The Vulnerability History Project

Dependency Issue

The fix for this vulnerability involved changing a dependency definition file. Systems often have a large list of dependencies, and will sometimes report their dependencies' vulnerabilities as their own. Sometimes the mistake is a combination of the proeject and its dependency, sometimes the fix for the vulnerability is to simply update the version. Either way, the software **supply chain** is a key part of these vulnerabilities.


    There are no articles here... yet