-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing 'vulnerable_configuration' & /api/cvefor/ #61
Comments
Hello, We know and indeed this is a nice feature. We will investigate how to implement it properly in vulnerability lookup. By properly, I mean that the processing must be fast. I had a quick look at the code of cve-search concerning About cve-search "depreciation", this is not exactly what I understood from our discussion and the message you are referring to (on the CIRCL Mastodon instance). |
The main issue is to find a way to make As mentioned by @cedricbonhomme , the depreciation is about the public service which is running at its limit right now and need to be replaced by a faster service. |
Compared to CVE-Search, the vulnerability-lookup is missing an important feature: the
vulnerable_configuration
field containing the affected configurations as CPE 2.3 strings. Furthermore, it is missing the ability to search for CVEs by CPE strings, i.e., the/api/cvefor/
endpoint.This is an important feature, because the
/api/cvefor/
endpoint can be used for enriching data that already has CPE information, e.g., results from Nmap, with related vulnerabilities. While it seems the public CVE-Search instance is already missing this data (either on purpose or as a side effect of using old v4.2.2), it is still a feature frequently used in local installations.Would it be possible to get this feature implemented in vulnerability-lookup before CVE-Search will be deprecated (by the end of this year)?
The text was updated successfully, but these errors were encountered: