GHSA SYNC: 2 modified advisories; 4 brand new advisories #957
Conversation
postmodern
left a comment
postmodern
left a comment
There was a problem hiding this comment.
Looks good. Just spotted one issue where NVD mentions 2.3.0 being vulnerable. Also all of these GHSA url:s are still Unreviewed and missing package information that NVD has. We should switch those url:s to point to NVD.
| - ">= 2.2.8" | ||
| related: | ||
| url: | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2016-2337 |
There was a problem hiding this comment.
The NVD entry mentions 2.2.8 and 2.3.0 in the CPEs. Was 2.3.0 also affected?
| engine: ruby | ||
| cve: 2016-2339 | ||
| ghsa: c4w7-m676-pcvp | ||
| url: https://github.com/advisories/GHSA-c4w7-m676-pcvp |
There was a problem hiding this comment.
This GHSA is still Unreviewed and missing data that NVD has. We should switch the primary URL to NVD in that case.
| engine: ruby | ||
| cve: 2016-2338 | ||
| ghsa: r46x-xjwr-8v2g | ||
| url: https://github.com/advisories/GHSA-r46x-xjwr-8v2g |
There was a problem hiding this comment.
This GHSA is still Unreviewed and missing data that NVD has. We should switch the primary URL to NVD in that case.
| engine: ruby | ||
| cve: 2016-2337 | ||
| ghsa: f58m-77qc-8gjv | ||
| url: https://github.com/advisories/GHSA-f58m-77qc-8gjv |
There was a problem hiding this comment.
This GHSA is still Unreviewed and missing data that NVD has. We should switch the primary URL to NVD in that case.
| engine: ruby | ||
| cve: 2011-4121 | ||
| ghsa: mjg4-5rfj-952f | ||
| url: https://github.com/advisories/GHSA-mjg4-5rfj-952f |
There was a problem hiding this comment.
This GHSA is still Unreviewed and missing data that NVD has. We should switch the primary URL to NVD in that case.
2 participants
GHSA SYNC: 2 modified advisories; 4 brand new advisories:
Modified:
New: