Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Vulnerability Version Syntax
-
Hi,
Vulnerability feeds have multiple ways to version vulnerable libraries, such as:
- 5.5.28
- <0.9.1
-
=0.5.0 <0.5.2 || >=0.4.0 <0.4.2
-
1.3.0-beta.1 <1.3.0-rc.1
- 1.0.1, 1.0.2
Can you please clarify what syntax is supported / expected here? There are examples of exact version (1 above) and less than a version (2 above) in the Vor integration video, but nothing is documented around what is supported for manual entries.
Thank you
James
Product: ProGet
Version: 4.6.4
-
A vulnerability version range can be:
- the literal string
(any)
- empty string (equivalent to
(any)
) single
single, single
single, single, single
single, single, single, single
- etc.
A single vulnerability version range can be:
version
>version
>=version
<version
<=version
>version <version
>=version <version
>version <=version
>=version <=version
The format of
version
is defined by the feed type.
- the literal string