Simplified vers compare to reduce false positives with single vers range

AppThreat / vulnerability-db

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and vers.

MIT License

92 stars 22 forks source link

Simplified vers compare to reduce false positives with single vers range #133

Closed prabhu closed 4 months ago

prabhu commented 4 months ago

An unwanted else block in utils.vers_compare was resulting in false positives while dealing with single version specifiers. This negatively affected ecosystems such as npm.