Detect unknown CVSS version

This change ensures the UnknownVersion exception is returned for unknown cvss version prefix.
haskell · Jul 18, 2024 · 988f39e · 988f39e
1 parent eb8f7c1
commit 988f39e
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/code/cvss/src/Security/CVSS.hs b/code/cvss/src/Security/CVSS.hs
@@ -110,6 +110,7 @@ parseCVSS :: Text -> Either CVSSError CVSS
 parseCVSS txt
   | "CVSS:3.1/" `Text.isPrefixOf` txt = CVSS CVSS31 <$> validateComponents True validateCvss31
   | "CVSS:3.0/" `Text.isPrefixOf` txt = CVSS CVSS30 <$> validateComponents True validateCvss30
+  | "CVSS:" `Text.isPrefixOf` txt = Left UnknownVersion
   | otherwise = CVSS CVSS20 <$> validateComponents False validateCvss20
   where
     validateComponents withPrefix validator = do