Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cvss]: Unable to parse vectors with temporal score component #1085

Open
ctron opened this issue Jan 15, 2024 · 5 comments
Open

[cvss]: Unable to parse vectors with temporal score component #1085

ctron opened this issue Jan 15, 2024 · 5 comments

Comments

@ctron
Copy link
Contributor

ctron commented Jan 15, 2024

Parsing scores from the cvelistV5 repository make some scores fail with:

unknown CVSS metric name: `E`

It looks like there's a todo remaining for this:

rustsec/cvss/src/v3.rs

Line 5 in f79b59b

// TODO(tarcieri): Environmental and Temporal Metrics

I might be able to work on this and provide a PR if someone can review it.
@ctron ctron mentioned this issue Jan 15, 2024
Open
@tarcieri
Copy link
Member

tarcieri commented Jan 16, 2024
edited
Loading

Yep, we currently only support the CVSS v3.1 Base metric group, hence the type being cvss::v3::Base. The Temporal and Environmental metric groups are separate and currently unimplemented.

All that said, it would probably be good to add CVSS v4.0 support first (edit: opened #1087)

@bxf12315
Copy link

bxf12315 commented Jun 6, 2024

@tarcieri @ctron , PR try to fix the issue, but I got many compile errors from other components. Could you please help me fix it?

@bxf12315
Copy link

@tarcieri @ctron according to the PR's comment, I refactored the PR, let it will not affect other modules. Please check again.

@bxf12315
Copy link

bxf12315 commented Jun 11, 2024
edited
Loading

@tarcieri Do you have any plans to upgrade to CVSS 4.0? I think if the relevant models could be separated into their own repository, it would be easier for collaborative development.

@tarcieri
Copy link
Member

#1087 is the tracking issue for CVSS v4.0

I don't see any reason why it can't be added to the cvss crate. The existing module structure is already designed to accommodate new versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tarcieri @ctron @bxf12315