Closed nagyesta closed 2 years ago
Thanks for the heads up. The vulnerability has been added and should show up by sometime tomorrow.
I am closing this issue, since the issue seems to be resolved. However, new vulnerabilities have been detected that are not in the current OSS Index database. However, there is good news:
OSS Index is going through a major upgrade, as described here: https://ossindex.sonatype.org/updates-notice
The most clear and obvious benefit is far fewer false negatives and false positives, and vulnerabilities will be added to the system on a much more frequent and rapid basis. Once the upgrade is completed you should see most (if not all) of the reported data issues be resolved.
Advisory details
More information