From daea8e48e53c53ed4c26204ab72585de2fe2d998 Mon Sep 17 00:00:00 2001 From: Fatih Durmaz Date: Thu, 25 Apr 2024 22:27:57 +0200 Subject: [PATCH] fix: parse CPE names correctly #4041 (#4063) Signed-off-by: fthdrmzzz Co-authored-by: Terri Oda --- cve_bin_tool/data_sources/nvd_source.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cve_bin_tool/data_sources/nvd_source.py b/cve_bin_tool/data_sources/nvd_source.py index f3d66037d3..e1ad2db190 100644 --- a/cve_bin_tool/data_sources/nvd_source.py +++ b/cve_bin_tool/data_sources/nvd_source.py @@ -183,7 +183,8 @@ def parse_node(self, node: dict[str, list[dict[str, str]]]) -> list[dict[str, st if "cpe_match" in node: vulnerable_matches = (m for m in node["cpe_match"] if m["vulnerable"]) for cpe_match in vulnerable_matches: - cpe_split = cpe_match["cpe23Uri"].split(":") + # split on `:` only if it's not escaped + cpe_split = re.split(r"(?