Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's a CVSS issue. Heartbleed only affected Confidentiality, and CVSS rates scores on a triad of Confidentiality, Integrity, and Availability. RCE affects all three.


Heartbleed was a much more significant issue than this ingress-nginx thing.


I agree with you, which is why I'm redirecting the blame to the CVSS standard, which does not agree with you.


That's exactly what I'm complaining about, yes. Nothing burgers get 9.8, while earth shattering vulnerabilities get 7.5 using the scoring system that the security community uses to describe "severity".




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: