Closed fviernau closed 3 months ago
I've noticed the same problem here. See NVD for CVE-2024-21628 that has
"impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK",
and it's identified as CVSS V3
OTOH because this 3.1 string lacks the weights, the calculation formula for CVSS 3.1 will fail too...
I've ran
Cvss.parse(..)
against a couple of vectors, e.g."CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
. The implementation matches it as3.0
string, soCvss.parse(..).toVector()
return vectors of the form"CVSS:3.1/*"
.