Strange references in GHSA-wg9m-gw3h-hg83 and GHSA-jmrx-5g74-6v2f #5316
Comments
ancieg
changed the title
|
Hi @ancieg, thanks for catching the use of archive.org for a link that is live and valid in one advisory and a malformed reference link in another advisory! I changed the reference back to https://nvd.nist.gov/vuln/detail/CVE-2019-13146, and a colleague of mine changed |
I am very sorry for the typo, but it should be like that:
Thank you! |
I found some strange references in some advisories.
GHSA-wg9m-gw3h-hg83 has https://web.archive.org/web/20220526020623/https://nvd.nist.gov/vuln/detail/CVE-2019-13146. Looks like an error, because the advisory has 2 "similar" references with
ADVISORYtype, but one of them has another link prepended:{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11250"}{"type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250"}Maybe, replace this?:
{"type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250"}->{"type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:4087"}GHSA-wg9m-gw3h-hg83 has https://web.archive.org/web/20220526020623/https://nvd.nist.gov/vuln/detail/CVE-2019-13146, but link https://nvd.nist.gov/vuln/detail/CVE-2019-13146 exists and contains more fresh information about vulnerability (I don't see any advantages to have a link to webarchive instead of actual official site). I think that a good idea to replace it:
{"type": "ADVISORY", "url": "https://web.archive.org/web/20220526020623/https://nvd.nist.gov/vuln/detail/CVE-2019-13146"}->{"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13146"}That's would be great if you will correct these advisories.
The text was updated successfully, but these errors were encountered: