Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some references could be treated as aliases #646

Open
Hritik14 opened this issue Mar 15, 2022 · 0 comments
Open

Some references could be treated as aliases #646

Hritik14 opened this issue Mar 15, 2022 · 0 comments

Comments

@Hritik14
Copy link
Collaborator

Hritik14 commented Mar 15, 2022
edited
Loading

There should be improvers which would take references, verify them as valid unique aliases and add them.
Below documents refers to same RHSA but it is not sure that they are aliases to this particular advisory
Eg:

"advisory": {
              "identifiers": [
                {
                  "type": "GHSA",
                  "value": "GHSA-6mq2-37j5-w6r6"
                },
                {
                  "type": "CVE",
                  "value": "CVE-2009-4492"
                }
              ],
              "summary": "Moderate severity vulnerability that affects webrick",
              "references": [
                {
                  "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4492"
                },
                {
                  "url": "https://github.com/advisories/GHSA-6mq2-37j5-w6r6"
                },
                {
                  "url": "http://secunia.com/advisories/37949"
                },
                {
                  "url": "http://securitytracker.com/id?1023429"
                },
                {
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-0908.html"
                },
                {
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-0909.html"
                },
                {
                  "url":
                  "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection"
                },
                {
                  "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
                },
                {
                  "url": "http://www.securityfocus.com/bid/37710"
                },
                {
                  "url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
                },
                {
                  "url": "http://www.vupen.com/english/advisories/2010/0089"
                }
              ],
              "severity": "MODERATE",
              "publishedAt": "2017-10-24T18:33:38Z"
            },
            "package": {
              "name": "webrick"
            },
            "vulnerableVersionRange": "<= 1.3.1"
          }

via: https://github.com/nexB/vulnerablecode/wiki/WeeklyMeetings#meeting-on-tuesday-2022-03-15-at-0900-utc
@Hritik14 Hritik14 changed the title Severeal references could be treated as an aliases Some references could be treated as an aliases Mar 15, 2022
@Hritik14 Hritik14 changed the title Some references could be treated as an aliases Some references could be treated as aliases Mar 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Hritik14