From 3c83eb218dcea5475f10e3b7ad28aef314ff4b52 Mon Sep 17 00:00:00 2001
From: Philippe Deslauriers <philde@chainguard.dev>
Date: Thu, 11 Jan 2024 16:08:09 -0800
Subject: [PATCH] cassandra: Advisory for CVE-2023-50570

Signed-off-by: Philippe Deslauriers <philde@chainguard.dev>
---
 cassandra.advisories.yaml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/cassandra.advisories.yaml b/cassandra.advisories.yaml
index 1ae5581518..344d724d4e 100644
--- a/cassandra.advisories.yaml
+++ b/cassandra.advisories.yaml
@@ -1,4 +1,4 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: cassandra
@@ -63,6 +63,16 @@ advisories:
         data:
           fixed-version: 4.1.3-r4
 
+  - id: CVE-2023-50570
+    aliases:
+      - GHSA-qphf-w3cq-jpmx
+    events:
+      - timestamp: 2024-01-12T00:03:16Z
+        type: false-positive-determination
+        data:
+          type: vulnerability-record-analysis-contested
+          note: "This vulnerability is contested by the maintainer (https://github.com/seancfoley/IPAddress/issues/118). The reported infinite loop is nearly impossible to reproduce and Chainguard agrees with the maintainer's assessment. The GitHub security team also agrees the CVE should not have been assigned: https://github.com/github/advisory-database/pull/3279"
+
   - id: CVE-2023-6378
     aliases:
       - GHSA-vmq6-5m68-f53m