mirror of
https://github.com/fleetdm/fleet
synced 2026-04-27 00:17:21 +00:00
f982fef35f
I fixed [this](https://github.com/fleetdm/fleet/pull/29692) incorrectly the first time (my trivy setup is broken on my workstation and I missed the CI check failure on the original PR).
26 lines
825 B
JSON
26 lines
825 B
JSON
{
|
|
"@context": "https://openvex.dev/ns/v0.2.0",
|
|
"@id": "https://openvex.dev/docs/public/vex-20dbacd4bcf9138d5605d33126398cab98f63e8ad61b283acdf8ed3013229437",
|
|
"author": "@lucasmrod",
|
|
"timestamp": "2025-06-02T07:33:44.249219-06:00",
|
|
"version": 1,
|
|
"statements": [
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2025-48734"
|
|
},
|
|
"timestamp": "2025-06-02T07:33:44.249223-06:00",
|
|
"products": [
|
|
{
|
|
"@id": "fleetctl"
|
|
},
|
|
{
|
|
"@id": "pkg:maven/commons-beanutils/commons-beanutils"
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"status_notes": "The fleetctl tool is used by IT admins to generate packages so the vulnerable code cannot be controlled by attackers",
|
|
"justification": "vulnerable_code_cannot_be_controlled_by_adversary"
|
|
}
|
|
]
|
|
}
|