diff --git a/advisor/src/main/kotlin/advisors/VulnerableCode.kt b/advisor/src/main/kotlin/advisors/VulnerableCode.kt index 912b399dc8ef6..b3947350d7855 100644 --- a/advisor/src/main/kotlin/advisors/VulnerableCode.kt +++ b/advisor/src/main/kotlin/advisors/VulnerableCode.kt @@ -126,7 +126,13 @@ class VulnerableCode(name: String, config: VulnerableCodeConfiguration) : Advice ): List = runCatching { val sourceUri = URI(url) if (scores.isEmpty()) return listOf(VulnerabilityReference(sourceUri, null, null)) - return scores.map { VulnerabilityReference(sourceUri, it.scoringSystem, it.value) } + return scores.map { + // VulnerableCode returns MODERATE instead of MEDIUM in case of cvssv3.1_qr, see: + // https://github.com/nexB/vulnerablecode/issues/1186 + val severity = if (it.scoringSystem == "cvssv3.1_qr" && it.value == "MODERATE") "MEDIUM" else it.value + + VulnerabilityReference(sourceUri, it.scoringSystem, severity) + } }.onFailure { issues += createAndLogIssue(providerName, "Failed to map $this to ORT model due to $it.", Severity.HINT) }.getOrElse { emptyList() }