security-advisories icon indicating copy to clipboard operation
security-advisories copied to clipboard

Published 20 hours ago verified publisher icon haskell

CVSS3.1 isn't fully supported

Open unorsk opened this issue 1 year ago • 2 comments
trafficstars

Is it just me or the cvss parser doesn't fully support the cvss31 standard (some metrics haven't been implemented) These aren't important semantically since their presence doesn't affect the score calculation, but practically the parser would fail parsing a cvss string containing one of these.

unorsk avatar Jul 29 '24 19:07 unorsk

You are right, the parser presently only supports the strings used in the advisories.

TristanCacqueray avatar Jul 29 '24 20:07 TristanCacqueray

You are right, the parser presently only supports the strings used in the advisories.

Cool, sounds like something I could fix. Probably after https://github.com/haskell/security-advisories/issues/208 gets merged.

unorsk avatar Jul 30 '24 07:07 unorsk