Skip to content

VulnerabilityScoreSource.get_from_vector() does not return CVSS_V3_1 and CVSS_V4 #821

@DerDakon

Description

@DerDakon

These cases are not handled, or not handled correctly. "3.1" will be matched to CVSS_V3, "4*" will be matched to OTHER.

Activity

jkowalleck

jkowalleck commented on Jun 4, 2025

@jkowalleck
Member

@DerDakon , please provide a reproducible example.
some complete python code that showcases the behaviour.

DerDakon

DerDakon commented on Jun 4, 2025

@DerDakon
Author
print(VulnerabilityScoreSource.get_from_vector("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"))
jkowalleck

jkowalleck commented on Jun 4, 2025

@jkowalleck
Member

@DerDakon , please provide a reproducible example.
some complete python code that showcases the behaviour -- not just a sniped that lacks all imports and everything else.

jkowalleck

jkowalleck commented on Jun 9, 2025

@jkowalleck
Member

complete reproducible examples

from cyclonedx.model.vulnerability import VulnerabilityScoreSource
vec = VulnerabilityScoreSource.get_from_vector("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H")
assert vec is VulnerabilityScoreSource.CVSS_V3_1

# AssertionError
from cyclonedx.model.vulnerability import VulnerabilityScoreSource
vec = VulnerabilityScoreSource.get_from_vector("CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U")
assert vec is VulnerabilityScoreSource.CVSS_V4


# AssertionError
jkowalleck

jkowalleck commented on Jun 9, 2025

@jkowalleck
Member

working on a fix - #824

added a commit that references this issue on Jun 10, 2025
a97ccd4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Participants

      @jkowalleck@DerDakon

      Issue actions

        VulnerabilityScoreSource.get_from_vector() does not return CVSS_V3_1 and CVSS_V4 · Issue #821 · CycloneDX/cyclonedx-python-lib