Another disputed string for CVE-2023-39017 (#188)

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
AppThreat · Aug 31, 2024 · 545da24 · 545da24
1 parent e0e3ec8
commit 545da24
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "appthreat-vulnerability-db"
-version = "6.0.13"
+version = "6.0.14"
 description = "AppThreat's vulnerability database and package search library with a built-in sqlite based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities."
 authors = [
     {name = "Team AppThreat", email = "cloud@appthreat.com"},

diff --git a/vdb/lib/nvd.py b/vdb/lib/nvd.py
@@ -436,8 +436,10 @@ def convert_api_vuln(vuln: dict) -> Vulnerability | None:
                 break
         description = NvdSource._get_value(vuln, "descriptions")
         # Ignore disputed CVEs. Eg: CVE-2023-35116
-        if "** DISPUTED **" in description or "this is not a valid vulnerability report" in description:
-            return None
+        # CVE-2023-39017 uses the phrase "this is disputed"
+        for ds in ("** DISPUTED **", "this is not a valid vulnerability report", "this is disputed"):
+            if ds in description:
+                return None
         affected_symbols = extract_affected_symbols(description)
         rdata = vuln.get("references", [])
         related_urls = [r["url"] for r in rdata]