Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data quality issue with CVE-2021-42384 #2128

Open
ASKAC0810 opened this issue Apr 22, 2024 · 0 comments
Open

Data quality issue with CVE-2021-42384 #2128

ASKAC0810 opened this issue Apr 22, 2024 · 0 comments
Assignees
@andrewpollock
Labels
data quality Issues with data quality

Comments

@ASKAC0810
Copy link

The CVE ID
CVE-2021-42384

Describe the data quality issue observed
When I searched this CVE ID from osv.dev, I got different result with NVD when echo system is GIT.
Result of osv.dev

The affected version shows as below image
image

Result of NVD

The affected version shows as below image
image

The "From" (1_18_0) and and "Up to" (1_33_1) version are both the same between osv.dev and NVD.

However, osv.dev does not link this CVE to all tag version .

For example, I use the busybox v1.30.1, the tag ID is 1_30_1 , and the GIT commit hash is as following
1dd2685dcc735496d7adde87ac60b9434ed4a04c

As you can see, CVE-2021-42384 can not be found on osv.dev and osv-scanner tool with this version.

image

Suggested changes to record
Link CVE to all tag version between from and Up .

Hope my description is clear :)
Thank you very much.
@ASKAC0810 ASKAC0810 added the data quality Issues with data quality label Apr 22, 2024
@ASKAC0810 ASKAC0810 changed the title CVE-2021-42384 Data quality issue with CVE-2021-42384 Apr 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewpollock andrewpollock

Labels
data quality Issues with data quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewpollock @ASKAC0810