From 6b74f3d009bb426835ac9c4c9785c22177afc2e8 Mon Sep 17 00:00:00 2001
From: Pini Shvartsman <7192105+PiniShv@users.noreply.github.com>
Date: Mon, 13 Apr 2026 22:50:57 +0300
Subject: [PATCH] GHSA-rwvc-j5jr-mgvh: update CVSS to match NVD, enrich
 description

---
 .../11/GHSA-rwvc-j5jr-mgvh/GHSA-rwvc-j5jr-mgvh.json    | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/advisories/github-reviewed/2025/11/GHSA-rwvc-j5jr-mgvh/GHSA-rwvc-j5jr-mgvh.json b/advisories/github-reviewed/2025/11/GHSA-rwvc-j5jr-mgvh/GHSA-rwvc-j5jr-mgvh.json
index ad7e625d6d0ac..f5109a4eadb16 100644
--- a/advisories/github-reviewed/2025/11/GHSA-rwvc-j5jr-mgvh/GHSA-rwvc-j5jr-mgvh.json
+++ b/advisories/github-reviewed/2025/11/GHSA-rwvc-j5jr-mgvh/GHSA-rwvc-j5jr-mgvh.json
@@ -6,12 +6,12 @@
   "aliases": [
     "CVE-2025-48985"
   ],
-  "summary": "Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files",
-  "details": "A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.",
+  "summary": "Vercel's AI SDK's filetype whitelists can be bypassed when uploading files",
+  "details": "### Summary\n\nA vulnerability in the Vercel AI SDK allowed users to bypass filetype whitelists when uploading files via the `generateText()` and `streamText()` functions.\n\n### Root Cause\n\nThe issue exists in `convert-to-language-model-prompt.ts`, where filtering downloaded results caused index misalignment between the `downloadedFiles` array and the `plannedDownloads` array. When a prompt contained a mix of supported and unsupported URLs, the improper URL-to-data mapping allowed bytes from an unsupported URL to be incorrectly mapped to a supported URL slot. This enabled an attacker to inject arbitrary file content while bypassing URL-based trust and content validation.\n\n### Fix\n\nThe fix maps files before filtering out empty entries, so the correct index alignment between downloads and their corresponding URLs is retained.\n\n### Affected Versions\n\nAll versions prior to 5.0.52 and 5.1.0-beta.0 through 5.1.0-beta.8 are affected. The 6.0.0-beta line (starting at 6.0.0-beta.29) was released after the fix and is not affected.\n\nFixed in 5.0.52 and 5.1.0-beta.9.",
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
     }
   ],
   "affected": [
@@ -81,9 +81,9 @@
       "CWE-20",
       "CWE-682"
     ],
-    "severity": "LOW",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-07T17:39:01Z",
     "nvd_published_at": "2025-11-07T01:15:36Z"
   }
-}
\ No newline at end of file
+}