Incorrect vulnerability details: CVE-2020-25658 python-rsa

[Shortfinga]

Vulnerability URL Provide the URL to the vulnerability. For example:

https://ossindex.sonatype.org/vulnerability/CVE-2020-25658?component-type=pypi&component-name=rsa

Component URL Provide the URL to the component. For example:

https://ossindex.sonatype.org/component/pkg:pypi/rsa@4.8

Description CVE-2020-25658 is fixed with version 4.7 according to https://nvd.nist.gov/vuln/detail/CVE-2020-25658, OSS still lists this vulnerability for 4.8

[ken-duck]

Sorry for the delay. We have been working on getting appropriate internal processes defined for dealing with data issues in the new data set. We are now working on catching up on the backlog.

This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.

[ken-duck]

In this case Sonatype Deep Dive researchers have deemed the fix to be insufficient in resolving the vulnerability. Further information can be found here: https://github.com/sybrenstuvel/python-rsa/issues/165#issuecomment-727580521