search

fasten-project / vulnerability-producer

Gathers, enriches and publishes vulnerability information to a Kafka topic.
https://www.fasten-project.eu/
Apache License 2.0
6 stars 3 forks source link

CVE-2017-5402 - Vulnerability of non-maven product mapped to maven package #107

Open cg122 opened 2 years ago

cg122 commented 2 years ago

According to the description, CVE-2017-5402 relates to:

This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

However, it mapped to pkg:maven/org.apache.tomcat/tomcat@9.0

CVE-2017-5402.json.gz

MagielBruntink commented 2 years ago

Mapped to another Maven package now: pkg:maven/com.kitfox.svg/svg-salamander@9.0, which does not exist with version 9.0 (but only 1.0).

CVE-2017-5402-2.json.gz