search

OSSIndex / vulns

Report missing advisories and corrections on OSS Index
17 stars 12 forks source link

Incorrect vulnerability details #270

Closed aikebah closed 2 years ago

aikebah commented 2 years ago

Vulnerability URL

https://ossindex.sonatype.org/vulnerability/9b28a5d2-9be7-4414-a59b-98e25e4c608a?component-type=maven&component-name=commons-collections.commons-collections&utm_source=dependency-check&utm_medium=integration&utm_content=7.0.4

Component URL

https://ossindex.sonatype.org/component/pkg:maven/commons-collections/commons-collections@3.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.0.4

Description Whilst presence of a commons-collections plays a role in enabling the RCE the CVE is for improper shielding of apache synapse, so it should not be reported for the commons-collections library. The apache-commons CVE this relates to is likely CVE-2015-6420.

aikebah commented 2 years ago

Appears to have been resolved in the meantime. Vulnerability URL now yields HTTP 404 and the improper CVE is no longer returned by the OSSIndex for commons-collections 3.2.2