"affected []" sometimes means that all versions may be affected

[ElectricNroff]

For this CVE Record:

{"dataType": "CVE_RECORD","dataVersion": "5.0","cveMetadata": {"cveId": "CVE-2024-20738",
"assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6","state": "PUBLISHED"},
"containers": {"cna": {"providerMetadata": {"orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6"},
"affected": [{"vendor": "v","product": "p","versions": [
{
  "version": "unspecified",
  "status": "affected",
  "lessThan": "*",
  "versionType": "custom"}]}],
"descriptions": [{"lang": "en","value": "acd def ghi"}],"references": [
{"url": "https://a.us"}]}}}

test.cve.org shows:

affected []

To a human viewer, [] may signify an empty array, perhaps implying that no versions are affected. However, the range from unspecified to * would typically mean that many versions are affected.

This issue would affect more CVE Records if #1874 were fixed, such that the test for !== 'unspecified' were accompanied by a test for !== '0'

{
  "version": "0",
  "status": "affected",
  "lessThan": "*",
  "versionType": "custom"
}

should be rendered as something like:

affected (all versions)

instead of:

affected []