Open
Description
The api endpoint at https://ossindex.sonatype.org/api/v3/component-report
returns a CVSSv3.1 vector, but the library ossindex-service-client defaults to "CVSSv2" because it does not start with "CVSSv3.0":
This bug results in the following issue over at OWASP dependency check:
jeremylong/DependencyCheck#5598
Metadata
Metadata
Assignees
Labels
No labels
Activity
anastasia-vanriet commentedon Jun 14, 2023
Hi @supermaurio,
Thank you for bringing this to our attention, and apologies for the delayed response. A bug ticket has been filed, and we hope to address this very soon.