Radar wen created DIRMINA-1175:
----------------------------------
Summary: Question about the Correctness of the Affected Scope of
Vulnerability CVE-2023-35887 on NVD
Key: DIRMINA-1175
URL: https://issues.apache.org/jira/browse/DIRMINA-1175
Project: MINA
Issue Type: Wish
Reporter: Radar wen
We see from NVD that vulnerability CVE-2023-35887 affects Apache MINA
([https://nvd.nist.gov/vuln/detail/CVE-2023-35887)]
However, we looked for a lot of information, including the reference links, the
Apache MINA community, but we didn't see any discussion of whether it affected
Apache MINA, only that this issue affected Apache MINA SSHD.
https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
https://www.cve.org/CVERecord?id=CVE-2023-35887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35887
https://vuldb.com/?id.233305
https://issues.apache.org/jira/browse/SSHD-1324
Then we consulted the reporter of original source of the issue:
(https://github.com/apache/mina-sshd/pull/362), and the answer was: The issue
affects the Apache Mina SSHD project, not the Apache Mina library.
So, we would like to consult, is the NVD affected scope inaccurate?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
