The software supply chain is filled with various challenges, such as untracked security vulnerabilities in open-source components and inconsistent update uptake.  The lighttpd vulnerability was silently fixed in 2018 without any CVE assignment in a single instance of vulnerability detection. As a result, critical security patches are often lost on downstream software that relies on these elements.

Source: GBHackers