Merge pull request #5186 from github/binary-1024-GHSA-4h8f-2wvx-gg5w

github · Jan 17, 2025 · c9ccd6d · c9ccd6d
2 parents ddfe353 + cbb6495
commit c9ccd6d
Showing 1 changed file with 7 additions and 22 deletions.
diff --git a/advisories/github-reviewed/2024/05/GHSA-4h8f-2wvx-gg5w/GHSA-4h8f-2wvx-gg5w.json b/advisories/github-reviewed/2024/05/GHSA-4h8f-2wvx-gg5w/GHSA-4h8f-2wvx-gg5w.json
@@ -1,14 +1,16 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4h8f-2wvx-gg5w",
-  "modified": "2024-06-14T15:31:24Z",
+  "modified": "2024-06-14T15:32:27Z",
   "published": "2024-05-03T18:30:37Z",
   "aliases": [
     "CVE-2024-34447"
   ],
   "summary": "Bouncy Castle Java Cryptography API vulnerable to DNS poisoning",
   "details": "An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.",
-  "severity": [],
+  "severity": [
+
+  ],
   "affected": [
     {
       "package": {
@@ -67,25 +69,6 @@
         }
       ]
     },
-    {
-      "package": {
-        "ecosystem": "Maven",
-        "name": "org.bouncycastle:bcprov-jdk13"
-      },
-      "ranges": [
-        {
-          "type": "ECOSYSTEM",
-          "events": [
-            {
-              "introduced": "1.61"
-            },
-            {
-              "fixed": "1.78"
-            }
-          ]
-        }
-      ]
-    },
     {
       "package": {
         "ecosystem": "Maven",
@@ -133,7 +116,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+
+    ],
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2024-05-03T20:34:32Z",