Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Vulnerability Version Syntax



  • Hi,

    Vulnerability feeds have multiple ways to version vulnerable libraries, such as:

    1. 5.5.28
    2. <0.9.1
    3. =0.5.0 <0.5.2 || >=0.4.0 <0.4.2

    4. 1.3.0-beta.1 <1.3.0-rc.1

    5. 1.0.1, 1.0.2

    Can you please clarify what syntax is supported / expected here? There are examples of exact version (1 above) and less than a version (2 above) in the Vor integration video, but nothing is documented around what is supported for manual entries.

    Thank you

    James

    Product: ProGet
    Version: 4.6.4


  • inedo-engineer

    A vulnerability version range can be:

    • the literal string (any)
    • empty string (equivalent to (any))
    • single
    • single, single
    • single, single, single
    • single, single, single, single
    • etc.

    A single vulnerability version range can be:

    • version
    • >version
    • >=version
    • <version
    • <=version
    • >version <version
    • >=version <version
    • >version <=version
    • >=version <=version

    The format of version is defined by the feed type.



Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation