cvss-calculator

cvss-calculator copied to clipboard

Bumps [cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin) from 2.7.0 to 2.7.1. Commits 416953f [maven-release-plugin] prepare release cyclonedx-maven-plugin-2.7.1 6bc1c8b Removed legacy notes section. Updated version b841f02 Merge remote-tracking branch 'origin/master' bf54cc0 bump java core 379f967 Merge...

dependabot[bot]

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 1 to 3.4.1. Release notes Sourced from actions/setup-java's releases. v3.4.1 In scope of this release we updated actions/cache package as the new version contains fixes for caching...

dependabot[bot]

CVSS:3.1 vectors may get parsed to CVSS:3.0 instance

2

I've ran `Cvss.parse(..)` against a couple of vectors, e.g. `"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"`. The implementation matches it as `3.0` string, so `Cvss.parse(..).toVector()` return vectors of the form `"CVSS:3.1/*"`.

fviernau

Bumps [maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.0.0 to 3.1.0. Release notes Sourced from maven-enforcer-plugin's releases. 3.1.0 🚀 New features and improvements [MENFORCER-420] - cache dependencies across rules (#152) @​josephw [MENFORCER-409] - Log at...

dependabot[bot]

CVSS pattern only matches specific metric order

1

Hi @stevespringett I have come across an issue with the CVSS vector: `CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N` (fetched from the [CVEProject](https://github.com/CVEProject/cvelist/blob/a9ffc2b3d858eb16df5f1f60d6cb7920c76a74c9/2021/46xxx/CVE-2021-46143.json#L97) and hence not under my control). Parsing it results in a null result...

0xDAFE

Fixed Environmental Score calculation in CvssV3_1

2

* fixed environmental score calculation by using base score values if the environmental score values are null or `NOT_DEFINED` ("X") -> otherwise the environmental score is zero if not all...

michael-hinterdorfer

Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.4.0 to 3.4.1. Release notes Sourced from maven-javadoc-plugin's releases. 3.4.1 [MJAVADOC-723] - Upgrade Maven Reporting API to 3.1.1/Complete with Maven Reporting Impl 3.2.0 (#158) @​pzygielo Skip Java...

dependabot[bot]

Bumps [org.cyclonedx:cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin) from 2.7.10 to 2.7.11. Release notes Sourced from org.cyclonedx:cyclonedx-maven-plugin's releases. 2.7.11 🚀 New features and improvements rename convert methohds to explicit project vs dependency (#456) @​hboutemy cleanup unused...

dependabot[bot]

Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.6.0 to 3.6.3. Release notes Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases. 3.6.2 🐛 Bug Fixes [MJAVADOC-716] - Fix stale files detection failing because of the newline (#144) @​gnodet [MJAVADOC-713]...

dependabot[bot]

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 1 to 4. Release notes Sourced from actions/setup-java's releases. v4.0.0 What's Changed In the scope of this release, the version of the Node.js runtime was updated to...

dependabot[bot]