Missing Advisory: CVE-2020-26945

OSSIndex / vulns

Report missing advisories and corrections on OSS Index

17 stars 12 forks source link

Missing Advisory: CVE-2020-26945 #256

Closed bcoveny closed 1 year ago

bcoveny commented 2 years ago

To facilitate future automation, please use the following format

Advisory details

  URL: [<Advisory URL>](https://nvd.nist.gov/vuln/detail/CVE-2020-26945#range-6036720)
  format: maven
  namespace: org.mybatis
  name: mybatis
  versions: (,3.5.5]

More information MyBatis before 3.5.6 mishandles deserialization of object streams.

ken-duck commented 2 years ago

Hi! Sorry for the delay, but I respond with good news.

OSS Index is going through a major upgrade, as described here: https://ossindex.sonatype.org/updates-notice

The most clear and obvious benefit is far fewer false negatives and false positives, and vulnerabilities will be added to the system on a much more frequent and rapid basis. Once the upgrade is completed you should see most (if not all) of the reported data issues be resolved.

ken-duck commented 1 year ago

Closing old issues. This was resolved during the aforementioned major upgrade.