Bug: V6 no vulnerability found for pkg:nuget/System.Security.Cryptography.xml@6.0.0 #461
Description
Expected Behavior
Running depscan --purl pkg:nuget/System.Security.Cryptography.xml@6.0.0 should find a vulnerability like V5.5 version
Dependency Scan Results (NUGET)
╔═════════════════════════════════════════════════════════════╤══════════════════════╤══════════════╤══════════╤═══════╗
║ CVE │ Insights │ Fix Version │ Severity │ Score ║
╟─────────────────────────────────────────────────────────────┼──────────────────────┼──────────────┼──────────┼───────╢
║ System.Security.Cryptography.xml@6.0.0 ⬅ CVE-2022-34716 │ 🧾 Vendor Confirmed │ 6.0.1 │ MEDIUM │ 5.9 ║
╚═════════════════════════════════════════════════════════════╧══════════════════════╧══════════════╧══════════╧═══════╝
This is the result with V5.5 (and with some prerelease I had before)
Any idea why V6 does not find anymore this vulnerability ?
Thanks
Michela
Actual Behavior
running depscan --purl pkg:nuget/System.Security.Cryptography.xml@6.0.0
This is the output
Steps to Reproduce
Install V6.0
Run depscan --purl pkg:nuget/System.Security.Cryptography.xml@6.0.0
Additional Information
Before upgrading to V6.0.0 I had the 6.0.0b3 and the vulnerability was found
After upgrading to V6.0.0 depscan doesn't find it anymore, I tried also to uninstall v6.0.0 and install again the beta release but I have always the same result