jQuery.Validation sonatype-2022-3016 already fixed in 1.19.4

OSSIndex / vulns

Report missing advisories and corrections on OSS Index

17 stars 12 forks source link

jQuery.Validation sonatype-2022-3016 already fixed in 1.19.4 #293

Closed henryzhao95 closed 1 year ago

henryzhao95 commented 2 years ago

To facilitate future automation, please use the following format

Advisory details

  URL: [<Advisory URL>](https://ossindex.sonatype.org/vulnerability/sonatype-2022-3016?component-type=nuget&component-name=jQuery.Validation)
  format: nuget
  namespace: <maven groupid, npm scope, etc.>
  name: jQuery.Validation
  versions: 1.19.4 is patched, but failing still showing as vulnerable

More information Any additional information that might be useful/interesting

ken-duck commented 2 years ago

Sorry for the delay. We have been working on getting appropriate internal processes defined for dealing with data issues in the new data set. We are now working on catching up on the backlog.

This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.

ken-duck commented 1 year ago

Sonatype Deep Dive research determined that the Nuget format is still vulnerable to this issue due to the presence of the jquery.validate-vsdoc.js file that contains the vulnerable regex.

We will be updating OSS Index to better report when and why we deviate from the CVE