Vet json report Protobuf lib has issue that for some of the vulnerabilities, title is empty #161
Assignees
Labels
bug
Something isn't working
Comments
|
I have also noticed that two vulnerability entries are created, for each alias of the vulnerability @abhisek |
|
@jchauhan Looks like not all PYSEC published vulnerabilities has a summary field in the OSV database which is our source
Can you share an example? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
whenever id starts with PYSEC-***, the title is empty. otherwise it is not.
023-11-21T10:21:25.896+0530 DEBUG vet/vet2events.go:139 Found vuln with empty title id:"PYSEC-2022-19" aliases:"BIT-2022-22818" aliases:"BIT-django-2022-22818" aliases:"CVE-2022-22818" aliases:"GHSA-95rw-fx8r-36v6" {"service": "sd-github-app", "l": "zap"} 2023-11-21T10:21:25.896+0530 DEBUG vet/vet2events.go:139 Found vuln with empty title id:"PYSEC-2022-190" aliases:"BIT-2022-28346" aliases:"BIT-django-2022-28346" aliases:"CVE-2022-28346" aliases:"GHSA-2gwj-7jmv-h26r" {"service": "sd-github-app", "l": "zap"} 2023-11-21T10:21:25.896+0530 DEBUG vet/vet2events.go:139 Found vuln with empty title id:"PYSEC-2022-191" aliases:"BIT-2022-28347" aliases:"BIT-django-2022-28347" aliases:"CVE-2022-28347" aliases:"GHSA-w24h-v9qh-8gxj" {"service": "sd-github-app", "l": "zap"} 2023-11-21T10:21:25.896+0530 DEBUG vet/vet2events.go:139 Found vuln with empty title id:"PYSEC-2022-2" aliases:"BIT-2021-45116" aliases:"BIT-django-2021-45116" aliases:"CVE-2021-45116" aliases:"GHSA-8c5j-9r9f-c6w8" {"service": "sd-github-app", "l": "zap"} 2023-11-21T10:21:25.896+0530 DEBUG vet/vet2events.go:139 Found vuln with empty title id:"PYSEC-2022-20" aliases:"BIT-2022-23833" aliases:"BIT-django-2022-23833" aliases:"CVE-2022-23833" aliases:"GHSA-6cw3-g6wv-c2xv" {"service": "sd-github-app", "l": "zap"} 2023-11-21T10:21:25.896+0530 DEBUG vet/vet2events.go:139 Found vuln with empty title id:"PYSEC-2022-213" aliases:"BIT-2022-34265" aliases:"BIT-django-2022-34265" aliases:"CVE-2022-34265" aliases:"GHSA-p64x-8rxx-wf6q" {"service": "sd-github-app", "l": "zap"} 2023-11-21T10:21:25.896+0530 DEBUG vet/vet2events.go:139 Found vuln with empty title id:"PYSEC-2022-245" aliases:"BIT-2022-36359" aliases:"BIT-django-2022-36359" aliases:"CVE-2022-36359" aliases:"CVE-2022-45442" aliases:"GHSA-2x8x-jmrp-phxw" aliases:"GHSA-8x94-hmjh-97hq" {"service": "sd-github-app", "l": "zap"} 2023-11-21T10:21:25.896+0530 DEBUG vet/vet2events.go:139 Found vuln with empty title id:"PYSEC-2022-3" aliases:"BIT-2021-45452" aliases:"BIT-django-2021-45452" aliases:"CVE-2021-45452" aliases:"GHSA-jrh2-hc4r-7jwx" {"service": "sd-github-app", "l": "zap"} 2023-11-21T10:21:25.896+0530 DEBUG vet/vet2events.go:139 Found vuln with empty title id:"PYSEC-2022-304" aliases:"BIT-2022-41323" aliases:"BIT-django-2022-41323" aliases:"CVE-2022-41323" aliases:"GHSA-qrw5-5h28-6cmg" {"service": "sd-github-app", "l": "zap"}Other example
2023-11-21T10:21:25.897+0530 DEBUG vet/vet2events.go:128 Found vuln id:"GHSA-72xf-g2v4-qvf3" title:"tough-cookie Prototype Pollution vulnerability" aliases:"CVE-2023-26136" severities:{type:CVSSV3 score:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" risk:MEDIUM} {"service": "sd-github-app", "l": "zap"} 2023-11-21T10:21:25.897+0530 DEBUG vet/vet2events.go:128 Found vuln id:"GHSA-wgfq-7857-4jcc" title:"Uncontrolled Resource Consumption in json-bigint" aliases:"CVE-2020-8237" severities:{type:CVSSV3 score:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" risk:HIGH} {"service": "sd-github-app", "l": "zap"} 2023-11-21T10:21:25.897+0530 DEBUG vet/vet2events.go:128 Found vuln id:"GHSA-gwg9-rgvj-4h5j" title:"Code Injection in morgan" aliases:"CVE-2019-5413" severities:{type:CVSSV3 score:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" risk:CRITICAL}{"service": "sd-github-app", "l": "zap"}The text was updated successfully, but these errors were encountered: