search

cisagov / vulnrichment

A repo to conduct vulnerability enrichment.
Creative Commons Zero v1.0 Universal
476 stars 35 forks source link

Wrong CPE Syntax #25

Closed fwininger closed 5 months ago

fwininger commented 5 months ago

🐛 Summary

CPEs can not contains space.

To reproduce

I found: 

"cpes": [
              "cpe:2.3:a: campcodes:Complete Web Based School Management System:1.0:*:*:*:*:*:*:*"
            ],

https://github.com/cisagov/vulnrichment/blob/develop/2024/5xxx/CVE-2024-5232.json#L163

Expected behavior

No space between cpe:2.3:a and campcodes.

For the product part, may be with this exemple : https://nvd.nist.gov/vuln/detail/CVE-2024-22627

Complete Web Based School Management System should be web_based_school_management_system

I thinks there is no product on the CPE Dictonary yet.

fwininger commented 5 months ago

may be just fix like : https://github.com/cisagov/vulnrichment/blob/develop/2024/5xxx/CVE-2024-5231.json#L163

patrickmgarrity commented 5 months ago

Submitted a Pull request for this: https://github.com/cisagov/vulnrichment/pull/31

jwoytek-cisa commented 5 months ago

@fwininger thank you! This had been fixed upstream but not yet published. That happened earlier today.