version_value "-" #81
Comments
|
@AntonioSanta That looks like a mistake to me. Do you have the CVE ID where this data is present by any chance? |
|
No reply in over three years, closing! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I have a question about version_value "-" , how should it be interpreted ?
for example in a CVE in the json official Database from NIST I found this section :
"vendor_name" : "name",
"product" : {
"product_data" : [ {
"product_name" : "name",
"version" : {
"version_data" : [ {
"version_value" : "-",
"version_affected" : "="
}, {
"version_value" : "0.1",
"version_affected" : "="
}, {
"version_value" : "0.2",
"version_affected" : "="
}, {
"version_value" : "0.3",
"version_affected" : "="
}, {
"version_value" : "0.4",
"version_affected" : "="
}, {
"version_value" : "0.5",
"version_affected" : "="
}
does the '-' mean that also versions < 0.1 are affected ? if it does, why doesn't the CVE use the <= in "version_affected " field instead ?
Or does the "-" mean "if you don't have a version number in your installed packages than your installed package is affected" ?
or just simply "we don't know" ?
thank you
The text was updated successfully, but these errors were encountered: