Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Severity field in statements is just for CVSS2 and not very useful #104

Open
MagielBruntink opened this issue Dec 15, 2021 · 0 comments
Open

Severity field in statements is just for CVSS2 and not very useful #104

MagielBruntink opened this issue Dec 15, 2021 · 0 comments

Comments

@MagielBruntink
Copy link
Member

MagielBruntink commented Dec 15, 2021
edited
Loading

Consider removing the severity field from the statements as it can be confusing an inconsistent with CVSS3 scores:

Severity is fetched here:

vulnerability-producer/src/main/java/eu/fasten/vulnerabilityproducer/utils/parsers/NVDParser.java

Line 154 in f19766d

vulnerability.setSeverity(Severity.valueOf(cveItem.getImpact().getBaseMetricV2().getSeverity()));

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MagielBruntink