Data quality issue CVE-2023-24163 #2195
Comments
|
Hello, Thank you for your interest in OSV.dev's data quality and taking the time to report this issue. In short, OSV.dev is not the source of these vulnerability records, as discussed in our FAQ. There are two distinct vulnerability records involved here: For For That said, the source of the record, including the version information in the description ultimately comes from the CVE List, and from the MITRE CNA-LR, I have also notified them via https://cveform.mitre.org/ I expect the GitHub Advisory Database record correction to go through promptly, but I do not know how long the NVD or CVE List corrections will take. |
|
|
|
The NVD has also advised they have made the corrections, so our next conversion run should reflect them in OSV.dev. |
The CVE ID
This issue is related with CVE-2023-24163 and GHSA-6c25-cxcc-pmc4
Describe the data quality issue observed
Recently, we found that last affected version of CVE-2023-24163 is incorrect. According to its release note and issue pages, hutool fixed CVE-2023-24163 in verision 5.8.21. However, last affected version listed in OSV is 5.8.11. This incorrect information may mislead developers using this software.
Suggested changes to record
Update the fix version to 5.8.21.
Additional context
References:
gitee issue page: https://gitee.com/dromara/hutool/issues/I6AJWJ#note_20057806_link
github issue page: dromara/hutool#3149
hutool release note: https://github.com/dromara/hutool/releases
The text was updated successfully, but these errors were encountered: