Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

False-Positive: CVE-2022-24304 rejected by NVD #315

Open
prabhu opened this issue Jun 21, 2024 · 0 comments
Open

False-Positive: CVE-2022-24304 rejected by NVD #315

prabhu opened this issue Jun 21, 2024 · 0 comments
Labels
data-quality

Comments

@prabhu
Copy link
Member

prabhu commented Jun 21, 2024

PURL of wrongly matched component

Rejected by NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-24304

But still reported by GitHub and OSV.

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-h8hf-x3f4-xwgp/GHSA-h8hf-x3f4-xwgp.json
https://osv.dev/vulnerability/GHSA-h8hf-x3f4-xwgp
https://osv.dev/vulnerability/GHSA-f825-f98c-gj3g

Depscan findings

I think depscan or vdb6 could have some kind of override data to flag and remove such CVEs
@prabhu prabhu added false-positive A wrongly identified vulnerability data-quality and removed false-positive A wrongly identified vulnerability labels Jun 21, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
data-quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@prabhu