oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-12 02:26:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: use vercel for vendor in nextjs CPE (#4450)

Browse Source 
The recent react / next CVE uses "vercel" as the vendor, see
https://nvd.nist.gov/vuln/detail/CVE-2025-55182

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
This commit is contained in:
Will Murphy 2025-12-08 15:23:36 -05:00 committed by GitHub
parent baca32f04a
commit d950ac1fae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
syft/pkg/cataloger/internal/cpegenerate/candidate_by_package_type.go
View File

@ -196,6 +196,11 @@ var defaultCandidateAdditions = buildCandidateLookup(
candidateAddition{AdditionalVendors: []string{"handlebarsjs"}},
},
// NPM packages
{
pkg.NpmPkg,
candidateKey{PkgName: "next"},
candidateAddition{AdditionalProducts: []string{"next.js"}, AdditionalVendors: []string{"vercel"}},
},
{
pkg.NpmPkg,
candidateKey{PkgName: "hapi"},