mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
a599889152
**Related issue:** Resolves #41644 There are two cases that exist in the cpe database where this generic logic could not be applied. django from python_packages: gofiber:django djangoproject:django npm from npm_packages: microsoft:npm npmjs:npm These will require individual cve overrides that is outside the scope of this task. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Enhanced CPE (Common Platform Enumeration) matching to reduce non-deterministic vendor selection when multiple vendors exist for the same software product. The algorithm now incorporates software ecosystem information to ensure more accurate and consistent vulnerability resolution across package types. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|---|---|---|
| .. | ||
| customcve | ||
| goval_dictionary | ||
| io | ||
| macoffice | ||
| msrc | ||
| nvd | ||
| oval | ||
| testdata | ||
| utils | ||