Hi @atripp ,
Thank you for your quick reply. We will try your suggested approach and migrate from OSS Index to ProGet's Vulnerability Database. We will also update our server installation.
There are other libraries with the same issue, so your statement regarding the reliability of OSS Index as a data source seems to be accurate.
Best regards
Hello
Is there a way to change the range of affected package versions in a vulnerability assessment? Background: for the nuget package bootstrap the vulnerability CVE-2024-6531 is assessed for a wide range of versions, namely 4.5.3, 5.2.3, 3.0.0, 3.3.7, 4.6.1, 3.3.0, 3.4.1, 5.3.3, 3.3.2, 5.3.2, 4.3.1 (see screenshot). But the versions 5.3.2 and 5.3.3 are not affected by this vulnerability. I would like to exclude these versions, but don't know how?
We use ProGet Basic in the Version 2023.18 (Build 15).
Thank you for any feedback.