chore: adjust CVE-2008-1145 for Ruby Webrick to FP (#86)

https://nvd.nist.gov/vuln/detail/CVE-2008-1145 currently uses ruby versions in the webrick CPE, leading to incorrect matches. It should really look more like https://nvd.nist.gov/vuln/detail/CVE-2009-4492 and I have submitted an update request to NVD for it. Signed-off-by: Weston Steimel <[email protected]>
anchore · Aug 3, 2023 · 9b02ce0 · 9b02ce0
1 parent 7b961ac
commit 9b02ce0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/...c9997e50477c8d24b371387a95857e1ea8fc779e17a716c/26eda503-0920-4cdc-951c-3fa0a7c1a92f.json b/...c9997e50477c8d24b371387a95857e1ea8fc779e17a716c/26eda503-0920-4cdc-951c-3fa0a7c1a92f.json
@@ -1 +1 @@
-{"ID": "26eda503-0920-4cdc-951c-3fa0a7c1a92f", "effective_cve": "CVE-2008-1145", "image": {"exact": "docker.io/gitlab/gitlab-ce@sha256:04d4219d5dfb3acccc9997e50477c8d24b371387a95857e1ea8fc779e17a716c"}, "label": "TP", "package": {"name": "webrick", "version": "1.6.1"}, "timestamp": "2022-12-09T21:03:25+00:00", "tool": "[email protected]", "user": "westonsteimel", "vulnerability_id": "CVE-2008-1145"}
+{"ID": "26eda503-0920-4cdc-951c-3fa0a7c1a92f", "effective_cve": "CVE-2008-1145", "image": {"exact": "docker.io/gitlab/gitlab-ce@sha256:04d4219d5dfb3acccc9997e50477c8d24b371387a95857e1ea8fc779e17a716c"}, "label": "FP", "note": "Only affects webrick 1.3.1 as bundled in very old ruby releases.  The NVD entry erroneously added the ruby versions in the webrick CPE.  Correction submitted, so hopefully they'll update it", "package": {"name": "webrick", "version": "1.6.1"}, "timestamp": "2022-12-09T21:03:25+00:00", "tool": "[email protected]", "user": "westonsteimel", "vulnerability_id": "CVE-2008-1145"}