Assessment Reports Invalid Version for Seemingly Valid Version
name: Assessment Reports Invalid Version Number for Seemingly Valid Version
about: hoppr-cop assessment
- Version: 1.3.1
- Platform: Linux 75ab7114710d 4.18.0-513.18.1.el8_9.x86_64 #1 SMP Wed Feb 21 21:34:36 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Hoppr-Cop, in the vulnerability report, reports the version of the jetty-server
component to be 8.1.15.v20140411
however, when it is added to the assessment YAML file, like this:
- package:
type: maven
name: jetty-server
version: "8.1.15.v20140411"
assessmentDate: 2024-05-09
vulnerability: GHSA-ghgj-3xqr-6jfm
state: in_triage
response: update
detail: Fix Version 9.2.9.v20150224 or above
it reports the following:
Scan Error('Invalid value specified in analysis.assessment.yml: "package.jetty-server contains an Invalid version: \'8.1.15.v20140411\'"')
happens also with:
- package:
type: maven
name: netty-handler
version: "4.1.66.Final"
assessmentDate: 2024-05-09
vulnerability: CVE-2023-34462
response: update
state: in_triage
detail: Fix Version 4.1.94.Final or above
Edited by Luke Benedict