On Tuesday, May 25, 2021 00:04 Bernd wrote:
> BTW: I was not Aware that JFrog has its own vulnerability feed, is that the
> Snyk Knowledge Base or do they have their own analysts?
They used to use Snyk, but since few years ago they say it is based on
VulnDB from Risk Based Security.
--
Tero
[1]
Hi,
We are getting reports from JFrog Xray vulnerability scanner that seem to be
related to recently fixed OSS-Fuzz issues:
* Summary: Apache Commons Compress archivers/zip/ZipFile.java
ZipFile::readCentralDirectoryEntry() Function Uncaught Exception DoS
Severity: High
* Summary: Apache Comm
