PYSEC-2022-42980: affected range is wrong #118
Comments
oliverchang
added a commit
that referenced
this issue
May 26, 2023
oliverchang
added a commit
that referenced
this issue
May 26, 2023
* Update PYSEC-2022-42980.yaml Fixes #118 * Update PYSEC-2022-42980.yaml
|
Thanks for reporting! Sorry for the late response -- I was out and only recently got back. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm opening an issue rather than a PR for two reasons: 1. I'm not super familiar with the tooling and am not primarily a Python dev so not sure if it would be enough for me to just edit the advisory via GitHub UI, and 2. it sounds like this database primarily pulls from nvd.nist.gov for which this advisory looks wrong - https://nvd.nist.gov/vuln/detail/CVE-2022-45199 says that it impacts all versions up to v9.3.0 whereas GHSA-q4mp-jvh2-76fj says it only impacts versions between 9.2.0 and 9.3.0 which matches python-pillow/Pillow#6700 which says:
The text was updated successfully, but these errors were encountered: