Skip to content

fix(nvd_source): fix configuration without nodes #5449

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ffontaine wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(nvd_source): fix configuration without nodes #5449

ffontaine wants to merge 1 commit into from
+13 −11

Conversation

@ffontaine
Copy link
Collaborator

@ffontaine ffontaine commented Dec 11, 2025

https://nvd.nist.gov/vuln/detail/cve-2025-40939 has the following configurations: [{}]

This will result in a crash as current code wrongly assumes that all configuration object has a nodes parameter

@ffontaine ffontaine force-pushed the fix-nvd branch 10 times, most recently from d0e80a2 to fbfe00a Compare December 12, 2025 08:35
@ffontaine
Copy link
Collaborator Author

ffontaine commented Dec 12, 2025

One of the test fails on:

Downloading Chromium 143.0.7499.4 (playwright build v1200) from https://playwright.download.prss.microsoft.com/dbazure/download/playwright/builds/chromium/1200/chromium-linux.zip
(node:3746) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
(Use `node --trace-deprecation ...` to show where the warning was created)
Error: connect ECONNREFUSED 54.185.253.63:443
    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1637:16) {
  errno: -111,
  code: 'ECONNREFUSED',
  syscall: 'connect',
  address: '54.185.253.63',
  port: 443
}
Failed to install browsers
Error: Failed to download Chromium 143.0.7499.4 (playwright build v1200), caused by
Error: Download failure, code=1
    at ChildProcess.<anonymous> (/opt/hostedtoolcache/Python/3.13.11/x64/lib/python3.13/site-packages/playwright/driver/package/lib/server/registry/browserFetcher.js:94:32)
    at ChildProcess.emit (node:events:508:28)
    at ChildProcess._handle.onexit (node:internal/child_process:294:12)

https://playwright.download.prss.microsoft.com/dbazure/download/playwright/builds/chromium/1200/chromium-linux.zip is perfectly reachable from my local machine.
Connection refused is returned by 54.185.253.63 which is associated to ec2-54-185-253-63.us-west-2.compute.amazonaws.com.
So, I don't know what is going on, @terriko do you have an idea?

@ffontaine ffontaine force-pushed the fix-nvd branch 5 times, most recently from 6acc640 to 4e0fb44 Compare December 13, 2025 21:26
@ffontaine
fix(nvd_source): fix configuration without nodes
4e0fb44 
https://nvd.nist.gov/vuln/detail/cve-2025-40939 has the following
configurations: [{}]

This will result in a crash as current code wrongly assumes that all
configuration object has a nodes parameter

Signed-off-by: Fabrice Fontaine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ffontaine