Skip to content
This repository was archived by the owner on Feb 17, 2025. It is now read-only.

Commit 5df22e2

Browse files
kmort89kmort89
authored
fix: prevent NPE in bundler audit (#6462)
1 parent 39631db commit 5df22e2

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

core/src/main/java/org/owasp/dependencycheck/processing/BundlerAuditProcessor.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -241,7 +241,8 @@ private void addCriticalityToVulnerability(String parentName, Vulnerability vuln
241241
} else if ("Low".equalsIgnoreCase(criticality)) {
242242
score = 2.0;
243243
}
244-
final CvssV2Data cvssData = new CvssV2Data(null, null, null, null, null, null, null, null, score, criticality.toUpperCase(),
244+
LOGGER.debug("bundle-audit vulnerability missing CVSS data: {}", vulnerability.getName());
245+
final CvssV2Data cvssData = new CvssV2Data("2.0", null, null, null, null, null, null, null, score, criticality.toUpperCase(),
245246
null, null, null, null, null, null, null, null, null, null);
246247
final CvssV2 cvssV2 = new CvssV2(null, null, cvssData, criticality.toUpperCase(), null, null, null, null, null, null, null);
247248
vulnerability.setCvssV2(cvssV2);

0 commit comments

Comments
 (0)