Comments (4)
I'm not sure to understand what is not covered in the referenced PR. Sorry I'm not familiar with Magento, so I would need a dump of something you would want to achieve and that is not yet possible.
from security-advisories.
Thats not really magento specific, just a special case.
Timeline:
- first source makes security flaw public, describes the version range with "prior to version 1.3.10" which I think would mean the same as "<1.3.10"
- another source reviews this for an own analyses later, and comes to the conclusion, the affected versions are only ">=1.3.8,<1.3.10"
So they conflict in what they say, and I dont know what the best way to handle this would be.
from security-advisories.
I would say in that case somebody has to try to reproduce the sec. flaw for the affected versions. If not possible I would recommend to take the wider range to be sure.
from security-advisories.
Follow what the vendor says? If in doubt just ask the vendor or look at what they've announced?
Unless magneto are saying two things? But that repository you linked to even says this in their readme.md:
Magento related Security Advisories Database
The Magento related Security Advisories Database references known security vulnerabilities in various Magento Versions and 3rd Party Modules. This database must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.This project is completely community driven.
from security-advisories.
Related Issues (20)
- TYPO3 extension advisories HOT 4
- Using exact version constraint without boundaries are faling the validation HOT 5
- Advisories didn't pushed
- simplesamlphp v1.17.8 reported as insecure HOT 2
- alterphp/easyadmin-extension-bundle/2018-10-02.yaml HOT 2
- Would it be possible to add TYPO3 Extensions as well? HOT 8
- Consider adding a vulnerability id for non CVEs HOT 2
- Mr
- Add level of severity for PHP Security Advisories HOT 3
- Flag unsupported versions HOT 1
- propel: 2.0.0-alpha11 HOT 11
- Laravel 5.8 marked as insecure when it's not in fact vulnerable to CVE-2021-3129 HOT 4
- Work with Github to fix their Advisory Database importer? HOT 3
- facade/ignition seems to be fixed in 2.4.2 HOT 3
- [Discussion] Adopt OSV unified vulnerability schema for open source HOT 1
- Typosquatting Malware symfont/process HOT 3
- Import advisories from the Github security vulnerability database automatically HOT 10
- PHP Deprecated: Return type of Composer\Repository\ArrayRepository::count() should either be compatible with Countable::count() HOT 2
- Support for Composer 1 is deprecated and some packages will not be available. HOT 5
- Missing api-platform CVE HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-advisories.