Map specific version of vulnerability as affected vulnerable software

[sahibamittal]

Currently, vulnerabilities are missing affected package version info due to indefinite ranges. Example, for a vulnerability with version ">7.0", as per previous discussions, we decided to skip mapping such open ranges.

Proposal: When we search for vulnerability based on a purl with specific version and say, SNYK reports a vulnerability for it, we can at least create a vulnerable software for the specific version, since it is affected indeed. This will keep a record of all definite affected versions for a vulnerability.