Data quality issue with CVE-2020-27388 #2071
Assignees
Labels
data quality
Issues with data quality
Comments
|
This is another instance of a formerly converting CVE that is no longer converting and will be deleted entirely when #2030 is complete. |
|
"Deleted entirely" was the incorrect expectation to set, my apologies, this is now marked as withdrawn. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The CVE ID
https://osv.dev/vulnerability/CVE-2020-27388
Describe the data quality issue observed
The CVE says it affects versions 1.5 to 1.7.10. OSV says all versions released since 1.5 (including the latest, 1.9.2) are affected. osv-scanner reports this vulnerability when commit
2efcb9e(1.9.2) is checked out, even though it was fixed in04495e8.Suggested changes to record
Set "Fixed" commit ID to
04495e8b17ffeedb695ef5a64389f6bee15d57fb.Additional context
GHSA-pwgg-r6fq-mf94 is listed as an alias. That seems to have the correct Introduced and Fixed version numbers - although only the 1.7.x versions are actually listed under "Affected versions".
The text was updated successfully, but these errors were encountered: