[GHSA-x9r9-48rm-4xm6] FitNesse allows execution of arbitrary OS commands

[tcnh]

Updates

• Affected products
• CVSS v3
• Description

Comments
FitNesse is an acceptance test automation framework, designed to execute fixture code on a host or network system. This CVE does not describe a vulnerability, but FitNesse's core functionality.

[shelbyc]

Hi @tcnh, thank you for letting us know about the information in the CVE describing core functionality of FitNesse.

As a next step forward, I recommend contacting the CVE Numbering Authority (CNA) that issued CVE-2024-28125 to dispute the CVE. That CNA is JPCERT/CC. You can email them or use the contact page at https://www.jpcert.or.jp/vh/index.html to let them know that you want to dispute the CVE.

When you contact JPCERT/CC, link them to this thread so that they know there is a publicly available link where someone has disputed the validity of the CVE.

[tcnh]

Thanks. Contacted JPCert on this topic by email.

[github-actions]

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.