fredsmith utils : CVE-2021-4277 fredsmith utils vulnerability

Question

CVE NIST Description:

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.

Has anyone come across this vulnerability which is NIST Link - NVD - CVE-2021-4277 (nist.gov)

score 2 · Answer 1 · answered Feb 15 '23 at 10:22

This is a false positive.

The 'project' that the CVE has been raised against is just somebody's dump of scripts that they've written for themselves & didn't deserve their own repo. (https://github.com/fredsmith/utils)

Not sure why it's been given a CPE/CVE by MITRE

Might be worth just suppressing this CVE (or CPE) entirely as I don't think that this project can be imported as an artifact

https://github.com/jeremylong/DependencyCheck/issues/5213

fredsmith utils : CVE-2021-4277 fredsmith utils vulnerability

1 Answers1

This is a false positive.