Skip to content

[GHSA-9wxq-mwqw-8hhg] Java Deserialisation Vulnerability in Jaspersoft Reports...#8625

Open
yaso-bash wants to merge 1 commit into
yaso-bash/advisory-improvement-8625from
yaso-bash-GHSA-9wxq-mwqw-8hhg
Open

[GHSA-9wxq-mwqw-8hhg] Java Deserialisation Vulnerability in Jaspersoft Reports...#8625
yaso-bash wants to merge 1 commit into
yaso-bash/advisory-improvement-8625from
yaso-bash-GHSA-9wxq-mwqw-8hhg

Conversation

@yaso-bash

Copy link
Copy Markdown

Updates

  • Affected products
  • CVSS v4
  • References
  • Source code location
  • Summary

Comments
I reported the CVE. This advisory is currently
unreviewed with no package data. Adding the affected Maven coordinate
(net.sf.jasperreports:jasperreports) and version range. The vendor
patched Community Edition in JasperReports 7.0.7 (deserialization class
filter); 6.x and earlier are not patched, so the affected range is < 7.0.7
with no fixed 6.x release. Refs: Jaspersoft advisory (2026-05-19) and the
7.0.7 release notes.

Copilot AI review requested due to automatic review settings July 8, 2026 11:50
@github-actions github-actions Bot changed the base branch from main to yaso-bash/advisory-improvement-8625 July 8, 2026 11:52

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates an unreviewed OSV advisory record for GHSA-9wxq-mwqw-8hhg (CVE-2026-6009) to better capture impacted Maven artifact/version information and supporting metadata for JasperReports Library.

Changes:

  • Added a human-readable summary field for the advisory.
  • Populated affected with the Maven coordinate net.sf.jasperreports:jasperreports and an introduced→fixed version range ending at 7.0.7.
  • Expanded references with upstream source/release URLs and updated the CVSS v4 string.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants