-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Data quality issue with GHSA-4wrc-f8pq-fpqp #1987
Comments
Hello @Albertoimpl thank you for bringing this to our attention. To confirm, you're referring to the contents of Looking at https://api.osv.dev/v1/vulns/GHSA-4wrc-f8pq-fpqp I can confirm that the highest version present is Looking at https://deps.dev/maven/org.springframework%3Aspring-web/6.1.4/versions I can confirm that versions higher to My current theory is that additional versions became enumerable after the original import-time enumeration was performed. I am testing this theory by reimporting GHSA-4wrc-f8pq-fpqp |
Update: It seems I was mistaken on how to trigger a reimport of a single record for a Git-based OSV.dev data source. I am still trying to get just this record to be reprocessed. |
Thanks for taking a look @andrewpollock. I confirm I was referring to what you are specifying. |
I note that https://api.osv.dev/v1/vulns/GHSA-4wrc-f8pq-fpqp is now reporting the additional versions in |
Confirmed, thanks a lot @andrewpollock! |
CVE-2016-1000027
https://osv.dev/vulnerability/CVE-2016-1000027
Missing releases
It is missing releases in a range that still contains vulnerabilities.
More precisely, reading https://osv.dev/vulnerability/GHSA-4wrc-f8pq-fpqp it states that it was fixed only after 6.0.0 but the range in, for example, affected versions ends in
5.3.27
when there are releases until5.3.31
that are still vulnerable: https://mvnrepository.com/artifact/org.springframework/spring-webSuggested changes to record
Update the affected versions to include all the missing releases.
Additional context
Thanks a lot!
The text was updated successfully, but these errors were encountered: