| ▲ | DeepYogurt 10 hours ago | |
To be fair the CVE system can't even encode a version string | ||
| ▲ | spockz 4 hours ago | parent [-] | |
Not sure whether this is a limitation of the scanning tooling or of the CVE format itself, it also cannot express sub packages. So if some Jackson-very-specific-module has a CVE the whole of Jackson gets marked as impacted. Same with netty. | ||