triage.json

{
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
   "version": 1,
   "vulnerabilities": [
      {
         "id": "CVE-2022-33124",
         "source": {
            "name": "NVD",
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33124"
         },
         "ratings": [
            {
               "source": {
                  "name": "NVD",
                  "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-33124&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H&version=3.1"
               },
               "score": "5.5",
               "severity": "MEDIUM",
               "method": "CVSSv3",
               "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
            }
         ],
         "cwes": [],
         "description": "** DISPUTED ** AIOHTTP 3.8.1 can report a \"ValueError: Invalid IPv6 URL\" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application.",
         "recommendation": "",
         "advisories": [],
         "created": "NOT_KNOWN",
         "published": "NOT_KNOWN",
         "updated": "NOT_KNOWN",
         "analysis": {
            "state": "not_affected",
            "response": [ ],
            "justification": "",
            "detail": "See https://github.com/intel/cve-bin-tool/issues/1741"
         },
         "affects": [
            {
               "ref": "urn:cbt:1/aiohttp_project#aiohttp-3.8.1"
            }
         ]
      }
   ]
}