CVE-2024-24992 has a non-compliant URL

Question

CVE-2024-24992 has a non-compliant URL

Opened this issue 8 months ago · 1 comments

Just FYI, CVE-2024-24992 has an URL that starts with ZDI-CAN-22854https://.

Raising this because my understanding is that you were already validating things against the JSONschema so maybe something is off?

Answer 1 · 2024-05-05T13:58:03.000Z

Thanks, Stefano. Our validation does not reject repo pushes when it fails, as everything else than a mere mirror of the original API responses would introduce inconsistencies. The validator caught the error, that's good.

But I don't understand how these data pollution issues can happen on the NVD site of things. 🤔 It is really interesting that this (probably copy-paste) error passed both HackerOne and NVD checks. I sent a message to H1, lets see what happens - gotta keep the data clean 😎