search

google / osv.dev

Open source vulnerability DB and triage service.
https://osv.dev
Apache License 2.0
1.45k stars 173 forks source link

Data Quality issue with GHSA-w9jx-4g6g-rp7x #2331

Closed clemens closed 5 days ago

clemens commented 1 week ago

Describe the bug The data for GHSA-w9jx-4g6g-rp7x includes "type": 3 instead of "type": "CVSS_V4".

To Reproduce Steps to reproduce the behaviour:

  1. curl https://api.osv.dev/v1/vulns/GHSA-w9jx-4g6g-rp7x
  2. Check JSON at the very end

Expected behaviour I'd expect the response to adhere to declared schema. So in this case it should show "type": "CVSS_V4".

Screenshots Screenshot 2024-06-20 at 16 56 33

Additional context I've come across this, because ORT started failing for TinyMCE and traced it back in ORT's code

michaelkedar commented 5 days ago

The API should now be correctly returning "type": "CVSS_V4" in these cases.

Thanks for reporting this! Let us know if you're still encountering this issue.