Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix issue with parsing details in PYSEC-2022-42969 #107

Merged
merged 1 commit into from
Nov 7, 2022

Conversation

twu
Copy link
Contributor

@twu twu commented Nov 7, 2022

Fixes #106

Proposed Changes

  • Remove offending link/colon from details for PYSEC-2022-42969.

Since it is using the official description from https://nvd.nist.gov/vuln/detail/CVE-2022-42969 and Github is linked as a reference already I removed the Taken from ... from details as it contains the offending colon.

@twu
Copy link
Contributor Author

twu commented Nov 7, 2022

@oliverchang It also looks like this is might be a contested advisory/CVE spam? See #104

@oliverchang
Copy link
Contributor

@oliverchang It also looks like this is might be a contested advisory/CVE spam? See #104

Unclear if this is definitely spam. My read of the upstream issue sounds like: this is a legitimate issue, but it's a ReDoS so the impact for most people is pretty low and unlikely to be fixed in what is now a maintenance mode project.

We don't really have a precedence for excluding ReDoS in general. Do you see these issues as significantly impacting the usefulness of vuln scanners?

@oliverchang
Copy link
Contributor

Merging for now, we can continue discussion here or in the issue you linked!

@oliverchang oliverchang merged commit 0ea4826 into pypa:main Nov 7, 2022
@twu
Copy link
Contributor Author

twu commented Nov 7, 2022

We don't really have a precedence for excluding ReDoS in general. Do you see these issues as significantly impacting the usefulness of vuln scanners?

IMHO, no.

Merging for now, we can continue discussion here or in the issue you linked!

Thank you :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

PYSEC-2022-42969.yaml has colon in the details, need to wrap with quotes
2 participants