tsaibabu4u
commented
2 years ago It would be nice option to skip specific or some of CVE-2021-xxx from scanning
Open nedjitef opened 2 years ago
tsaibabu4u
commented
2 years ago It would be nice option to skip specific or some of CVE-2021-xxx from scanning
Hi,
there is at least one CVE around, which requie the attacker to have write access to the configuration. Now I saw another one and kind of lost track of it.
Not sure, but if it's not a single CVE but two, would it be possible to add an option to opt out scanning for CVEs, where write access to a configuration file is required?
Checking log4j doesn't help much, if the attacker already has write access to parts of the application.