Radar wen created DIRMINA-1175: ---------------------------------- Summary: Question about the Correctness of the Affected Scope of Vulnerability CVE-2023-35887 on NVD Key: DIRMINA-1175 URL: https://issues.apache.org/jira/browse/DIRMINA-1175 Project: MINA Issue Type: Wish Reporter: Radar wen
We see from NVD that vulnerability CVE-2023-35887 affects Apache MINA ([https://nvd.nist.gov/vuln/detail/CVE-2023-35887)] However, we looked for a lot of information, including the reference links, the Apache MINA community, but we didn't see any discussion of whether it affected Apache MINA, only that this issue affected Apache MINA SSHD. https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2 https://www.cve.org/CVERecord?id=CVE-2023-35887 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35887 https://vuldb.com/?id.233305 https://issues.apache.org/jira/browse/SSHD-1324 Then we consulted the reporter of original source of the issue: (https://github.com/apache/mina-sshd/pull/362), and the answer was: The issue affects the Apache Mina SSHD project, not the Apache Mina library. So, we would like to consult, is the NVD affected scope inaccurate? -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org