Missing Advisories CVE-2021-37136 and CVE-2021-37137

OSSIndex / vulns

Report missing advisories and corrections on OSS Index

17 stars 12 forks source link

Missing Advisories CVE-2021-37136 and CVE-2021-37137 #236

Closed matts-au closed 1 year ago

matts-au commented 2 years ago

Advisory details

  URL 1: https://github.com/advisories/GHSA-grg4-wf29-r9vv
  URL 2: https://github.com/advisories/GHSA-9vjp-v76f-g363
  format: Maven
  namespace: io.netty
  name: netty-codec
  versions: < 4.1.68

More information The CVEs are actually being assigned to io.netty/netty component instead of netty-codec.

ken-duck commented 2 years ago

Hi! Sorry for the delay, but I respond with good news.

OSS Index is going through a major upgrade, as described here: https://ossindex.sonatype.org/updates-notice

The most clear and obvious benefit is far fewer false negatives and false positives, and vulnerabilities will be added to the system on a much more frequent and rapid basis. Once the upgrade is completed you should see most (if not all) of the reported data issues be resolved.

ken-duck commented 1 year ago

Closing old issues. This particular issue was resolved by the aforementioned upgrade.