This repository has been archived by the owner on Jan 19, 2023. It is now read-only.
Incorrect vulnerability details for dom4j / CVE-2018-1000632 #112
Labels
bug
Something isn't working
Comments
|
Hi @ken-duck - any chance you could take a look at this? Thanks in advance! |
|
Whoop. Yup, I'll get on this one today. Sorry for the delay. |
|
Sorry again for the delay. I have fixed this locally, and it should make it to the public database by sometime tomorrow. |
|
Closing old issues. I have validated that all affected packages appear to have the correct ranges. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Vulnerability URL
https://ossindex.sonatype.org/vuln/09883ba9-5094-49df-bd4a-1eaf1d6ba07b
Description
The affected version range for most of the packages are incorrect and showing as
(,2.1.1).The affected version range for
pkg:github/dom4j/dom4jis[2.0.0,2.0.3), [2.1.0,2.1.1)and is correct and is what should be set to all of the other packages.CVE-2018-1000632 was fixed on versions 2.0.3 and 2.1.1 for dom4j. References:
Note that the CPE entries in the NVD are correct.
The text was updated successfully, but these errors were encountered: