Data quality issue with CVE-2021-42384
ASKAC0810 opened this issue · comments
The CVE ID
CVE-2021-42384
Describe the data quality issue observed
When I searched this CVE ID from osv.dev, I got different result with NVD when echo system is GIT.
Result of osv.dev
The affected version shows as below image
The affected version shows as below image
The "From" (1_18_0) and and "Up to" (1_33_1) version are both the same between osv.dev and NVD.
However, osv.dev does not link this CVE to all tag version .
For example, I use the busybox v1.30.1, the tag ID is 1_30_1 , and the GIT commit hash is as following
1dd2685dcc735496d7adde87ac60b9434ed4a04c
As you can see, CVE-2021-42384 can not be found on osv.dev and osv-scanner tool with this version.
Suggested changes to record
Link CVE to all tag version between from and Up .
Hope my description is clear :)
Thank you very much.