External mariadb CVE database running into incompatible character encoding issue

[ptecihner]

Describe the bug
When using external db during the merge operation with cve and cisa the operation fails

Version of dependency-check used
Maven 8.2.1

Log file
Will attach later

To Reproduce
Steps to reproduce the behavior:

1. Run maven in update only mode

Expected behavior
Db to have been updated

[ptecihner]

dependency-check-mvn-external-db.log

[aikebah]

@ptecihner Did you modify the default characterset of mariadb from the default?

[ptecihner]

No

[aikebah]

Looks like there were unicode replacement characters (U+FFFD (�) encoded by the reported 0xEF BF DD in utf-8) surrounding IOMobileFrameBuffer in the short description of the Known Exploited Vulnerabilities datafeed of the CISA that have by now been corrected by replacing them with regular spaces. Do you still experience the issue on a fresh update?

[cpfeiffer]

I still see the same problem. See stefanneuhaus/dependencycheck-central-mysql-docker#18
Even if the data feed would be fixed upstream, one shouldn't rely on that, IMHO.

[aikebah]

Fully agree to that cpfeiffer, but would need to get my hands on a problematic file to be able to reproduce and verify the fix.

[cpfeiffer]

If you download https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
have a look at the shortDescription for CVE-2021-42013 and CVE-2021-41773.

[cpfeiffer]

(those links to github's advisory data were not made by me, I entered plain CVE-...)