[Bug] - Wrong alert for Block Wish list in version 2.1.2

prestaalba / fop_publishedvulnerabilityscan

Scans your shop searching for any vulnerability published on the FOP security advisories list.

Academic Free License v3.0

17 stars 6 forks source link

[Bug] - Wrong alert for Block Wish list in version 2.1.2 #1

Closed bicipres closed 8 months ago

bicipres commented 8 months ago

Hi @prestaalba,

Thank you so much for your development.

We just tested your module on Prestashop 1.7.8.11.

There is a false positiv for the module blockwishlist.php in version 2.1.2.

The vulnerability CVE-2022-31101 => https://security.friendsofpresta.org/modules/2022/06/24/blockwishlist is displayed for the blockwishlist in version 2.1.2 but it this should not be the case as the vulnerable version is >=2.0.0, 2.1.1.

Do you have an idea of what's happen ?

Regards,

clotairer commented 8 months ago

The right syntax in the advisory should be >=2.0.0, <2.1.1. It's the mistake is due to this typo. Do not hesitate to make a pull request to the repo https://github.com/friends-of-presta/security-advisories/ for any other typo. I created a PR for this issue.

bicipres commented 8 months ago

Hi @clotairer,

Thanks to your fast reply.

Regards,

prestaalba commented 8 months ago

Thanks for your interest @bicipres. It is what @clotairer commented.

There are some others typo issues that I'll be reporting on this week.

Regards