search

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Creative Commons Attribution 4.0 International
1.68k stars 312 forks source link

[GHSA-rgx7-8wqv-m224] ThreeTen Backport v1.6.8 was discovered to contain an... #4480

Closed dubek closed 1 month ago

dubek commented 1 month ago

Updates

Comments Fix one wrong URL in the References section.

dubek commented 1 month ago

Note that I intended to fix only the URL in the References section, but the form required filling in Title and Ecosystem which were empty.

shelbyc commented 1 month ago

Hi @dubek, I'm not accepting the contribution because the behavior described in the researcher report is not a vulnerability in ThreeTen Backport, so my colleagues and I have chosen to not review the advisory. It is not possible to make changes to advisories in the GitHub Advisory Database without reviewing them and generating Dependabot alerts. In the situation described in https://gist.github.com/LLM4IG/d2618f5f4e5ac37eb75cff5617e58b90, ThreeTen Backport appears to properly generate an error and the situation is therefore not a vulnerability. Reviewing the advisory would result in users receiving unnecessary alerts. Thank you for your interest in improving GHSA-rgx7-8wqv-m224 and have a great week.