From 1cfa3385c6f072aeb49ec5fc46968254b7020a58 Mon Sep 17 00:00:00 2001
From: StefanKelm <StefanKelm@users.noreply.github.com>
Date: Thu, 12 Apr 2018 14:35:04 +0200
Subject: [PATCH] Update Attribute.php

According to https://cve.mitre.org/news/archives/2014/news.html#jan152014_New_CVE_ID_Format_in_Effect_as_of_January_1_2014 the four-fixed-digits requirement has been dropped
---
 app/Model/Attribute.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index 04d1812da..423cdca34 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -1024,10 +1024,10 @@ class Attribute extends AppModel {
 				break;
 			case 'vulnerability':
 				$value = str_replace('–', '-', $value);
-				if (preg_match("#^(CVE-)[0-9]{4}(-)[0-9]{4,6}$#", $value)) {
+				if (preg_match("#^(CVE-)[0-9]{4}(-)[0-9]{4,}$#", $value)) {
 					$returnValue = true;
 				} else {
-					$returnValue = 'Invalid format. Expected: CVE-xxxx-xxxx.';
+					$returnValue = 'Invalid format. Expected: CVE-xxxx-xxxx...';
 				}
 				break;
 			case 'named pipe':