Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVSS severities are never validated #2369

Open
michaelkedar opened this issue Jul 4, 2024 · 0 comments
Open

CVSS severities are never validated #2369

michaelkedar opened this issue Jul 4, 2024 · 0 comments
Assignees
@andrewpollock
Labels
bug Something isn't working data quality Issues with data quality

Comments

@michaelkedar
Copy link
Member

We currently do no checking that CVSS scores in the severity fields are valid. We end up ingesting invalid scores, which also end up being served by the API which could be an issue downstream.

Case in point: this GHSA OSV record has a CVSS 3.1 score labelled as CVSS_V4.

Our website is currently 500-ing when trying to render this vulnerability because of this.
@michaelkedar michaelkedar added bug Something isn't working data quality Issues with data quality labels Jul 4, 2024
@google google deleted a comment from github-actions bot Jul 4, 2024
@andrewpollock andrewpollock mentioned this issue Jul 14, 2024
Open
@andrewpollock andrewpollock self-assigned this Jul 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewpollock andrewpollock

Labels
bug Something isn't working data quality Issues with data quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewpollock @michaelkedar