tbroyer,
@tbroyer@piaille.fr avatar

CVEs reported without version, and/or never updated to limit their CPEs to exclude versions where the vulnerability is fixed;

and now I get false positives every single time I update that dependency 😭

(in this case, specifically, Keycloak's CVE-2022-1438 and CVE-2023-0105, both still reported on version 22.0.4 by Dependency Track; the GitHub Advisories have the accurate information, but not the NVD 😡)

#DependencyTrack #cve #keycloak #security #vulnerability

  • All
  • Subscribed
  • Moderated
  • Favorites
  • security
  • DreamBathrooms
  • everett
  • InstantRegret
  • magazineikmin
  • thenastyranch
  • rosin
  • GTA5RPClips
  • Durango
  • Youngstown
  • slotface
  • khanakhh
  • kavyap
  • ngwrru68w68
  • tacticalgear
  • JUstTest
  • osvaldo12
  • tester
  • cubers
  • cisconetworking
  • mdbf
  • ethstaker
  • modclub
  • Leos
  • anitta
  • normalnudes
  • megavids
  • provamag3
  • lostlight
  • All magazines
    •