Discrepancies in website and Docker requests

[mauvehed]

While attempting to use the docker image to query CVE’s, I’m finding some very strange discrepancies between what that shows and the website.

Take for instance CVE-2022-4257. The website shows a resource for exploitation and and exploit.

However, the Docker query shows an exploit, but no exploitation.

docker run inthewild/inthewild reports CVE-2022-4257 --no-format-cli | jq
{
  "id": "CVE-2022-4257",
  "description": "A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.",
  "exploitations": [],
  "exploits": [
    {
      "id": "CVE-2022-4257",
      "referenceURL": "https://github.com/siriuswhiter/VulnHub/blob/main/C-Data/rce1.md",
      "timeStamp": "2022-12-05T18:51:00.000Z"
    }
  ]
}

Another issue is with CVE-2022-47986. The website shows two exploitation notes and one exploit. However, the Docker lookup says it doesn’t have a description or anything.

docker run inthewild/inthewild reports CVE-2022-47986 --no-format-cli | jq
{
  "id": "CVE-2022-47986",
  "description": "Vulnerability description missing",
  "exploitations": [],
  "exploits": []
}

[gmatuz]

fixed, the update logic to the repository was broken 😱