To be fair the CVE system can't even encode a version string | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		DeepYogurt 2 days ago \| parent \| context \| favorite \| on: Linux CVEs, more than you ever wanted to know To be fair the CVE system can't even encode a version string

spockz 2 days ago [–]

Not sure whether this is a limitation of the scanning tooling or of the CVE format itself, it also cannot express sub packages. So if some Jackson-very-specific-module has a CVE the whole of Jackson gets marked as impacted. Same with netty.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact