fix lower bound on CVE-2023-38898

Per python/cpython#105987 the vulnerable component was introduced in python/cpython@a474e04 which appears to correspond with release 3.12.0b1 Signed-off-by: Weston Steimel <[email protected]>
anchore · Oct 16, 2024 · 953e820 · 953e820
1 parent 86c6938
commit 953e820
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/data/anchore/2023/CVE-2023-38898.json b/data/anchore/2023/CVE-2023-38898.json
@@ -29,7 +29,7 @@
           {
             "lessThan": "3.12.0b4",
             "status": "affected",
-            "version": "0",
+            "version": "3.12.0b1",
             "versionType": "python"
           }
         ]
@@ -45,6 +45,9 @@
       },
       {
         "url": "https://github.com/python/cpython/pull/105989"
+      },
+      {
+        "url": "https://github.com/python/cpython/commit/a474e04388c2ef6aca75c26cb70a1b6200235feb"
       }
     ]
   }