From 02e04407ec4a36347af64ed3ec70c383889e261c Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 2 Jul 2024 09:02:11 -0400
Subject: [PATCH 1/2] fix: attempt to fix NPE hopefully resolves #6742

---
 .../dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java b/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
index ce73223880e..307383b4072 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
@@ -82,7 +82,7 @@ public String getEcosystem(DefCveItem cve) {
      * <code>null</code>
      */
     private boolean hasMultipleVendorProductConfigurations(DefCveItem cve) {
-        if (cve.getCve().getConfigurations() != null) {
+        if (cve.getCve().getConfigurations() != null && !cve.getCve().getConfigurations().isEmpty()) {
             final List<CpeMatch> cpeEntries = cve.getCve().getConfigurations().stream()
                     .map(Config::getNodes)
                     .flatMap(List::stream)

From 380675b35fa4d06b57f53241550b6d88b187d7b5 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 2 Jul 2024 09:03:28 -0400
Subject: [PATCH 2/2] fix: attempt to fix NPE hopefully resolves #6742

---
 .../dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java b/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
index 307383b4072..1a713cd9022 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
@@ -86,6 +86,7 @@ private boolean hasMultipleVendorProductConfigurations(DefCveItem cve) {
             final List<CpeMatch> cpeEntries = cve.getCve().getConfigurations().stream()
                     .map(Config::getNodes)
                     .flatMap(List::stream)
+                    .filter(cpe -> cpe.getCpeMatch() != null)
                     .map(Node::getCpeMatch)
                     .flatMap(List::stream)
                     .filter(match -> match.getCriteria() != null)