Another disputed string for CVE-2023-39017

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
AppThreat · Aug 27, 2024 · 6f51479 · 6f51479
1 parent d727689
commit 6f51479
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "appthreat-vulnerability-db"
-version = "5.7.4"
+version = "5.7.5"
 description = "AppThreat's vulnerability database and package search library with a built-in file based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities."
 authors = [
     {name = "Team AppThreat", email = "cloud@appthreat.com"},

diff --git a/vdb/lib/nvd.py b/vdb/lib/nvd.py
@@ -317,8 +317,10 @@ def convert_api_vuln(vuln):
         base_score = None
         description = NvdSource._get_value(vuln, "descriptions")
         # Ignore disputed CVEs. Eg: CVE-2023-35116
-        if "** DISPUTED **" in description or "this is not a valid vulnerability report" in description:
-            return None
+        # CVE-2023-39017
+        for ds in ("** DISPUTED **", "this is not a valid vulnerability report", "this is disputed"):
+            if ds in description:
+                return None
         rdata = vuln.get("references", [])
         related_urls = [r["url"] for r in rdata]
         metrics = vuln.get("metrics", {})