You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Package can have non-linear version histories wrt. vulnerabilities
For instance:
CVE-2014-1904
Summary:
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Here the set of Patched and Vulnerable does not seem correct at all: CVE-2014-1904.pdf
Several problems to consider:
I cannot easily debug this issues because of the lack of logging and history trail. I would need to be able to trace for each record the original data source and data it came fro. That does not need to be easy, but would need to be possible. Today it is neither easy nor possible AFAIK.
we should start considering how we can handle these version ranges (I assume some was provided somewhere) more
there is something that does not smell right on how we expand and match versions in general
The text was updated successfully, but these errors were encountered:
Package can have non-linear version histories wrt. vulnerabilities
For instance:
Here the set of Patched and Vulnerable does not seem correct at all:
CVE-2014-1904.pdf
Several problems to consider:
The text was updated successfully, but these errors were encountered: