advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-x9r9-48rm-4xm6] FitNesse allows execution of arbitrary OS commands

Open tcnh opened this issue 1 year ago • 3 comments

Updates

  • Affected products
  • CVSS v3
  • Description

Comments FitNesse is an acceptance test automation framework, designed to execute fixture code on a host or network system. This CVE does not describe a vulnerability, but FitNesse's core functionality.

tcnh avatar Sep 17 '24 11:09 tcnh

Hi @tcnh, thank you for letting us know about the information in the CVE describing core functionality of FitNesse.

As a next step forward, I recommend contacting the CVE Numbering Authority (CNA) that issued CVE-2024-28125 to dispute the CVE. That CNA is JPCERT/CC. You can email them or use the contact page at https://www.jpcert.or.jp/vh/index.html to let them know that you want to dispute the CVE.

When you contact JPCERT/CC, link them to this thread so that they know there is a publicly available link where someone has disputed the validity of the CVE.

shelbyc avatar Sep 17 '24 13:09 shelbyc

Thanks. Contacted JPCert on this topic by email.

tcnh avatar Sep 17 '24 13:09 tcnh

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

github-actions[bot] avatar Oct 12 '24 00:10 github-actions[bot]