vulnerablecode
vulnerablecode copied to clipboard
Published
20 hours ago •
nexB
nexB
ingest git versions from OSS-Fuzz
OSS-Fuzz uses the OSV schema, the problem is that most of the versions are the Git version. https://github.com/nexB/vulnerablecode/pull/897 For example this: https://github.com/google/oss-fuzz-vulns/blob/74db2f2bc96e82a54e371e940384c825bcb32de4/vulns/openexr/OSV-2021-1420.yaml
- type: GIT
repo: https://github.com/AcademySoftwareFoundation/openexr
events:
- introduced: 40eb606dc5e8b04b7634f8a4a15f44b4e2044191
- fixed: f68dc195ef2079793e2ea68f089adca902f0a4d8
- fixed: e86910cb1fa2cd4e555bdb3c04b69eda28c74547
- introduced: 57b05e055c7065ac5873f64e42350449be1eccb8
- fixed: 666e2064d10445c501d48544d2d4566c304015c7
database_specific:
fixed_range: 481bde4b2584ef018cca4a6538062efd0d5d0b88:e86910cb1fa2cd4e555bdb3c04b69eda28c74547
https://ossf.github.io/osv-schema/#affectedrangestype-field
https://github.com/nexB/univers/issues/85
