vulnrichment icon indicating copy to clipboard operation
vulnrichment copied to clipboard

Published 20 hours ago verified publisher icon cisagov

SSVC values are not consistently cased

Open bjedwards opened this issue 9 months ago • 4 comments

🐛 Summary

For some CVEs, the SSVC values sometimes start with uppercase values and sometimes lower case values.

To reproduce

Examples

  • Automatable
    • No:
      • CVE-2022-38028 is "No"
      • CVE-2010-5096 is "no"
    • Yes:
      • CVE-2019-7256 is "Yes"
      • CVE-2016-6531 is "yes"
  • Exploitation
    • Active
      • CVE-2019-7256 is "Active"
      • CVE-2015-2051 is "active"
    • PoC
      • CVE-2023-42931 is "PoC"
      • CVE-2013-3245 is "poc"
    • None
      • CVE-2022-34381 is "None"
      • CVE-2010-5096 is "none"
  • Technical Impact
    • Partial
      • CVE-2020-3259 is "Partial"
      • CVE-2010-5096 is "partial
    • Total
      • CVE-2019-7256 is "Total"
      • CVE-2012-5380 is "total"

Expected behavior

The values should be consistent across values. This isn't a huge impact on parsing the data, but did make me do a double take. I am ambivalent about which is "correct"

bjedwards avatar May 22 '24 02:05 bjedwards