Incorrect vulnerability details: CVE-2020-25658 python-rsa #301

Shortfinga · 2022-06-21T07:23:09Z

Vulnerability URL
Provide the URL to the vulnerability. For example:

https://ossindex.sonatype.org/vulnerability/CVE-2020-25658?component-type=pypi&component-name=rsa

Component URL
Provide the URL to the component. For example:

https://ossindex.sonatype.org/component/pkg:pypi/rsa@4.8

Description
CVE-2020-25658 is fixed with version 4.7 according to https://nvd.nist.gov/vuln/detail/CVE-2020-25658, OSS still lists this vulnerability for 4.8

The text was updated successfully, but these errors were encountered:

ken-duck · 2022-07-12T17:11:00Z

Sorry for the delay. We have been working on getting appropriate internal processes defined for dealing with data issues in the new data set. We are now working on catching up on the backlog.

This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.

ken-duck · 2022-08-23T17:47:43Z

In this case Sonatype Deep Dive researchers have deemed the fix to be insufficient in resolving the vulnerability. Further information can be found here: sybrenstuvel/python-rsa#165 (comment)

Shortfinga added the bug Something isn't working label Jun 21, 2022

ken-duck closed this as completed Aug 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Incorrect vulnerability details: CVE-2020-25658 python-rsa #301

Incorrect vulnerability details: CVE-2020-25658 python-rsa #301

Shortfinga commented Jun 21, 2022

ken-duck commented Jul 12, 2022

ken-duck commented Aug 23, 2022 •

edited

Incorrect vulnerability details: CVE-2020-25658 python-rsa #301

Incorrect vulnerability details: CVE-2020-25658 python-rsa #301

Comments

Shortfinga commented Jun 21, 2022

ken-duck commented Jul 12, 2022

ken-duck commented Aug 23, 2022 • edited

ken-duck commented Aug 23, 2022 •

edited