-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CPE data missing #77
Comments
Hey @roman-mueller! Thanks for creating this issue, it's known behavior as of now, currently CPE to CVE is mapped based on CPE information available as vulnerable CPE in CVE json block, we are in process of mapping CPE to CVE information separately for complete coverage as you pointed out. |
HI @ehsandeep When I query The output of "vulnerable_cpe" is just But when I query CVE-2019-1549 on NIST
Is this the same issue? |
Hi @ehsandeep ! How's the mapping process proceeding? |
any update on this ? |
i think there is a bug here , the cvemap don't care about the version! and this will generate a lot of false positive |
cvemap version:
v0.0.4
Current Behavior:
When querying for certain CPEs, no data is returned.
Expected Behavior:
Vulnerability data should be returned.
Steps To Reproduce:
As an example, run those queries:
Those will not return any data.
But those CPEs are correct, for example searching on the NIST site it will return 66 vulnerabilities (Apache/httpd): NIST
19 (Apache/Tomcat): NIST
And 4 (jQuery): NIST
The CVE IDs listed by NIST can be directly queried, for example
cvemap -id CVE-2023-45802
does return as expected data.But the CPE is not included in the JSON output.
Is there any reason these CPEs are missing?
Querying for specific versions would be my number one use-case.
The text was updated successfully, but these errors were encountered: