CVE-2023-27536
Announced by the #curl project back in March 2023. We deem it severity Low. https://curl.se/docs/CVE-2023-27536.html
NVD, in their infinite wisdom, thinks this is a CRITICAL 9.8 flaw: https://nvd.nist.gov/vuln/detail/CVE-2023-27536
I wish I knew how to fix this annoying problem but talking or whining to NVD certainly does not seem to help.
Uncaught SyntaxError: Unexpected end of JSON input at 0:214
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Uncaught SyntaxError: Unexpected end of JSON input at 0:214 • • •daniel:// stenberg://
in reply to daniel:// stenberg:// • • •After my complaint the NVD has "downgraded" it to a 7.5 (high).
My response: you are scaremongering. It is not a high either.
Gregory P. Smith (he/him) :python: 🚲🦝 :donor:
in reply to daniel:// stenberg:// • • •100% agreed that the CVSS scoring system and "assume the worst" guidance makes for scores that do not accurately reflect importance. Especially for very broad-use things.
My take on this is that. like it or not, more open source projects of note need to become "CNA" (certificate numbering authorities) of their own which I understand can given them some control over the content of CVEs filed against their project. https://www.cve.org/ProgramOrganization/CNAs
#cve #cvss #cna #oss
cve-website
www.cve.orgJoel
in reply to daniel:// stenberg:// • • •