Closed grouigrokon closed 2 months ago
As per paragraph 2.7.1.2.1 of Minimum Requirements for Vulnerability Exploitability eXchange (VEX), the affected products MUST have an action statement.
Both the spec implementation and the tests were wrong on that point, and were expecting an impact statement instead.
The behaviour should now be correct regarding that.
As per paragraph 2.7.1.2.1 of Minimum Requirements for Vulnerability Exploitability eXchange (VEX), the affected products MUST have an action statement.
Both the spec implementation and the tests were wrong on that point, and were expecting an impact statement instead.
The behaviour should now be correct regarding that.