You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the data quality issue observed
When I searched this CVE ID from osv.dev, I got different result with NVD when echo system is GIT. Result of osv.dev
The CVE ID
CVE-2021-42384
Describe the data quality issue observed
When I searched this CVE ID from osv.dev, I got different result with NVD when echo system is GIT.
Result of osv.dev
The affected version shows as below image
Result of NVD
The affected version shows as below image
The "From" (1_18_0) and and "Up to" (1_33_1) version are both the same between osv.dev and NVD.
However, osv.dev does not link this CVE to all tag version .
For example, I use the busybox v1.30.1, the tag ID is 1_30_1 , and the GIT commit hash is as following
1dd2685dcc735496d7adde87ac60b9434ed4a04c
As you can see, CVE-2021-42384 can not be found on osv.dev and osv-scanner tool with this version.
Suggested changes to record
Link CVE to all tag version between from and Up .
Hope my description is clear :)
Thank you very much.
The text was updated successfully, but these errors were encountered: