Could you please provide the following critical details:
-
Severity Level: What is the CVSS score or severity rating of this vulnerability?
-
Attack Vector & Exploitability:
-
Is this remotely exploitable?
-
Does it require authentication?
-
What level of access could an attacker gain?
-
-
Specific Impact:
-
What exactly is vulnerable?
-
Could this expose secrets, environment variables, or repository contents?
-
Are build artifacts at risk?
-
-
Affected Versions: Which versions prior to v5.3.1 are affected?
-
How would we know if this vulnerability has been exploited in our workflows?
-
Timeline: When was this vulnerability discovered and how long have affected versions been in use?
While you mention “no evidence of exploitation,” understanding the actual risk profile would help us prioritize this update appropriately, especially heading into a weekend.