Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Strange references in GHSA-wg9m-gw3h-hg83 and GHSA-jmrx-5g74-6v2f #5316

Closed
ancieg opened this issue Feb 28, 2025 · 2 comments
Closed

Strange references in GHSA-wg9m-gw3h-hg83 and GHSA-jmrx-5g74-6v2f #5316

ancieg opened this issue Feb 28, 2025 · 2 comments

Comments

@ancieg
Copy link

ancieg commented Feb 28, 2025

I found some strange references in some advisories.

GHSA-wg9m-gw3h-hg83 has https://web.archive.org/web/20220526020623/https://nvd.nist.gov/vuln/detail/CVE-2019-13146. Looks like an error, because the advisory has 2 "similar" references with ADVISORY type, but one of them has another link prepended:

  • {"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11250"}
  • {"type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250"}
    Maybe, replace this?:
    {"type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250"} -> {"type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:4087"}

GHSA-wg9m-gw3h-hg83 has https://web.archive.org/web/20220526020623/https://nvd.nist.gov/vuln/detail/CVE-2019-13146, but link https://nvd.nist.gov/vuln/detail/CVE-2019-13146 exists and contains more fresh information about vulnerability (I don't see any advantages to have a link to webarchive instead of actual official site). I think that a good idea to replace it:
{"type": "ADVISORY", "url": "https://web.archive.org/web/20220526020623/https://nvd.nist.gov/vuln/detail/CVE-2019-13146"} -> {"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13146"}

That's would be great if you will correct these advisories.

@ancieg ancieg changed the title Strange references in **GHSA-wg9m-gw3h-hg83** and **GHSA-jmrx-5g74-6v2f** Strange references in GHSA-wg9m-gw3h-hg83 and GHSA-jmrx-5g74-6v2f Feb 28, 2025
@shelbyc
Copy link
Contributor

shelbyc commented Mar 3, 2025

Hi @ancieg, thanks for catching the use of archive.org for a link that is live and valid in one advisory and a malformed reference link in another advisory! I changed the reference back to https://nvd.nist.gov/vuln/detail/CVE-2019-13146, and a colleague of mine changed https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 to https://access.redhat.com/errata/RHSA-2019:4087.

@shelbyc shelbyc closed this as completed Mar 3, 2025
@ancieg
Copy link
Author

ancieg commented Mar 3, 2025

I found some strange references in some advisories.

GHSA-wg9m-gw3h-hg83 has https://web.archive.org/web/20220526020623/https://nvd.nist.gov/vuln/detail/CVE-2019-13146. Looks like an error, because the advisory has 2 "similar" references with ADVISORY type, but one of them has another link prepended:

I am very sorry for the typo, but it should be like that:

GHSA-jmrx-5g74-6v2f has https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250.


Hi @ancieg, thanks for catching the use of archive.org for a link that is live and valid in one advisory and a malformed reference link in another advisory! I changed the reference back to https://nvd.nist.gov/vuln/detail/CVE-2019-13146, and a colleague of mine changed https://access.redhat.com/errata/RHSA-2019:4087https://nvd.nist.gov/vuln/detail/CVE-2019-11250 to https://access.redhat.com/errata/RHSA-2019:4087.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants