Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unassigned severity while the score is set for the vulnerability #4706

Open
2 tasks done
hqbns opened this issue Feb 27, 2025 · 3 comments
Open
2 tasks done

unassigned severity while the score is set for the vulnerability #4706

hqbns opened this issue Feb 27, 2025 · 3 comments
Labels
defect Something isn't working in triage

Comments

@hqbns
Copy link

hqbns commented Feb 27, 2025

Current Behavior

Image

Image

Hey guys,
I am using Dependecy track for a project and I just noticed that some vulnerabilities have the unassigned status while when you search the vulnerability on the NVD you see the actual score of the vulnerability.
Also, the link that Dependecy track gives you on the vulnerability clearly says the severity of the vulnerability so I do not understand why the status is unassigned .

Steps to Reproduce

1.upload a BOM with windows 10 family edition (version: 10.0.19045.3930)
2. Watch the latest vulnerabilities
The BOM I use only has windows family edition and here are some screenshots has an example of the issue.

Expected Behavior

I would expect to have the severity of the CVE instead of (UNASSIGNED ) as is it shown in NVD database.

Dependency-Track Version

4.12.6

Dependency-Track Distribution

Executable WAR

Database Server

H2

Database Server Version

No response

Browser

Mozilla Firefox

Checklist
@hqbns hqbns added defect Something isn't working in triage labels Feb 27, 2025
@stohrendorf
Copy link
Contributor

Could you check that this behaviour persists with setting the environment variable ALPINE_DATANUCLEUS_CACHE_LEVEL2_TYPE=none? In my own experience, the L2 cache produces strange errors at times similar to this one (it will be fixed in 4.13). If you can't change the configuration, try to re-start DT, since that will clear the cache, too.

@JoaquinDelgadoCarrascal
Copy link

Could you check that this behaviour persists with setting the environment variable ALPINE_DATANUCLEUS_CACHE_LEVEL2_TYPE=none? In my own experience, the L2 cache produces strange errors at times similar to this one (it will be fixed in 4.13). If you can't change the configuration, try to re-start DT, since that will clear the cache, too.

Hi @stohrendorf, I tried that and still doesn't work for me. Not even doing the export but also putting it as a restart option.

@hqbns
Copy link
Author

hqbns commented Mar 11, 2025

Could you check that this behaviour persists with setting the environment variable ALPINE_DATANUCLEUS_CACHE_LEVEL2_TYPE=none? In my own experience, the L2 cache produces strange errors at times similar to this one (it will be fixed in 4.13). If you can't change the configuration, try to re-start DT, since that will clear the cache, too.

Hey @stohrendorf yes even when this parameter is set to none the problem persist form me.
Restarting DT does not work either

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Something isn't working in triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stohrendorf @JoaquinDelgadoCarrascal @hqbns