add disputed indicator for disputed records

Signed-off-by: Weston Steimel <[email protected]>
anchore · Nov 12, 2024 · 196db5a · 196db5a
1 parent 11079ea
commit 196db5a
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/data/anchore/2007/CVE-2007-2728.json b/data/anchore/2007/CVE-2007-2728.json
@@ -3,6 +3,7 @@
     "cna": "mitre",
     "cveId": "CVE-2007-2728",
     "description": "The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.",
+    "disputed": true,
     "reason": "Added affected version ranges",
     "references": [
       "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html",

diff --git a/data/anchore/2023/CVE-2023-38898.json b/data/anchore/2023/CVE-2023-38898.json
@@ -3,6 +3,7 @@
     "cna": "mitre",
     "cveId": "CVE-2023-38898",
     "description": "An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.",
+    "disputed": true,
     "reason": "Improve version ranges to indicate fix",
     "references": [
       "https://github.com/python/cpython/issues/105987"