Missing advisory CVE-2021-42550

OSSIndex / vulns

Report missing advisories and corrections on OSS Index

17 stars 12 forks source link

Missing advisory CVE-2021-42550 #237

Closed eriweb closed 1 year ago

eriweb commented 2 years ago

Advisory details

  URL: https://nvd.nist.gov/vuln/detail/CVE-2021-42550
  format: maven
  namespace: ch.qos.logback
  name: logback-core
  versions: < 1.2.7

More information https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-core@1.2.6 does not report as vulnerable

ken-duck commented 2 years ago

Hi! Sorry for the delay, but I respond with good news.

OSS Index is going through a major upgrade, as described here: https://ossindex.sonatype.org/updates-notice

The most clear and obvious benefit is far fewer false negatives and false positives, and vulnerabilities will be added to the system on a much more frequent and rapid basis. Once the upgrade is completed you should see most (if not all) of the reported data issues be resolved.

ken-duck commented 1 year ago

Closing old issues. This particular issue was resolved by the aforementioned upgrade.

It is known to our database as sonatype-2021-4517