Format standardization for Product and Impacted release fields #205
Comments
|
Hello, for my publications, if you see "ALL VERSIONS", you must considered that all versions has the problem. Be warned that all modules owners do not respect SEMVER. Product: creativepopup Product: stripejs (*) incorrect module name value => We had to put an explanation on the module name since this module is completely disconnected from the official one : stripeofficial - your regex should ignore all non alphanumeric characters. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some reports data could be standardize for better organization. Here the complete list of issues found related to modules, for example Product names in capital letters or not allowed chars, Impacted release field with multiple structures. My comments for each case in italics:
Product: creativepopup
Impacted release: <= 1.6.9 (1.6.10 fixed the vulnerability) double spaces
Product: sitologapplicationconnect
Impacted release: <= 7.8.a (ALL VERSIONS) incorrect version value
Product: opartmultihtmlblock and multihtmlblock* sub-modules incorrect module name values, could be better comma separated or individual reports for each one (like in the case of jms modules)?
Impacted release: For opartmultihtmlblock <= 2.0.11 (Fixed in 2.0.12), for multihtmlblock* : = 1.0.0 incorrect version value
Product: simpleimportproduct
Impacted release: incorrect version value
Product: SimpleImportProduct / UpdateProducts incorrect module name value
Impacted release: < 6.4.0 / < v3.8.1 incorrect version range value
Product: ajaxmanager
Impacted release: All versions (No fix provided. Still vulnerable in the latest version 2.3.0) incorrect version range value
Product: payplug
Impacted release: 3.6.0,3.6.1,3.6.2,3.6.3,3.7.0,3.7.1 (fixed in 3.8.2) incorrect version range value
Product: envoimoinscher
Impacted release: > 3.1.10,<= 3.3.8 (latest version, not fixed, deprecated module to remove or to replac incorrect version range value
Product: leocustomajax
Impacted release: = 1.0 (May also be identified as 1.0.0) incorrect version number value
Product: cityautocomplete
Impacted release: PS 1.5/1.6 : < 1.8.12 (fixed in version 1.8.12), PS 1.7 : < 2.0.3 (fixed in vers incorrect version range value
Product: King-Avis incorrect module name value
Impacted release: < 17.3.15
Product: scfixmyprestashop
Impacted release: ALL VERSIONS incorrect version value
Product: shoppingfeed
Impacted release: from 1.4.0 to 1.8.2 (1.8.3 fix the issue). incorrect version range value
Product: eo_tags
Impacted release: >= 1.2.0, < 1.4.19 (1.4.19 fixed the vulnerability) incorrect version range value
Product: jmsblog
Impacted release: at least 2.5.5 and 2.5.6 incorrect version range value
Product: jmsmegamenu
Impacted release: at least 1.1.x and 2.0.x incorrect version range value
Product: jmspagebuilder
Impacted release: at least 3.x incorrect version range value
Product: jmsslider
Impacted release: at least 1.6.0 incorrect version range value
Product: jmsthemelayout
Impacted release: at least 2.5.5 incorrect version range value
Product: jmsvermegamenu
Impacted release: at least 1.1.x and 2.0.x incorrect version range value
Product: stripejs (*) incorrect module name value
Impacted release: < 4.5.5 (4.5.5 fixed the vulnerability)
Product: totadministrativemandate
Impacted release: >= 1.2.1, < 1.7.2 incorrect version range value
Product: correosoficial
Impacted release: >= 1.1.0, < 1.2.0 incorrect version range value
Product: lgcookieslaw
Impacted release: >= 1.5.0, < 2.1.3 (2.1.3 fixed the vulnerability) incorrect version range value
Product: NdkAdvancedCustomizationFields incorrect module name value
Impacted release: <= 3.5.0
Product: SmartBlog incorrect module name value
Impacted release: < 4.0.6
The text was updated successfully, but these errors were encountered: