vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Improve results for unknown package versions that are in a vulnerable range

Open pombredanne opened this issue 1 year ago • 0 comments

We need to improve the API results we return for unknown package versions that are in a vulnerable range.

Say I have this setup:

  • package A has known versions 1,2,4 and 5.
  • It is affected by cve1 from version 1 to 4, 5 in fixed
  • we find version 3 in a codebase scan, but 3 does note exists upstream
  • here a lookup for 3 will report it as non-vulnerable
  • but we want to to tell that:
  1. it is an unknown version
  2. it falls in a vulnerable range

pombredanne avatar Aug 14 '24 11:08 pombredanne