mprpic
commented
3 years ago @AntonioSanta That looks like a mistake to me. Do you have the CVE ID where this data is present by any chance?
Closed AntonioSanta closed 5 months ago
mprpic
commented
3 years ago @AntonioSanta That looks like a mistake to me. Do you have the CVE ID where this data is present by any chance?
mprpic
commented
5 months ago No reply in over three years, closing!
Hello, I have a question about version_value "-" , how should it be interpreted ? for example in a CVE in the json official Database from NIST I found this section : "vendor_name" : "name", "product" : { "product_data" : [ { "product_name" : "name", "version" : { "version_data" : [ { "version_value" : "-", "version_affected" : "=" }, { "version_value" : "0.1", "version_affected" : "=" }, { "version_value" : "0.2", "version_affected" : "=" }, { "version_value" : "0.3", "version_affected" : "=" }, { "version_value" : "0.4", "version_affected" : "=" }, { "version_value" : "0.5", "version_affected" : "=" } does the '-' mean that also versions < 0.1 are affected ? if it does, why doesn't the CVE use the <= in "version_affected " field instead ? Or does the "-" mean "if you don't have a version number in your installed packages than your installed package is affected" ? or just simply "we don't know" ?
thank you