{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T08:34:56Z","timestamp":1768898096895,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":73,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,27]],"date-time":"2024-10-27T00:00:00Z","timestamp":1729987200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Natural Science Foundation of China","award":["62332005"],"award-info":[{"award-number":["62332005"]}]},{"name":"National Natural Science Foundation of China","award":["62372114"],"award-info":[{"award-number":["62372114"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,10,27]]},"DOI":"10.1145\/3691620.3695516","type":"proceedings-article","created":{"date-parts":[[2024,10,18]],"date-time":"2024-10-18T15:39:19Z","timestamp":1729265959000},"page":"1447-1459","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-2169-7032","authenticated-orcid":false,"given":"Susheng","family":"Wu","sequence":"first","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-8404-4794","authenticated-orcid":false,"given":"Ruisi","family":"Wang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-1513-8254","authenticated-orcid":false,"given":"Kaifeng","family":"Huang","sequence":"additional","affiliation":[{"name":"Tongji University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6101-8270","authenticated-orcid":false,"given":"Yiheng","family":"Cao","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-9507-5066","authenticated-orcid":false,"given":"Wenyan","family":"Song","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-7819-9656","authenticated-orcid":false,"given":"Zhuotong","family":"Zhou","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-4722-3658","authenticated-orcid":false,"given":"Yiheng","family":"Huang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7238-7492","authenticated-orcid":false,"given":"Bihuan","family":"Chen","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3376-2581","authenticated-orcid":false,"given":"Xin","family":"Peng","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2024,10,27]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3125270"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510113"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3292500.3330742"},{"key":"e_1_3_2_1_4_1","volume-title":"Identifying Vulnerable Third-Party Libraries from Textual Descriptions of Vulnerabilities and Libraries. arXiv preprint arXiv:2307.08206","author":"Chen Tianyu","year":"2023","unstructured":"Tianyu Chen, Lin Li, Bingjie Shan, Guangtai Liang, Ding Li, Qianxiang Wang, and Tao Xie. 2023. Identifying Vulnerable Third-Party Libraries from Textual Descriptions of Vulnerabilities and Libraries. arXiv preprint arXiv:2307.08206 (2023)."},{"key":"e_1_3_2_1_5_1","volume-title":"VulLibGen: Identifying Vulnerable Third-Party Libraries via Generative Pre-Trained Model. arXiv preprint arXiv:2308.04662","author":"Chen Tianyu","year":"2023","unstructured":"Tianyu Chen, Lin Li, Liuchuan Zhu, Zongyang Li, Guangtai Liang, Ding Li, Qianxiang Wang, and Tao Xie. 2023. VulLibGen: Identifying Vulnerable Third-Party Libraries via Generative Pre-Trained Model. arXiv preprint arXiv:2308.04662 (2023)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377813.3381360"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2011.26"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00022"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER53432.2022.00050"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3047756"},{"key":"e_1_3_2_1_11_1","volume-title":"Retrieved","author":"CWE.","year":"2024","unstructured":"CWE. 2024. CWE VIEW: Research Concepts. Retrieved May 25, 2024 from https:\/\/cwe.mitre.org\/data\/definitions\/1000.html"},{"key":"e_1_3_2_1_12_1","volume-title":"Retrieved","author":"CWE.","year":"2024","unstructured":"CWE. 2024. CWE VIEW: Software Development. Retrieved May 25, 2024 from https:\/\/cwe.mitre.org\/data\/definitions\/699.html"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484594"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/3361338.3361399"},{"key":"e_1_3_2_1_15_1","volume-title":"28th USENIX security symposium (USENIX Security 19). 869--885.","author":"Dong Ying","unstructured":"Ying Dong, Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, and Gang Wang. 2019. Towards the detection of inconsistencies in public security vulnerability reports. In 28th USENIX security symposium (USENIX Security 19). 869--885."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.90"},{"key":"e_1_3_2_1_17_1","volume-title":"VFCFinder: Seamlessly pairing security advisories and patches. arXiv preprint arXiv:2311.01532","author":"Dunlap Trevor","year":"2023","unstructured":"Trevor Dunlap, Elizabeth Lin, William Enck, and Bradley Reaves. 2023. VFCFinder: Seamlessly pairing security advisories and patches. arXiv preprint arXiv:2311.01532 (2023)."},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the Thirteenth Scandinavian Conference on Artificial Intelligence. 48--57","author":"Edkrantz Michel","year":"2015","unstructured":"Michel Edkrantz and Alan Said. 2015. Predicting Cyber Vulnerability Exploits with Machine Learning. In Proceedings of the Thirteenth Scandinavian Conference on Artificial Intelligence. 48--57."},{"key":"e_1_3_2_1_19_1","volume-title":"Retrieved","year":"2024","unstructured":"GitHub. 2024. GitHub Advisory Database. Retrieved May 25, 2024 from https:\/\/github.com\/github\/advisory-database"},{"key":"e_1_3_2_1_20_1","volume-title":"Retrieved","year":"2024","unstructured":"GitHub. 2024. GitHub Repository for lukashinsch\/spring-boot-actuator-logview. Retrieved May 25, 2024 from https:\/\/github.com\/lukashinsch\/spring-boot-actuator-logview\/tags"},{"key":"e_1_3_2_1_21_1","volume-title":"Retrieved","year":"2024","unstructured":"GitHub. 2024. GitHub Repository for spring-projects\/spring-integration-extensions. Retrieved May 25, 2024 from https:\/\/github.com\/spring-projects\/spring-integration-extensions\/tags"},{"key":"e_1_3_2_1_22_1","volume-title":"Retrieved","year":"2024","unstructured":"GitLab. 2024. GitLab Advisory Database. Retrieved May 25, 2024 from https:\/\/gitlab.com\/gitlab-org\/security-products\/gemnasium-db"},{"key":"e_1_3_2_1_23_1","volume-title":"Unixcoder: Unified cross-modal pre-training for code representation. arXiv preprint arXiv:2203.03850","author":"Guo Daya","year":"2022","unstructured":"Daya Guo, Shuai Lu, Nan Duan, Yanlin Wang, Ming Zhou, and Jian Yin. 2022. Unixcoder: Unified cross-modal pre-training for code representation. arXiv preprint arXiv:2203.03850 (2022)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3498537"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC51774.2021.00138"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3524610.3527893"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3264567"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10131-8"},{"key":"e_1_3_2_1_29_1","volume-title":"Retrieved","year":"2024","unstructured":"java decompiler. 2024. jd-gui. Retrieved May 20, 2024 from https:\/\/github.com\/java-decompiler\/jd-gui"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3003570"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.62"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510142"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00094"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-34671-2_36"},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the 27th USENIX Security Symposium. 919--936","author":"Mu Dongliang","year":"2018","unstructured":"Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, and Gang Wang. 2018. Understanding the reproducibility of crowd-reported security vulnerabilities. In Proceedings of the 27th USENIX Security Symposium. 919--936."},{"key":"e_1_3_2_1_36_1","volume-title":"Retrieved","year":"2024","unstructured":"mvnrepository. 2024. Maven Artifact for eu.hinsch\/spring-boot-actuator-logview. Retrieved May 25, 2024 from https:\/\/mvnrepository.com\/artifact\/eu.hinsch\/spring-boot-actuator-logview"},{"key":"e_1_3_2_1_37_1","volume-title":"Retrieved","year":"2024","unstructured":"mvnrepository. 2024. Maven Artifact for org.springframework.integration\/spring-integration-zip. Retrieved May 25, 2024 from https:\/\/mvnrepository.com\/artifact\/org.springframework.integration\/spring-integration-zip"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-015-9408-2"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484377"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER53432.2022.00018"},{"key":"e_1_3_2_1_41_1","volume-title":"Retrieved","author":"NVD.","year":"2023","unstructured":"NVD. 2023. NVD. Retrieved July 14, 2023 from https:\/\/nvd.nist.gov\/vuln\/data-feeds"},{"key":"e_1_3_2_1_42_1","first-page":"2021","volume-title":"Retrieved","author":"NVD.","year":"2024","unstructured":"NVD. 2024. CVE-2021-43795. Retrieved May 25, 2024 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-43795"},{"key":"e_1_3_2_1_43_1","volume-title":"Retrieved","author":"NVD.","year":"2024","unstructured":"NVD. 2024. CVE-2021-43795. Retrieved May 25, 2024 from https:\/\/github.com\/line\/armeria\/pull\/3855\/files\/a380cf982f665459b79909555b5d4b024d7daf1a"},{"key":"e_1_3_2_1_44_1","volume-title":"Retrieved","author":"NVD.","year":"2024","unstructured":"NVD. 2024. CVE-2021-43795. Retrieved May 25, 2024 from https:\/\/github.com\/line\/armeria\/commit\/e2697a575e9df6692b423e02d731f293c1313284"},{"key":"e_1_3_2_1_45_1","first-page":"2022","volume-title":"Retrieved","author":"NVD.","year":"2024","unstructured":"NVD. 2024. CVE-2022-22976. Retrieved May 25, 2024 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22976"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00088"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2023.3343836"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3556933"},{"key":"e_1_3_2_1_49_1","volume-title":"Retrieved","year":"2024","unstructured":"ShiftLeftSecurity. 2024. Joern. Retrieved April 20, 2024 from https:\/\/github.com\/ShiftLeftSecurity\/joern"},{"key":"e_1_3_2_1_50_1","volume-title":"When do changes induce fixes? ACM sigsoft software engineering notes 30, 4","author":"\u015aliwerski Jacek","year":"2005","unstructured":"Jacek \u015aliwerski, Thomas Zimmermann, and Andreas Zeller. 2005. When do changes induce fixes? ACM sigsoft software engineering notes 30, 4 (2005), 1--5."},{"key":"e_1_3_2_1_51_1","volume-title":"Retrieved","author":"SNYK.","year":"2023","unstructured":"SNYK. 2023. SNYK Open Source Vulnerability Database. Retrieved May 25, 2024 from https:\/\/security.snyk.io\/"},{"key":"e_1_3_2_1_52_1","volume-title":"Retrieved","year":"2023","unstructured":"sonatype. 2023. 9th Annual State of the Software Supply Chain. Retrieved May 25, 2024 from https:\/\/www.sonatype.com\/state-of-the-software-supply-chain\/introduction"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00089"},{"key":"e_1_3_2_1_54_1","first-page":"1","article-title":"Aspect-level information discrepancies across heterogeneous vulnerability reports: Severity, types and detection methods","volume":"33","author":"Sun Jiamou","year":"2023","unstructured":"Jiamou Sun, Zhenchang Xing, Xin Xia, Qinghua Lu, Xiwei Xu, and Liming Zhu. 2023. Aspect-level information discrepancies across heterogeneous vulnerability reports: Severity, types and detection methods. ACM Transactions on Software Engineering and Methodology 33, 2 (2023), 1--38.","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME55016.2022.00037"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484593"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v32i1.11428"},{"key":"e_1_3_2_1_58_1","volume-title":"Retrieved","year":"2024","unstructured":"Vision. 2024. Vision. Retrieved May 25, 2024 from https:\/\/vision-version.github.io"},{"key":"e_1_3_2_1_59_1","volume-title":"Retrieved","year":"2024","unstructured":"Veracode. 2024. Veracode Vulnerability Database. Retrieved May 25, 2024 from https:\/\/sca.analysiscenter.veracode.com\/vulnerability-database\/search"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER53432.2022.00076"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME46990.2020.00014"},{"key":"e_1_3_2_1_62_1","volume-title":"LIVABLE: Exploring Long-Tailed Classification of Software Vulnerability Types","author":"Wen Xin-Cheng","year":"2024","unstructured":"Xin-Cheng Wen, Cuiyun Gao, Feng Luo, Haoyu Wang, Ge Li, and Qing Liao. 2024. LIVABLE: Exploring Long-Tailed Classification of Software Vulnerability Types. IEEE Transactions on Software Engineering (2024)."},{"key":"e_1_3_2_1_63_1","volume-title":"Retrieved","year":"2024","unstructured":"Wikepedia. 2024. HITS algorithm. Retrieved May 25, 2024 from https:\/\/en.wikipedia.org\/wiki\/HITS_algorithm"},{"key":"e_1_3_2_1_64_1","volume-title":"Retrieved","year":"2024","unstructured":"wiki. 2024. Levenshtein Distance. Retrieved May 25, 2024 from https:\/\/en.wikipedia.org\/wiki\/Levenshtein_distance"},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the 32nd USENIX Security Symposium. 6541--6556","author":"Woo Seunghoon","year":"2023","unstructured":"Seunghoon Woo, Eunjin Choi, Heejo Lee, and Hakjoo Oh. 2023. V1SCAN: Discovering 1-day Vulnerabilities in Reused C\/C++ Open-source Software Components Using Code Classification Techniques. In Proceedings of the 32nd USENIX Security Symposium. 6541--6556."},{"key":"e_1_3_2_1_66_1","volume-title":"Proceedings of the 31st USENIX Security Symposium. 3037--3053","author":"Woo Seunghoon","year":"2022","unstructured":"Seunghoon Woo, Hyunji Hong, Eunjin Choi, and Heejo Lee. 2022. MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components. In Proceedings of the 31st USENIX Security Symposium. 3037--3053."},{"key":"e_1_3_2_1_67_1","volume-title":"Proceedings of the 30th USENIX Security Symposium. 3041--3058","author":"Woo Seunghoon","year":"2021","unstructured":"Seunghoon Woo, Dongwook Lee, Sunghan Park, Heejo Lee, and Sven Dietrich. 2021. V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities. In Proceedings of the 30th USENIX Security Symposium. 3041--3058."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639582"},{"key":"e_1_3_2_1_69_1","volume-title":"Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities. arXiv preprint arXiv:2308.15259","author":"Wunder Julia","year":"2023","unstructured":"Julia Wunder, Andreas Kurtz, Christian Eichenm\u00fcller, Freya Gassmann, and Zinaida Benenson. 2023. Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities. arXiv preprint arXiv:2308.15259 (2023)."},{"key":"e_1_3_2_1_70_1","volume-title":"Proceedings of the 29th USENIX Security Symposium. 1165--1182","author":"Xiao Yang","year":"2020","unstructured":"Yang Xiao, Bihuan Chen, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu, Wei Huo, Wei Zou, et al. 2020. MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures. In Proceedings of the 29th USENIX Security Symposium. 1165--1182."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549125"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3579638"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695531"}],"event":{"name":"ASE '24: 39th IEEE\/ACM International Conference on Automated Software Engineering","location":"Sacramento CA USA","acronym":"ASE '24","sponsor":["SIGAI ACM Special Interest Group on Artificial Intelligence","SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 39th IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3691620.3695516","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3691620.3695516","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:06:19Z","timestamp":1750291579000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3691620.3695516"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,27]]},"references-count":73,"alternative-id":["10.1145\/3691620.3695516","10.1145\/3691620"],"URL":"https:\/\/doi.org\/10.1145\/3691620.3695516","relation":{},"subject":[],"published":{"date-parts":[[2024,10,27]]},"assertion":[{"value":"2024-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}