Closed mpurusottamc closed 1 week ago
Hello @mpurusottamc, thank you for reporting this issue. I think the metrics are currently not completely functional for cvss 4. I will fix this in the next days (or maybe few weeks). But just to let you know, the environmental score will always return the overall score. Cvss 4 only provides one score which will always be returned, even if no environmental score is provided.
@0llirocks Thanks for the clarification. Helpful.
I will use the overall score instead of environmental score.
@mpurusottamc Since returning the overall score for a specific metrics is wrong and misleading, I decided to completely remove the score attribute from the metrics starting with cvss v4. This change will be included in version 4.0.0 of this gem. since it is a breaking change.
Behaviour is changed in 4.0.0
@0llirocks Makes sense. I will upgrade to the 4.x version and verify. Thanks for making the adjustments.
While trying to calculate score & severity for a CVSS 4.0 vector string and getting the below error:
Here's the code:
version of cvss-suite gem - 3.2.2 version of ruby - ruby 3.2.2 (2023-03-30 revision e51014f9c0) [arm64-darwin23]
Reference URLs: https://osv.dev/vulnerability/GHSA-99hm-86h7-gr3g https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Appreciate any help on this.