{ "advisoryKey": "OSV-2025-4242", "affectedPackages": [ { "type": "semver", "identifier": "npm:conflict/package", "platform": "npm", "versionRanges": [ { "fixedVersion": "1.5.0", "introducedVersion": "1.0.0", "lastAffectedVersion": "1.4.2", "primitives": { "evr": null, "hasVendorExtensions": false, "nevra": null, "semVer": { "constraintExpression": null, "exactValue": null, "fixed": "1.5.0", "fixedInclusive": false, "introduced": "1.0.0", "introducedInclusive": true, "lastAffected": "1.4.2", "lastAffectedInclusive": true, "style": "range" }, "vendorExtensions": null }, "provenance": { "source": "osv", "kind": "range", "value": "npm:conflict/package", "decisionReason": null, "recordedAt": "2025-03-06T12:05:00+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": null, "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "range", "min": "1.0.0", "minInclusive": true, "max": "1.5.0", "maxInclusive": false, "value": null, "notes": "osv:npm:OSV-2025-4242:npm:conflict/package" } ], "statuses": [], "provenance": [ { "source": "osv", "kind": "affected", "value": "npm:conflict/package", "decisionReason": null, "recordedAt": "2025-03-06T12:05:00+00:00", "fieldMask": [ "affectedpackages[]" ] } ] } ], "aliases": [ "CVE-2025-4242", "GHSA-qqqq-wwww-eeee", "OSV-2025-4242" ], "canonicalMetricId": "3.1|CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "credits": [ { "displayName": "osv-reporter", "role": "reporter", "contacts": [ "mailto:osv-reporter@example.com" ], "provenance": { "source": "osv", "kind": "credit", "value": "osv-reporter", "decisionReason": null, "recordedAt": "2025-03-06T12:05:00+00:00", "fieldMask": [ "credits[]" ] } } ], "cvssMetrics": [ { "baseScore": 4.6, "baseSeverity": "medium", "provenance": { "source": "osv", "kind": "cvss", "value": "CVSS_V3", "decisionReason": null, "recordedAt": "2025-03-06T12:05:00+00:00", "fieldMask": [] }, "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } ], "cwes": [], "description": "OSV captures the latest container escape details including patched version metadata.", "exploitKnown": false, "language": "en", "modified": "2025-03-06T12:00:00+00:00", "provenance": [ { "source": "osv", "kind": "document", "value": "https://api.osv.dev/v1/vulns/OSV-2025-4242", "decisionReason": null, "recordedAt": "2025-03-06T11:30:00+00:00", "fieldMask": [ "advisory" ] }, { "source": "osv", "kind": "mapping", "value": "OSV-2025-4242", "decisionReason": null, "recordedAt": "2025-03-06T12:05:00+00:00", "fieldMask": [ "advisory" ] } ], "published": "2025-02-28T00:00:00+00:00", "references": [ { "kind": "patch", "provenance": { "source": "osv", "kind": "reference", "value": "https://github.com/conflict/package/commit/abcdef1234567890", "decisionReason": null, "recordedAt": "2025-03-06T12:05:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": "FIX", "summary": null, "url": "https://github.com/conflict/package/commit/abcdef1234567890" }, { "kind": "advisory", "provenance": { "source": "osv", "kind": "reference", "value": "https://osv.dev/vulnerability/OSV-2025-4242", "decisionReason": null, "recordedAt": "2025-03-06T12:05:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": "ADVISORY", "summary": null, "url": "https://osv.dev/vulnerability/OSV-2025-4242" } ], "severity": "medium", "summary": "OSV captures the latest container escape details including patched version metadata.", "title": "Container escape for conflict-package" }