Skip to content
This repository has been archived by the owner on Jan 19, 2023. It is now read-only.

Incorrect vulnerability details: CVE-2020-25658 python-rsa #301

Closed
Shortfinga opened this issue Jun 21, 2022 · 2 comments
Closed

Incorrect vulnerability details: CVE-2020-25658 python-rsa #301

Shortfinga opened this issue Jun 21, 2022 · 2 comments
Labels
bug Something isn't working

Comments

@Shortfinga
Copy link

Vulnerability URL
Provide the URL to the vulnerability. For example:

https://ossindex.sonatype.org/vulnerability/CVE-2020-25658?component-type=pypi&component-name=rsa

Component URL
Provide the URL to the component. For example:

https://ossindex.sonatype.org/component/pkg:pypi/rsa@4.8

Description
CVE-2020-25658 is fixed with version 4.7 according to https://nvd.nist.gov/vuln/detail/CVE-2020-25658, OSS still lists this vulnerability for 4.8

@Shortfinga Shortfinga added the bug Something isn't working label Jun 21, 2022
@ken-duck
Copy link
Contributor

Sorry for the delay. We have been working on getting appropriate internal processes defined for dealing with data issues in the new data set. We are now working on catching up on the backlog.

This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.

@ken-duck
Copy link
Contributor

ken-duck commented Aug 23, 2022

In this case Sonatype Deep Dive researchers have deemed the fix to be insufficient in resolving the vulnerability. Further information can be found here: sybrenstuvel/python-rsa#165 (comment)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants