Open tzirn opened 1 week ago
Here is an example of the data in a CVE on the cvedetails.com website and the same one from the NVD website for the same CVE:
@terriko I thought you'd want to know about my further testing of v3.4
Hm, I think this may be a bit of a pain to solve completely because I'm not sure we're storing those values in our cache, but I'm not sure why we're over-writing them. Thanks for pointing it out!
@terriko @tzirn This mainly originate from lib4vex, so at the time of implementing new triage functionality as far as i remember we don't have way to define different update stamps in lib4vex for a vulnerability, i might have to double check in lib4vex this, regardless the bug should be easy to fix i guess so..... ; )
Description
v3.4 of the tool and have parameters to tell it to make a new json/vex file. The published and updated values it puts in for each CVE found is just the date this report was run. Shouldnt it be the published and updated values from the CVE itself?
To reproduce
Steps to reproduce the behavior:
Expected behavior: add the published and updated dates from the CVE itself - each CVE has this data Actual behavior: adds just the current date/time the tool was run to these fields for every CVE
Version/platform info
Version of CVE-bin-tool: v3.4 Installed from pypi or github? pypi Operating system: Windows
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows 10 Pro OS Version: 10.0.19042 N/A Build 19042 Python version: v3.12.0 Running in any particular CI environment we should know about? NoAnything else?
Feel free to add any other context here.
output triage file that I just ran attached along with a short screenshot if the diffs between 3.3 (which just put in NOT_FOUND) and 3.4.
triage0923b.json