DokuWikiMay 1, 2024

Oh fantastic. Someone assigned a CVE to an invalid bug report. Of course it's rated "critical".

Now I have to file for a rejection again, while thousands of "vulnerability report sites" copy each others bad summary of the CVE text making it worse with every copy.

The whole CVE system and the "security research industry" at large is a steaming pile of 💩

#rant

Show threadAatchMay 1, 2024
@dokuwiki I'm not sure if that's better or worse than the CVE filed against curl for a bug that had already been patched.
Show threadAndreas

@aatch

How about a "critical" SQLi vulnerability in something that was deprecated in 2014? Reported by the same user... 🤦‍♂️

https://github.com/Hebing123/cve/issues/16#issuecomment-1893148729
https://github.com/advisories/GHSA-jqqj-j2ch-3qv8

@dokuwiki

SQL Injection Vulnerability in Atmail 6.6.0 · Issue #16 · Hebing123/cve

Summary On January 12, we discovered that atmail 6.6.0 and atmail 6.3.0 weretested for SQL injection vulnerabilities that could be larger than 6.6.0. The username parameter during admin login is at...

GitHub
May 1, 2024 at 10:08amWeb