anything-llm/docker/vex/CVE-2024-37890.vex.json

{
  "@context": "https://openvex.dev/ns/v0.2.0",
  "@id": "https://openvex.dev/docs/public/vex-939548c125c5bfebd3fd91e64c1c53bffacbde06b3611b4474ea90fa58045004",
  "author": "tim@mintplexlabs.com",
  "timestamp": "2024-07-19T16:08:47.147169-07:00",
  "version": 1,
  "statements": [
    {
      "vulnerability": {
        "name": "CVE-2024-37890"
      },
      "timestamp": "2024-07-19T16:08:47.147172-07:00",
      "products": [
        {
          "@id": "pkg:docker/mintplexlabs/anythingllm@render",
          "subcomponents": [
            {
              "@id": "pkg:npm/ws@8.14.2"
            }
          ]
        },
        {
          "@id": "pkg:docker/mintplexlabs/anythingllm@railway",
          "subcomponents": [
            {
              "@id": "pkg:npm/ws@8.14.2"
            }
          ]
        },
        {
          "@id": "pkg:docker/mintplexlabs/anythingllm@latest",
          "subcomponents": [
            {
              "@id": "pkg:npm/ws@8.14.2"
            }
          ]
        },
        {
          "@id": "pkg:docker/mintplexlabs/anythingllm@master",
          "subcomponents": [
            {
              "@id": "pkg:npm/ws@8.14.2"
            }
          ]
        }
      ],
      "status": "not_affected",
      "justification": "vulnerable_code_cannot_be_controlled_by_adversary"
    }
  ]
}