Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/wdormann/statuses/111767097623511047">Will Dormann (wdormann@infosec.exchange)'s status on Wednesday, 17-Jan-2024 03:57:09 JST</a><a href="https://infosec.exchange/@wdormann" title="wdormann@infosec.exchange"><img src="https://gnusocial.jp/avatar/232810-48-20240116185707.webp" width="48" height="48" alt="Will Dormann" style="position: absolute; left: 0; top: 0;">Will Dormann</a></section><article><p>CVE wonders:<br>Apache created CVE-2023-49070 to capture: "Our OFBiz product has Apache XML-RPC, which is vulnerable to CVE-2019-17570".<br>This seems... wrong?<br>If every vendor created a new CVE to capture "Hey, we use library &lt;foo&gt; that already has a CVE", how can this possibly scale?</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2596821#notice-5143206">In conversation</a><time datetime="2024-01-17T03:57:09+09:00" title="Wednesday, 17-Jan-2024 03:57:09 JST">Wednesday, 17-Jan-2024 03:57:09 JST</time> <span>from <span><a href="https://infosec.exchange/@wdormann/111767097623511047" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@wdormann/111767097623511047">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Will Dormann (wdormann@infosec.exchange)'s status on Wednesday, 17-Jan-2024 03:57:09 JST Will Dormann
CVE wonders:
Apache created CVE-2023-49070 to capture: "Our OFBiz product has Apache XML-RPC, which is vulnerable to CVE-2019-17570".
This seems... wrong?
If every vendor created a new CVE to capture "Hey, we use library <foo> that already has a CVE", how can this possibly scale?
In conversationWednesday, 17-Jan-2024 03:57:09 JST from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice