.2-27-25b19c5

3.2-28-0ad3625

3.2-28-ee4a187

3.2-30-315dd48

3.2-30-825ac8c

3.2-31-08491bc

3.2-32-1a7dede

3.2-33-c73eac6

3.2-34-8aaa10c

3.2-35-a7f0abc

3.2-36-d9587c0

3.2-40-f0272ce

3.2-42-1418453

3.2-46-72ac3d7

3.2-51-ebb169f

3.2-54-2cd21af

3.2-54-69e0c99

3.2-59-86107ff

3.2-60-2173855

3.2-66-2e0481a

3.2-68-5d0ceee

3.2-75-6af2201

3.2-77-7de3d84

3.2-81-84d87a5

3.2-83-7a59759

3.2-85-14892b0

3.2-87-92db3c3

3.2-91-580a751

3.2-93-c32dea5

3.2-98-f5ff8ba

3.2-100-c1910b5

3.2-102-1997a5d

3.2-105-63481c1

3.2-111-594f8fe

3.2-124-832c161

3.2-126-dbde26a

3.2-135-b8d2c35

3.2-137-2812f6c

3.2-143-1154536

3.2-146-663e286

3.2-148-d9af944

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.2.10

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-2cpx-6pqp-wf35/GHSA-2cpx-6pqp-wf35.json"

co.fs2:fs2-io_3

Package

Name: co.fs2:fs2-io_3; View open source insights on deps.dev
Purl: pkg:maven/co.fs2/fs2-io_3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.2.11

Affected versions

3.*

3.1.0

3.1-2-0c2a32b

3.1-2-8dabe12

3.1-2-47f04f6

3.1-2-73a4eb7

3.1-2-0716b7f

3.1-4-cad30d2

3.1-4-7cff383

3.1-4-6163cc4

3.1-4-4785408

3.1-6-e7bcbb1

3.1-6-23f8499

3.1-6-265a230

3.1-6-0144914

3.1-7-f3dc074

3.1-8-cf93839

3.1-8-f45a357

3.1-8-1bb4d6f

3.1-8-935d1d9

3.1-10-abf6bb0

3.1-10-f3d23ce

3.1-10-500b366

3.1-11-d8073c7

3.1-11-28617f6

3.1-12-ae5aa01

3.1-12-4362ce3

3.1-13-e59977f

3.1-14-20a3d6b

3.1-14-125a019

3.1-16-d98156e

3.1-17-eb39fe4

3.1-18-a2a4740

3.1-19-c017858

3.1-19-c945743

3.1-20-eaba366

3.1-22-d0b358c

3.1-23-8ba9dc5

3.1-24-92c750d

3.1-26-b6790a0

3.1-26-1d4f250

3.1-26-5d4436a

3.1-27-dafd577

3.1-29-da7a21c

3.1-30-d9bcdf6

3.1-31-67ff901

3.1-32-4f6e5c3

3.1-33-506d273

3.1-36-a2c5135

3.1-37-6fe2fd6

3.1-37-271f8b8

3.1-42-91938ac

3.1-46-f537af0

3.1-46-1de1e8b

3.1-48-7f7e165

3.1-48-18e0eb9

3.1-50-a7749f1

3.1-52-0f20c99

3.1-52-2ac85a2

3.1-52-5c8346c

3.1-52-780511a

3.1-54-89bc222

3.1-56-d85f878

3.1-56-17e8653

3.1-58-6fdba0a

3.1-60-6764ba4

3.1-62-4403401

3.1-69-b2a90a1

3.1-72-e345809

3.1-74-6149851

3.1-79-7f5fedf

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.2.0

3.2-2-ce09286

3.2-4-49a4a88

3.2-5-33f78a2

3.2-7-144eccc

3.2-8-45ae436

3.2-10-ea04dd1

3.2-10-421c242

3.2-12-ee8ebbc

3.2-12-0040f2d

3.2-14-a2508ec

3.2-15-0d747bc

3.2-15-39799ec

3.2-16-ca69991

3.2-17-0747c57

3.2-19-474755e

3.2-21-fce9438

3.2-24-aee10a7

3.2-24-e80dc1e

3.2-26-8b285a6

3.2-27-25b19c5

3.2-28-0ad3625

3.2-28-ee4a187

3.2-30-315dd48

3.2-30-825ac8c

3.2-31-08491bc

3.2-32-1a7dede

3.2-33-c73eac6

3.2-34-8aaa10c

3.2-35-a7f0abc

3.2-36-d9587c0

3.2-40-f0272ce

3.2-42-1418453

3.2-46-72ac3d7

3.2-51-ebb169f

3.2-54-2cd21af

3.2-54-69e0c99

3.2-59-86107ff

3.2-60-2173855

3.2-66-2e0481a

3.2-68-5d0ceee

3.2-75-6af2201

3.2-77-7de3d84

3.2-81-84d87a5

3.2-83-7a59759

3.2-85-14892b0

3.2-87-92db3c3

3.2-91-580a751

3.2-93-c32dea5

3.2-98-f5ff8ba

3.2-100-c1910b5

3.2-102-1997a5d

3.2-105-63481c1

3.2-111-594f8fe

3.2-124-832c161

3.2-126-dbde26a

3.2-135-b8d2c35

3.2-137-2812f6c

3.2-143-1154536

3.2-146-663e286

3.2-148-d9af944

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.2.10

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-2cpx-6pqp-wf35/GHSA-2cpx-6pqp-wf35.json"

co.fs2:fs2-io_2.13

Package

Name: co.fs2:fs2-io_2.13; View open source insights on deps.dev
Purl: pkg:maven/co.fs2/fs2-io_2.13

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.2.11

Affected versions

3.*

3.1.0

3.1-2-0c2a32b

3.1-2-8dabe12

3.1-2-47f04f6

3.1-2-73a4eb7

3.1-2-0716b7f

3.1-4-cad30d2

3.1-4-7cff383

3.1-4-6163cc4

3.1-4-4785408

3.1-6-e7bcbb1

3.1-6-23f8499

3.1-6-265a230

3.1-6-0144914

3.1-7-f3dc074

3.1-8-cf93839

3.1-8-f45a357

3.1-8-1bb4d6f

3.1-8-935d1d9

3.1-10-abf6bb0

3.1-10-f3d23ce

3.1-10-500b366

3.1-11-d8073c7

3.1-11-28617f6

3.1-12-ae5aa01

3.1-12-4362ce3

3.1-13-e59977f

3.1-14-20a3d6b

3.1-14-125a019

3.1-16-d98156e

3.1-17-eb39fe4

3.1-18-a2a4740

3.1-19-c017858

3.1-19-c945743

3.1-20-eaba366

3.1-22-d0b358c

3.1-23-8ba9dc5

3.1-24-92c750d

3.1-26-b6790a0

3.1-26-1d4f250

3.1-26-5d4436a

3.1-27-dafd577

3.1-29-da7a21c

3.1-30-d9bcdf6

3.1-31-67ff901

3.1-32-4f6e5c3

3.1-33-506d273

3.1-36-a2c5135

3.1-37-6fe2fd6

3.1-37-271f8b8

3.1-42-91938ac

3.1-46-f537af0

3.1-46-1de1e8b

3.1-48-7f7e165

3.1-48-18e0eb9

3.1-50-a7749f1

3.1-52-0f20c99

3.1-52-2ac85a2

3.1-52-5c8346c

3.1-52-780511a

3.1-54-89bc222

3.1-56-d85f878

3.1-56-17e8653

3.1-58-6fdba0a

3.1-60-6764ba4

3.1-62-4403401

3.1-69-b2a90a1

3.1-72-e345809

3.1-74-6149851

3.1-79-7f5fedf

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.2.0

3.2-2-ce09286

3.2-4-49a4a88

3.2-5-33f78a2

3.2-7-144eccc

3.2-8-45ae436

3.2-10-ea04dd1

3.2-10-421c242

3.2-12-ee8ebbc

3.2-12-0040f2d

3.2-14-a2508ec

3.2-15-0d747bc

3.2-15-39799ec

3.2-16-ca69991

3.2-17-0747c57

3.2-19-474755e

3.2-21-fce9438

3.2-24-aee10a7

3.2-24-e80dc1e

3.2-26-8b285a6

3.2-27-25b19c5

3.2-28-0ad3625

3.2-28-ee4a187

3.2-30-315dd48

3.2-30-825ac8c

3.2-31-08491bc

3.2-32-1a7dede

3.2-33-c73eac6

3.2-34-8aaa10c

3.2-35-a7f0abc

3.2-36-d9587c0

3.2-40-f0272ce

3.2-42-1418453

3.2-46-72ac3d7

3.2-51-ebb169f

3.2-54-2cd21af

3.2-54-69e0c99

3.2-59-86107ff

3.2-60-2173855

3.2-66-2e0481a

3.2-68-5d0ceee

3.2-75-6af2201

3.2-77-7de3d84

3.2-81-84d87a5

3.2-83-7a59759

3.2-85-14892b0

3.2-87-92db3c3

3.2-91-580a751

3.2-93-c32dea5

3.2-98-f5ff8ba

3.2-100-c1910b5

3.2-102-1997a5d

3.2-105-63481c1

3.2-111-594f8fe

3.2-124-832c161

3.2-126-dbde26a

3.2-135-b8d2c35

3.2-137-2812f6c

3.2-143-1154536

3.2-146-663e286

3.2-148-d9af944

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.2.10

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-2cpx-6pqp-wf35/GHSA-2cpx-6pqp-wf35.json"

co.fs2:fs2-io_sjs1_2.13

Package

Name: co.fs2:fs2-io_sjs1_2.13; View open source insights on deps.dev
Purl: pkg:maven/co.fs2/fs2-io_sjs1_2.13

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.2.11

Affected versions

3.*

3.1.0

3.1-2-0c2a32b

3.1-2-8dabe12

3.1-2-47f04f6

3.1-2-73a4eb7

3.1-2-0716b7f

3.1-4-cad30d2

3.1-4-7cff383

3.1-4-6163cc4

3.1-4-4785408

3.1-6-e7bcbb1

3.1-6-23f8499

3.1-6-265a230

3.1-6-0144914

3.1-7-f3dc074

3.1-8-cf93839

3.1-8-f45a357

3.1-8-1bb4d6f

3.1-8-935d1d9

3.1-10-abf6bb0

3.1-10-f3d23ce

3.1-10-500b366

3.1-11-d8073c7

3.1-11-28617f6

3.1-12-ae5aa01

3.1-12-4362ce3

3.1-13-e59977f

3.1-14-20a3d6b

3.1-14-125a019

3.1-16-d98156e

3.1-17-eb39fe4

3.1-18-a2a4740

3.1-19-c017858

3.1-19-c945743

3.1-20-eaba366

3.1-22-d0b358c

3.1-23-8ba9dc5

3.1-24-92c750d

3.1-26-b6790a0

3.1-26-1d4f250

3.1-26-5d4436a

3.1-27-dafd577

3.1-29-da7a21c

3.1-30-d9bcdf6

3.1-31-67ff901

3.1-32-4f6e5c3

3.1-33-506d273

3.1-36-a2c5135

3.1-37-6fe2fd6

3.1-37-271f8b8

3.1-42-91938ac

3.1-46-f537af0

3.1-46-1de1e8b

3.1-48-7f7e165

3.1-48-18e0eb9

3.1-50-a7749f1

3.1-52-0f20c99

3.1-52-2ac85a2

3.1-52-5c8346c

3.1-52-780511a

3.1-54-89bc222

3.1-56-d85f878

3.1-56-17e8653

3.1-58-6fdba0a

3.1-60-6764ba4

3.1-62-4403401

3.1-69-b2a90a1

3.1-72-e345809

3.1-74-6149851

3.1-79-7f5fedf

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.2.0

3.2-2-ce09286

3.2-4-49a4a88

3.2-5-33f78a2

3.2-7-144eccc

3.2-8-45ae436

3.2-10-ea04dd1

3.2-10-421c242

3.2-12-ee8ebbc

3.2-12-0040f2d

3.2-14-a2508ec

3.2-15-0d747bc

3.2-15-39799ec

3.2-16-ca69991

3.2-17-0747c57

3.2-19-474755e

3.2-21-fce9438

3.2-24-aee10a7

3.2-24-e80dc1e

3.2-26-8b285a6

3.2-27-25b19c5

3.2-28-0ad3625

3.2-28-ee4a187

3.2-30-315dd48

3.2-30-825ac8c

3.2-31-08491bc

3.2-32-1a7dede

3.2-33-c73eac6

3.2-34-8aaa10c

3.2-35-a7f0abc

3.2-36-d9587c0

3.2-40-f0272ce

3.2-42-1418453

3.2-46-72ac3d7

3.2-51-ebb169f

3.2-54-2cd21af

3.2-54-69e0c99

3.2-59-86107ff

3.2-60-2173855

3.2-66-2e0481a

3.2-68-5d0ceee

3.2-75-6af2201

3.2-77-7de3d84

3.2-81-84d87a5

3.2-83-7a59759

3.2-85-14892b0

3.2-87-92db3c3

3.2-91-580a751

3.2-93-c32dea5

3.2-98-f5ff8ba

3.2-100-c1910b5

3.2-102-1997a5d

3.2-105-63481c1

3.2-111-594f8fe

3.2-124-832c161

3.2-126-dbde26a

3.2-135-b8d2c35

3.2-137-2812f6c

3.2-143-1154536

3.2-146-663e286

3.2-148-d9af944

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.2.10

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-2cpx-6pqp-wf35/GHSA-2cpx-6pqp-wf35.json"

co.fs2:fs2-io_sjs1_3

Package

Name: co.fs2:fs2-io_sjs1_3; View open source insights on deps.dev
Purl: pkg:maven/co.fs2/fs2-io_sjs1_3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.2.11

Affected versions

3.*

3.1.0

3.1-2-0c2a32b

3.1-2-8dabe12

3.1-2-47f04f6

3.1-2-73a4eb7

3.1-2-0716b7f

3.1-4-cad30d2

3.1-4-7cff383

3.1-4-6163cc4

3.1-4-4785408

3.1-6-e7bcbb1

3.1-6-23f8499

3.1-6-265a230

3.1-6-0144914

3.1-7-f3dc074

3.1-8-cf93839

3.1-8-f45a357

3.1-8-1bb4d6f

3.1-8-935d1d9

3.1-10-abf6bb0

3.1-10-f3d23ce

3.1-10-500b366

3.1-11-d8073c7

3.1-11-28617f6

3.1-12-ae5aa01

3.1-12-4362ce3

3.1-13-e59977f

3.1-14-20a3d6b

3.1-14-125a019

3.1-16-d98156e

3.1-17-eb39fe4

3.1-18-a2a4740

3.1-19-c017858

3.1-19-c945743

3.1-20-eaba366

3.1-22-d0b358c

3.1-23-8ba9dc5

3.1-24-92c750d

3.1-26-b6790a0

3.1-26-1d4f250

3.1-26-5d4436a

3.1-27-dafd577

3.1-29-da7a21c

3.1-30-d9bcdf6

3.1-31-67ff901

3.1-32-4f6e5c3

3.1-33-506d273

3.1-36-a2c5135

3.1-37-6fe2fd6

3.1-37-271f8b8

3.1-42-91938ac

3.1-46-f537af0

3.1-46-1de1e8b

3.1-48-7f7e165

3.1-48-18e0eb9

3.1-50-a7749f1

3.1-52-0f20c99

3.1-52-2ac85a2

3.1-52-5c8346c

3.1-52-780511a

3.1-54-89bc222

3.1-56-d85f878

3.1-56-17e8653

3.1-58-6fdba0a

3.1-60-6764ba4

3.1-62-4403401

3.1-69-b2a90a1

3.1-72-e345809

3.1-74-6149851

3.1-79-7f5fedf

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.2.0

3.2-2-ce09286

3.2-4-49a4a88

3.2-5-33f78a2

3.2-7-144eccc

3.2-8-45ae436

3.2-10-ea04dd1

3.2-10-421c242

3.2-12-ee8ebbc

3.2-12-0040f2d

3.2-14-a2508ec

3.2-15-0d747bc

3.2-15-39799ec

3.2-16-ca69991

3.2-17-0747c57

3.2-19-474755e

3.2-21-fce9438

3.2-24-aee10a7

3.2-24-e80dc1e

3.2-26-8b285a6

3.2-27-25b19c5

3.2-28-0ad3625

3.2-28-ee4a187

3.2-30-315dd48

3.2-30-825ac8c

3.2-31-08491bc

3.2-32-1a7dede

3.2-33-c73eac6

3.2-34-8aaa10c

3.2-35-a7f0abc

3.2-36-d9587c0

3.2-40-f0272ce

3.2-42-1418453

3.2-46-72ac3d7

3.2-51-ebb169f

3.2-54-2cd21af

3.2-54-69e0c99

3.2-59-86107ff

3.2-60-2173855

3.2-66-2e0481a

3.2-68-5d0ceee

3.2-75-6af2201

3.2-77-7de3d84

3.2-81-84d87a5

3.2-83-7a59759

3.2-85-14892b0

3.2-87-92db3c3

3.2-91-580a751

3.2-93-c32dea5

3.2-98-f5ff8ba

3.2-100-c1910b5

3.2-102-1997a5d

3.2-105-63481c1

3.2-111-594f8fe

3.2-124-832c161

3.2-126-dbde26a

3.2-135-b8d2c35

3.2-137-2812f6c

3.2-143-1154536

3.2-146-663e286

3.2-148-d9af944

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.2.10

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-2cpx-6pqp-wf35/GHSA-2cpx-6pqp-wf35.json"