Skip to content

fix(alpine): use NVD CPE version ranges to populate Introduced field#5586

Open
katzj wants to merge 1 commit into
google:masterfrom
katzj:improve-alpine-matching-with-nvd-cpe
Open

fix(alpine): use NVD CPE version ranges to populate Introduced field#5586
katzj wants to merge 1 commit into
google:masterfrom
katzj:improve-alpine-matching-with-nvd-cpe

Conversation

@katzj

@katzj katzj commented Jun 30, 2026

Copy link
Copy Markdown

Follow the pattern used by the Alpine security tracker to use data from NVD to be able to give some information on Introduced versions for vulnerabilities. This includes the same rewriting rules used there.

This avoids over-reporting, for example CVE-2024-3094 should only show for xz 5.6.0 through 5.6.1-r2, not for earlier versions of xz

Fixes #5199

Follow the pattern used by the Alpine security tracker to use
data from NVD to be able to give some information on Introduced
versions for vulnerabilities. This includes the same rewriting
rules used there.

This avoids over-reporting, for example CVE-2024-3094 should only
show for xz 5.6.0 through 5.6.1-r2, not for earlier versions of xz
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Data quality issue with CVE-2024-3094

1 participant