Closed henryzhao95 closed 1 year ago
Sorry for the delay. We have been working on getting appropriate internal processes defined for dealing with data issues in the new data set. We are now working on catching up on the backlog.
This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.
Sonatype Deep Dive research determined that the Nuget format is still vulnerable to this issue due to the presence of the jquery.validate-vsdoc.js
file that contains the vulnerable regex.
We will be updating OSS Index to better report when and why we deviate from the CVE
To facilitate future automation, please use the following format
Advisory details
More information Any additional information that might be useful/interesting