Lack of an assigned CVE is a really bad reason to discount anything, it's a bure... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		fulafel on March 31, 2022 \| parent \| context \| favorite \| on: Spring Core on JDK9 is vulnerable to remote code e... Lack of an assigned CVE is a really bad reason to discount anything, it's a bureucratic process with various tangential limitations, rules and delays.

krzyk on March 31, 2022 [–]

CVEs are frequently created for minor issues, like the recent Jackson bug that has very specific (and not frequent) case.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact