[GHSA-8jxr-mccc-mwg8] Improve advisory details: reference incomplete fix for CVE-2024-43795

advisories/github-reviewed/2024/10/GHSA-8jxr-mccc-mwg8/GHSA-8jxr-mccc-mwg8.json

@@ -7,7 +7,7 @@
     "CVE-2024-46977"
   ],
   "summary": "OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)",
-  "details": "### Summary\nA path traversal vulnerability inside of `LocalMode`'s `open_local_file` method allows an authenticated user with adequate permissions to download any `.txt` via the `ScreensController#show` on the web server COSMOS is running on (depending on the file permissions).\n\nNote: This CVE affects all OpenC3 COSMOS Editions\n\n### Impact\nThis issue may lead to Information Disclosure.\n",
+  "details": "### Summary\nA path traversal vulnerability inside of `LocalMode`'s `open_local_file` method allows an authenticated user with adequate permissions to download any `.txt` via the `ScreensController#show` on the web server COSMOS is running on (depending on the file permissions).\n\nNote: This CVE affects all OpenC3 COSMOS Editions\n\n### Impact\nThis issue may lead to Information Disclosure.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2024-43795. This path traversal was discovered in the same GitHub Security Lab audit as [CVE-2024-43795](https://github.com/advisories/GHSA-vfj8-5pj7-2f9g). Both affect the same `ScreensController` component and are fixed in 5.19.0.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -97,4 +97,4 @@
     "github_reviewed_at": "2024-10-02T19:29:32Z",
     "nvd_published_at": "2024-10-02T20:15:11Z"
   }
-}
+}