From 8ca2f73ab156bf50cca420de293b03adc288f6be Mon Sep 17 00:00:00 2001
From: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
Date: Wed, 4 Feb 2026 11:01:38 -0500
Subject: [PATCH] Improve GHSA-5mqx-rpxv-mvxj

---
 .../GHSA-5mqx-rpxv-mvxj.json                  | 44 +++++++++++++++++--
 1 file changed, 41 insertions(+), 3 deletions(-)

diff --git a/advisories/github-reviewed/2024/07/GHSA-5mqx-rpxv-mvxj/GHSA-5mqx-rpxv-mvxj.json b/advisories/github-reviewed/2024/07/GHSA-5mqx-rpxv-mvxj/GHSA-5mqx-rpxv-mvxj.json
index 76498473bc5cf..f3c5767522e88 100644
--- a/advisories/github-reviewed/2024/07/GHSA-5mqx-rpxv-mvxj/GHSA-5mqx-rpxv-mvxj.json
+++ b/advisories/github-reviewed/2024/07/GHSA-5mqx-rpxv-mvxj/GHSA-5mqx-rpxv-mvxj.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5mqx-rpxv-mvxj",
-  "modified": "2026-01-05T14:59:35Z",
+  "modified": "2026-01-05T14:59:36Z",
   "published": "2024-07-23T03:30:33Z",
   "aliases": [
     "CVE-2024-6717"
   ],
   "summary": "HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration",
-  "details": "HashiCorp Nomad versions up to 1.11.1, and Nomad Enterprise versions 1.6.12 up to 1.7.9 and 1.8.1, are vulnerable to path escaping of the allocation directory during archive unpacking in migration. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.11.1 and Nomad Enterprise 1.6.13, 1.7.10, and 1.8.2.",
+  "details": "HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -28,7 +28,45 @@
               "introduced": "0"
             },
             {
-              "fixed": "1.11.1"
+              "fixed": "1.6.13"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/hashicorp/nomad"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.7.10"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/hashicorp/nomad"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.8.2"
             }
           ]
         }