Invalid CVSS v2 environmental score computation

[pandatix]

During differential fuzzing with github.com/pandatix/go-cvss I discovered that your implementation does not properly computes the environmental score, and more precisely returns 0 when no environmental variable is set different to ND (Not Defined).

In order to be compliant with the first.org specification Section 3.2.3, you must compute the environmental score given your metric values.

The following Go code illustrates this issue.

package main

import (
	"fmt"
	"log"

	cvss "github.com/attwad/gocvss"
)

func main() {
	raw := "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C"
	vec, err := cvss.Parse(raw)
	if err != nil {
		log.Fatal(err)
	}

	s := vec.Score()
	b, t, e := s.Base, s.Temporal, s.Environmental
	fmt.Printf("Scores: %.1f;%.1f;%.1f\n", b, t, e)
}

produces ->

Scores: 10.0;8.3;0.0