I'm concerned the public text of CVE-2020-8823 isn't well defined enough for development teams to patch the affected library. Can you provide more details to help? Specifically the concern is that product name and version number do not match clearly with SockJS.
SockJS seems to be a product family and not a single product. The entire product family does not look to be affected, and the issue seems to reside in sockjs-node. Is this correct?
The version number is also confusing, as sockjs-node is currently listed as being v0.3.19. Was the library released on another platform as version 3.0?
It would be appreciated if you can help update the CVE text to be more clear about what is affected. I assume this has been reported to the authors of SockJS. They may be able to help pinpoint exactly what needs to be updated in the wording
The text was updated successfully, but these errors were encountered:
I'm concerned the public text of CVE-2020-8823 isn't well defined enough for development teams to patch the affected library. Can you provide more details to help? Specifically the concern is that product name and version number do not match clearly with SockJS.
SockJS seems to be a product family and not a single product. The entire product family does not look to be affected, and the issue seems to reside in sockjs-node. Is this correct?
The version number is also confusing, as sockjs-node is currently listed as being v0.3.19. Was the library released on another platform as version 3.0?
It would be appreciated if you can help update the CVE text to be more clear about what is affected. I assume this has been reported to the authors of SockJS. They may be able to help pinpoint exactly what needs to be updated in the wording
The text was updated successfully, but these errors were encountered: