Closed maxime-huyghe closed 5 months ago
Cool, thank you! I'll take a look at the pr!
The issue could be confirmed with, e.g., CVE-2024-23525 & CVE-Search v5.0.1-dev:
cpe:2.3:a:tozt:spreadsheet\:\:parsexlsx:*:*:*:*:*:perl:*:*
UPDATE: The #269 fixes this; I have done the testing as described in https://github.com/cve-search/CveXplore/pull/269#pullrequestreview-1985177042.
Hi, I noticed that some CPEs have
:
s, resulting in incorrect vendor and/or product names. Examples of this behavior arecpe:2.3:a:acf\:_better_search_project:acf\:_better_search:-:*:*:*:*:wordpress:*:*
andcpe:2.3:a:tozt:spreadsheet\:\:parsexlsx:0.29:*:*:*:*:perl:*:*
. This can be fixed by splitting on a regex ((?<!\\):
) instead of:
. I grepped for relevant uses ofsplit(":")
but I am unsure whether I caught all instances of the issue or not.I will attach a PR with the fixes, can you please take a look ? Thanks in advance