I don't know why the issue is still open. The access to the still opened issue it depends on is protected.

I don't see any versions there.

Do you know where it's saying that 6.0.2 - 6.0.4 are affected (i.e. why your scan tells you that)? Because they shouldn't have been tagged as affected by this CVE in the first place.