From 8131a2f92ed121d6c60e4dd54fae483d906d4448 Mon Sep 17 00:00:00 2001
From: schniggie <root@schniggie.de>
Date: Tue, 21 Oct 2025 10:43:20 +0200
Subject: [PATCH] Fix FEED_MIRROR URL by adding trailing slash

Fixes insecure downgrade to http-only:

curl -I https://mirror.cveb.in/nvd/json/cve/1.1
HTTP/1.1 301 Moved Permanently
server: nginx/1.28.0
date: Tue, 21 Oct 2025 08:25:02 GMT
content-type: text/html
content-length: 169
location: http://mirror.cveb.in/nvd/json/cve/1.1/

vs.

curl -I https://mirror.cveb.in/nvd/json/cve/1.1/
HTTP/1.1 200 OK
server: nginx/1.28.0
date: Tue, 21 Oct 2025 08:24:54 GMT
content-type: text/html
---
 cve_bin_tool/data_sources/nvd_source.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cve_bin_tool/data_sources/nvd_source.py b/cve_bin_tool/data_sources/nvd_source.py
index 3a5f00c03d..80f2f1596e 100644
--- a/cve_bin_tool/data_sources/nvd_source.py
+++ b/cve_bin_tool/data_sources/nvd_source.py
@@ -49,7 +49,7 @@ class NVD_Source(Data_Source):
     CACHEDIR = DISK_LOCATION_DEFAULT
     BACKUPCACHEDIR = DISK_LOCATION_BACKUP
     FEED_NVD = "https://nvd.nist.gov/vuln/data-feeds"
-    FEED_MIRROR = "https://v4.mirror.cveb.in/nvd/json/cve/1.1"
+    FEED_MIRROR = "https://v4.mirror.cveb.in/nvd/json/cve/1.1/"
     LOGGER = LOGGER.getChild("CVEDB")
     NVDCVE_FILENAME_TEMPLATE = NVD_FILENAME_TEMPLATE
     META_LINK_NVD = "https://nvd.nist.gov"