ken-duck
commented
2 years ago Sorry for the delay. We have been working on getting appropriate internal processes defined for dealing with data issues in the new data set. We are now working on catching up on the backlog.
This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.
Vulnerability URL https://ossindex.sonatype.org/vulnerability/sonatype-2021-0541
Component URL https://ossindex.sonatype.org/component/pkg:npm/cytoscape
Description First of all, the referenced vulnerability (https://www.huntr.dev/bounties/1-npm-cytoscape/) is inaccessible:
Secondly, the vulnerability type (CWE-1321) mentioned appears to be fixed in v3.21.0, but the latest versions (v3.21.1) still get reported as vulnerable by OSSIndex. The fix is in https://github.com/cytoscape/cytoscape.js/pull/2959, released as part of v3.21.0 (see https://github.com/cytoscape/cytoscape.js/compare/v3.20.2...v3.21.0).