Scores that differ from first.org calculator

[jzebor]

Comparing first.org and cvsspy scores uncovered a small inconsistency. Out of 50 example vectors, there are mismatches between implementations when first.org scores something as 4.3, cvss4py scores it as 4.2. Here are three cases which resulted in the mismatch. If I find more test cases that result in a mismatch I'll provide them.

Vector 1: CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:L
Vector 2: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:L/SA:L
Vector 3: CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N

First.org calculator scores as 4.3
cvss4py "score_vector" function scores as 4.2

[jzebor]

Here is another vector that results in a mis-match.
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

first.org: 2.3
cvss4py: 2.2

[bjedwards]

So I think this is how python handles rounding vs javascript. Javascript does the "school" round ing which rounds half values up. Python has implemented the "correct" banker rounding which is "round half to even". I have replaced it, and the above work, I'll do some more testing to see if that was the issue on the rest.