Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extraction of keywords from advisory misses some terms #335

Open
copernico opened this issue Oct 14, 2022 · 0 comments
Open

Extraction of keywords from advisory misses some terms #335

copernico opened this issue Oct 14, 2022 · 0 comments
Assignees
@sacca97
Labels
assuremoss bug Something isn't working component/prospector

Comments

@copernico
Copy link
Contributor

copernico commented Oct 14, 2022
edited
Loading

For example, in CVE-2019-17567:

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

the term URL is not extracted.

Additional remark

This is also a good example that shows that verbs should be extracted too: configured is not extracted (with the current noun-only approach), but configuration appears in some commit messages and it is potentially relevant to identify the fix commit.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sacca97 sacca97

Labels
assuremoss bug Something isn't working component/prospector
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@copernico @sacca97