CVE-2024-31033 (v0.12.5)
SMadani opened this issue · 2 comments
SMadani commented
Just came across this on my build, which seems to not have been reported on this repo. This is the vulnerability: https://www.mend.io/vulnerability-database/CVE-2024-31033.
bdemers commented
It's not a vuln, it's currently being disputed and should be rejected soon: https://nvd.nist.gov/vuln/detail/CVE-2024-31033
There are more details on this here: #930 (comment)
Until then you will need to ignore/exclude this as a false positive.
SMadani commented
My apologies. After reading the discussion, it seems crazy to me that anyone can file a CVE against a project without a) discussion with the maintainers and b) actual validation / evidence of the supposed vulnerability being exploited. Hope it is rejected soon.