Skip to content

Address issue with incorrect open CVE-2019-10226 #1235

Closed
@steveyken

Description

@steveyken

Back in 2019, a post appeared incorrectly claiming to have found a vulnerability in Fat Free CRM: http://packetstormsecurity.com/files/152263/Fat-Free-CRM-0.19.0-HTML-Injection.html

This claim was submitted to the Fat Free CRM security mailing list at the time and was checked out. It was found to be false positive but for some reason, a CVE had already been requested by the original poster (not by the FFCRM team). The poster was asked to close the CVE, but I have now realised this never happened and the CVE is currently still open.

This CVE has now made its way into GitHub's security database and various tools that depend on it are flagging current versions of Fat Free CRM as erroneously having a vulnerability (e.g. bundle-audit).

I've raised a PR for the GHSA asking for it to be removed but was advised that we need to contact MITRE as they are the original assigning entity.

Action: Request an update to an existing CVE Entry by using the form at https://cveform.mitre.org/

This ticket is here to track my progress.

References:

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions