From f5af48926fb9ebb43eb0abef3c701c493e34d910 Mon Sep 17 00:00:00 2001
From: Wenxin Jiang <wenxin_jiang@outlook.com>
Date: Wed, 22 Apr 2026 15:35:30 -0400
Subject: [PATCH] Improve GHSA-gp2j-mg4w-2rh5

---
 .../2022/05/GHSA-gp2j-mg4w-2rh5/GHSA-gp2j-mg4w-2rh5.json      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/advisories/github-reviewed/2022/05/GHSA-gp2j-mg4w-2rh5/GHSA-gp2j-mg4w-2rh5.json b/advisories/github-reviewed/2022/05/GHSA-gp2j-mg4w-2rh5/GHSA-gp2j-mg4w-2rh5.json
index d7810aa565956..bcebd4ffcfe48 100644
--- a/advisories/github-reviewed/2022/05/GHSA-gp2j-mg4w-2rh5/GHSA-gp2j-mg4w-2rh5.json
+++ b/advisories/github-reviewed/2022/05/GHSA-gp2j-mg4w-2rh5/GHSA-gp2j-mg4w-2rh5.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gp2j-mg4w-2rh5",
-  "modified": "2023-09-06T20:12:50Z",
+  "modified": "2023-09-06T20:12:51Z",
   "published": "2022-05-24T17:17:04Z",
   "aliases": [
     "CVE-2020-7645"
   ],
   "summary": "chrome-launcher subject to OS Command Injection",
-  "details": "chrome-launcher prior to 0.13.2 is subject to OS Command Injection via the `$HOME` environment variable in Linux operating systems. This issue is patched in version 0.13.2.",
+  "details": "chrome-launcher prior to 0.13.2 is subject to OS Command Injection via the `$HOME` environment variable in Linux operating systems. This issue is patched in version 0.13.2.\n\n`0.10.6` is not affected despite falling between affected releases, because the npm tarball for that version is a broken publish and omits the vulnerable module entirely.",
   "severity": [
     {
       "type": "CVSS_V3",