This is not a true vulnerability, it was created by Apache as a notification to correct some information. See https://www.openwall.com/lists/oss-security/2024/02/16/1