[ https://issues.apache.org/jira/browse/DIRMINA-1175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lécharny resolved DIRMINA-1175. ---------------------------------------- Resolution: Information Provided > Question about the Correctness of the Affected Scope of Vulnerability > CVE-2023-35887 on NVD > ------------------------------------------------------------------------------------------- > > Key: DIRMINA-1175 > URL: https://issues.apache.org/jira/browse/DIRMINA-1175 > Project: MINA > Issue Type: Wish > Reporter: Radar wen > Priority: Minor > > We see from NVD that vulnerability CVE-2023-35887 affects Apache MINA > ([https://nvd.nist.gov/vuln/detail/CVE-2023-35887)] > However, we looked for a lot of information, including the reference links, > the Apache MINA community, but we didn't see any discussion of whether it > affected Apache MINA, only that this issue affected Apache MINA SSHD. > https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2 > https://www.cve.org/CVERecord?id=CVE-2023-35887 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35887 > https://vuldb.com/?id.233305 > https://issues.apache.org/jira/browse/SSHD-1324 > Then we consulted the reporter of original source of the issue: > (https://github.com/apache/mina-sshd/pull/362), and the answer was: The issue > affects the Apache Mina SSHD project, not the Apache Mina library. > > > So, we would like to consult, is the NVD affected scope inaccurate? -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org