Daniel Stenberg says the scores are “security misinformation”.

  • @[email protected]
    link
    fedilink
    English
    -412 days ago

    “security misinformation”

    Or actually significant and consistent values that also happen to make you look bad today so they must suck and be ditched.

    Did I get that right? SOUNDS right…

    • @[email protected]
      link
      fedilink
      English
      7
      edit-2
      12 days ago

      Nah, the last few high scoring CVEs curl got were really niche buffer overflows or potential security issues.
      He’s been very vocal about this. Yeah it’s a bug, and usually an easy fix, but they scored like 8 or 9 on CVSS. Which is disproportionate compared to a lot of other 8s or 9s.
      I can understand the frustration there.