Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing data in public instance (inconsistent with local instance) #1197

Closed
Hritik14 opened this issue May 16, 2023 · 3 comments
Closed

Missing data in public instance (inconsistent with local instance) #1197

Hritik14 opened this issue May 16, 2023 · 3 comments

Comments

@Hritik14
Copy link
Collaborator

Public instance shows v32.0.1 being deployed, checking out the same tag locally and running vulnerablecode shows extra CWE data that is missing in the public instance.

Could there be something wrong with the public deployment ?
or could it be that the public deployment is not actually v32.0.1 but some non-tagged commit ? In that case, will mentioning the commit sha on the public instance instead of version numbers be a better choice to avoid confusion ?

(affected packages is different in the local install because I've not run all the improvers)

Public:
Screenshot 2023-05-17 at 3 15 18 AM

Local:
Screenshot 2023-05-17 at 3 15 25 AM

References also don't mach.
Public

Reference id URL
  https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164
  https://www.debian.org/security/2022/dsa-5153
cpe:2.3:a:apache:traffic_server:::::::: https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server::::::::
CVE-2021-37147 https://nvd.nist.gov/vuln/detail/CVE-2021-37147

Local

Reference id URL
  https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164
  https://www.debian.org/security/2022/dsa-5153
CVE-2021-37147 https://nvd.nist.gov/vuln/detail/CVE-2021-37147
cpe:2.3:a:apache:traffic_server:::::::: https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
@TG1999
Copy link
Contributor

TG1999 commented May 17, 2023

@Hritik14 please let us know which importers and improvers did you run to get this data locally ?

@ziadhany
Copy link
Collaborator

I think he run the nvd importer/improver because other importers still doesn't support CWE #1093

@pombredanne
Copy link
Member

Checking https://public.vulnerablecode.io/vulnerabilities/VCID-qe21-wnmx-aaac this is now fixed. Closing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pombredanne @Hritik14 @ziadhany @TG1999