Library reported as vulnerable, but only has a 'rejected' CVE.

[JanVerschueren]

Retire.js reported a Vulnerable version of the JavaScript Library Bootstrap, v4.6.2 with CVE-2024-6531. This CVE however is marked as 'rejected' and is mentioned as 'not a security issue'.

Is the CVE status 'rejected' not handled properly, or is there an outdated datasource?