I could not find CVE-2022-33980 detection included in the free gvm11 package - it looks to be only for pro customers. Is there a planning to move this detection to the free package in short term?
and welcome to this community forum.
There is currently no coverage for this specific CVE in any feed.
- VTs are only moved in very rare cases from the enterprise feed into the community feed
- CVEs for such libraries like Apache Commons Configuration are usually only covered via package manager based checks
- e.g. Debian is tracking this via https://security-tracker.debian.org/tracker/CVE-2022-33980, once there is a security advisory (e.g. DLA and/or DSA) published by Debian there will be a new VT covering this flaw
- same applies for other vendors like e.g. Red Hat, SUSE, Oracle, Ubuntu and so on
- in addition some vendors like F5 using this library might publish additional advisories, if this vendor is currently supported additional VTs might be created
- if such a flaw is exploited actively and there are PoCs available which helps to detect such flaws in a generic way additional VTs might be created as well