rhelmke
commented
4 months ago Thanks, Stefano. Our validation does not reject repo pushes when it fails, as everything else than a mere mirror of the original API responses would introduce inconsistencies. The validator caught the error, that's good.
But I don't understand how these data pollution issues can happen on the NVD site of things. :thinking: It is really interesting that this (probably copy-paste) error passed both HackerOne and NVD checks. I sent a message to H1, lets see what happens - gotta keep the data clean :sunglasses:
Just FYI, CVE-2024-24992 has an URL that starts with
ZDI-CAN-22854https://.Raising this because my understanding is that you were already validating things against the JSONschema so maybe something is off?