search

OSSIndex / vulns

Report missing advisories and corrections on OSS Index
17 stars 12 forks source link

Advisory: wrong affected version #202

Closed lietusme closed 3 years ago

lietusme commented 3 years ago

To facilitate future automation, please use the following format

Advisory details

  URL: https://ossindex.sonatype.org/vulnerability/afbfcdda-fd2d-42b6-aa10-bf8343466d99?component-type=npm&component-name=big-integer&utm_source=dependency-check&utm_medium=integration&utm_content=6.3.2
  format: npm
  namespace: 
  name: big-integer
  versions: 1.0.0 - 1.6.49

More information

Package info: https://ossindex.sonatype.org/component/pkg:npm/big-integer@1.6.49 Vulnerability: https://ossindex.sonatype.org/vulnerability/afbfcdda-fd2d-42b6-aa10-bf8343466d99?component-type=npm&component-name=big-integer Note that affected versions is: (,4.17.21) This version is not in range of big-integer versions, so still marks this as vulnerability in 1.6.49 Issue was fixed and released in 1.6.49: https://github.com/peterolson/BigInteger.js/issues/216

ken-duck commented 3 years ago

Thanks for the heads up. The fix should show up in the public database tomorrow.

Note that since this is a vulnerability in a dependency it should not have been directly reported against BigInteger.

lietusme commented 3 years ago

Thanks, this is no longer reported as vulnerability