jwoytek-cisa
commented
1 month ago @rivkasegan thank you for the report. This is a process issue/question that I am referring to our analysts.
Closed rivkasegan closed 3 weeks ago
jwoytek-cisa
commented
1 month ago @rivkasegan thank you for the report. This is a process issue/question that I am referring to our analysts.
todb-cisa
commented
1 month ago Taking a pass at this to see about fixing these (637 entries) lower-bound "*" characters. Stay tuned!
jwoytek-cisa
commented
3 weeks ago These have all been addressed as of now. The last fixes will be pushing out everywhere within an hour.
You have around 1000 files with "version": "" exactly 7 lines after a CPE like: https://github.com/cisagov/vulnrichment/blob/c31752fa4a9da78d1b6af62037ea7112a6b7d584/2024/36xxx/CVE-2024-36076.json#L90-L97 but I think you meant 0 (I guess for all 1000) because means infinity in CVEs and it's nonsensical to start ranges at infinity. https://github.com/CVEProject/cve-schema/blob/master/schema/docs/versions.md In any version range, the details of the version syntax and semantics depend on the version type, but by convention, "version": "0" means that the range has no lower bound, and a * in an upper bound denotes “infinity”,