CVE-2021-36373 and CVE-2021-36373 purl mapping are not precise.

fasten-project / vulnerability-producer

Gathers, enriches and publishes vulnerability information to a Kafka topic.

https://www.fasten-project.eu/

Apache License 2.0

6 stars 3 forks source link

Closed cg122 closed 2 years ago

cg122 commented 2 years ago

Affects: up to 1.9.15 / 1.10.10. Versions prior to 1.4 are not affected, versions prior to 1.9.0 are not affected when reading tar archives.

According to apache security report (https://ant.apache.org/security.html), versions 1.7. and 1.8. currently mapped in DB should not be included.

MagielBruntink commented 2 years ago

The mapping is in line with the version statement at https://github.com/advisories/GHSA-q5r4-cfpx-h6fh < 1.9.16.