CVE-2020-14359 false positive

OSSIndex / vulns

Report missing advisories and corrections on OSS Index

17 stars 12 forks source link

CVE-2020-14359 false positive #286

Closed bovy89 closed 1 year ago

bovy89 commented 2 years ago

Vulnerability URL

https://ossindex.sonatype.org/vulnerability/CVE-2020-14359

Component URL

https://ossindex.sonatype.org/component/pkg:maven/org.keycloak/keycloak-core@18.0.0

Description

https://bugzilla.redhat.com/show_bug.cgi?id=1868591

ken-duck commented 2 years ago

From the research team:

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1868591

NOTE: Ever since the aforementioned Bugzilla/Redhat advisory on this vulnerability was published, not much information has been released publicly detailing the specifics of this vulnerability or if the vulnerability has been fixed. As such, the Sonatype security research team is flagging this CVE for informational purposes only. Users may waive this vulnerability at their discretion should this CVE not be applicable to them.

ken-duck commented 1 year ago

Closing based on the above explanation

ken-duck commented 1 year ago

For the record, we are migrating to a new email-based reporting system in order to better mesh with our internal processes, which will allow us to be more reactive to our users.

As such, if you notice further issues or would like to follow up on this one, please email ossindex@sonatype.org