[GHSA-98m9-hrrm-r99r] Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

[G-Rath]

Updates

• Affected products

Comments
Backported to v1: https://github.com/lostisland/faraday/releases/tag/v1.10.6

[github]

Hi there @iMacTia! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[Copilot]

Pull request overview

Updates the OSV-style advisory record for GHSA-98m9-hrrm-r99r (Faraday) to reflect corrected affected version ranges, including an explicit affected range for the Faraday v1 line.

Changes:

• Adjusted the v2 affected range to start at 2.0.0 (instead of 0) and remain fixed in 2.14.3.
• Added a separate affected range for the v1 series, fixed in 1.10.6 (last known affected <= 1.10.5).
• Bumped the advisory modified timestamp accordingly.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.