Hi there! I'm from the osv.dev team and currently working on setting up functionality to import OSV data from REST endpoints. I've been testing the functionality using curl's REST endpoints, and part of the import process validates the data entries.
I found two small typos in validating a couple of the generated .json files:
On CURL- CVE-2023-38545 & CURL-CVE-2023-38039, the timezone in the "modified" field (2023-11-19T16:44:33-05:00.00Z) isn't fitting the ISO 8601 format as it includes both the 'Z' representing UTC and the timezone shift "-05:00". The osv.dev validator best supports the UTC format so, if possible, could this date be altered to reflect that?
On CURL-CVE-2019-5436 & CURL-CVE-2019-5435, the affected ranges "fixed" property is written as “libcurl 7.65.0”. The schema validator gives me an error that "libcurl 7.65.0 is not valid SemVer string". Could "libcurl " be removed from these two vulnerability entries please?
Other than that, hopefully it shouldn't be long until we are able to aggregate curl vulnerability data into osv.dev!
Hi there! I'm from the osv.dev team and currently working on setting up functionality to import OSV data from REST endpoints. I've been testing the functionality using curl's REST endpoints, and part of the import process validates the data entries.
I found two small typos in validating a couple of the generated .json files:
Other than that, hopefully it shouldn't be long until we are able to aggregate curl vulnerability data into osv.dev!