The very same applies as for CVE-2018-20225: disputed, ignored since years, and whichever database update triggered safety to suddenly fail on it, while there is no solution, and never will be one: https://github.com/pyupio/safety/issues/527
Not sure who to blame here, whether the NIST NVD database update triggered them to be recognised by safety now (with 30 days delay as free user), or whether "the information ... curated by our (Safety's) Cybersecurity Intelligence Team" was not done well.
I hope it stops failing on more ancient disputed CVEs, otherwise I suggest to drop safety and move to another tool which better handles disputed CVEs.
The very same applies as for CVE-2018-20225: disputed, ignored since years, and whichever database update triggered safety to suddenly fail on it, while there is no solution, and never will be one: https://github.com/pyupio/safety/issues/527
Not sure who to blame here, whether the NIST NVD database update triggered them to be recognised by
safetynow (with 30 days delay as free user), or whether "the information ... curated by our (Safety's) Cybersecurity Intelligence Team" was not done well.I hope it stops failing on more ancient disputed CVEs, otherwise I suggest to drop
safetyand move to another tool which better handles disputed CVEs.