GHSA-8qw9-gf7w-42x5: add CVSS v3.1, CWE-22, CVE alias, and references

[anandmt]

Reason for change

This advisory for the Streamlit directory traversal fix (follow-up to CVE-2022-35918) is missing several standard fields that help downstream consumers assess and track the vulnerability.

Changes

• Added CVSS v3.1 score: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (5.3 — Medium). Rationale: same attack class as the original CVE-2022-35918 (CVSS 6.5), but with higher attack complexity since the residual issue only manifests "under specific conditions" per the advisory text.
• Added CWE-22 (Improper Limitation of a Pathname to a Restricted Directory / Path Traversal) — consistent with the original advisory GHSA-v4hr-4jpx-56gc and the NVD classification for CVE-2022-35918.
• Added CVE-2022-35918 alias — this advisory is a follow-up fix for the same CVE.
• Added references to the NVD entry and the original advisory (GHSA-v4hr-4jpx-56gc) for cross-linking.
• Updated severity from LOW to MODERATE to align with the computed CVSS score.

Supporting evidence

• NVD entry for CVE-2022-35918: https://nvd.nist.gov/vuln/detail/CVE-2022-35918
• Original advisory: GHSA-v4hr-4jpx-56gc
• Streamlit security advisory: GHSA-8qw9-gf7w-42x5