CVSS version mismatch

[supermaurio]

The api endpoint at https://ossindex.sonatype.org/api/v3/component-report
returns a CVSSv3.1 vector, but the library ossindex-service-client defaults to "CVSSv2" because it does not start with "CVSSv3.0":

ossindex-public/api/src/main/java/org/sonatype/ossindex/service/api/cvss/CvssVectorFactory.java

Lines 34 to 37 in 12b5be0

	if (value.startsWith(Cvss3Vector.PREAMBLE)) {
	return new Cvss3Vector(value);
	}
	return new Cvss2Vector(value);

This bug results in the following issue over at OWASP dependency check:
jeremylong/DependencyCheck#5598

[anastasia-vanriet]

Hi @supermaurio,

Thank you for bringing this to our attention, and apologies for the delayed response. A bug ticket has been filed, and we hope to address this very soon.