-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GHSA-c5pj-mqfh-rvc3 Still in osv #2332
Comments
The JSON record for GHSA-c5pj-mqfh-rvc3 has it marked as "id": "GHSA-c5pj-mqfh-rvc3",
"modified": "2024-06-05T18:30:34Z",
"published": "2024-04-26T06:30:34Z",
"withdrawn": "2024-04-30T09:37:23Z", I believe it is intended that we export withdrawn vulnerabilities. Edit: Found the relevant FAQ entry: https://google.github.io/osv.dev/faq/#how-does-osvdev-handle-withdrawn-records |
✨ Thank you for your interest in OSV.dev's data quality! ✨ Please review our FAQ entry on how to most efficiently have this addressed. |
Based on: https://osv.dev/GHSA-c5pj-mqfh-rvc3 clearly marks the record as withdrawn I don't think there is anything actionable here. As @michaelkedar has pointed out, the behaviour of the |
GHSA-c5pj-mqfh-rvc3 "Runc allows an arbitrary systemd property to be injected" is a misunderstood vulnerability. Users do NOT need to update runc
opencontainers/runc#4263
but
https://storage.googleapis.com/osv-vulnerabilities/index.html?prefix=Go/
Still in osv
The text was updated successfully, but these errors were encountered: