To make dependency-check more accurate the tool should extract version ranges from the CVE text. As an example see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3558
"Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2"
There are also version ranges that utilize the word "through" instead of before.
SELECT vulnerability.id
FROM vulnerability INNER JOIN software ON vulnerability.id = software.cveid INNER JOIN cpeEntry ON cpeEntry.id = software.cpeentryid
WHERE DESCRIPTION LIKE '% before 0%'
OR DESCRIPTION LIKE '% before 1%'
OR DESCRIPTION LIKE '% before 2%'
OR DESCRIPTION LIKE '% before 3%'
OR DESCRIPTION LIKE '% before 4%'
OR DESCRIPTION LIKE '% before 5%'
OR DESCRIPTION LIKE '% before 6%'
OR DESCRIPTION LIKE '% before 7%'
OR DESCRIPTION LIKE '% before 8%'
OR DESCRIPTION LIKE '% before 9%'
OR DESCRIPTION LIKE '% through 0%'
OR DESCRIPTION LIKE '% through 1%'
OR DESCRIPTION LIKE '% through 2%'
OR DESCRIPTION LIKE '% through 3%'
OR DESCRIPTION LIKE '% through 4%'
OR DESCRIPTION LIKE '% through 5%'
OR DESCRIPTION LIKE '% through 6%'
OR DESCRIPTION LIKE '% through 7%'
OR DESCRIPTION LIKE '% through 8%'
OR DESCRIPTION LIKE '% through 9%'
GROUP BY vulnerability.id
HAVING COUNT(DISTINCT cpeEntry.vendor)=1
AND COUNT(DISTINCT cpeEntry.product)=1
)
Once implemented consider removing the patch for issue #534.
To make dependency-check more accurate the tool should extract version ranges from the CVE text. As an example see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3558
"Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2"
There are also version ranges that utilize the word "through" instead of before.
Once implemented consider removing the patch for issue #534.