Harry Sintonen on Nostr: Apparently #NVD has rated #curl #vulnerability #CVE_2024_11053 as #CVSS v3 Base Score ...
Apparently #NVD has rated #curl #vulnerability #CVE_2024_11053 as #CVSS v3 Base Score 9.1 "critical". This is wrong, and will lead to automation triggering unnecessary warnings and blocking use of perfectly fine systems until an update is installed (which can take months).
https://nvd.nist.gov/vuln/detail/CVE-2024-11053Edit: In case you wonder my credentials for judging this: I found this vulnerability.
Published at
2024-12-15 11:21:43Event JSON
{
"id": "645dee012b358cdfb7f91bea0b73bd77a3e3b619b37f03767d65a2761b37e975",
"pubkey": "029bf35c63e8b20564400c0ab35fe3f14bc6c64ff6e3ba1c115271bd053b7e8c",
"created_at": 1734261703,
"kind": 1,
"tags": [
[
"t",
"nvd"
],
[
"t",
"curl"
],
[
"t",
"vulnerability"
],
[
"t",
"cve_2024_11053"
],
[
"t",
"cvss"
],
[
"proxy",
"https://infosec.exchange/users/harrysintonen/statuses/113656575021581029",
"activitypub"
]
],
"content": "Apparently #NVD has rated #curl #vulnerability #CVE_2024_11053 as #CVSS v3 Base Score 9.1 \"critical\". This is wrong, and will lead to automation triggering unnecessary warnings and blocking use of perfectly fine systems until an update is installed (which can take months). https://nvd.nist.gov/vuln/detail/CVE-2024-11053\n\nEdit: In case you wonder my credentials for judging this: I found this vulnerability.",
"sig": "a3892069ffc7ae8bac3d790fae215c459d2e2c9f76ac79d9511eda486697ec8fb06916025b558154a1bbda3bf36bbc59448697345a149fc975e912a769927e41"
}
