I did not fix that. As for how they’re made, I found the CPE database and searched for log4j to find the existing strings.
As for editing CVEs, that’s through this site: https://cveprocess.apache.org/ -- Matt Sicker > On Dec 13, 2021, at 16:04, Volkan Yazıcı <[email protected]> wrote: > > Matt, I see that it is fixed in > https://nvd.nist.gov/vuln/detail/CVE-2021-44228 > Did you do it? If so, > 1. How did you come up with CPEs? > 2. How did you edit the CVE? > > > On Mon, Dec 13, 2021 at 6:50 PM Matt Sicker <[email protected]> wrote: > >> Based on existing CPEs, I think it would look something like: >> >> cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* up to version 2.14.1 are affected. >> >> On Mon, Dec 13, 2021 at 3:31 AM Volkan Yazıcı <[email protected]> wrote: >>> >>> Mind somebody helping with LOG4J2-3213 >>> <https://issues.apache.org/jira/browse/LOG4J2-3213>, please? I have no >> idea >>> how this entire CVE process is managed and updated. I would appreciate it >>> if the one who performs the correction can also share how he/she did >> that. >>> So that next time first-timers like me can also help. >>
