Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-5105

Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327

    XMLWordPrintableJSON

Details

    • Temp
    • Status: Closed
    • Trivial
    • Resolution: Not A Problem
    • None
    • None
    • None
    • None

    Description

      Hi, this report is about a trivial question from me, and hope the struts community could help me or provide any hints.

      I'm a security researcher and I'm very interested in the fix of CVE-2005-3745 and CVE-2018-1327

      According to the Apache security vulnerability handling #16 , in svn era, the log of fixing commit will be amended with CVE id, however, I cannot find that log for CVE-2005-3745.

      In git era, I cannot find a way to trace the fixing commit. I was wondering that after a vulnerability is fixed, will the corresponding commit be amended with CVE information somewhere else?  

      Any hints will be super helpful.

      Thank you!

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            waganigong waganigong
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: