07070529 commented on PR #362: URL: https://github.com/apache/mina-sshd/pull/362#issuecomment-1663958270
@gnodet Hi, we see from the NVD that this issue is related to vulnerability CVE-2023-35887 (https://nvd.nist.gov/vuln/detail/CVE-2023-35887). ![image](https://github.com/apache/mina-sshd/assets/42636191/775f831e-d902-44cf-9bc5-70dbd84574ab) Then in the content of the reference link (https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2), we see: This issue affects Apache MINA: from 1.0 before 2.10. ![image](https://github.com/apache/mina-sshd/assets/42636191/6a56d2ea-6971-4f68-829d-53433ad48c94) Sorry, we're a little confused: 1. The affected software scope is different with the title (Affected versions: Apache MINA SSHD 1.0 before 2.10). 2. We looked for a lot of information, including the Apache MINA community, but we didn't see any discussion about whether this issue affected the Apache MINA. We'd greatly appreciate it if you could give us some advice on whether the CVE-2023-35887 vulnerability affects Apache MINA? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org