Open zhangzhenyu2 opened 1 week ago
The JSON record for GHSA-c5pj-mqfh-rvc3 has it marked as withdrawn
:
"id": "GHSA-c5pj-mqfh-rvc3",
"modified": "2024-06-05T18:30:34Z",
"published": "2024-04-26T06:30:34Z",
"withdrawn": "2024-04-30T09:37:23Z",
I believe it is intended that we export withdrawn vulnerabilities.
Edit: Found the relevant FAQ entry: https://google.github.io/osv.dev/faq/#how-does-osvdev-handle-withdrawn-records
GHSA-c5pj-mqfh-rvc3 "Runc allows an arbitrary systemd property to be injected" is a misunderstood vulnerability. Users do NOT need to update runc
https://github.com/opencontainers/runc/issues/4263
but https://storage.googleapis.com/osv-vulnerabilities/index.html?prefix=Go/ Still in osv