[
https://issues.apache.org/jira/browse/DIRMINA-1175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lécharny resolved DIRMINA-1175.
----------------------------------------
Resolution: Information Provided
> Question about the Correctness of the Affected Scope of Vulnerability
> CVE-2023-35887 on NVD
> -------------------------------------------------------------------------------------------
>
> Key: DIRMINA-1175
> URL: https://issues.apache.org/jira/browse/DIRMINA-1175
> Project: MINA
> Issue Type: Wish
> Reporter: Radar wen
> Priority: Minor
>
> We see from NVD that vulnerability CVE-2023-35887 affects Apache MINA
> ([https://nvd.nist.gov/vuln/detail/CVE-2023-35887)]
> However, we looked for a lot of information, including the reference links,
> the Apache MINA community, but we didn't see any discussion of whether it
> affected Apache MINA, only that this issue affected Apache MINA SSHD.
> https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
> https://www.cve.org/CVERecord?id=CVE-2023-35887
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35887
> https://vuldb.com/?id.233305
> https://issues.apache.org/jira/browse/SSHD-1324
> Then we consulted the reporter of original source of the issue:
> (https://github.com/apache/mina-sshd/pull/362), and the answer was: The issue
> affects the Apache Mina SSHD project, not the Apache Mina library.
>
>
> So, we would like to consult, is the NVD affected scope inaccurate?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
