Merge pull request #149 from stormqueen1990/wavefront-proxy/advisories

pdeslaur · web-flow · commit 5494eebfe01a · 2023-08-11T20:21:48.000Z
wavefront-proxy: CVE-2023-35116 and CVE-2023-34462
diff --git a/wavefront-proxy.advisories.yaml b/wavefront-proxy.advisories.yaml
@@ -0,0 +1,16 @@
+package:
+  name: wavefront-proxy
+
+advisories:
+  CVE-2023-34462:
+    - timestamp: 2023-08-11T14:20:24.152317-04:00
+      status: under_investigation
+    - timestamp: 2023-08-11T15:56:03.368506-04:00
+      status: fixed
+      fixed-version: 13.1-r1
+
+  CVE-2023-35116:
+    - timestamp: 2023-08-11T14:19:16.019833-04:00
+      status: not_affected
+      justification: vulnerable_code_not_present
+      impact: CVE is being considered by the community a false positive. See https://github.com/FasterXML/jackson-databind/issues/3972 and https://github.com/anchore/grype/issues/1386
