Should this vulnerability of GHSA-rmrm-75hp-phr2 include org.hibernate:hibernate-validator?

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.75k stars 336 forks source link

Should this vulnerability of GHSA-rmrm-75hp-phr2 include org.hibernate:hibernate-validator? #4975

Closed zhangzhenyu2 closed 3 weeks ago

zhangzhenyu2 commented 4 weeks ago

The groupId of the maven component corresponding to GHSA-rmrm-75hp-phr2 is org.hibernate.validator, but does it also include the groupId of org.hibernate?

For example:

https://security.snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-568162

JonathanLEvans commented 3 weeks ago

Hi @zhangzhenyu2, thank you for your contribution. To suggest adding a new package, please use our improvement suggestion form. This will ensure a timely response and you get credit for the change.