-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False Negative for Hibernate Validator CVE-2014-3558 #534
Comments
This is an interesting false positive due to the data in the NVD entry. The only good solution I can think of is to parse the description to enhance the "x.x.x before x.x.x, x.x.x before x.x.x, ...". This is a somewhat common description so it may help make other CVEs more accurate. |
The patches put in place resolve this issue. A longer term plan was opened as issue #646. Again, thanks for pointing this issue out. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
False negative on library hibernate-validator-5.0.3.Final.jar - reported as cpe:/a:hibernate:hibernate_validator:5.0.3
Should be reported as CVE-2014-3558.
Not sure though if the Vulnerable software and versions configuration at NVD is the issue.
The text was updated successfully, but these errors were encountered: