diff --git a/vulnerabilities/importer.py b/vulnerabilities/importer.py index 9d19b4a5c..5d9e7ac89 100644 --- a/vulnerabilities/importer.py +++ b/vulnerabilities/importer.py @@ -253,8 +253,8 @@ def from_dict(cls, data: dict): @dataclasses.dataclass(eq=True) @functools.total_ordering class PatchData: - patch_url: Optional[str] = None - patch_text: Optional[str] = None + patch_url: Optional[str] = "" + patch_text: Optional[str] = "" patch_checksum: Optional[str] = dataclasses.field(init=False, default=None) def __post_init__(self): @@ -271,9 +271,9 @@ def __lt__(self, other): def _cmp_key(self): return ( - self.patch_url, - self.patch_text, - self.patch_checksum, + self.patch_url or "", + self.patch_text or "", + self.patch_checksum or "", ) def to_dict(self) -> dict: @@ -556,23 +556,63 @@ def from_dict(cls, affected_pkg: dict): class AdvisoryData: """ This data class expresses the contract between data sources and the import runner. + """ + + aliases: List[str] = dataclasses.field(default_factory=list) + summary: Optional[str] = "" + affected_packages: List[AffectedPackage] = dataclasses.field(default_factory=list) + references: List[Reference] = dataclasses.field(default_factory=list) + date_published: Optional[datetime.datetime] = None + weaknesses: List[int] = dataclasses.field(default_factory=list) + url: Optional[str] = None + + def __post_init__(self): + if self.summary: + self.summary = clean_summary(self.summary) - If a vulnerability_id is present then: - summary or affected_packages or references must be present - otherwise - either affected_package or references should be present + def to_dict(self): + return { + "aliases": self.aliases, + "summary": self.summary, + "affected_packages": [pkg.to_dict() for pkg in self.affected_packages], + "references": [ref.to_dict() for ref in self.references], + "date_published": self.date_published.isoformat() if self.date_published else None, + "weaknesses": self.weaknesses, + "url": self.url if self.url else "", + } - date_published must be aware datetime + @classmethod + def from_dict(cls, advisory_data): + date_published = advisory_data["date_published"] + transformed = { + "aliases": advisory_data["aliases"], + "summary": advisory_data["summary"], + "affected_packages": [ + AffectedPackage.from_dict(pkg) + for pkg in advisory_data["affected_packages"] + if pkg is not None + ], + "references": [Reference.from_dict(ref) for ref in advisory_data["references"]], + "date_published": datetime.datetime.fromisoformat(date_published) + if date_published + else None, + "weaknesses": advisory_data["weaknesses"], + "url": advisory_data.get("url") or None, + } + return cls(**transformed) + + +@dataclasses.dataclass(order=True) +class AdvisoryDataV2: + """ + This data class expresses the contract between data sources and the import runner. """ advisory_id: str = "" aliases: List[str] = dataclasses.field(default_factory=list) summary: Optional[str] = "" - affected_packages: Union[List[AffectedPackage], List[AffectedPackageV2]] = dataclasses.field( - default_factory=list - ) - references: List[Reference] = dataclasses.field(default_factory=list) - references_v2: List[ReferenceV2] = dataclasses.field(default_factory=list) + affected_packages: List[AffectedPackageV2] = dataclasses.field(default_factory=list) + references: List[ReferenceV2] = dataclasses.field(default_factory=list) patches: List[PatchData] = dataclasses.field(default_factory=list) date_published: Optional[datetime.datetime] = None weaknesses: List[int] = dataclasses.field(default_factory=list) @@ -581,46 +621,24 @@ class AdvisoryData: original_advisory_text: Optional[str] = None def __post_init__(self): + if not self.advisory_id: + raise ValueError("advisory_id is required for AdvisoryDataV2") if self.advisory_id and self.advisory_id in self.aliases: raise ValueError( f"advisory_id {self.advisory_id} should not be present in aliases {self.aliases}" ) if self.summary: - self.summary = self.clean_summary(self.summary) - - def clean_summary(self, summary): - # https://nvd.nist.gov/vuln/detail/CVE-2013-4314 - # https://github.com/cms-dev/cms/issues/888#issuecomment-516977572 - summary = summary.strip() - if summary: - summary = summary.replace("\x00", "\uFFFD") - return summary + self.summary = clean_summary(self.summary) def to_dict(self): - is_adv_v2 = ( - self.advisory_id - or self.severities - or self.references_v2 - or (self.affected_packages and isinstance(self.affected_packages[0], AffectedPackageV2)) - ) - if is_adv_v2: - return { - "advisory_id": self.advisory_id, - "aliases": self.aliases, - "summary": self.summary, - "affected_packages": [pkg.to_dict() for pkg in self.affected_packages], - "references_v2": [ref.to_dict() for ref in self.references_v2], - "patches": [patch.to_dict() for patch in self.patches], - "severities": [sev.to_dict() for sev in self.severities], - "date_published": self.date_published.isoformat() if self.date_published else None, - "weaknesses": self.weaknesses, - "url": self.url if self.url else "", - } return { + "advisory_id": self.advisory_id, "aliases": self.aliases, "summary": self.summary, "affected_packages": [pkg.to_dict() for pkg in self.affected_packages], "references": [ref.to_dict() for ref in self.references], + "patches": [patch.to_dict() for patch in self.patches], + "severities": [sev.to_dict() for sev in self.severities], "date_published": self.date_published.isoformat() if self.date_published else None, "weaknesses": self.weaknesses, "url": self.url if self.url else "", @@ -629,31 +647,37 @@ def to_dict(self): @classmethod def from_dict(cls, advisory_data): date_published = advisory_data["date_published"] - affected_packages = advisory_data["affected_packages"] - affected_package_cls = AffectedPackage - if affected_packages: - affected_package_cls = ( - AffectedPackageV2 - if "fixed_version_range" in affected_packages[0] - else AffectedPackage - ) transformed = { "aliases": advisory_data["aliases"], "summary": advisory_data["summary"], "affected_packages": [ - affected_package_cls.from_dict(pkg) for pkg in affected_packages if pkg is not None + AffectedPackageV2.from_dict(pkg) + for pkg in advisory_data["affected_packages"] + if pkg is not None ], "patches": [PatchData.from_dict(patch) for patch in advisory_data.get("patches", [])], - "references": [Reference.from_dict(ref) for ref in advisory_data["references"]], + "references": [ReferenceV2.from_dict(ref) for ref in advisory_data["references"]], "date_published": datetime.datetime.fromisoformat(date_published) if date_published else None, "weaknesses": advisory_data["weaknesses"], + "severities": [ + VulnerabilitySeverity.from_dict(sev) for sev in advisory_data.get("severities", []) + ], "url": advisory_data.get("url") or None, } return cls(**transformed) +def clean_summary(summary): + # https://nvd.nist.gov/vuln/detail/CVE-2013-4314 + # https://github.com/cms-dev/cms/issues/888#issuecomment-516977572 + summary = summary.strip() + if summary: + summary = summary.replace("\x00", "\uFFFD") + return summary + + class NoLicenseError(Exception): pass diff --git a/vulnerabilities/importers/curl.py b/vulnerabilities/importers/curl.py index c6f844d80..c74622b5b 100644 --- a/vulnerabilities/importers/curl.py +++ b/vulnerabilities/importers/curl.py @@ -97,7 +97,7 @@ def parse_advisory_data(raw_data) -> AdvisoryData: ... ] ... } >>> parse_advisory_data(raw_data) - AdvisoryData(advisory_id='', aliases=['CVE-2024-2379'], summary='QUIC certificate check bypass with wolfSSL', affected_packages=[AffectedPackage(package=PackageURL(type='generic', namespace='curl.se', name='curl', version=None, qualifiers={}, subpath=None), affected_version_range=GenericVersionRange(constraints=(VersionConstraint(comparator='=', version=SemverVersion(string='8.6.0')),)), fixed_version=SemverVersion(string='8.7.0'))], references=[Reference(reference_id='', reference_type='', url='https://curl.se/docs/CVE-2024-2379.html', severities=[VulnerabilitySeverity(system=Cvssv3ScoringSystem(identifier='cvssv3.1', name='CVSSv3.1 Base Score', url='https://www.first.org/cvss/v3-1/', notes='CVSSv3.1 base score and vector'), value='Low', scoring_elements='', published_at=None, url=None)]), Reference(reference_id='', reference_type='', url='https://hackerone.com/reports/2410774', severities=[])], references_v2=[], patches=[], date_published=datetime.datetime(2024, 3, 27, 8, 0, tzinfo=datetime.timezone.utc), weaknesses=[297], severities=[], url='https://curl.se/docs/CVE-2024-2379.json', original_advisory_text=None) + AdvisoryData(aliases=['CVE-2024-2379'], summary='QUIC certificate check bypass with wolfSSL', affected_packages=[AffectedPackage(package=PackageURL(type='generic', namespace='curl.se', name='curl', version=None, qualifiers={}, subpath=None), affected_version_range=GenericVersionRange(constraints=(VersionConstraint(comparator='=', version=SemverVersion(string='8.6.0')),)), fixed_version=SemverVersion(string='8.7.0'))], references=[Reference(reference_id='', reference_type='', url='https://curl.se/docs/CVE-2024-2379.html', severities=[VulnerabilitySeverity(system=Cvssv3ScoringSystem(identifier='cvssv3.1', name='CVSSv3.1 Base Score', url='https://www.first.org/cvss/v3-1/', notes='CVSSv3.1 base score and vector'), value='Low', scoring_elements='', published_at=None, url=None)]), Reference(reference_id='', reference_type='', url='https://hackerone.com/reports/2410774', severities=[])], date_published=datetime.datetime(2024, 3, 27, 8, 0, tzinfo=datetime.timezone.utc), weaknesses=[297], url='https://curl.se/docs/CVE-2024-2379.json') """ affected = get_item(raw_data, "affected")[0] if len(get_item(raw_data, "affected")) > 0 else [] diff --git a/vulnerabilities/importers/osv.py b/vulnerabilities/importers/osv.py index cc70ea843..3658c57b3 100644 --- a/vulnerabilities/importers/osv.py +++ b/vulnerabilities/importers/osv.py @@ -111,83 +111,6 @@ def parse_advisory_data( ) -def parse_advisory_data_v2( - raw_data: dict, supported_ecosystems, advisory_url: str, advisory_text: str -) -> Optional[AdvisoryData]: - """ - Return an AdvisoryData build from a ``raw_data`` mapping of OSV advisory and - a ``supported_ecosystem`` string. - """ - advisory_id = raw_data.get("id") or "" - if not advisory_id: - logger.error(f"Missing advisory id in OSV data: {raw_data}") - return None - summary = raw_data.get("summary") or "" - details = raw_data.get("details") or "" - summary = build_description(summary=summary, description=details) - aliases = raw_data.get("aliases") or [] - - date_published = get_published_date(raw_data=raw_data) - severities = list(get_severities(raw_data=raw_data)) - references = get_references_v2(raw_data=raw_data) - - affected_packages = [] - - for affected_pkg in raw_data.get("affected") or []: - purl = get_affected_purl(affected_pkg=affected_pkg, raw_id=advisory_id) - - if not purl or purl.type not in supported_ecosystems: - logger.error(f"Unsupported package type: {affected_pkg!r} in OSV: {advisory_id!r}") - continue - - affected_version_range = get_affected_version_range( - affected_pkg=affected_pkg, - raw_id=advisory_id, - supported_ecosystem=purl.type, - ) - - fixed_versions = [] - fixed_version_range = None - for fixed_range in affected_pkg.get("ranges") or []: - fixed_version = get_fixed_versions( - fixed_range=fixed_range, raw_id=advisory_id, supported_ecosystem=purl.type - ) - fixed_versions.extend([v.string for v in fixed_version]) - - fixed_version_range = ( - get_fixed_version_range(fixed_versions, purl.type) if fixed_versions else None - ) - - if fixed_version_range or affected_version_range: - affected_packages.append( - AffectedPackageV2( - package=purl, - affected_version_range=affected_version_range, - fixed_version_range=fixed_version_range, - ) - ) - - database_specific = raw_data.get("database_specific") or {} - cwe_ids = database_specific.get("cwe_ids") or [] - weaknesses = list(map(get_cwe_id, cwe_ids)) - - if advisory_id in aliases: - aliases.remove(advisory_id) - - return AdvisoryData( - advisory_id=advisory_id, - aliases=aliases, - summary=summary, - references_v2=references, - severities=severities, - affected_packages=affected_packages, - date_published=date_published, - weaknesses=weaknesses, - url=advisory_url, - original_advisory_text=advisory_text or json.dumps(raw_data, indent=2, ensure_ascii=False), - ) - - def extract_fixed_versions(fixed_range) -> Iterable[str]: """ Return a list of fixed version strings given a ``fixed_range`` mapping of diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index 451db71eb..e64599c96 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -65,6 +65,7 @@ import vulnerablecode from vulnerabilities import utils +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.severity_systems import EPSS from vulnerabilities.severity_systems import SCORING_SYSTEMS from vulnerabilities.utils import compute_patch_checksum @@ -2987,6 +2988,12 @@ class AdvisoryV2(models.Model): help_text="Weighted severity is the highest value calculated by multiplying each severity by its corresponding weight, divided by 10.", ) + # precedence = models.IntegerField( + # null=True, + # blank=True, + # help_text="Precedence indicates the priority level of addressing a vulnerability based on its overall risk", + # ) + @property def risk_score(self): """ @@ -3026,17 +3033,17 @@ def get_absolute_url(self): """ return reverse("advisory_details", args=[self.avid]) - def to_advisory_data(self) -> "AdvisoryData": - from vulnerabilities.importer import AdvisoryData + def to_advisory_data(self) -> "AdvisoryDataV2": + from vulnerabilities.importer import AdvisoryDataV2 - return AdvisoryData( + return AdvisoryDataV2( advisory_id=self.advisory_id, aliases=[item.alias for item in self.aliases.all()], summary=self.summary, affected_packages=[ impacted.to_affected_package_data() for impacted in self.impacted_packages.all() ], - references_v2=[ref.to_reference_v2_data() for ref in self.references.all()], + references=[ref.to_reference_v2_data() for ref in self.references.all()], patches=[patch.to_patch_data() for patch in self.patches.all()], date_published=self.date_published, weaknesses=[weak.cwe_id for weak in self.weaknesses.all()], diff --git a/vulnerabilities/pipelines/v2_importers/aosp_importer.py b/vulnerabilities/pipelines/v2_importers/aosp_importer.py index 411ecc879..ac4ef4ed6 100644 --- a/vulnerabilities/pipelines/v2_importers/aosp_importer.py +++ b/vulnerabilities/pipelines/v2_importers/aosp_importer.py @@ -15,7 +15,7 @@ import dateparser from fetchcode.vcs import fetch_via_vcs -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import VulnerabilitySeverity from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 from vulnerabilities.pipes.advisory import append_patch_classifications @@ -100,13 +100,13 @@ def collect_advisories(self): f"{quote(file_path.name)}" ) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=vulnerability_id, summary=summary, affected_packages=affected_packages, severities=severities, patches=patches, - references_v2=references, + references=references, date_published=date_published, url=url, ) diff --git a/vulnerabilities/pipelines/v2_importers/apache_httpd_importer.py b/vulnerabilities/pipelines/v2_importers/apache_httpd_importer.py index 249133eaa..85856a794 100644 --- a/vulnerabilities/pipelines/v2_importers/apache_httpd_importer.py +++ b/vulnerabilities/pipelines/v2_importers/apache_httpd_importer.py @@ -21,7 +21,7 @@ from univers.version_range import ApacheVersionRange from univers.versions import SemverVersion -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity @@ -223,7 +223,7 @@ class ApacheHTTPDImporterPipeline(VulnerableCodeBaseImporterPipelineV2): def steps(cls): return (cls.collect_and_store_advisories,) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: if not self.links: self.links = fetch_links(self.base_url) for link in self.links: @@ -301,12 +301,12 @@ def to_advisory(self, data): weaknesses = get_weaknesses(data) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=alias, aliases=[], summary=description or "", affected_packages=affected_packages, - references_v2=[reference], + references=[reference], weaknesses=weaknesses, url=reference.url, severities=severities, diff --git a/vulnerabilities/pipelines/v2_importers/apache_kafka_importer.py b/vulnerabilities/pipelines/v2_importers/apache_kafka_importer.py index 3688b618d..feec010c3 100644 --- a/vulnerabilities/pipelines/v2_importers/apache_kafka_importer.py +++ b/vulnerabilities/pipelines/v2_importers/apache_kafka_importer.py @@ -18,7 +18,7 @@ from packageurl import PackageURL from univers.version_range import ApacheVersionRange -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.models import AdvisoryReference @@ -63,11 +63,11 @@ def fetch(self): def advisories_count(self): return sum(1 for _ in self.soup.find(class_="td-content").find_all("table")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: for table in self.soup.find(class_="td-content").find_all("table"): yield self.to_advisory_data(table) - def to_advisory_data(self, table) -> Iterable[AdvisoryData]: + def to_advisory_data(self, table) -> Iterable[AdvisoryDataV2]: affected_constraints = None fixed_constraints = None affected_packages = [] @@ -124,13 +124,13 @@ def to_advisory_data(self, table) -> Iterable[AdvisoryData]: ) ) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=cve, aliases=[], summary=build_description(summary=title, description=description), date_published=date_published, affected_packages=affected_packages, - references_v2=references, + references=references, url=f"{self.url}#{cve}", original_advisory_text=original_advisory, ) diff --git a/vulnerabilities/pipelines/v2_importers/apache_tomcat_importer.py b/vulnerabilities/pipelines/v2_importers/apache_tomcat_importer.py index abf6a62dd..2b9b93b6d 100644 --- a/vulnerabilities/pipelines/v2_importers/apache_tomcat_importer.py +++ b/vulnerabilities/pipelines/v2_importers/apache_tomcat_importer.py @@ -23,7 +23,7 @@ from univers.versions import MavenVersion from univers.versions import SemverVersion -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 @@ -62,7 +62,7 @@ def steps(cls): def advisories_count(cls): return 0 - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: for page_url in self.fetch_advisory_links(): try: content = requests.get(page_url).content @@ -104,7 +104,7 @@ def collect_advisories(self) -> Iterable[AdvisoryData]: ) ) page_id = page_url.split("/")[-1].replace(".html", "") - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=f"{page_id}/{cve}", summary=advisory_list[0].summary, affected_packages=affected_packages, diff --git a/vulnerabilities/pipelines/v2_importers/archlinux_importer.py b/vulnerabilities/pipelines/v2_importers/archlinux_importer.py index 24a8924de..f1645a41a 100644 --- a/vulnerabilities/pipelines/v2_importers/archlinux_importer.py +++ b/vulnerabilities/pipelines/v2_importers/archlinux_importer.py @@ -14,7 +14,7 @@ from packageurl import PackageURL from univers.version_range import ArchLinuxVersionRange -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 @@ -44,11 +44,11 @@ def fetch(self) -> Iterable[Mapping]: def advisories_count(self) -> int: return len(self.response) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: for record in self.response: yield self.parse_advisory(record) - def parse_advisory(self, record) -> AdvisoryData: + def parse_advisory(self, record) -> AdvisoryDataV2: affected_packages = [] references = [] avg_name = record.get("name") @@ -90,11 +90,11 @@ def parse_advisory(self, record) -> AdvisoryData: ) ) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=avg_name, aliases=aliases, summary=summary, - references_v2=references, + references=references, affected_packages=affected_packages, weaknesses=[], url=f"https://security.archlinux.org/{avg_name}.json", diff --git a/vulnerabilities/pipelines/v2_importers/curl_importer.py b/vulnerabilities/pipelines/v2_importers/curl_importer.py index 03610a1e0..64181aac2 100644 --- a/vulnerabilities/pipelines/v2_importers/curl_importer.py +++ b/vulnerabilities/pipelines/v2_importers/curl_importer.py @@ -13,7 +13,7 @@ from packageurl import PackageURL from univers.version_range import GenericVersionRange -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity @@ -47,7 +47,7 @@ def fetch_data(self): def advisories_count(self) -> int: return len(self.fetch_data()) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: for entry in self.fetch_data(): cve_id = entry.get("aliases") or [] cve_id = cve_id[0] if cve_id else None @@ -58,15 +58,15 @@ def collect_advisories(self) -> Iterable[AdvisoryData]: yield parse_curl_advisory(entry) -def parse_curl_advisory(raw_data) -> AdvisoryData: +def parse_curl_advisory(raw_data) -> AdvisoryDataV2: """ - Parse advisory data from raw JSON data and return an AdvisoryData object. + Parse advisory data from raw JSON data and return an AdvisoryDataV2 object. Args: raw_data (dict): Raw JSON data containing advisory information. Returns: - AdvisoryData: Parsed advisory data as an AdvisoryData object. + AdvisoryDataV2: Parsed advisory data as an AdvisoryDataV2 object. """ affected = get_item(raw_data, "affected")[0] if len(get_item(raw_data, "affected")) > 0 else [] @@ -117,12 +117,12 @@ def parse_curl_advisory(raw_data) -> AdvisoryData: if advisory_id in aliases: aliases.remove(advisory_id) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=advisory_id, aliases=aliases, summary=raw_data.get("summary") or "", affected_packages=[affected_package], - references_v2=references, + references=references, date_published=date_published, weaknesses=weaknesses, url=json_url, diff --git a/vulnerabilities/pipelines/v2_importers/debian_importer.py b/vulnerabilities/pipelines/v2_importers/debian_importer.py index 201973870..778cbb1e8 100644 --- a/vulnerabilities/pipelines/v2_importers/debian_importer.py +++ b/vulnerabilities/pipelines/v2_importers/debian_importer.py @@ -16,6 +16,7 @@ from univers.version_range import DebianVersionRange from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 @@ -160,7 +161,7 @@ def parse(self, pkg_name: str, records: Mapping[str, Any]) -> Iterable[AdvisoryD ) weaknesses = get_cwe_from_debian_advisory(record) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=f"{pkg_name}/{record_identifier}", aliases=[record_identifier], summary=record.get("description", ""), diff --git a/vulnerabilities/pipelines/v2_importers/elixir_security_importer.py b/vulnerabilities/pipelines/v2_importers/elixir_security_importer.py index 4fb95ad3b..d673978d3 100644 --- a/vulnerabilities/pipelines/v2_importers/elixir_security_importer.py +++ b/vulnerabilities/pipelines/v2_importers/elixir_security_importer.py @@ -16,7 +16,7 @@ from univers.version_constraint import VersionConstraint from univers.version_range import HexVersionRange -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 @@ -54,7 +54,7 @@ def advisories_count(self) -> int: count = len(list((base_path / "packages").glob("**/*.yml"))) return count - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: try: base_path = Path(self.vcs_response.dest_dir) vuln = base_path / "packages" @@ -67,7 +67,7 @@ def collect_advisories(self) -> Iterable[AdvisoryData]: def on_failure(self): self.clean_downloads() - def process_file(self, file, base_path) -> Iterable[AdvisoryData]: + def process_file(self, file, base_path) -> Iterable[AdvisoryDataV2]: relative_path = str(file.relative_to(base_path)).strip("/") path_segments = str(file).split("/") # use the last two segments as the advisory ID @@ -127,11 +127,11 @@ def process_file(self, file, base_path) -> Iterable[AdvisoryData]: if yaml_file.get("disclosure_date"): date_published = dateparser.parse(yaml_file.get("disclosure_date")) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=advisory_id, aliases=[cve_id], summary=summary, - references_v2=references, + references=references, affected_packages=affected_packages, url=advisory_url, date_published=date_published, diff --git a/vulnerabilities/pipelines/v2_importers/epss_importer_v2.py b/vulnerabilities/pipelines/v2_importers/epss_importer_v2.py index 1b3dbaeff..4eb660725 100644 --- a/vulnerabilities/pipelines/v2_importers/epss_importer_v2.py +++ b/vulnerabilities/pipelines/v2_importers/epss_importer_v2.py @@ -14,7 +14,7 @@ from typing import Iterable from vulnerabilities import severity_systems -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 @@ -46,7 +46,7 @@ def fetch_db(self): with gzip.open(response, "rb") as f: self.lines = [l.decode("utf-8") for l in f.readlines()] - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: if not self.lines: logger.error("No EPSS data loaded") raise ValueError("EPSS data is empty") @@ -76,9 +76,9 @@ def collect_advisories(self) -> Iterable[AdvisoryData]: url=f"https://api.first.org/data/v1/epss?cve={cve}", ) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=cve, severities=[severity], - references_v2=[references], + references=[references], url=self.advisory_url, ) diff --git a/vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py b/vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py index 19430c237..1a2c91e39 100644 --- a/vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py +++ b/vulnerabilities/pipelines/v2_importers/fireeye_importer_v2.py @@ -13,7 +13,7 @@ from fetchcode.vcs import fetch_via_vcs -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 @@ -60,7 +60,7 @@ def clone(self): self.log(f"Cloning `{self.repo_url}`") self.vcs_response = fetch_via_vcs(self.repo_url) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: base_path = Path(self.vcs_response.dest_dir) for file_path in base_path.glob("**/*"): if file_path.suffix.lower() != ".md": @@ -86,9 +86,9 @@ def on_failure(self): self.clean_downloads() -def parse_advisory_data(raw_data, file_path, base_path) -> AdvisoryData: +def parse_advisory_data(raw_data, file_path, base_path) -> AdvisoryDataV2: """ - Parse a fireeye advisory repo and return an AdvisoryData or None. + Parse a fireeye advisory repo and return an AdvisoryDataV2 or None. These files are in Markdown format. """ raw_data = raw_data.replace("\n\n", "\n") @@ -118,11 +118,11 @@ def parse_advisory_data(raw_data, file_path, base_path) -> AdvisoryData: url="https://github.com/mandiant/Vulnerability-Disclosures/blob/master/", ) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=advisory_id, aliases=aliases, summary=build_description(" ".join(summary), " ".join(description)), - references_v2=get_references(references), + references=get_references(references), severities=get_severities(impact), weaknesses=get_weaknesses(cwe_data), url=advisory_url, diff --git a/vulnerabilities/pipelines/v2_importers/github_osv_importer.py b/vulnerabilities/pipelines/v2_importers/github_osv_importer.py index 3da166a59..91adbf1bd 100644 --- a/vulnerabilities/pipelines/v2_importers/github_osv_importer.py +++ b/vulnerabilities/pipelines/v2_importers/github_osv_importer.py @@ -13,7 +13,7 @@ from fetchcode.vcs import fetch_via_vcs -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 from vulnerabilities.pipes.osv_v2 import parse_advisory_data_v3 from vulnerabilities.utils import get_advisory_url @@ -47,7 +47,7 @@ def advisories_count(self): advisory_dir = Path(self.vcs_response.dest_dir) / "advisories/github-reviewed" return sum(1 for _ in advisory_dir.rglob("*.json")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: supported_ecosystems = [ "pypi", "npm", diff --git a/vulnerabilities/pipelines/v2_importers/gitlab_importer.py b/vulnerabilities/pipelines/v2_importers/gitlab_importer.py index a32b6a6c3..f6ba10eb5 100644 --- a/vulnerabilities/pipelines/v2_importers/gitlab_importer.py +++ b/vulnerabilities/pipelines/v2_importers/gitlab_importer.py @@ -22,7 +22,7 @@ from univers.version_range import RANGE_CLASS_BY_SCHEMES from univers.version_range import from_gitlab_native -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity @@ -75,7 +75,7 @@ def advisories_count(self): root = Path(self.vcs_response.dest_dir) return sum(1 for _ in root.rglob("*.yml")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: base_path = Path(self.vcs_response.dest_dir) for file_path in base_path.rglob("*.yml"): @@ -179,7 +179,7 @@ def parse_gitlab_advisory( file, base_path, gitlab_scheme_by_purl_type, purl_type_by_gitlab_scheme, logger ): """ - Parse a Gitlab advisory file and return an AdvisoryData or None. + Parse a Gitlab advisory file and return an AdvisoryDataV2 or None. These files are YAML. There is a JSON schema documented at https://gitlab.com/gitlab-org/advisories-community/-/blob/main/ci/schema/schema.json @@ -240,11 +240,11 @@ def parse_gitlab_advisory( logger( f"parse_yaml_file: purl is not valid: {file!r} {package_slug!r}", level=logging.ERROR ) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=advisory_id, aliases=aliases, summary=summary, - references_v2=references, + references=references, date_published=date_published, url=advisory_url, original_advisory_text=json.dumps(gitlab_advisory, indent=2, ensure_ascii=False), @@ -318,11 +318,11 @@ def parse_gitlab_advisory( ) ) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=advisory_id, aliases=aliases, summary=summary, - references_v2=references, + references=references, date_published=date_published, affected_packages=[affected_package], weaknesses=cwe_list, diff --git a/vulnerabilities/pipelines/v2_importers/istio_importer.py b/vulnerabilities/pipelines/v2_importers/istio_importer.py index 4126ec75e..696133c81 100644 --- a/vulnerabilities/pipelines/v2_importers/istio_importer.py +++ b/vulnerabilities/pipelines/v2_importers/istio_importer.py @@ -23,7 +23,7 @@ from univers.versions import GolangVersion from univers.versions import SemverVersion -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 @@ -62,7 +62,7 @@ def clone(self): self.log(f"Cloning `{self.repo_url}`") self.vcs_response = fetch_via_vcs(self.repo_url) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: base_path = Path(self.vcs_response.dest_dir) advisories_dir = base_path / "content/en/news/security" @@ -114,12 +114,12 @@ def collect_advisories(self) -> Iterable[AdvisoryData]: ) ) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=title, aliases=cves, summary=summary, affected_packages=affected_packages, - references_v2=references, + references=references, date_published=release_date, url=advisory_url, original_advisory_text=md_file.read_text(encoding="utf-8"), diff --git a/vulnerabilities/pipelines/v2_importers/mattermost_importer.py b/vulnerabilities/pipelines/v2_importers/mattermost_importer.py index d6a7b3001..cb963673a 100644 --- a/vulnerabilities/pipelines/v2_importers/mattermost_importer.py +++ b/vulnerabilities/pipelines/v2_importers/mattermost_importer.py @@ -13,7 +13,7 @@ from univers.version_range import GitHubVersionRange from vulnerabilities import severity_systems -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity @@ -53,7 +53,7 @@ def advisories_count(self) -> int: data = self.get_mattermost_data() return len(data) if data else 0 - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: data = self.get_mattermost_data() if not data: return @@ -114,11 +114,11 @@ def collect_advisories(self) -> Iterable[AdvisoryData]: url="https://mattermost.com/security-updates/", ) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=vuln_id, aliases=[cve_id], summary=details, - references_v2=[reference], + references=[reference], affected_packages=affected_packages, url=self.url, ) diff --git a/vulnerabilities/pipelines/v2_importers/mozilla_importer.py b/vulnerabilities/pipelines/v2_importers/mozilla_importer.py index e8a6aef7a..e84c98c15 100644 --- a/vulnerabilities/pipelines/v2_importers/mozilla_importer.py +++ b/vulnerabilities/pipelines/v2_importers/mozilla_importer.py @@ -20,7 +20,7 @@ from packageurl import PackageURL from univers.version_range import GenericVersionRange -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity @@ -71,7 +71,7 @@ def advisories_count(self) -> int: md = list((base_path / "announce").glob("**/*.md")) return len(yml) + len(md) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: base_path = Path(self.vcs_response.dest_dir) advisory_dir = base_path / "announce" @@ -81,7 +81,7 @@ def collect_advisories(self) -> Iterable[AdvisoryData]: yield from parse_advisory(file_path, base_path) -def parse_advisory(file_path: Path, base_path: Path) -> Iterable[AdvisoryData]: +def parse_advisory(file_path: Path, base_path: Path) -> Iterable[AdvisoryDataV2]: advisory_url = get_advisory_url( file=file_path, base_path=base_path, @@ -99,7 +99,7 @@ def parse_advisory(file_path: Path, base_path: Path) -> Iterable[AdvisoryData]: yield from parse_yml_advisory(mfsa_id, lines, advisory_url) -def parse_yml_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryData]: +def parse_yml_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryDataV2]: data = yaml.safe_load(lines) affected_packages = list(parse_affected_packages(data.get("fixed_in") or [])) @@ -114,12 +114,12 @@ def parse_yml_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryData]: advisories = data.get("advisories", {}) if not advisories: - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=mfsa_id, aliases=[], summary=mfsa_summary, affected_packages=affected_packages, - references_v2=[reference], + references=[reference], severities=[severity], url=advisory_url, date_published=date_parser.parse(date_published) if date_published else None, @@ -136,12 +136,12 @@ def parse_yml_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryData]: impact = advisory.get("impact", "") advisory_severity = get_severity_from_impact(impact, url=reference.url) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=f"{mfsa_id}/{cve}", aliases=[cve], summary=mfsa_summary + "\n" + advisory_summary, affected_packages=affected_packages, - references_v2=[reference], + references=[reference], url=advisory_url, severities=[advisory_severity], date_published=date_parser.parse(date_published) if date_published else None, @@ -149,7 +149,7 @@ def parse_yml_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryData]: ) -def parse_md_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryData]: +def parse_md_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryDataV2]: yamltext, mdtext = split_markdown_front_matter(lines.read()) data = yaml.safe_load(yamltext) @@ -160,12 +160,12 @@ def parse_md_advisory(mfsa_id, lines, advisory_url) -> Iterable[AdvisoryData]: severity = get_severity_from_impact(data.get("impact"), url=reference.url) description = extract_description_from_html(mdtext) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=mfsa_id, aliases=[], summary=description, affected_packages=affected_packages, - references_v2=[reference], + references=[reference], severities=[severity], url=advisory_url, date_published=date_parser.parse(data.get("announced")) if data.get("announced") else None, diff --git a/vulnerabilities/pipelines/v2_importers/nginx_importer.py b/vulnerabilities/pipelines/v2_importers/nginx_importer.py index 6a868165c..3b9797de3 100644 --- a/vulnerabilities/pipelines/v2_importers/nginx_importer.py +++ b/vulnerabilities/pipelines/v2_importers/nginx_importer.py @@ -18,7 +18,7 @@ from univers.version_range import NginxVersionRange from univers.versions import InvalidVersion -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import PatchData from vulnerabilities.importer import ReferenceV2 @@ -53,7 +53,7 @@ def advisories_count(self): def collect_advisories(self): """ - Yield AdvisoryData from nginx security advisories HTML + Yield AdvisoryDataV2 from nginx security advisories HTML web page. """ soup = BeautifulSoup(self.advisory_data, features="lxml") @@ -77,9 +77,9 @@ def to_dict(self): return self._asdict() -def to_advisory_data(nginx_adv: NginxAdvisory) -> AdvisoryData: +def to_advisory_data(nginx_adv: NginxAdvisory) -> AdvisoryDataV2: """ - Return AdvisoryData from an NginxAdvisory tuple. + Return AdvisoryDataV2 from an NginxAdvisory tuple. """ qualifiers = {} _, _, affected_versions = nginx_adv.vulnerable.partition(":") @@ -140,12 +140,12 @@ def to_advisory_data(nginx_adv: NginxAdvisory) -> AdvisoryData: ) ) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=nginx_adv.advisory_id, aliases=nginx_adv.aliases, summary=nginx_adv.summary, affected_packages=affected_packages, - references_v2=nginx_adv.references, + references=nginx_adv.references, patches=nginx_adv.patches, url="https://nginx.org/en/security_advisories.html", ) diff --git a/vulnerabilities/pipelines/v2_importers/npm_importer.py b/vulnerabilities/pipelines/v2_importers/npm_importer.py index 0e3ff7f13..50f4b769b 100644 --- a/vulnerabilities/pipelines/v2_importers/npm_importer.py +++ b/vulnerabilities/pipelines/v2_importers/npm_importer.py @@ -18,7 +18,7 @@ from packageurl import PackageURL from univers.version_range import NpmVersionRange -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity @@ -57,13 +57,13 @@ def advisories_count(self): vuln_directory = Path(self.vcs_response.dest_dir) / "vuln" / "npm" return sum(1 for _ in vuln_directory.glob("*.json")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: vuln_directory = Path(self.vcs_response.dest_dir) / "vuln" / "npm" for advisory in vuln_directory.glob("*.json"): yield self.to_advisory_data(advisory) - def to_advisory_data(self, file: Path) -> Iterable[AdvisoryData]: + def to_advisory_data(self, file: Path) -> Iterable[AdvisoryDataV2]: if file.name == "index.json": self.log(f"Skipping {file.name} file") return @@ -124,13 +124,13 @@ def to_advisory_data(self, file: Path) -> Iterable[AdvisoryData]: affected_packages.append(self.get_affected_package(data, package_name)) advsisory_aliases = data.get("cves") or [] - return AdvisoryData( + return AdvisoryDataV2( advisory_id=f"npm-{id}", aliases=advsisory_aliases, summary=build_description(summary=summary, description=description), date_published=date_published, affected_packages=affected_packages, - references_v2=references, + references=references, severities=severities, url=f"https://github.com/nodejs/security-wg/blob/main/vuln/npm/{id}.json", original_advisory_text=advisory_text, diff --git a/vulnerabilities/pipelines/v2_importers/nvd_importer.py b/vulnerabilities/pipelines/v2_importers/nvd_importer.py index 290314219..fae3b34b2 100644 --- a/vulnerabilities/pipelines/v2_importers/nvd_importer.py +++ b/vulnerabilities/pipelines/v2_importers/nvd_importer.py @@ -20,7 +20,7 @@ from dateutil import parser as dateparser from vulnerabilities import severity_systems -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 @@ -93,7 +93,7 @@ def advisories_count(self): advisory_count = data.get("totalResults", 0) return advisory_count - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: for _year, cve_data in fetch_cve_data_2_0(logger=self.log): yield from to_advisories(cve_data=cve_data) @@ -126,7 +126,7 @@ def fetch_cve_data_2_0(starting_year=2002, logger=None): def to_advisories(cve_data): """ - Yield AdvisoryData objects from a CVE json feed. + Yield AdvisoryDataV2 objects from a CVE json feed. """ for cve_item in CveItem.from_cve_data(cve_data=cve_data): if cve_item.is_related_to_hardware or not cve_item.cve_id: @@ -141,7 +141,7 @@ class CveItem: @classmethod def to_advisories(cls, cve_data, skip_hardware=True): """ - Yield AdvisoryData objects from ``cve_data`` data for CVE JSON 1.1feed. + Yield AdvisoryDataV2 objects from ``cve_data`` data for CVE JSON 1.1feed. Skip hardware """ for cve_item in CveItem.from_cve_data(cve_data=cve_data, skip_hardware=skip_hardware): @@ -301,13 +301,13 @@ def weaknesses(self): def to_advisory(self): """ - Return an AdvisoryData object from this CVE item + Return an AdvisoryDataV2 object from this CVE item """ - return AdvisoryData( + return AdvisoryDataV2( advisory_id=self.cve_id, aliases=[], summary=self.summary, - references_v2=self.references, + references=self.references, date_published=dateparser.parse(self.cve_item["cve"].get("published")).replace( tzinfo=timezone.utc ), diff --git a/vulnerabilities/pipelines/v2_importers/openssl_importer.py b/vulnerabilities/pipelines/v2_importers/openssl_importer.py index c05aca7be..751cabdc1 100644 --- a/vulnerabilities/pipelines/v2_importers/openssl_importer.py +++ b/vulnerabilities/pipelines/v2_importers/openssl_importer.py @@ -18,7 +18,7 @@ from univers.version_range import OpensslVersionRange from vulnerabilities import severity_systems -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import PatchData from vulnerabilities.importer import VulnerabilitySeverity @@ -57,13 +57,13 @@ def advisories_count(self): vuln_directory = self.advisory_path / "secjson" return sum(1 for _ in vuln_directory.glob("CVE-*.json")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: vuln_directory = self.advisory_path / "secjson" for advisory in vuln_directory.glob("CVE-*.json"): yield self.to_advisory_data(advisory) - def to_advisory_data(self, file: Path) -> Iterable[AdvisoryData]: + def to_advisory_data(self, file: Path) -> Iterable[AdvisoryDataV2]: # TODO: Collect the advisory credits, see https://github.com/aboutcode-org/vulnerablecode/issues/2121 affected_packages = [] @@ -158,13 +158,13 @@ def to_advisory_data(self, file: Path) -> Iterable[AdvisoryData]: weaknesses = create_weaknesses_list([cwe_string]) if cwe_string else [] - return AdvisoryData( + return AdvisoryDataV2( advisory_id=cve, aliases=[], summary=build_description(summary=title, description=description), date_published=date_published, affected_packages=affected_packages, - references_v2=references, + references=references, severities=severities, weaknesses=weaknesses, patches=patches, diff --git a/vulnerabilities/pipelines/v2_importers/oss_fuzz.py b/vulnerabilities/pipelines/v2_importers/oss_fuzz.py index 046c9cdb3..38338b4cb 100644 --- a/vulnerabilities/pipelines/v2_importers/oss_fuzz.py +++ b/vulnerabilities/pipelines/v2_importers/oss_fuzz.py @@ -13,7 +13,7 @@ import saneyaml from fetchcode.vcs import fetch_via_vcs -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 from vulnerabilities.pipes.osv_v2 import parse_advisory_data_v3 from vulnerabilities.utils import get_advisory_url @@ -43,7 +43,7 @@ def advisories_count(self): vulns_directory = Path(self.vcs_response.dest_dir) / "vulns" return sum(1 for _ in vulns_directory.rglob("*.yaml")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: base_directory = Path(self.vcs_response.dest_dir) vulns_directory = base_directory / "vulns" diff --git a/vulnerabilities/pipelines/v2_importers/postgresql_importer.py b/vulnerabilities/pipelines/v2_importers/postgresql_importer.py index 2ca4c7b5b..adb4b28d6 100644 --- a/vulnerabilities/pipelines/v2_importers/postgresql_importer.py +++ b/vulnerabilities/pipelines/v2_importers/postgresql_importer.py @@ -17,7 +17,7 @@ from univers.versions import GenericVersion from vulnerabilities import severity_systems -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity @@ -45,7 +45,7 @@ def steps(cls): def advisories_count(self) -> int: return 30 - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: url = "https://www.postgresql.org/support/security/" data = requests.get(url).content @@ -133,11 +133,11 @@ def to_advisories(self, data, url): if cve_id: advisories.append( - AdvisoryData( + AdvisoryDataV2( advisory_id=cve_id, aliases=[], summary=summary, - references_v2=references, + references=references, severities=severities, affected_packages=affected_packages, url=url, diff --git a/vulnerabilities/pipelines/v2_importers/project_kb_msr2019_importer.py b/vulnerabilities/pipelines/v2_importers/project_kb_msr2019_importer.py index c7711d41d..e1117d582 100644 --- a/vulnerabilities/pipelines/v2_importers/project_kb_msr2019_importer.py +++ b/vulnerabilities/pipelines/v2_importers/project_kb_msr2019_importer.py @@ -13,7 +13,7 @@ from fetchcode.vcs import fetch_via_vcs -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 from vulnerabilities.pipes.advisory import append_patch_classifications @@ -53,7 +53,7 @@ def advisories_count(self): self.log(f"Estimated advisories to process: {count}") return count - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: self.log("Collecting fix commits from ProjectKB ( vulas_db_msr2019_release )...") csv_path = Path(self.vcs_response.dest_dir) / "MSR2019/dataset/vulas_db_msr2019_release.csv" @@ -82,11 +82,11 @@ def collect_advisories(self) -> Iterable[AdvisoryData]: patches=patches, ) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=vuln_id, affected_packages=affected_packages, patches=patches, - references_v2=references, + references=references, url="https://github.com/SAP/project-kb/blob/main/MSR2019/dataset/vulas_db_msr2019_release.csv", ) diff --git a/vulnerabilities/pipelines/v2_importers/project_kb_statements_importer.py b/vulnerabilities/pipelines/v2_importers/project_kb_statements_importer.py index e9df3dc09..727991424 100644 --- a/vulnerabilities/pipelines/v2_importers/project_kb_statements_importer.py +++ b/vulnerabilities/pipelines/v2_importers/project_kb_statements_importer.py @@ -16,7 +16,7 @@ from univers.version_range import RANGE_CLASS_BY_SCHEMES from univers.versions import InvalidVersion -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 @@ -55,7 +55,7 @@ def advisories_count(self): self.log(f"Estimated advisories to process: {count}") return count - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: self.log("Collecting fix commits from YAML statements under /statements....") base_path = Path(self.vcs_response.dest_dir) / "statements" @@ -159,11 +159,11 @@ def collect_advisories(self) -> Iterable[AdvisoryData]: url="https://github.com/SAP/project-kb/blob/vulnerability-data/statements/", ) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=vulnerability_id, summary=description, affected_packages=affected_packages, - references_v2=references, + references=references, patches=patches, url=advisory_url, ) diff --git a/vulnerabilities/pipelines/v2_importers/pypa_importer.py b/vulnerabilities/pipelines/v2_importers/pypa_importer.py index 6e5e134af..90599e99d 100644 --- a/vulnerabilities/pipelines/v2_importers/pypa_importer.py +++ b/vulnerabilities/pipelines/v2_importers/pypa_importer.py @@ -13,7 +13,7 @@ import saneyaml from fetchcode.vcs import fetch_via_vcs -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 from vulnerabilities.pipes.osv_v2 import parse_advisory_data_v3 from vulnerabilities.utils import get_advisory_url @@ -29,6 +29,7 @@ class PyPaImporterPipeline(VulnerableCodeBaseImporterPipelineV2): spdx_license_expression = "CC-BY-4.0" license_url = "https://github.com/pypa/advisory-database/blob/main/LICENSE" repo_url = "git+https://github.com/pypa/advisory-database" + precedence = 200 @classmethod def steps(cls): @@ -46,7 +47,7 @@ def advisories_count(self): vulns_directory = Path(self.vcs_response.dest_dir) / "vulns" return sum(1 for _ in vulns_directory.rglob("*.yaml")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: base_directory = Path(self.vcs_response.dest_dir) vulns_directory = base_directory / "vulns" diff --git a/vulnerabilities/pipelines/v2_importers/pysec_importer.py b/vulnerabilities/pipelines/v2_importers/pysec_importer.py index dda7ae8a4..3d6eb44b8 100644 --- a/vulnerabilities/pipelines/v2_importers/pysec_importer.py +++ b/vulnerabilities/pipelines/v2_importers/pysec_importer.py @@ -14,7 +14,7 @@ import requests -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 from vulnerabilities.pipes.osv_v2 import parse_advisory_data_v3 @@ -46,8 +46,8 @@ def advisories_count(self) -> int: advisory_count = sum(1 for file in zip.namelist() if file.startswith("PYSEC-")) return advisory_count - def collect_advisories(self) -> Iterable[AdvisoryData]: - """Yield AdvisoryData using a zipped data dump of OSV data""" + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: + """Yield AdvisoryDataV2 using a zipped data dump of OSV data""" with ZipFile(BytesIO(self.advisory_zip)) as zip_file: for file_name in zip_file.namelist(): diff --git a/vulnerabilities/pipelines/v2_importers/redhat_importer.py b/vulnerabilities/pipelines/v2_importers/redhat_importer.py index b9dc6bde8..8d10d3f72 100644 --- a/vulnerabilities/pipelines/v2_importers/redhat_importer.py +++ b/vulnerabilities/pipelines/v2_importers/redhat_importer.py @@ -23,7 +23,7 @@ from univers.version_range import RpmVersionRange from univers.version_range import VersionRange -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity @@ -84,7 +84,7 @@ def fetch(self): def advisories_count(self) -> int: return sum(1 for _ in self.location.rglob("*.json")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: for record in self.location.rglob("*.json"): yield self.parse_advisory(record) @@ -165,11 +165,11 @@ def parse_advisory(self, record): ) ) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=advisory_id, aliases=aliases, summary=summary, - references_v2=references, + references=references, affected_packages=affected_packages, severities=severities, weaknesses=[], diff --git a/vulnerabilities/pipelines/v2_importers/ruby_importer.py b/vulnerabilities/pipelines/v2_importers/ruby_importer.py index b855c2396..690b4186b 100644 --- a/vulnerabilities/pipelines/v2_importers/ruby_importer.py +++ b/vulnerabilities/pipelines/v2_importers/ruby_importer.py @@ -18,7 +18,7 @@ from univers.version_constraint import validate_comparators from univers.version_range import GemVersionRange -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity @@ -73,7 +73,7 @@ def advisories_count(self): base_path = Path(self.vcs_response.dest_dir) return sum(1 for _ in base_path.rglob("*.yml")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: base_path = Path(self.vcs_response.dest_dir) for file_path in base_path.rglob("*.yml"): if file_path.name.startswith("OSVDB-"): @@ -106,7 +106,7 @@ def on_failure(self): def parse_ruby_advisory(advisory_id, record, schema_type, advisory_url): """ - Parse a ruby advisory file and return an AdvisoryData or None. + Parse a ruby advisory file and return an AdvisoryDataV2 or None. Each advisory file contains the advisory information in YAML format. Schema: https://github.com/rubysec/ruby-advisory-db/tree/master/spec/schemas """ @@ -118,12 +118,12 @@ def parse_ruby_advisory(advisory_id, record, schema_type, advisory_url): return purl = PackageURL(type="gem", name=package_name) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=advisory_id, aliases=get_aliases(record), summary=get_summary(record), affected_packages=get_affected_packages(record, purl), - references_v2=get_references(record), + references=get_references(record), severities=get_severities(record), date_published=get_publish_time(record), url=advisory_url, @@ -136,7 +136,7 @@ def parse_ruby_advisory(advisory_id, record, schema_type, advisory_url): return purl = PackageURL(type="ruby", name=engine) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=advisory_id, aliases=get_aliases(record), summary=get_summary(record), diff --git a/vulnerabilities/pipelines/v2_importers/ubuntu_osv_importer.py b/vulnerabilities/pipelines/v2_importers/ubuntu_osv_importer.py index 2b4e5527b..6df27ea1f 100644 --- a/vulnerabilities/pipelines/v2_importers/ubuntu_osv_importer.py +++ b/vulnerabilities/pipelines/v2_importers/ubuntu_osv_importer.py @@ -12,7 +12,7 @@ from fetchcode.vcs import fetch_via_vcs -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 from vulnerabilities.pipes.osv_v2 import parse_advisory_data_v3 from vulnerabilities.utils import get_advisory_url @@ -50,7 +50,7 @@ def advisories_count(self): cve_directory = self.advisories_path / "osv" / "cve" return sum(1 for _ in cve_directory.rglob("*.json")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: supported_ecosystems = ["deb"] cve_directory = self.advisories_path / "osv" / "cve" diff --git a/vulnerabilities/pipelines/v2_importers/vulnrichment_importer.py b/vulnerabilities/pipelines/v2_importers/vulnrichment_importer.py index 7de7ff7d7..ee7fc2c28 100644 --- a/vulnerabilities/pipelines/v2_importers/vulnrichment_importer.py +++ b/vulnerabilities/pipelines/v2_importers/vulnrichment_importer.py @@ -7,7 +7,7 @@ import dateparser from fetchcode.vcs import fetch_via_vcs -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.importer import VulnerabilitySeverity from vulnerabilities.models import VulnerabilityReference @@ -49,7 +49,7 @@ def advisories_count(self): vuln_directory = Path(self.vcs_response.dest_dir) return sum(1 for _ in vuln_directory.glob("*.json")) - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: base_path = Path(self.vcs_response.dest_dir) for file_path in base_path.glob("**/**/*.json"): if not file_path.name.startswith("CVE-"): @@ -192,11 +192,11 @@ def parse_cve_advisory(self, raw_data, advisory_url): if match: weaknesses.add(int(match.group(1))) - return AdvisoryData( + return AdvisoryDataV2( advisory_id=cve_id, aliases=[], summary=summary, - references_v2=references, + references=references, date_published=date_published, weaknesses=sorted(weaknesses), url=advisory_url, diff --git a/vulnerabilities/pipelines/v2_importers/xen_importer.py b/vulnerabilities/pipelines/v2_importers/xen_importer.py index d0b7ff3cd..ed759eebd 100644 --- a/vulnerabilities/pipelines/v2_importers/xen_importer.py +++ b/vulnerabilities/pipelines/v2_importers/xen_importer.py @@ -12,7 +12,7 @@ from dateutil import parser -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2 from vulnerabilities.references import XsaReference @@ -70,7 +70,7 @@ def advisories_count(self) -> int: data = self.get_xsa_data() return len(data[0].get("xsas", [])) if data else 0 - def collect_advisories(self) -> Iterable[AdvisoryData]: + def collect_advisories(self) -> Iterable[AdvisoryDataV2]: data = self.get_xsa_data() if not data: return @@ -78,7 +78,7 @@ def collect_advisories(self) -> Iterable[AdvisoryData]: for xsa in data[0].get("xsas", []): yield from self.to_advisories(xsa) - def to_advisories(self, xsa) -> Iterable[AdvisoryData]: + def to_advisories(self, xsa) -> Iterable[AdvisoryDataV2]: xsa_id = xsa.get("xsa") references = [] @@ -90,12 +90,12 @@ def to_advisories(self, xsa) -> Iterable[AdvisoryData]: date_published = xsa.get("public_time") cve = xsa.get("cve", []) - yield AdvisoryData( + yield AdvisoryDataV2( advisory_id=f"XSA-{xsa_id}", aliases=cve, url="https://xenbits.xen.org/xsa/", summary=title, - references_v2=references, + references=references, date_published=parser.parse(date_published), original_advisory_text=json.dumps(xsa, indent=2, ensure_ascii=False), ) diff --git a/vulnerabilities/pipes/advisory.py b/vulnerabilities/pipes/advisory.py index 175c1bd1e..54521cc2a 100644 --- a/vulnerabilities/pipes/advisory.py +++ b/vulnerabilities/pipes/advisory.py @@ -25,6 +25,7 @@ from aboutcode.hashid import get_core_purl from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import PackageCommitPatchData from vulnerabilities.importer import PatchData @@ -288,21 +289,21 @@ def insert_advisory(advisory: AdvisoryData, pipeline_id: str, logger: Callable = @transaction.atomic def insert_advisory_v2( - advisory: AdvisoryData, + advisory: AdvisoryDataV2, pipeline_id: str, logger: Callable = None, ): from vulnerabilities.models import ImpactedPackage from vulnerabilities.models import PackageV2 - from vulnerabilities.utils import compute_content_id + from vulnerabilities.utils import compute_content_id_v2 advisory_obj = None aliases = get_or_create_advisory_aliases(aliases=advisory.aliases) - references = get_or_create_advisory_references(references=advisory.references_v2) + references = get_or_create_advisory_references(references=advisory.references) severities = get_or_create_advisory_severities(severities=advisory.severities) patches = get_or_create_advisory_patches(patches=advisory.patches) weaknesses = get_or_create_advisory_weaknesses(weaknesses=advisory.weaknesses) - content_id = compute_content_id(advisory_data=advisory) + content_id = compute_content_id_v2(advisory_data=advisory) try: default_data = { diff --git a/vulnerabilities/pipes/osv_v2.py b/vulnerabilities/pipes/osv_v2.py index 666927ac3..e70ba4a4a 100644 --- a/vulnerabilities/pipes/osv_v2.py +++ b/vulnerabilities/pipes/osv_v2.py @@ -24,7 +24,7 @@ from univers.versions import InvalidVersion from univers.versions import SemverVersion -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import PackageCommitPatchData from vulnerabilities.importer import PatchData @@ -48,7 +48,7 @@ "rubygems": "gem", "go": "golang", "hex": "hex", - "crates.io": "cargo", + "cargo": "cargo", } OSV_TO_VCIO_SEVERITY_MAP = { @@ -60,7 +60,7 @@ def parse_advisory_data_v3( raw_data: dict, supported_ecosystems, advisory_url: str, advisory_text: str -) -> Optional[AdvisoryData]: +) -> Optional[AdvisoryDataV2]: """ Return an AdvisoryData build from a ``raw_data`` mapping of OSV advisory and a ``supported_ecosystem`` string. @@ -195,11 +195,11 @@ def parse_advisory_data_v3( if advisory_id in aliases: aliases.remove(advisory_id) try: - return AdvisoryData( + return AdvisoryDataV2( advisory_id=advisory_id, aliases=aliases, summary=summary, - references_v2=references, + references=references, severities=severities, affected_packages=affected_packages, date_published=date_published, diff --git a/vulnerabilities/tests/pipelines/test_compute_advisory_todo_v2.py b/vulnerabilities/tests/pipelines/test_compute_advisory_todo_v2.py index 0c2eeb6ba..3c234db54 100644 --- a/vulnerabilities/tests/pipelines/test_compute_advisory_todo_v2.py +++ b/vulnerabilities/tests/pipelines/test_compute_advisory_todo_v2.py @@ -12,7 +12,7 @@ from django.test import TestCase from packageurl import PackageURL -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.models import AdvisoryAlias @@ -24,7 +24,8 @@ class TestComputeToDo(TestCase): def setUp(self): - self.advisory_data1 = AdvisoryData( + self.advisory_data1 = AdvisoryDataV2( + advisory_id="test_id", summary="Test summary", affected_packages=[ AffectedPackageV2( @@ -33,11 +34,12 @@ def setUp(self): fixed_version_range="vers:npm/2.0.0", ) ], - references_v2=[ReferenceV2(url="https://example.com/vuln1")], + references=[ReferenceV2(url="https://example.com/vuln1")], url="https://test.url/", ) - self.advisory_data2 = AdvisoryData( + self.advisory_data2 = AdvisoryDataV2( + advisory_id="test_id_1", summary="Test summary", affected_packages=[ AffectedPackageV2( @@ -45,11 +47,12 @@ def setUp(self): affected_version_range="vers:npm/>=1.0.0|<2.0.0", ) ], - references_v2=[ReferenceV2(url="https://example.com/vuln1")], + references=[ReferenceV2(url="https://example.com/vuln1")], url="https://test.url/", ) - self.advisory_data3 = AdvisoryData( + self.advisory_data3 = AdvisoryDataV2( + advisory_id="test_id_2", summary="Test summary", affected_packages=[ AffectedPackageV2( @@ -57,11 +60,12 @@ def setUp(self): fixed_version_range="vers:npm/2.0.0", ) ], - references_v2=[ReferenceV2(url="https://example.com/vuln1")], + references=[ReferenceV2(url="https://example.com/vuln1")], url="https://test.url/", ) - self.advisory_data4 = AdvisoryData( + self.advisory_data4 = AdvisoryDataV2( + advisory_id="test_id_3", summary="Test summary", affected_packages=[ AffectedPackageV2( @@ -70,7 +74,7 @@ def setUp(self): fixed_version_range="vers:npm/2.0.1", ) ], - references_v2=[ReferenceV2(url="https://example.com/vuln1")], + references=[ReferenceV2(url="https://example.com/vuln1")], url="https://test.url/", ) diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_apache_httpd_importer_pipeline_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_apache_httpd_importer_pipeline_v2.py index 94454c473..51e91190e 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_apache_httpd_importer_pipeline_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_apache_httpd_importer_pipeline_v2.py @@ -10,7 +10,7 @@ import pytest import requests -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines.v2_importers.apache_httpd_importer import ApacheHTTPDImporterPipeline from vulnerabilities.pipelines.v2_importers.apache_httpd_importer import fetch_links from vulnerabilities.pipelines.v2_importers.apache_httpd_importer import get_weaknesses @@ -140,7 +140,7 @@ def fake_get(u): assert len(advisories) == 2 # Validate first advisory adv1 = advisories[0] - assert isinstance(adv1, AdvisoryData) + assert isinstance(adv1, AdvisoryDataV2) assert adv1.advisory_id == "CVE-1" assert adv1.summary == "Test desc" assert adv1.severities and adv1.severities[0].value == "5.0" diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_apache_tomcat_importer_pipeline.py b/vulnerabilities/tests/pipelines/v2_importers/test_apache_tomcat_importer_pipeline.py index 015ca6561..84ab9db0c 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_apache_tomcat_importer_pipeline.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_apache_tomcat_importer_pipeline.py @@ -14,7 +14,7 @@ from univers.version_range import ApacheVersionRange from univers.version_range import MavenVersionRange -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.pipelines.v2_importers.apache_tomcat_importer import ( ApacheTomcatImporterPipeline, @@ -89,7 +89,7 @@ def test_pipeline_groups_by_cve_per_page(mock_get): assert len(advisories) == 1 advisory = advisories[0] - assert isinstance(advisory, AdvisoryData) + assert isinstance(advisory, AdvisoryDataV2) assert advisory.advisory_id == "security-10/CVE-2023-99999" assert advisory.url == "https://tomcat.apache.org/security-10.html" @@ -101,7 +101,7 @@ def test_pipeline_groups_by_cve_per_page(mock_get): def test_affected_packages_structure(): pipeline = ApacheTomcatImporterPipeline() - advisory = AdvisoryData( + advisory = AdvisoryDataV2( advisory_id="security-10/CVE-2023-99999", summary="Test", affected_packages=[], diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_curl_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_curl_importer_v2.py index 6157d8bbe..de8e9d849 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_curl_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_curl_importer_v2.py @@ -15,7 +15,7 @@ from packageurl import PackageURL from univers.versions import SemverVersion -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.pipelines.v2_importers.curl_importer import CurlImporterPipeline from vulnerabilities.pipelines.v2_importers.curl_importer import get_cwe_from_curl_advisory @@ -64,7 +64,7 @@ def test_collect_advisories(mock_fetch, pipeline): assert len(advisories) == 1 advisory = advisories[0] - assert isinstance(advisory, AdvisoryData) + assert isinstance(advisory, AdvisoryDataV2) assert advisory.advisory_id == "CVE-2024-12345" assert advisory.aliases == [] assert advisory.summary == "Sample vulnerability in curl" @@ -80,7 +80,7 @@ def test_collect_advisories(mock_fetch, pipeline): assert "8.6.0" in str(pkg.affected_version_range) # References - urls = [ref.url for ref in advisory.references_v2] + urls = [ref.url for ref in advisory.references] assert "https://curl.se/docs/CVE-2024-12345.html" in urls assert "https://hackerone.com/reports/1111111" in urls @@ -101,7 +101,7 @@ def test_parse_curl_advisory_minimal(): assert parsed.advisory_id == "CVE-2024-99999" assert parsed.aliases == [] - assert parsed.references_v2 == [] + assert parsed.references == [] assert parsed.severities[0].value == "" diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_debian_importer.py b/vulnerabilities/tests/pipelines/v2_importers/test_debian_importer.py index 4c562372a..4474a5efd 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_debian_importer.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_debian_importer.py @@ -15,6 +15,7 @@ from univers.version_range import DebianVersionRange from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.pipelines.v2_importers.debian_importer import DebianImporterPipeline @@ -103,7 +104,7 @@ def test_collect_advisories(importer, sample_response): assert len(advisories) == 1 advisory = advisories[0] - assert isinstance(advisory, AdvisoryData) + assert isinstance(advisory, AdvisoryDataV2) assert advisory.advisory_id == "openssl/CVE-2023-1234" assert advisory.summary.startswith("Some vulnerability") diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_elixir_security_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_elixir_security_importer_v2.py index 4c763ab53..e47d11623 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_elixir_security_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_elixir_security_importer_v2.py @@ -14,7 +14,7 @@ import pytest -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines.v2_importers.elixir_security_importer import ( ElixirSecurityImporterPipeline, ) @@ -71,13 +71,13 @@ def test_collect_advisories(mock_fetch_via_vcs, mock_vcs_response): assert len(advisories) == 1 - advisory: AdvisoryData = advisories[0] + advisory: AdvisoryDataV2 = advisories[0] assert advisory.advisory_id == "some_package/CVE-2022-9999" assert advisory.summary.startswith("Cross-site scripting vulnerability") assert advisory.affected_packages[0].package.name == "plug" assert advisory.affected_packages[0].package.type == "hex" assert ( - advisory.references_v2[0].url + advisory.references[0].url == "https://github.com/plug/plug/security/advisories/GHSA-xxxx-yyyy" ) assert advisory.date_published.isoformat().startswith("2022-12-01") diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_github_osv_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_github_osv_importer_v2.py index 422d26a14..ae9b6f75f 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_github_osv_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_github_osv_importer_v2.py @@ -13,6 +13,7 @@ import pytest from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines.v2_importers.github_osv_importer import GithubOSVImporterPipeline @@ -60,7 +61,7 @@ def delete(self): assert len(advisories) == 1 advisory = advisories[0] - assert isinstance(advisory, AdvisoryData) + assert isinstance(advisory, AdvisoryDataV2) assert advisory.advisory_id == "GHSA-xxxx-yyyy-zzzz" assert "CVE-2021-99999" in advisory.aliases assert advisory.summary.startswith("Sample") diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_gitlab_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_gitlab_importer_v2.py index 4ac781080..070d2f694 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_gitlab_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_gitlab_importer_v2.py @@ -13,7 +13,7 @@ import pytest import saneyaml -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines.v2_importers.gitlab_importer import parse_gitlab_advisory @@ -94,10 +94,10 @@ def test_collect_advisories(mock_gitlab_yaml, mock_vcs_response, mock_fetch_via_ assert len(advisories) == 1 advisory = advisories[0] - assert isinstance(advisory, AdvisoryData) + assert isinstance(advisory, AdvisoryDataV2) assert advisory.advisory_id == "pypi/package_name/CVE-2022-0001" assert advisory.summary == "Example vulnerability\nExample description" - assert advisory.references_v2[0].url == "https://example.com/advisory" + assert advisory.references[0].url == "https://example.com/advisory" assert advisory.affected_packages[0].package.name == "package-name" assert str(advisory.affected_packages[0].fixed_version_range) == "vers:pypi/2.0.0" assert advisory.weaknesses[0] == 79 @@ -198,7 +198,7 @@ def mock_get_purl(package_slug, purl_type_by_gitlab_scheme, logger): logger=dummy_logger, ) - assert isinstance(result, AdvisoryData) + assert isinstance(result, AdvisoryDataV2) assert result.advisory_id == "pypi/django/GMS-2018-26" assert result.aliases == ["GMS-2018-26"] assert result.summary.startswith("Incorrect header") diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_istio_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_istio_importer_v2.py index ba5289b1c..40fdf0812 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_istio_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_istio_importer_v2.py @@ -13,7 +13,7 @@ import pytest -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.pipelines.v2_importers.istio_importer import IstioImporterPipeline @@ -60,13 +60,13 @@ def test_istio_advisory_parsing(): assert len(advisories) == 1 advisory = advisories[0] - assert isinstance(advisory, AdvisoryData) + assert isinstance(advisory, AdvisoryDataV2) assert advisory.advisory_id == "ISTIO-SECURITY-2019-002" assert advisory.aliases == ["CVE-2019-12995"] assert advisory.summary.startswith("Denial of service affecting JWT access token") assert advisory.date_published.isoformat() == "2019-06-28T00:00:00+00:00" assert advisory.url.endswith("ISTIO-SECURITY-2019-002.md") - assert advisory.references_v2[0] == ReferenceV2( + assert advisory.references[0] == ReferenceV2( reference_id="ISTIO-SECURITY-2019-002", url="https://istio.io/latest/news/security/ISTIO-SECURITY-2019-002/", ) diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_mattermost_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_mattermost_importer_v2.py index a32383b82..f54deae28 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_mattermost_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_mattermost_importer_v2.py @@ -12,6 +12,7 @@ from univers.version_range import GitHubVersionRange from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines.v2_importers.mattermost_importer import MattermostImporterPipeline @@ -60,7 +61,7 @@ def test_collect_advisories_happy_path(importer): assert len(advisories) == 1 advisory = advisories[0] - assert isinstance(advisory, AdvisoryData) + assert isinstance(advisory, AdvisoryDataV2) assert advisory.advisory_id == "MMSA-2024-001" assert advisory.aliases == ["CVE-2024-1234"] assert "Test vulnerability" in advisory.summary diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_npm_importer_pipeline_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_npm_importer_pipeline_v2.py index 67fcc2970..34fb4d447 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_npm_importer_pipeline_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_npm_importer_pipeline_v2.py @@ -15,7 +15,7 @@ from univers.version_range import NpmVersionRange from univers.versions import SemverVersion -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines.v2_importers.npm_importer import NpmImporterPipeline from vulnerabilities.severity_systems import CVSSV2 from vulnerabilities.severity_systems import CVSSV3 @@ -60,8 +60,8 @@ def test_advisories_count_and_collect(tmp_path): p.vcs_response = SimpleNamespace(dest_dir=str(base), delete=lambda: None) assert p.advisories_count() == 2 advisories = list(p.collect_advisories()) - # Should yield None for index.json and one AdvisoryData - real = [a for a in advisories if isinstance(a, AdvisoryData)] + # Should yield None for index.json and one AdvisoryDataV2 + real = [a for a in advisories if isinstance(a, AdvisoryDataV2)] assert len(real) == 1 assert real[0].advisory_id == "npm-001" @@ -91,12 +91,12 @@ def test_to_advisory_data_full(tmp_path): file.write_text(json.dumps(data)) p = NpmImporterPipeline() adv = p.to_advisory_data(file) - assert isinstance(adv, AdvisoryData) + assert isinstance(adv, AdvisoryDataV2) assert adv.advisory_id == "npm-123" assert "ti" in adv.summary and "desc" in adv.summary assert adv.date_published.tzinfo == pytz.UTC assert len(adv.severities) == 1 and adv.severities[0].system == CVSSV3 - urls = [r.url for r in adv.references_v2] + urls = [r.url for r in adv.references] assert "http://ref1" in urls assert f"https://github.com/nodejs/security-wg/blob/main/vuln/npm/123.json" in urls pkg = adv.affected_packages[0] diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_nvd_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_nvd_importer_v2.py index 10cc94145..7c9d72eca 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_nvd_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_nvd_importer_v2.py @@ -32,7 +32,7 @@ def sorted_advisory_data(advisory_data): for data in advisory_data: data["aliases"] = sorted(data["aliases"]) data["affected_packages"] = sorted(data["affected_packages"], key=sorter) - data["references_v2"] = sorted(data["references_v2"], key=sorter) + data["references"] = sorted(data["references"], key=sorter) return advisory_data diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_postgresql_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_postgresql_importer_v2.py index ce3873930..5235a2e47 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_postgresql_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_postgresql_importer_v2.py @@ -7,13 +7,12 @@ # See https://aboutcode.org for more information about nexB OSS projects. # -from unittest.mock import MagicMock from unittest.mock import patch import pytest from univers.versions import SemverVersion -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines.v2_importers.postgresql_importer import PostgreSQLImporterPipeline HTML_PAGE_WITH_LINKS = """ @@ -82,10 +81,10 @@ def test_collect_advisories(mock_get, importer): assert len(advisories) == 1 advisory = advisories[0] - assert isinstance(advisory, AdvisoryData) + assert isinstance(advisory, AdvisoryDataV2) assert advisory.advisory_id == "CVE-2022-1234" assert "Description of the issue" in advisory.summary - assert len(advisory.references_v2) > 0 + assert len(advisory.references) > 0 assert advisory.affected_packages[0].package.name == "postgresql" assert str(advisory.affected_packages[0].fixed_version_range) == "vers:generic/10.2.0" assert advisory.affected_packages[0].affected_version_range.contains(SemverVersion("10.0.0")) diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_pypa_importer_pipeline_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_pypa_importer_pipeline_v2.py index f8fa08d17..dfac6c2c9 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_pypa_importer_pipeline_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_pypa_importer_pipeline_v2.py @@ -13,7 +13,7 @@ import pytest import saneyaml -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 @pytest.fixture @@ -92,10 +92,10 @@ def test_collect_advisories(mock_pathlib, mock_vcs_response, mock_fetch_via_vcs) with patch( "vulnerabilities.pipelines.v2_importers.pypa_importer.parse_advisory_data_v3" ) as mock_parse: - mock_parse.return_value = AdvisoryData( + mock_parse.return_value = AdvisoryDataV2( advisory_id="CVE-2021-1234", summary="Sample PyPI vulnerability", - references_v2=[{"url": "https://pypi.org/advisory/CVE-2021-1234"}], + references=[{"url": "https://pypi.org/advisory/CVE-2021-1234"}], affected_packages=[], weaknesses=[], url="https://pypi.org/advisory/CVE-2021-1234", diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_pysec_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_pysec_importer_v2.py index 48ac7e302..60ec34f88 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_pysec_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_pysec_importer_v2.py @@ -5,7 +5,7 @@ import pytest -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.pipelines.v2_importers.pysec_importer import ( PyPIImporterPipeline, # Path to the PyPI Importer ) @@ -82,10 +82,10 @@ def test_collect_advisories(mock_requests_get, mock_zip_data): with patch( "vulnerabilities.pipelines.v2_importers.pysec_importer.parse_advisory_data_v3" ) as mock_parse: - mock_parse.return_value = AdvisoryData( + mock_parse.return_value = AdvisoryDataV2( advisory_id="PYSEC-1234", summary="Sample PyPI advisory", - references_v2=[{"url": "https://pypi.org/advisory/PYSEC-1234"}], + references=[{"url": "https://pypi.org/advisory/PYSEC-1234"}], affected_packages=[], weaknesses=[], url="https://pypi.org/advisory/PYSEC-1234", @@ -122,10 +122,10 @@ def test_collect_advisories_invalid_file(mock_requests_get, mock_zip_data): with patch( "vulnerabilities.pipelines.v2_importers.pysec_importer.parse_advisory_data_v3" ) as mock_parse: - mock_parse.return_value = AdvisoryData( + mock_parse.return_value = AdvisoryDataV2( advisory_id="PYSEC-1234", summary="Sample PyPI advisory", - references_v2=[{"url": "https://pypi.org/advisory/PYSEC-1234"}], + references=[{"url": "https://pypi.org/advisory/PYSEC-1234"}], affected_packages=[], weaknesses=[], url="https://pypi.org/advisory/PYSEC-1234", diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_vulnrichment_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_vulnrichment_importer_v2.py index f926058c2..1fb6f190e 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_vulnrichment_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_vulnrichment_importer_v2.py @@ -14,7 +14,7 @@ import pytest -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import VulnerabilitySeverity from vulnerabilities.pipelines.v2_importers.vulnrichment_importer import VulnrichImporterPipeline @@ -100,10 +100,10 @@ def test_collect_advisories(mock_pathlib, mock_vcs_response, mock_fetch_via_vcs) with patch( "vulnerabilities.pipelines.v2_importers.vulnrichment_importer.VulnrichImporterPipeline.parse_cve_advisory" ) as mock_parse: - mock_parse.return_value = AdvisoryData( + mock_parse.return_value = AdvisoryDataV2( advisory_id="CVE-2021-1234", summary="Sample PyPI vulnerability", - references_v2=[{"url": "https://example.com"}], + references=[{"url": "https://example.com"}], affected_packages=[], weaknesses=[], url="https://example.com", diff --git a/vulnerabilities/tests/pipelines/v2_importers/test_xen_importer_v2.py b/vulnerabilities/tests/pipelines/v2_importers/test_xen_importer_v2.py index f5813896e..8ff221de8 100644 --- a/vulnerabilities/tests/pipelines/v2_importers/test_xen_importer_v2.py +++ b/vulnerabilities/tests/pipelines/v2_importers/test_xen_importer_v2.py @@ -12,7 +12,7 @@ import pytest from dateutil.parser import parse as date_parse -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import ReferenceV2 from vulnerabilities.pipelines.v2_importers.xen_importer import XenImporterPipeline @@ -64,11 +64,11 @@ def test_collect_advisories(mock_fetch, pipeline): assert len(advisories) == 2 first = advisories[0] - assert isinstance(first, AdvisoryData) + assert isinstance(first, AdvisoryDataV2) assert first.advisory_id == "XSA-123" assert first.aliases == ["CVE-2022-12345"] assert first.summary == "Sample Xen Advisory" - assert isinstance(first.references_v2[0], ReferenceV2) + assert isinstance(first.references[0], ReferenceV2) assert first.date_published == date_parse("2022-09-15T00:00:00Z") diff --git a/vulnerabilities/tests/pipes/test_vulnerablecode_importer_pipeline_v2.py b/vulnerabilities/tests/pipes/test_vulnerablecode_importer_pipeline_v2.py index a81f543af..120938b88 100644 --- a/vulnerabilities/tests/pipes/test_vulnerablecode_importer_pipeline_v2.py +++ b/vulnerabilities/tests/pipes/test_vulnerablecode_importer_pipeline_v2.py @@ -16,7 +16,7 @@ from packageurl import PackageURL from univers.version_range import VersionRange -from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import PackageCommitPatchData from vulnerabilities.importer import PatchData @@ -47,10 +47,10 @@ def advisories_count(self): @pytest.fixture def dummy_advisory(): - return AdvisoryData( + return AdvisoryDataV2( summary="Test advisory", aliases=["CVE-2025-0001"], - references_v2=[], + references=[], severities=[], weaknesses=[], affected_packages=[ @@ -248,13 +248,13 @@ def dumpy_patch_advisory(patch_source_samples): elif isinstance(patch_obj, ReferenceV2): references.append(patch_obj) - return AdvisoryData( + return AdvisoryDataV2( + advisory_id="ADV-1234", summary="Test patch advisory", aliases=["CVE-2025-0001"], affected_packages=affected_packages, - references_v2=references, + references=references, patches=patches, - advisory_id="ADV-1234", date_published=datetime.now() - timedelta(days=10), url="https://example.com/advisory/1", ) diff --git a/vulnerabilities/tests/test_data/aosp/CVE-aosp_test1-expected.json b/vulnerabilities/tests/test_data/aosp/CVE-aosp_test1-expected.json index ae0b78418..79291c738 100644 --- a/vulnerabilities/tests/test_data/aosp/CVE-aosp_test1-expected.json +++ b/vulnerabilities/tests/test_data/aosp/CVE-aosp_test1-expected.json @@ -4,7 +4,7 @@ "aliases": [], "summary": "Vulnerability", "affected_packages": [], - "references_v2": [], + "references": [], "patches": [ { "patch_url": "https://source.codeaurora.org/quic/la/kernel/msm-5.4/commit/?id=d6876813add62f3cac7c429a41cc8710005d69e8", diff --git a/vulnerabilities/tests/test_data/aosp/CVE-aosp_test2-expected.json b/vulnerabilities/tests/test_data/aosp/CVE-aosp_test2-expected.json index 301c43e69..b15ddc762 100644 --- a/vulnerabilities/tests/test_data/aosp/CVE-aosp_test2-expected.json +++ b/vulnerabilities/tests/test_data/aosp/CVE-aosp_test2-expected.json @@ -4,7 +4,7 @@ "aliases": [], "summary": "Remote Code Execution Vulnerability", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "6ecbbc093f4383e90cbbf681cd55da1303a8ef94", "reference_type": "commit", diff --git a/vulnerabilities/tests/test_data/aosp/CVE-aosp_test3-expected.json b/vulnerabilities/tests/test_data/aosp/CVE-aosp_test3-expected.json index 7748f170b..b0b5e8862 100644 --- a/vulnerabilities/tests/test_data/aosp/CVE-aosp_test3-expected.json +++ b/vulnerabilities/tests/test_data/aosp/CVE-aosp_test3-expected.json @@ -26,7 +26,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [ { diff --git a/vulnerabilities/tests/test_data/aosp/CVE-aosp_test4-expected.json b/vulnerabilities/tests/test_data/aosp/CVE-aosp_test4-expected.json index 207ccf3de..3616b17d3 100644 --- a/vulnerabilities/tests/test_data/aosp/CVE-aosp_test4-expected.json +++ b/vulnerabilities/tests/test_data/aosp/CVE-aosp_test4-expected.json @@ -4,7 +4,7 @@ "aliases": [], "summary": "Elevation of Privilege Vulnerability", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "c22e479e335628ce8766cfbf06e2ba17e8f9a1bb", "reference_type": "commit", diff --git a/vulnerabilities/tests/test_data/aosp/CVE-aosp_test5-expected.json b/vulnerabilities/tests/test_data/aosp/CVE-aosp_test5-expected.json index fd4e0e596..ab0f7e322 100644 --- a/vulnerabilities/tests/test_data/aosp/CVE-aosp_test5-expected.json +++ b/vulnerabilities/tests/test_data/aosp/CVE-aosp_test5-expected.json @@ -4,7 +4,7 @@ "aliases": [], "summary": "Elevation of Privilege Vulnerability", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "c66556ca2473620df9751e73eb97ec50a40ffd3e", "reference_type": "commit", diff --git a/vulnerabilities/tests/test_data/apache_kafka/cve-list-2026_01_23-expected.json b/vulnerabilities/tests/test_data/apache_kafka/cve-list-2026_01_23-expected.json index fb6744a8a..a22479ebd 100644 --- a/vulnerabilities/tests/test_data/apache_kafka/cve-list-2026_01_23-expected.json +++ b/vulnerabilities/tests/test_data/apache_kafka/cve-list-2026_01_23-expected.json @@ -19,7 +19,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2017-12610", "reference_type": "other", @@ -52,7 +52,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2018-1288", "reference_type": "other", @@ -85,7 +85,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2018-17196", "reference_type": "other", @@ -118,7 +118,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2019-12399", "reference_type": "other", @@ -151,7 +151,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2021-38153", "reference_type": "other", @@ -169,7 +169,7 @@ "aliases": [], "summary": "CVE-2021-4104 Flaw in Apache Log4j logging library in versions 1.x\nThe following components in Apache Kafka use Log4j-v1.2.17: broker, controller, zookeeper, connect, mirrormaker and tools. Clients may also be configured to use Log4j-v1.x. Version 1.x of Log4J can be configured to use JMS Appender, which publishes log events to a JMS Topic. Log4j 1.x is vulnerable if the deployed application is configured to use JMSAppender.", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "CVE-2021-4104", "reference_type": "other", @@ -187,7 +187,7 @@ "aliases": [], "summary": "CVE-2021-44228 Flaw in Apache Log4j logging library in versions from 2.0.0 and before 2.15.0\nSome components in Apache Kafka use Log4j-v1.2.17 there is no dependence on Log4j v2.*. Check with the vendor of any connector plugin that includes a Log4J 2.x JAR file. Lookups feature was introduced in Log4j v2.x in order to allow specifying Log4j configuration parameters in arbitrary locations (even outside of the configuration files). Log4j v1.x does not offer the same functionality and thus is not vulnerable to CVE-2021-44228. Users should NOT be impacted by this vulnerability", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "CVE-2021-44228", "reference_type": "other", @@ -205,7 +205,7 @@ "aliases": [], "summary": "CVE-2021-45046 Flaw in Apache Log4j logging library in versions from 2.0-beta9 through 2.12.1 and from 2.13.0 through 2.15.0\nSome components in Apache Kafka use Log4j-v1.2.17 there is no dependence on Log4j v2.*. Check with the vendor of any connector plugin that includes a Log4J 2.x JAR file. Users should NOT be impacted by this vulnerability", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "CVE-2021-45046", "reference_type": "other", @@ -223,7 +223,7 @@ "aliases": [], "summary": "CVE-2022-23302 Deserialization of Untrusted Data Flaw in JMSSink of Apache Log4j logging library in versions 1.x\nThis CVE identified a flaw where it allows the attacker to provide a TopicConnectionFactoryBindingName configuration that will cause JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104.", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "CVE-2022-23302", "reference_type": "other", @@ -241,7 +241,7 @@ "aliases": [], "summary": "CVE-2022-23305 SQL injection Flaw in Apache Log4j logging library in versions 1.x\nThis CVE identified a flaw where it allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "CVE-2022-23305", "reference_type": "other", @@ -259,7 +259,7 @@ "aliases": [], "summary": "CVE-2022-23307 Deserialization of Untrusted Data Flaw in Apache Log4j logging library in versions 1.x\nThis CVE identified a flaw where it allows an attacker to send a malicious request with serialized data to the component running log4j 1.x to be deserialized when the chainsaw component is run. Chainsaw is a standalone GUI for viewing log entries in log4j. An attacker not only needs to be able to generate malicious log entries, but also, have the necessary access and permissions to start chainsaw (or if it is already enabled by a customer / consumer of Apache Kafka).", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "CVE-2022-23307", "reference_type": "other", @@ -292,7 +292,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2022-34917", "reference_type": "other", @@ -325,7 +325,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2023-25194", "reference_type": "other", @@ -358,7 +358,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2023-34455", "reference_type": "other", @@ -391,7 +391,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2024-27309", "reference_type": "other", @@ -424,7 +424,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2024-31141", "reference_type": "other", @@ -457,7 +457,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2024-56128", "reference_type": "other", @@ -490,7 +490,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2025-27817", "reference_type": "other", @@ -523,7 +523,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2025-27818", "reference_type": "other", @@ -556,7 +556,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2025-27819", "reference_type": "other", diff --git a/vulnerabilities/tests/test_data/archlinux/archlinux_advisoryv2-expected.json b/vulnerabilities/tests/test_data/archlinux/archlinux_advisoryv2-expected.json index 8b4a77229..4902884f5 100644 --- a/vulnerabilities/tests/test_data/archlinux/archlinux_advisoryv2-expected.json +++ b/vulnerabilities/tests/test_data/archlinux/archlinux_advisoryv2-expected.json @@ -21,7 +21,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "AVG-2781", "reference_type": "", @@ -58,7 +58,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "AVG-2780", "reference_type": "", @@ -94,7 +94,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "AVG-4", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/epss/epss-expected.json b/vulnerabilities/tests/test_data/epss/epss-expected.json index 1cc008c01..a690e59ad 100644 --- a/vulnerabilities/tests/test_data/epss/epss-expected.json +++ b/vulnerabilities/tests/test_data/epss/epss-expected.json @@ -4,7 +4,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -29,7 +29,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -54,7 +54,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -79,7 +79,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -104,7 +104,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -129,7 +129,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -154,7 +154,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -179,7 +179,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -204,7 +204,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -229,7 +229,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -254,7 +254,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -279,7 +279,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -304,7 +304,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -329,7 +329,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -354,7 +354,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -379,7 +379,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -404,7 +404,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -429,7 +429,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -454,7 +454,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -479,7 +479,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -504,7 +504,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -529,7 +529,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -554,7 +554,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -579,7 +579,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -604,7 +604,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -629,7 +629,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -654,7 +654,7 @@ "aliases": [], "summary": "", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/fireeye_v2/FEYE-2019-0002-expected.json b/vulnerabilities/tests/test_data/fireeye_v2/FEYE-2019-0002-expected.json index 3dcad14db..c8d9e554b 100644 --- a/vulnerabilities/tests/test_data/fireeye_v2/FEYE-2019-0002-expected.json +++ b/vulnerabilities/tests/test_data/fireeye_v2/FEYE-2019-0002-expected.json @@ -6,7 +6,7 @@ ], "summary": "GPU-Z.sys, part of the GPU-Z package from TechPowerUp, exposes the wrmsr instruction to user-mode callers without properly validating the target Model Specific Register (MSR). This can result in arbitrary unsigned code being executed in Ring 0.", "affected_packages": [], - "references_v2": [], + "references": [], "patches": [], "severities": [ { diff --git a/vulnerabilities/tests/test_data/fireeye_v2/FEYE-2020-0020-expected.json b/vulnerabilities/tests/test_data/fireeye_v2/FEYE-2020-0020-expected.json index 2840f0d0f..8ac8d8f6f 100644 --- a/vulnerabilities/tests/test_data/fireeye_v2/FEYE-2020-0020-expected.json +++ b/vulnerabilities/tests/test_data/fireeye_v2/FEYE-2020-0020-expected.json @@ -6,7 +6,7 @@ ], "summary": "Digi International's ConnectPort X2e is susceptible to a local privilege escalation vulnerable to the privileged user `root`.", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/fireeye_v2/MNDT-2025-0009-expected.json b/vulnerabilities/tests/test_data/fireeye_v2/MNDT-2025-0009-expected.json index 7d875f201..8ad54ddab 100644 --- a/vulnerabilities/tests/test_data/fireeye_v2/MNDT-2025-0009-expected.json +++ b/vulnerabilities/tests/test_data/fireeye_v2/MNDT-2025-0009-expected.json @@ -1,10 +1,12 @@ [ { "advisory_id": "MNDT-2025-0009", - "aliases": ["CVE-2025-64740"], + "aliases": [ + "CVE-2025-64740" + ], "summary": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/github_api/npm-expected.json b/vulnerabilities/tests/test_data/github_api/npm-expected.json index 52f6cc5bd..312d982bc 100644 --- a/vulnerabilities/tests/test_data/github_api/npm-expected.json +++ b/vulnerabilities/tests/test_data/github_api/npm-expected.json @@ -22,42 +22,43 @@ "references": [ { "reference_id": "CVE-2022-2564", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2564", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/automattic/mongoose/commit/a45cfb6b0ce0067ae9794cfa80f7917e1fb3c6f8", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://huntr.dev/bounties/055be524-9296-4b2f-b68d-6d5b810d1ddd", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/blob/51e758541763b6f14569744ced15cc23ab8b50c6/lib/schema.js#L88-L141", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/compare/6.4.5...6.4.6", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-f825-f98c-gj3g", + "reference_type": "", "url": "https://github.com/advisories/GHSA-f825-f98c-gj3g", "severities": [ { @@ -65,8 +66,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-07-29T00:00:18+00:00", @@ -96,30 +96,31 @@ "references": [ { "reference_id": "CVE-2022-4111", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4111", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/ToolJet/ToolJet/pull/4103", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-hgp8-w8fj-r4cm", + "reference_type": "", "url": "https://github.com/advisories/GHSA-hgp8-w8fj-r4cm", "severities": [ { @@ -127,8 +128,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-22T03:30:56+00:00", @@ -158,24 +158,25 @@ "references": [ { "reference_id": "CVE-2022-25848", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25848", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://gist.github.com/lirantal/5550bcd0bdf92c1b56fbb20e141fe5bd", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-STATICDEVSERVER-3149917", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-7fxm-c848-89q8", + "reference_type": "", "url": "https://github.com/advisories/GHSA-7fxm-c848-89q8", "severities": [ { @@ -183,8 +184,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-29T18:30:18+00:00", @@ -214,36 +214,37 @@ "references": [ { "reference_id": "CVE-2022-38900", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/sindresorhus/query-string/issues/345", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/SamVerschueren/decode-uri-component/releases/tag/v0.2.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-w573-4hg7-7wgq", + "reference_type": "", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "severities": [ { @@ -251,8 +252,7 @@ "value": "LOW", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-28T15:30:24+00:00", @@ -282,36 +282,37 @@ "references": [ { "reference_id": "CVE-2022-4135", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4135", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://crbug.com/1392715", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/electron/electron/pull/36444", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/electron/electron/pull/36447", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-995f-9x5r-2rcj", + "reference_type": "", "url": "https://github.com/advisories/GHSA-995f-9x5r-2rcj", "severities": [ { @@ -319,8 +320,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-25T03:30:19+00:00", @@ -350,6 +350,7 @@ "references": [ { "reference_id": "GHSA-9gh8-wp53-ccc6", + "reference_type": "", "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6", "severities": [ { @@ -357,17 +358,17 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://forum.ghost.org/t/security-update-available-for-ghost-4-48-7-and-5-22-6/34475", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-9gh8-wp53-ccc6", + "reference_type": "", "url": "https://github.com/advisories/GHSA-9gh8-wp53-ccc6", "severities": [ { @@ -375,8 +376,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-28T22:06:24+00:00", @@ -406,6 +406,7 @@ "references": [ { "reference_id": "GHSA-9gh8-wp53-ccc6", + "reference_type": "", "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6", "severities": [ { @@ -413,17 +414,17 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://forum.ghost.org/t/security-update-available-for-ghost-4-48-7-and-5-22-6/34475", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-9gh8-wp53-ccc6", + "reference_type": "", "url": "https://github.com/advisories/GHSA-9gh8-wp53-ccc6", "severities": [ { @@ -431,8 +432,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-28T22:06:24+00:00", @@ -461,18 +461,19 @@ "references": [ { "reference_id": "", + "reference_type": "", "url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://www.npmjs.com/package/sweetalert2", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-8jh9-wqpf-q52c", + "reference_type": "", "url": "https://github.com/advisories/GHSA-8jh9-wqpf-q52c", "severities": [ { @@ -480,8 +481,7 @@ "value": "LOW", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-23T15:49:51+00:00", @@ -510,18 +510,19 @@ "references": [ { "reference_id": "", + "reference_type": "", "url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://www.npmjs.com/package/sweetalert2", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-pg98-6v7f-2xfv", + "reference_type": "", "url": "https://github.com/advisories/GHSA-pg98-6v7f-2xfv", "severities": [ { @@ -529,8 +530,7 @@ "value": "LOW", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-23T15:44:52+00:00", @@ -559,18 +559,19 @@ "references": [ { "reference_id": "", + "reference_type": "", "url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://www.npmjs.com/package/sweetalert2", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-457r-cqc8-9vj9", + "reference_type": "", "url": "https://github.com/advisories/GHSA-457r-cqc8-9vj9", "severities": [ { @@ -578,8 +579,7 @@ "value": "LOW", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-23T15:39:50+00:00", @@ -608,18 +608,19 @@ "references": [ { "reference_id": "", + "reference_type": "", "url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://www.npmjs.com/package/sweetalert2", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-qq6h-5g6j-q3cm", + "reference_type": "", "url": "https://github.com/advisories/GHSA-qq6h-5g6j-q3cm", "severities": [ { @@ -627,8 +628,7 @@ "value": "LOW", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-23T15:26:43+00:00", @@ -658,6 +658,7 @@ "references": [ { "reference_id": "GHSA-r7qp-cfhv-p84w", + "reference_type": "", "url": "https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w", "severities": [ { @@ -665,29 +666,29 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-41940", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41940", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-r7qp-cfhv-p84w", + "reference_type": "", "url": "https://github.com/advisories/GHSA-r7qp-cfhv-p84w", "severities": [ { @@ -695,8 +696,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-21T23:55:41+00:00", @@ -726,6 +726,7 @@ "references": [ { "reference_id": "GHSA-r7qp-cfhv-p84w", + "reference_type": "", "url": "https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w", "severities": [ { @@ -733,29 +734,29 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-41940", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41940", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-r7qp-cfhv-p84w", + "reference_type": "", "url": "https://github.com/advisories/GHSA-r7qp-cfhv-p84w", "severities": [ { @@ -763,8 +764,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-21T23:55:41+00:00", @@ -794,6 +794,7 @@ "references": [ { "reference_id": "GHSA-3fjj-p79j-c9hh", + "reference_type": "", "url": "https://github.com/fastify/fastify/security/advisories/GHSA-3fjj-p79j-c9hh", "severities": [ { @@ -801,29 +802,29 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fastify/fastify/commit/62dde76f1f7aca76e38625fe8d983761f26e6fc9", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-41919", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41919", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://www.npmjs.com/package/@fastify/csrf", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-3fjj-p79j-c9hh", + "reference_type": "", "url": "https://github.com/advisories/GHSA-3fjj-p79j-c9hh", "severities": [ { @@ -831,8 +832,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-21T22:28:11+00:00", @@ -862,6 +862,7 @@ "references": [ { "reference_id": "GHSA-3fjj-p79j-c9hh", + "reference_type": "", "url": "https://github.com/fastify/fastify/security/advisories/GHSA-3fjj-p79j-c9hh", "severities": [ { @@ -869,29 +870,29 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fastify/fastify/commit/62dde76f1f7aca76e38625fe8d983761f26e6fc9", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-41919", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41919", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://www.npmjs.com/package/@fastify/csrf", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-3fjj-p79j-c9hh", + "reference_type": "", "url": "https://github.com/advisories/GHSA-3fjj-p79j-c9hh", "severities": [ { @@ -899,8 +900,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-21T22:28:11+00:00", @@ -930,42 +930,43 @@ "references": [ { "reference_id": "CVE-2022-41713", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41713", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://fluidattacks.com/advisories/heldens/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/mattphillips/deep-object-diff/issues/85", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/mattphillips/deep-object-diff/issues/85#issuecomment-1312450353", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/mattphillips/deep-object-diff/pull/87/commits/55f9c3c70cf0d54cb30291e949fb8682fa3c5d9f", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/mattphillips/deep-object-diff/pull/87/commits/9576963b68b955e88610aa4f0c696a1aafc1119d", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-653v-rqx9-j85p", + "reference_type": "", "url": "https://github.com/advisories/GHSA-653v-rqx9-j85p", "severities": [ { @@ -973,8 +974,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-04T12:00:25+00:00", @@ -1004,36 +1004,37 @@ "references": [ { "reference_id": "CVE-2022-3978", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3978", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/NodeBB/NodeBB/issues/11017", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/NodeBB/NodeBB/commit/2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/NodeBB/NodeBB/releases/tag/v2.5.8", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://vuldb.com/?id.213555", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-5gwx-wf9g-r5mx", + "reference_type": "", "url": "https://github.com/advisories/GHSA-5gwx-wf9g-r5mx", "severities": [ { @@ -1041,8 +1042,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-13T19:00:41+00:00", @@ -1072,36 +1072,37 @@ "references": [ { "reference_id": "CVE-2022-3971", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3971", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/matrix-org/matrix-appservice-irc/pull/1619", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/matrix-org/matrix-appservice-irc/commit/179313a37f06b298150edba3e2b0e5a73c1415e7", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/matrix-org/matrix-appservice-irc/releases/tag/0.36.0", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://vuldb.com/?id.213550", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-ffwf-47x2-jpr8", + "reference_type": "", "url": "https://github.com/advisories/GHSA-ffwf-47x2-jpr8", "severities": [ { @@ -1109,8 +1110,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-13T12:00:17+00:00", @@ -1140,36 +1140,37 @@ "references": [ { "reference_id": "CVE-2022-37603", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/213", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/216", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-3rfm-jhwj-7488", + "reference_type": "", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severities": [ { @@ -1177,8 +1178,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-14T19:00:38+00:00", @@ -1208,36 +1208,37 @@ "references": [ { "reference_id": "CVE-2022-37603", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/213", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/216", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-3rfm-jhwj-7488", + "reference_type": "", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severities": [ { @@ -1245,8 +1246,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-14T19:00:38+00:00", @@ -1276,36 +1276,37 @@ "references": [ { "reference_id": "CVE-2022-37603", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/213", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/216", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-3rfm-jhwj-7488", + "reference_type": "", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severities": [ { @@ -1313,8 +1314,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-14T19:00:38+00:00", @@ -1344,42 +1344,43 @@ "references": [ { "reference_id": "CVE-2022-37599", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/211", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/216", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/commit/36dc86617930a5cf18af51cf3f53d0ee284d2824", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-hhq3-ff78-jv3g", + "reference_type": "", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severities": [ { @@ -1387,8 +1388,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-12T12:00:27+00:00", @@ -1418,42 +1418,43 @@ "references": [ { "reference_id": "CVE-2022-37599", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/211", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/216", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/commit/36dc86617930a5cf18af51cf3f53d0ee284d2824", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-hhq3-ff78-jv3g", + "reference_type": "", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severities": [ { @@ -1461,8 +1462,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-12T12:00:27+00:00", @@ -1492,42 +1492,43 @@ "references": [ { "reference_id": "CVE-2022-37599", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/211", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L83", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/216", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/commit/36dc86617930a5cf18af51cf3f53d0ee284d2824", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-hhq3-ff78-jv3g", + "reference_type": "", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severities": [ { @@ -1535,8 +1536,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-12T12:00:27+00:00", @@ -1565,6 +1565,7 @@ "references": [ { "reference_id": "GHSA-98pf-gfh3-x3mp", + "reference_type": "", "url": "https://github.com/readthedocs/readthedocs.org/security/advisories/GHSA-98pf-gfh3-x3mp", "severities": [ { @@ -1572,17 +1573,17 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/readthedocs/readthedocs.org/commit/b0ae626acd13882170ec5888e35f3ef2e48e6ff6", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-98pf-gfh3-x3mp", + "reference_type": "", "url": "https://github.com/advisories/GHSA-98pf-gfh3-x3mp", "severities": [ { @@ -1590,8 +1591,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-10T16:02:51+00:00", @@ -1620,6 +1620,7 @@ "references": [ { "reference_id": "GHSA-3qmc-2r76-4rqp", + "reference_type": "", "url": "https://github.com/redwoodjs/redwood/security/advisories/GHSA-3qmc-2r76-4rqp", "severities": [ { @@ -1627,35 +1628,35 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/redwoodjs/redwood/issues/6343", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/redwoodjs/redwood/pull/6778", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/redwoodjs/redwood/releases/tag/v2.2.5", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/redwoodjs/redwood/releases/tag/v3.3.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-3qmc-2r76-4rqp", + "reference_type": "", "url": "https://github.com/advisories/GHSA-3qmc-2r76-4rqp", "severities": [ { @@ -1663,8 +1664,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-10T15:51:01+00:00", @@ -1693,6 +1693,7 @@ "references": [ { "reference_id": "GHSA-3qmc-2r76-4rqp", + "reference_type": "", "url": "https://github.com/redwoodjs/redwood/security/advisories/GHSA-3qmc-2r76-4rqp", "severities": [ { @@ -1700,35 +1701,35 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/redwoodjs/redwood/issues/6343", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/redwoodjs/redwood/pull/6778", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/redwoodjs/redwood/releases/tag/v2.2.5", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/redwoodjs/redwood/releases/tag/v3.3.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-3qmc-2r76-4rqp", + "reference_type": "", "url": "https://github.com/advisories/GHSA-3qmc-2r76-4rqp", "severities": [ { @@ -1736,8 +1737,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-10T15:51:01+00:00", @@ -1767,6 +1767,7 @@ "references": [ { "reference_id": "GHSA-93vw-8fm5-p2jf", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf", "severities": [ { @@ -1774,53 +1775,53 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8305", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8306", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/commit/60c5a73d257e0d536056b38bdafef8b7130524d8", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/commit/6c63f04ba37174021082a5b5c4ba1556dcc954f4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/releases/tag/4.10.20", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/releases/tag/5.3.3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-41879", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41879", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-93vw-8fm5-p2jf", + "reference_type": "", "url": "https://github.com/advisories/GHSA-93vw-8fm5-p2jf", "severities": [ { @@ -1828,8 +1829,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-10T13:02:35+00:00", @@ -1859,6 +1859,7 @@ "references": [ { "reference_id": "GHSA-93vw-8fm5-p2jf", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf", "severities": [ { @@ -1866,53 +1867,53 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8305", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8306", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/commit/60c5a73d257e0d536056b38bdafef8b7130524d8", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/commit/6c63f04ba37174021082a5b5c4ba1556dcc954f4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/releases/tag/4.10.20", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/releases/tag/5.3.3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-41879", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41879", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-93vw-8fm5-p2jf", + "reference_type": "", "url": "https://github.com/advisories/GHSA-93vw-8fm5-p2jf", "severities": [ { @@ -1920,8 +1921,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-10T13:02:35+00:00", @@ -1951,6 +1951,7 @@ "references": [ { "reference_id": "GHSA-p2jh-44qj-pf2v", + "reference_type": "", "url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v", "severities": [ { @@ -1958,17 +1959,17 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-36077", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36077", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-p2jh-44qj-pf2v", + "reference_type": "", "url": "https://github.com/advisories/GHSA-p2jh-44qj-pf2v", "severities": [ { @@ -1976,8 +1977,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-10T12:38:57+00:00", @@ -2007,6 +2007,7 @@ "references": [ { "reference_id": "GHSA-p2jh-44qj-pf2v", + "reference_type": "", "url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v", "severities": [ { @@ -2014,17 +2015,17 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-36077", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36077", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-p2jh-44qj-pf2v", + "reference_type": "", "url": "https://github.com/advisories/GHSA-p2jh-44qj-pf2v", "severities": [ { @@ -2032,8 +2033,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-10T12:38:57+00:00", @@ -2063,6 +2063,7 @@ "references": [ { "reference_id": "GHSA-p2jh-44qj-pf2v", + "reference_type": "", "url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v", "severities": [ { @@ -2070,17 +2071,17 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-36077", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36077", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-p2jh-44qj-pf2v", + "reference_type": "", "url": "https://github.com/advisories/GHSA-p2jh-44qj-pf2v", "severities": [ { @@ -2088,8 +2089,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-10T12:38:57+00:00", @@ -2119,48 +2119,49 @@ "references": [ { "reference_id": "CVE-2022-2421", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2421", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://csirt.divd.nl/cases/DIVD-2022-00045", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-2421", + "reference_type": "", "url": "https://csirt.divd.nl/cves/CVE-2022-2421", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/04d23cecafe1b859fb03e0cbf6ba3b74dff56d14", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/fb21e422fc193b34347395a33e0f625bebc09983", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-qm95-pgcg-qqfq", + "reference_type": "", "url": "https://github.com/advisories/GHSA-qm95-pgcg-qqfq", "severities": [ { @@ -2168,8 +2169,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-26T12:00:28+00:00", @@ -2199,48 +2199,49 @@ "references": [ { "reference_id": "CVE-2022-2421", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2421", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://csirt.divd.nl/cases/DIVD-2022-00045", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-2421", + "reference_type": "", "url": "https://csirt.divd.nl/cves/CVE-2022-2421", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/04d23cecafe1b859fb03e0cbf6ba3b74dff56d14", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/fb21e422fc193b34347395a33e0f625bebc09983", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-qm95-pgcg-qqfq", + "reference_type": "", "url": "https://github.com/advisories/GHSA-qm95-pgcg-qqfq", "severities": [ { @@ -2248,8 +2249,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-26T12:00:28+00:00", @@ -2279,48 +2279,49 @@ "references": [ { "reference_id": "CVE-2022-2421", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2421", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://csirt.divd.nl/cases/DIVD-2022-00045", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-2421", + "reference_type": "", "url": "https://csirt.divd.nl/cves/CVE-2022-2421", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/04d23cecafe1b859fb03e0cbf6ba3b74dff56d14", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/fb21e422fc193b34347395a33e0f625bebc09983", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-qm95-pgcg-qqfq", + "reference_type": "", "url": "https://github.com/advisories/GHSA-qm95-pgcg-qqfq", "severities": [ { @@ -2328,8 +2329,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-26T12:00:28+00:00", @@ -2359,6 +2359,7 @@ "references": [ { "reference_id": "GHSA-xprv-wvh7-qqqx", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx", "severities": [ { @@ -2366,41 +2367,41 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8301", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8302", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/commit/0a2d412e265992d53a670011afd9d2578562adc3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/commit/6728da1e3591db1e27031d335d64d8f25546a06f", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-41878", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41878", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-xprv-wvh7-qqqx", + "reference_type": "", "url": "https://github.com/advisories/GHSA-xprv-wvh7-qqqx", "severities": [ { @@ -2408,8 +2409,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-09T20:47:27+00:00", @@ -2439,6 +2439,7 @@ "references": [ { "reference_id": "GHSA-xprv-wvh7-qqqx", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx", "severities": [ { @@ -2446,41 +2447,41 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8301", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8302", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/commit/0a2d412e265992d53a670011afd9d2578562adc3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/commit/6728da1e3591db1e27031d335d64d8f25546a06f", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-41878", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41878", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-xprv-wvh7-qqqx", + "reference_type": "", "url": "https://github.com/advisories/GHSA-xprv-wvh7-qqqx", "severities": [ { @@ -2488,8 +2489,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-09T20:47:27+00:00", @@ -2519,6 +2519,7 @@ "references": [ { "reference_id": "GHSA-r4jg-5v89-9v62", + "reference_type": "", "url": "https://github.com/octocademy/octocat.js/security/advisories/GHSA-r4jg-5v89-9v62", "severities": [ { @@ -2526,17 +2527,17 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-39390", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39390", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-r4jg-5v89-9v62", + "reference_type": "", "url": "https://github.com/advisories/GHSA-r4jg-5v89-9v62", "severities": [ { @@ -2544,8 +2545,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-08T20:48:49+00:00", @@ -2575,6 +2575,7 @@ "references": [ { "reference_id": "GHSA-prm5-8g2m-24gg", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg", "severities": [ { @@ -2582,41 +2583,41 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8295", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8296", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/releases/tag/4.10.18", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/releases/tag/5.3.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39396", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39396", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-prm5-8g2m-24gg", + "reference_type": "", "url": "https://github.com/advisories/GHSA-prm5-8g2m-24gg", "severities": [ { @@ -2624,8 +2625,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-08T17:29:16+00:00", @@ -2655,6 +2655,7 @@ "references": [ { "reference_id": "GHSA-prm5-8g2m-24gg", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg", "severities": [ { @@ -2662,41 +2663,41 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8295", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/pull/8296", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/releases/tag/4.10.18", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/releases/tag/5.3.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39396", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39396", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-prm5-8g2m-24gg", + "reference_type": "", "url": "https://github.com/advisories/GHSA-prm5-8g2m-24gg", "severities": [ { @@ -2704,8 +2705,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-08T17:29:16+00:00", @@ -2735,24 +2735,25 @@ "references": [ { "reference_id": "CVE-2022-41714", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41714", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://fluidattacks.com/advisories/guetta/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/streamich/fastest-json-copy", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-p5g9-rjcf-95vj", + "reference_type": "", "url": "https://github.com/advisories/GHSA-p5g9-rjcf-95vj", "severities": [ { @@ -2760,8 +2761,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-04T12:00:25+00:00", @@ -2791,24 +2791,25 @@ "references": [ { "reference_id": "CVE-2022-42743", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42743", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://fluidattacks.com/advisories/buuren/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/sibu-github/deep-parse-json/issues/6", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-ff9j-pwxg-q5p2", + "reference_type": "", "url": "https://github.com/advisories/GHSA-ff9j-pwxg-q5p2", "severities": [ { @@ -2816,8 +2817,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-04T12:00:25+00:00", @@ -2847,54 +2847,55 @@ "references": [ { "reference_id": "CVE-2022-37601", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/212", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/releases/tag/v2.0.3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/pull/217", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/pull/220", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/releases/tag/v1.4.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-76p3-8jx3-jpfq", + "reference_type": "", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severities": [ { @@ -2902,8 +2903,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-13T12:00:28+00:00", @@ -2933,54 +2933,55 @@ "references": [ { "reference_id": "CVE-2022-37601", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/issues/212", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L11", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/parseQuery.js#L47", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/releases/tag/v2.0.3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/pull/217", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/pull/220", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/webpack/loader-utils/releases/tag/v1.4.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-76p3-8jx3-jpfq", + "reference_type": "", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severities": [ { @@ -2988,8 +2989,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-13T12:00:28+00:00", @@ -3019,6 +3019,7 @@ "references": [ { "reference_id": "GHSA-4pcg-wr6c-h9cq", + "reference_type": "", "url": "https://github.com/fastify/fastify-websocket/security/advisories/GHSA-4pcg-wr6c-h9cq", "severities": [ { @@ -3026,29 +3027,29 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fastify/fastify-websocket/releases/tag/v5.0.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fastify/fastify-websocket/releases/tag/v7.1.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39386", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39386", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-4pcg-wr6c-h9cq", + "reference_type": "", "url": "https://github.com/advisories/GHSA-4pcg-wr6c-h9cq", "severities": [ { @@ -3056,8 +3057,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-07T21:13:57+00:00", @@ -3087,6 +3087,7 @@ "references": [ { "reference_id": "GHSA-4pcg-wr6c-h9cq", + "reference_type": "", "url": "https://github.com/fastify/fastify-websocket/security/advisories/GHSA-4pcg-wr6c-h9cq", "severities": [ { @@ -3094,29 +3095,29 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fastify/fastify-websocket/releases/tag/v5.0.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fastify/fastify-websocket/releases/tag/v7.1.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39386", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39386", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-4pcg-wr6c-h9cq", + "reference_type": "", "url": "https://github.com/advisories/GHSA-4pcg-wr6c-h9cq", "severities": [ { @@ -3124,8 +3125,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-07T21:13:57+00:00", @@ -3155,6 +3155,7 @@ "references": [ { "reference_id": "GHSA-4pcg-wr6c-h9cq", + "reference_type": "", "url": "https://github.com/fastify/fastify-websocket/security/advisories/GHSA-4pcg-wr6c-h9cq", "severities": [ { @@ -3162,29 +3163,29 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fastify/fastify-websocket/releases/tag/v5.0.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fastify/fastify-websocket/releases/tag/v7.1.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39386", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39386", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-4pcg-wr6c-h9cq", + "reference_type": "", "url": "https://github.com/advisories/GHSA-4pcg-wr6c-h9cq", "severities": [ { @@ -3192,8 +3193,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-07T21:13:57+00:00", @@ -3223,24 +3223,25 @@ "references": [ { "reference_id": "CVE-2022-41710", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41710", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://fluidattacks.com/advisories/noisestorm/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/amitmerchant1990/electron-markdownify", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-qqhf-xfhw-7884", + "reference_type": "", "url": "https://github.com/advisories/GHSA-qqhf-xfhw-7884", "severities": [ { @@ -3248,8 +3249,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-04T12:00:25+00:00", @@ -3279,6 +3279,7 @@ "references": [ { "reference_id": "GHSA-25mx-2mxm-6343", + "reference_type": "", "url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-25mx-2mxm-6343", "severities": [ { @@ -3286,29 +3287,29 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/keystonejs/keystone/pull/8063", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39382", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39382", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/keystonejs/keystone/pull/8031/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-25mx-2mxm-6343", + "reference_type": "", "url": "https://github.com/advisories/GHSA-25mx-2mxm-6343", "severities": [ { @@ -3316,8 +3317,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-03T18:14:05+00:00", @@ -3346,6 +3346,7 @@ "references": [ { "reference_id": "GHSA-8r69-3cvp-wxc3", + "reference_type": "", "url": "https://github.com/apollographql/apollo-server/security/advisories/GHSA-8r69-3cvp-wxc3", "severities": [ { @@ -3353,23 +3354,23 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/apollographql/apollo-server/commit/2a2d1e3b4bbb1f2802b09004444029bd1adb9c19", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/apollographql/apollo-server/commit/69be2f75d05c7044086a869d915b965ada033850", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-8r69-3cvp-wxc3", + "reference_type": "", "url": "https://github.com/advisories/GHSA-8r69-3cvp-wxc3", "severities": [ { @@ -3377,8 +3378,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-02T18:18:10+00:00", @@ -3407,6 +3407,7 @@ "references": [ { "reference_id": "GHSA-8r69-3cvp-wxc3", + "reference_type": "", "url": "https://github.com/apollographql/apollo-server/security/advisories/GHSA-8r69-3cvp-wxc3", "severities": [ { @@ -3414,23 +3415,23 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/apollographql/apollo-server/commit/2a2d1e3b4bbb1f2802b09004444029bd1adb9c19", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/apollographql/apollo-server/commit/69be2f75d05c7044086a869d915b965ada033850", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-8r69-3cvp-wxc3", + "reference_type": "", "url": "https://github.com/advisories/GHSA-8r69-3cvp-wxc3", "severities": [ { @@ -3438,8 +3439,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-02T18:18:10+00:00", @@ -3469,6 +3469,7 @@ "references": [ { "reference_id": "GHSA-rcrx-fpjp-mfrw", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-rcrx-fpjp-mfrw", "severities": [ { @@ -3476,41 +3477,41 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/issues/293", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/issues/191", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/pull/194", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39381", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39381", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-rcrx-fpjp-mfrw", + "reference_type": "", "url": "https://github.com/advisories/GHSA-rcrx-fpjp-mfrw", "severities": [ { @@ -3518,8 +3519,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-02T18:10:47+00:00", @@ -3549,6 +3549,7 @@ "references": [ { "reference_id": "GHSA-rcrx-fpjp-mfrw", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-rcrx-fpjp-mfrw", "severities": [ { @@ -3556,41 +3557,41 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/issues/293", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/issues/191", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/pull/194", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39381", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39381", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-rcrx-fpjp-mfrw", + "reference_type": "", "url": "https://github.com/advisories/GHSA-rcrx-fpjp-mfrw", "severities": [ { @@ -3598,8 +3599,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-02T18:10:47+00:00", @@ -3629,48 +3629,49 @@ "references": [ { "reference_id": "CVE-2022-25885", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25885", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/issues/439", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/issues/188", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-frp9-2v6r-gj97", + "reference_type": "", "url": "https://github.com/advisories/GHSA-frp9-2v6r-gj97", "severities": [ { @@ -3678,8 +3679,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-01T12:00:30+00:00", @@ -3709,60 +3709,61 @@ "references": [ { "reference_id": "CVE-2022-25892", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25892", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/issues/463", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/issues/214", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-f64j-4x74-p42m", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-f64j-4x74-p42m", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-9cv5-4wqv-9w94", + "reference_type": "", "url": "https://github.com/advisories/GHSA-9cv5-4wqv-9w94", "severities": [ { @@ -3770,8 +3771,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-01T12:00:30+00:00", @@ -3801,48 +3801,49 @@ "references": [ { "reference_id": "CVE-2022-25885", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25885", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/issues/439", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/issues/188", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-frp9-2v6r-gj97", + "reference_type": "", "url": "https://github.com/advisories/GHSA-frp9-2v6r-gj97", "severities": [ { @@ -3850,8 +3851,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-01T12:00:30+00:00", @@ -3881,60 +3881,61 @@ "references": [ { "reference_id": "CVE-2022-25892", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25892", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/issues/463", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/issues/214", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-f64j-4x74-p42m", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-f64j-4x74-p42m", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-9cv5-4wqv-9w94", + "reference_type": "", "url": "https://github.com/advisories/GHSA-9cv5-4wqv-9w94", "severities": [ { @@ -3942,8 +3943,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-01T12:00:30+00:00", @@ -3973,60 +3973,61 @@ "references": [ { "reference_id": "CVE-2022-25892", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25892", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/issues/463", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/issues/214", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-f64j-4x74-p42m", + "reference_type": "", "url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-f64j-4x74-p42m", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-9cv5-4wqv-9w94", + "reference_type": "", "url": "https://github.com/advisories/GHSA-9cv5-4wqv-9w94", "severities": [ { @@ -4034,8 +4035,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-01T12:00:30+00:00", @@ -4065,30 +4065,31 @@ "references": [ { "reference_id": "CVE-2022-3783", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3783", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-red/node-red-dashboard/issues/772", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-red/node-red-dashboard/commit/9305d1a82f19b235dfad24a7d1dd4ed244db7743", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://vuldb.com/?id.212555", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-vrv9-3x3w-ffxw", + "reference_type": "", "url": "https://github.com/advisories/GHSA-vrv9-3x3w-ffxw", "severities": [ { @@ -4096,8 +4097,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-01T12:00:36+00:00", @@ -4127,6 +4127,7 @@ "references": [ { "reference_id": "GHSA-crh6-fp67-6883", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883", "severities": [ { @@ -4134,41 +4135,41 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.7.7", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.8.4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.9.0-beta.4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39353", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39353", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/jindw/xmldom/issues/150", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-crh6-fp67-6883", + "reference_type": "", "url": "https://github.com/advisories/GHSA-crh6-fp67-6883", "severities": [ { @@ -4176,8 +4177,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-01T17:29:11+00:00", @@ -4207,6 +4207,7 @@ "references": [ { "reference_id": "GHSA-crh6-fp67-6883", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883", "severities": [ { @@ -4214,41 +4215,41 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.7.7", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.8.4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.9.0-beta.4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39353", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39353", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/jindw/xmldom/issues/150", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-crh6-fp67-6883", + "reference_type": "", "url": "https://github.com/advisories/GHSA-crh6-fp67-6883", "severities": [ { @@ -4256,8 +4257,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-01T17:29:11+00:00", @@ -4287,6 +4287,7 @@ "references": [ { "reference_id": "GHSA-crh6-fp67-6883", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883", "severities": [ { @@ -4294,41 +4295,41 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.7.7", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.8.4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.9.0-beta.4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39353", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39353", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/jindw/xmldom/issues/150", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-crh6-fp67-6883", + "reference_type": "", "url": "https://github.com/advisories/GHSA-crh6-fp67-6883", "severities": [ { @@ -4336,8 +4337,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-01T17:29:11+00:00", @@ -4367,6 +4367,7 @@ "references": [ { "reference_id": "GHSA-crh6-fp67-6883", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883", "severities": [ { @@ -4374,41 +4375,41 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.7.7", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.8.4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/releases/tag/0.9.0-beta.4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39353", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39353", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/jindw/xmldom/issues/150", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-crh6-fp67-6883", + "reference_type": "", "url": "https://github.com/advisories/GHSA-crh6-fp67-6883", "severities": [ { @@ -4416,8 +4417,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-11-01T17:29:11+00:00", @@ -4447,30 +4447,31 @@ "references": [ { "reference_id": "CVE-2022-29823", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29823", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://csirt.divd.nl/cases/DIVD-2022-00020", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-29823", + "reference_type": "", "url": "https://csirt.divd.nl/cves/CVE-2022-29823/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/feathersjs-ecosystem/feathers-sequelize/commit/0b7beaa773dc313fdb27edd9ee8115064d7cf114", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-p5m3-27vh-52j4", + "reference_type": "", "url": "https://github.com/advisories/GHSA-p5m3-27vh-52j4", "severities": [ { @@ -4478,8 +4479,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-26T12:00:28+00:00", @@ -4509,30 +4509,31 @@ "references": [ { "reference_id": "CVE-2022-29822", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29822", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://csirt.divd.nl/cases/DIVD-2022-00020", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-29822", + "reference_type": "", "url": "https://csirt.divd.nl/cves/CVE-2022-29822/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/feathersjs-ecosystem/feathers-sequelize/commit/0f2d85f0b2d556f2b6c70423dcebdbd29d95e3dc", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-5hq7-j5wq-p227", + "reference_type": "", "url": "https://github.com/advisories/GHSA-5hq7-j5wq-p227", "severities": [ { @@ -4540,8 +4541,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-26T12:00:28+00:00", @@ -4571,30 +4571,31 @@ "references": [ { "reference_id": "CVE-2022-2422", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2422", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://csirt.divd.nl/cases/DIVD-2022-00020", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-2422", + "reference_type": "", "url": "https://csirt.divd.nl/cves/CVE-2022-2422", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/feathersjs-ecosystem/feathers-sequelize/commit/0f2d85f0b2d556f2b6c70423dcebdbd29d95e3dc", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-qpv8-4pjq-qqh7", + "reference_type": "", "url": "https://github.com/advisories/GHSA-qpv8-4pjq-qqh7", "severities": [ { @@ -4602,8 +4603,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-26T12:00:28+00:00", @@ -4633,48 +4633,49 @@ "references": [ { "reference_id": "CVE-2022-2421", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2421", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://csirt.divd.nl/cases/DIVD-2022-00045", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-2421", + "reference_type": "", "url": "https://csirt.divd.nl/cves/CVE-2022-2421", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/04d23cecafe1b859fb03e0cbf6ba3b74dff56d14", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/socketio/socket.io-parser/commit/fb21e422fc193b34347395a33e0f625bebc09983", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-qm95-pgcg-qqfq", + "reference_type": "", "url": "https://github.com/advisories/GHSA-qm95-pgcg-qqfq", "severities": [ { @@ -4682,8 +4683,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-26T12:00:28+00:00", @@ -4713,6 +4713,7 @@ "references": [ { "reference_id": "GHSA-cr84-xvw4-qx3c", + "reference_type": "", "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-cr84-xvw4-qx3c", "severities": [ { @@ -4720,41 +4721,41 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-25918", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25918", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/ericcornelissen/shescape/commit/552e8eab56861720b1d4e5474fb65741643358f9", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/ericcornelissen/shescape/blob/main/src/unix.js%23L52", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.6.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-SHESCAPE-3061108", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-cr84-xvw4-qx3c", + "reference_type": "", "url": "https://github.com/advisories/GHSA-cr84-xvw4-qx3c", "severities": [ { @@ -4762,8 +4763,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-25T22:27:32+00:00", @@ -4793,6 +4793,7 @@ "references": [ { "reference_id": "GHSA-c33w-pm52-mqvf", + "reference_type": "", "url": "https://github.com/DependencyTrack/frontend/security/advisories/GHSA-c33w-pm52-mqvf", "severities": [ { @@ -4800,29 +4801,29 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-39350", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39350", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://docs.dependencytrack.org/changelog/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/showdownjs/showdown/wiki/Markdown's-XSS-Vulnerability-(and-how-to-mitigate-it)", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-c33w-pm52-mqvf", + "reference_type": "", "url": "https://github.com/advisories/GHSA-c33w-pm52-mqvf", "severities": [ { @@ -4830,8 +4831,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-25T20:22:01+00:00", @@ -4861,24 +4861,25 @@ "references": [ { "reference_id": "CVE-2022-41709", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41709", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://fluidattacks.com/advisories/adams/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/amitmerchant1990/electron-markdownify", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-c942-mfmp-p4fh", + "reference_type": "", "url": "https://github.com/advisories/GHSA-c942-mfmp-p4fh", "severities": [ { @@ -4886,8 +4887,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-19T19:00:17+00:00", @@ -4916,6 +4916,7 @@ "references": [ { "reference_id": "GHSA-whpx-q3rq-w8jc", + "reference_type": "", "url": "https://github.com/endojs/endo/security/advisories/GHSA-whpx-q3rq-w8jc", "severities": [ { @@ -4923,17 +4924,17 @@ "value": "LOW", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/endojs/endo/commit/88cab0be4cf816dc578f2ff441fd9bcda0aa5cf5", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-whpx-q3rq-w8jc", + "reference_type": "", "url": "https://github.com/advisories/GHSA-whpx-q3rq-w8jc", "severities": [ { @@ -4941,8 +4942,7 @@ "value": "LOW", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-20T18:38:35+00:00", @@ -4972,48 +4972,49 @@ "references": [ { "reference_id": "CVE-2022-24373", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24373", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/software-mansion/react-native-reanimated/pull/3382", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/software-mansion/react-native-reanimated/commit/8a927904366fa2d02df7a11553f8b0aa93471279", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/software-mansion/react-native-reanimated/compare/2.9.1...2.10.0", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-2j79-8pqc-r7x6", + "reference_type": "", "url": "https://github.com/advisories/GHSA-2j79-8pqc-r7x6", "severities": [ { @@ -5021,8 +5022,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-01T00:00:24+00:00", @@ -5052,30 +5052,31 @@ "references": [ { "reference_id": "CVE-2022-3517", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/grafana/grafana-image-renderer/issues/329", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/nodejs/node/issues/42510", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-f8q6-p94x-37v3", + "reference_type": "", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severities": [ { @@ -5083,8 +5084,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-18T12:00:32+00:00", @@ -5114,36 +5114,37 @@ "references": [ { "reference_id": "CVE-2019-17426", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17426", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/commit/f3eca5b94d822225c04e96cbeed9f095afb3c31c", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/issues/8222", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/commits/4.13.21", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/releases/tag/4.13.21", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-8687-vv9j-hgph", + "reference_type": "", "url": "https://github.com/advisories/GHSA-8687-vv9j-hgph", "severities": [ { @@ -5151,8 +5152,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2019-10-22T20:19:54+00:00", @@ -5182,36 +5182,37 @@ "references": [ { "reference_id": "CVE-2019-17426", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17426", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/commit/f3eca5b94d822225c04e96cbeed9f095afb3c31c", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/issues/8222", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/commits/4.13.21", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Automattic/mongoose/releases/tag/4.13.21", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-8687-vv9j-hgph", + "reference_type": "", "url": "https://github.com/advisories/GHSA-8687-vv9j-hgph", "severities": [ { @@ -5219,8 +5220,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2019-10-22T20:19:54+00:00", @@ -5250,6 +5250,7 @@ "references": [ { "reference_id": "GHSA-6mhr-52mv-6v6f", + "reference_type": "", "url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-6mhr-52mv-6v6f", "severities": [ { @@ -5257,23 +5258,23 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-39322", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39322", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/keystonejs/keystone/commit/65c6ee3deef23605fc72b80230908696a7a65e7c", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-6mhr-52mv-6v6f", + "reference_type": "", "url": "https://github.com/advisories/GHSA-6mhr-52mv-6v6f", "severities": [ { @@ -5281,8 +5282,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-18T17:12:46+00:00", @@ -5312,6 +5312,7 @@ "references": [ { "reference_id": "GHSA-h423-w6qv-2wj3", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3", "severities": [ { @@ -5319,23 +5320,23 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/releases/tag/4.10.17", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39313", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39313", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-h423-w6qv-2wj3", + "reference_type": "", "url": "https://github.com/advisories/GHSA-h423-w6qv-2wj3", "severities": [ { @@ -5343,8 +5344,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-18T16:08:49+00:00", @@ -5374,6 +5374,7 @@ "references": [ { "reference_id": "GHSA-h423-w6qv-2wj3", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3", "severities": [ { @@ -5381,23 +5382,23 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/parse-community/parse-server/releases/tag/4.10.17", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39313", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39313", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-h423-w6qv-2wj3", + "reference_type": "", "url": "https://github.com/advisories/GHSA-h423-w6qv-2wj3", "severities": [ { @@ -5405,8 +5406,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-18T16:08:49+00:00", @@ -5436,6 +5436,7 @@ "references": [ { "reference_id": "GHSA-9pgh-qqpf-7wqj", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj", "severities": [ { @@ -5443,53 +5444,53 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-37616", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37616", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/issues/436", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/pull/437", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md#076", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00023.html", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-9pgh-qqpf-7wqj", + "reference_type": "", "url": "https://github.com/advisories/GHSA-9pgh-qqpf-7wqj", "severities": [ { @@ -5497,8 +5498,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-11T20:42:57+00:00", @@ -5528,6 +5528,7 @@ "references": [ { "reference_id": "GHSA-9pgh-qqpf-7wqj", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj", "severities": [ { @@ -5535,53 +5536,53 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-37616", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37616", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/issues/436", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/pull/437", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md#076", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00023.html", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-9pgh-qqpf-7wqj", + "reference_type": "", "url": "https://github.com/advisories/GHSA-9pgh-qqpf-7wqj", "severities": [ { @@ -5589,8 +5590,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-11T20:42:57+00:00", @@ -5620,6 +5620,7 @@ "references": [ { "reference_id": "GHSA-5p8w-2mvw-38pv", + "reference_type": "", "url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv", "severities": [ { @@ -5627,23 +5628,23 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39300", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39300", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-5p8w-2mvw-38pv", + "reference_type": "", "url": "https://github.com/advisories/GHSA-5p8w-2mvw-38pv", "severities": [ { @@ -5651,8 +5652,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-12T22:05:44+00:00", @@ -5682,6 +5682,7 @@ "references": [ { "reference_id": "GHSA-m974-647v-whv7", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-m974-647v-whv7", "severities": [ { @@ -5689,35 +5690,35 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/commit/8b7e3f5a91c8e5ac7e890a0c90bc7491ce33155e", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/releases/tag/v3.2.2", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39299", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39299", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "http://packetstormsecurity.com/files/169826/Node-saml-Root-Element-Signature-Bypass.html", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-m974-647v-whv7", + "reference_type": "", "url": "https://github.com/advisories/GHSA-m974-647v-whv7", "severities": [ { @@ -5725,8 +5726,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-12T22:05:41+00:00", @@ -5756,6 +5756,7 @@ "references": [ { "reference_id": "GHSA-m974-647v-whv7", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-m974-647v-whv7", "severities": [ { @@ -5763,35 +5764,35 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/commit/8b7e3f5a91c8e5ac7e890a0c90bc7491ce33155e", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/releases/tag/v3.2.2", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39299", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39299", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "http://packetstormsecurity.com/files/169826/Node-saml-Root-Element-Signature-Bypass.html", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-m974-647v-whv7", + "reference_type": "", "url": "https://github.com/advisories/GHSA-m974-647v-whv7", "severities": [ { @@ -5799,8 +5800,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-12T22:05:41+00:00", @@ -5830,6 +5830,7 @@ "references": [ { "reference_id": "GHSA-m974-647v-whv7", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-m974-647v-whv7", "severities": [ { @@ -5837,35 +5838,35 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/commit/8b7e3f5a91c8e5ac7e890a0c90bc7491ce33155e", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/releases/tag/v3.2.2", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39299", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39299", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "http://packetstormsecurity.com/files/169826/Node-saml-Root-Element-Signature-Bypass.html", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-m974-647v-whv7", + "reference_type": "", "url": "https://github.com/advisories/GHSA-m974-647v-whv7", "severities": [ { @@ -5873,8 +5874,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-12T22:05:41+00:00", @@ -5904,6 +5904,7 @@ "references": [ { "reference_id": "GHSA-m974-647v-whv7", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-m974-647v-whv7", "severities": [ { @@ -5911,35 +5912,35 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/commit/8b7e3f5a91c8e5ac7e890a0c90bc7491ce33155e", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/node-saml/passport-saml/releases/tag/v3.2.2", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39299", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39299", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "http://packetstormsecurity.com/files/169826/Node-saml-Root-Element-Signature-Bypass.html", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-m974-647v-whv7", + "reference_type": "", "url": "https://github.com/advisories/GHSA-m974-647v-whv7", "severities": [ { @@ -5947,8 +5948,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-12T22:05:41+00:00", @@ -5978,24 +5978,25 @@ "references": [ { "reference_id": "CVE-2022-41376", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41376", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://alicangonullu.org/konu/138", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://youtu.be/_wzGVpX54Rc", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-633r-r4p8-pw3w", + "reference_type": "", "url": "https://github.com/advisories/GHSA-633r-r4p8-pw3w", "severities": [ { @@ -6003,8 +6004,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-11T19:00:26+00:00", @@ -6033,6 +6033,7 @@ "references": [ { "reference_id": "GHSA-2p3c-p3qw-69r4", + "reference_type": "", "url": "https://github.com/apollographql/apollo-server/security/advisories/GHSA-2p3c-p3qw-69r4", "severities": [ { @@ -6040,23 +6041,23 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/jaydenseric/graphql-multipart-request-spec/pull/64", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/apollographql/apollo-server/commit/82d44985ddca8e61557957d67f41e9c1a705a5ca", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-2p3c-p3qw-69r4", + "reference_type": "", "url": "https://github.com/advisories/GHSA-2p3c-p3qw-69r4", "severities": [ { @@ -6064,8 +6065,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-12T14:15:48+00:00", @@ -6095,6 +6095,7 @@ "references": [ { "reference_id": "GHSA-9pgh-qqpf-7wqj", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj", "severities": [ { @@ -6102,53 +6103,53 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-37616", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37616", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/issues/436", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/pull/437", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md#076", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00023.html", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-9pgh-qqpf-7wqj", + "reference_type": "", "url": "https://github.com/advisories/GHSA-9pgh-qqpf-7wqj", "severities": [ { @@ -6156,8 +6157,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-11T20:42:57+00:00", @@ -6187,6 +6187,7 @@ "references": [ { "reference_id": "GHSA-9pgh-qqpf-7wqj", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj", "severities": [ { @@ -6194,53 +6195,53 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-37616", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37616", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/issues/436", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/pull/437", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md#076", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00023.html", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-9pgh-qqpf-7wqj", + "reference_type": "", "url": "https://github.com/advisories/GHSA-9pgh-qqpf-7wqj", "severities": [ { @@ -6248,8 +6249,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-11T20:42:57+00:00", @@ -6279,6 +6279,7 @@ "references": [ { "reference_id": "GHSA-455w-c45v-86rg", + "reference_type": "", "url": "https://github.com/fastify/fastify/security/advisories/GHSA-455w-c45v-86rg", "severities": [ { @@ -6286,35 +6287,35 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-39288", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39288", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fastify/fastify/commit/fbb07e8dfad74c69cd4cd2211aedab87194618e3", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fastify/fastify/security/policy", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://hackerone.com/bugs?report_id=1715536&subject=fastify", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-455w-c45v-86rg", + "reference_type": "", "url": "https://github.com/advisories/GHSA-455w-c45v-86rg", "severities": [ { @@ -6322,8 +6323,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-11T13:45:14+00:00", @@ -6352,6 +6352,7 @@ "references": [ { "reference_id": "GHSA-jjmg-x456-w976", + "reference_type": "", "url": "https://github.com/Psifi-Solutions/csrf-csrf/security/advisories/GHSA-jjmg-x456-w976", "severities": [ { @@ -6359,17 +6360,17 @@ "value": "LOW", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/Psifi-Solutions/csrf-csrf/commit/8f1ce8db97d945a4bb7f39f0b43c6041fa83d675", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-jjmg-x456-w976", + "reference_type": "", "url": "https://github.com/advisories/GHSA-jjmg-x456-w976", "severities": [ { @@ -6377,8 +6378,7 @@ "value": "LOW", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-10T20:59:02+00:00", @@ -6408,24 +6408,25 @@ "references": [ { "reference_id": "CVE-2022-3423", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3423", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-grv6-m753-3w2g", + "reference_type": "", "url": "https://github.com/advisories/GHSA-grv6-m753-3w2g", "severities": [ { @@ -6433,8 +6434,7 @@ "value": "MODERATE", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-07T18:16:01+00:00", @@ -6464,6 +6464,7 @@ "references": [ { "reference_id": "GHSA-pj2c-h76w-vv6f", + "reference_type": "", "url": "https://github.com/valexandersaulys/tiny-csrf/security/advisories/GHSA-pj2c-h76w-vv6f", "severities": [ { @@ -6471,23 +6472,23 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/valexandersaulys/tiny-csrf/commit/8eead6da3b56e290512bbe8d20c2c5df3be317ba", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "CVE-2022-39287", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39287", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-pj2c-h76w-vv6f", + "reference_type": "", "url": "https://github.com/advisories/GHSA-pj2c-h76w-vv6f", "severities": [ { @@ -6495,8 +6496,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-07T21:23:18+00:00", @@ -6526,6 +6526,7 @@ "references": [ { "reference_id": "GHSA-xrx9-gj26-5wx9", + "reference_type": "", "url": "https://github.com/imbrn/v8n/security/advisories/GHSA-xrx9-gj26-5wx9", "severities": [ { @@ -6533,29 +6534,29 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "CVE-2022-35923", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35923", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/imbrn/v8n/commit/92393862156fad190c05ec3f6e2bc73308dcd2f9", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://huntr.dev/bounties/2d92f644-593b-43b4-bfd1-c8042ac60609/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-xrx9-gj26-5wx9", + "reference_type": "", "url": "https://github.com/advisories/GHSA-xrx9-gj26-5wx9", "severities": [ { @@ -6563,8 +6564,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-07T07:33:44+00:00", @@ -6593,6 +6593,7 @@ "references": [ { "reference_id": "GHSA-8w7w-67mw-r5p7", + "reference_type": "", "url": "https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-8w7w-67mw-r5p7", "severities": [ { @@ -6600,23 +6601,23 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://gist.github.com/atomfrede/311f8a9c6eb74c5c5226af0481155207", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://www.jhipster.tech/2020/05/17/jhipster-release-6.9.0.html", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-8w7w-67mw-r5p7", + "reference_type": "", "url": "https://github.com/advisories/GHSA-8w7w-67mw-r5p7", "severities": [ { @@ -6624,8 +6625,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-06T22:56:29+00:00", @@ -6655,36 +6655,37 @@ "references": [ { "reference_id": "CVE-2022-40764", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40764", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/snyk/cli/releases/tag/v1.996.0", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/snyk/snyk-go-plugin/releases/tag/v1.19.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://support.snyk.io/hc/en-us/articles/7015908293789-CVE-2022-40764-Command-Injection-vulnerability-affecting-Snyk-CLI-versions-prior-to-1-996-0", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-hpqj-7cj6-hfj8", + "reference_type": "", "url": "https://github.com/advisories/GHSA-hpqj-7cj6-hfj8", "severities": [ { @@ -6692,8 +6693,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-04T00:00:22+00:00", @@ -6723,36 +6723,37 @@ "references": [ { "reference_id": "CVE-2022-40764", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40764", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/snyk/cli/releases/tag/v1.996.0", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/snyk/snyk-go-plugin/releases/tag/v1.19.1", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://support.snyk.io/hc/en-us/articles/7015908293789-CVE-2022-40764-Command-Injection-vulnerability-affecting-Snyk-CLI-versions-prior-to-1-996-0", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-hpqj-7cj6-hfj8", + "reference_type": "", "url": "https://github.com/advisories/GHSA-hpqj-7cj6-hfj8", "severities": [ { @@ -6760,8 +6761,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-04T00:00:22+00:00", @@ -6790,12 +6790,13 @@ "references": [ { "reference_id": "", + "reference_type": "", "url": "https://www.npmjs.com/advisories/1015", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-8j6j-4h2c-c65p", + "reference_type": "", "url": "https://github.com/advisories/GHSA-8j6j-4h2c-c65p", "severities": [ { @@ -6803,8 +6804,7 @@ "value": "CRITICAL", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2020-09-03T17:02:52+00:00", @@ -6834,18 +6834,19 @@ "references": [ { "reference_id": "CVE-2016-10707", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10707", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/jquery/jquery/issues/3133", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-mhpp-875w-9cpv", + "reference_type": "", "url": "https://github.com/advisories/GHSA-mhpp-875w-9cpv", "severities": [ { @@ -6853,32 +6854,31 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] }, { "reference_id": "", + "reference_type": "", "url": "https://www.npmjs.com/advisories/330", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/jquery/jquery/pull/3134", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://snyk.io/vuln/npm:jquery:20160529", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/jquery/jquery/issues/3133#issuecomment-358978489", - "severities": [], - "reference_type": "" + "severities": [] } ], "date_published": "2018-01-22T13:32:42+00:00", @@ -6908,30 +6908,31 @@ "references": [ { "reference_id": "CVE-2022-21222", + "reference_type": "", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21222", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-3035488", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fb55/css-what/commit/dc510929790da6617e7aa93a616498b22f6a6b72", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "", + "reference_type": "", "url": "https://github.com/fb55/css-what/blob/a38effd5a8f5506d75c7f8f13cbd8c76248a3860/index.js#23L12", - "severities": [], - "reference_type": "" + "severities": [] }, { "reference_id": "GHSA-p28h-cc7q-c4fg", + "reference_type": "", "url": "https://github.com/advisories/GHSA-p28h-cc7q-c4fg", "severities": [ { @@ -6939,8 +6940,7 @@ "value": "HIGH", "scoring_elements": "" } - ], - "reference_type": "" + ] } ], "date_published": "2022-10-01T00:00:24+00:00", diff --git a/vulnerabilities/tests/test_data/nginx_v2/security_advisories-advisory_data-expected.json b/vulnerabilities/tests/test_data/nginx_v2/security_advisories-advisory_data-expected.json index bc79ac4ec..221c474ea 100644 --- a/vulnerabilities/tests/test_data/nginx_v2/security_advisories-advisory_data-expected.json +++ b/vulnerabilities/tests/test_data/nginx_v2/security_advisories-advisory_data-expected.json @@ -19,7 +19,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -57,7 +57,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -95,7 +95,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -133,7 +133,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -171,7 +171,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -209,7 +209,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -247,7 +247,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -296,7 +296,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -345,7 +345,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -394,7 +394,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -432,7 +432,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -470,7 +470,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -508,7 +508,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -546,7 +546,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -584,7 +584,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -633,7 +633,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -682,7 +682,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -741,7 +741,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -779,7 +779,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -817,7 +817,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -855,7 +855,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -893,7 +893,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -942,7 +942,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -991,7 +991,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -1040,7 +1040,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -1089,7 +1089,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -1148,7 +1148,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -1197,7 +1197,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -1235,7 +1235,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -1284,7 +1284,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -1333,7 +1333,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2011-4315", "reference_type": "", @@ -1366,7 +1366,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2010-2266", "reference_type": "", @@ -1399,7 +1399,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2010-2263", "reference_type": "", @@ -1432,7 +1432,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -1459,7 +1459,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2009-4487", "reference_type": "", @@ -1494,7 +1494,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2009-3555", "reference_type": "", @@ -1538,7 +1538,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2009-3898", "reference_type": "", @@ -1573,7 +1573,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2009-2629", "reference_type": "", @@ -1617,7 +1617,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "CVE-2009-3896", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/nvd_v2/nvd-expected.json b/vulnerabilities/tests/test_data/nvd_v2/nvd-expected.json index 4226460ff..cb52cbbfc 100644 --- a/vulnerabilities/tests/test_data/nvd_v2/nvd-expected.json +++ b/vulnerabilities/tests/test_data/nvd_v2/nvd-expected.json @@ -4,36 +4,36 @@ "aliases": [], "summary": "Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.", "affected_packages": [], - "references_v2": [ + "references": [ { - "reference_id": "cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*" + "url": "http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog" }, { - "reference_id": "cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*" + "url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/" }, { - "reference_id": "cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*", + "reference_id": "CVE-2005-4895", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4895" }, { - "reference_id": "CVE-2005-4895", + "reference_id": "cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4895" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*" } ], "patches": [], @@ -55,17 +55,7 @@ "aliases": [], "summary": "SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.", "affected_packages": [], - "references_v2": [ - { - "reference_id": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*" - }, - { - "reference_id": "CVE-2005-4900", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4900" - }, + "references": [ { "reference_id": "", "reference_type": "", @@ -120,6 +110,16 @@ "reference_id": "", "reference_type": "", "url": "https://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html" + }, + { + "reference_id": "CVE-2005-4900", + "reference_type": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4900" + }, + { + "reference_id": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "reference_type": "", + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*" } ], "patches": [], @@ -146,271 +146,271 @@ "aliases": [], "summary": "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.", "affected_packages": [], - "references_v2": [ + "references": [ { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*" + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html" }, { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*" + "url": "http://marc.info/?l=bugtraq&m=104222046632243&w=2" }, { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*" + "url": "http://secunia.com/advisories/7996" }, { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*" + "url": "http://www.atstake.com/research/advisories/2003/a010603-1.txt" }, { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*" + "url": "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf" }, { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*" + "url": "http://www.kb.cert.org/vuls/id/412115" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*" + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*" + "url": "http://www.osvdb.org/9962" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*" + "url": "http://www.redhat.com/support/errata/RHSA-2003-025.html" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*" + "url": "http://www.redhat.com/support/errata/RHSA-2003-088.html" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*" + "url": "http://www.securityfocus.com/archive/1/305335/30/26420/threaded" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*" + "url": "http://www.securityfocus.com/archive/1/307564/30/26270/threaded" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*" + "url": "http://www.securitytracker.com/id/1031583" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*" + "url": "http://www.securitytracker.com/id/1040185" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*" + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", + "reference_id": "CVE-2003-0001", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0001" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*" }, { - "reference_id": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*" }, { - "reference_id": "CVE-2003-0001", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0001" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://marc.info/?l=bugtraq&m=104222046632243&w=2" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://secunia.com/advisories/7996" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.atstake.com/research/advisories/2003/a010603-1.txt" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.kb.cert.org/vuls/id/412115" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.osvdb.org/9962" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.redhat.com/support/errata/RHSA-2003-025.html" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.redhat.com/support/errata/RHSA-2003-088.html" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.securityfocus.com/archive/1/305335/30/26420/threaded" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.securityfocus.com/archive/1/307564/30/26270/threaded" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.securitytracker.com/id/1031583" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "reference_type": "", - "url": "http://www.securitytracker.com/id/1040185" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*" }, { - "reference_id": "", + "reference_id": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665" + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*" } ], "patches": [], diff --git a/vulnerabilities/tests/test_data/nvd_v2/nvd-rejected-expected.json b/vulnerabilities/tests/test_data/nvd_v2/nvd-rejected-expected.json index ad0892805..b29870542 100644 --- a/vulnerabilities/tests/test_data/nvd_v2/nvd-rejected-expected.json +++ b/vulnerabilities/tests/test_data/nvd_v2/nvd-rejected-expected.json @@ -4,7 +4,7 @@ "aliases": [], "summary": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "CVE-2022-0094", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/openssl/release_metadata/openssl_advisoryv2-expected.json b/vulnerabilities/tests/test_data/openssl/release_metadata/openssl_advisoryv2-expected.json index 8f4fda057..245026ea3 100644 --- a/vulnerabilities/tests/test_data/openssl/release_metadata/openssl_advisoryv2-expected.json +++ b/vulnerabilities/tests/test_data/openssl/release_metadata/openssl_advisoryv2-expected.json @@ -19,7 +19,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "OpenSSL Advisory", "reference_type": "advisory", @@ -72,7 +72,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "OpenSSL Advisory", "reference_type": "advisory", @@ -118,7 +118,7 @@ ] } ], - "references_v2": [ + "references": [ { "reference_id": "0.9.8n git commit", "reference_type": "commit", @@ -171,7 +171,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "OpenSSL Advisory", "reference_type": "advisory", @@ -210,7 +210,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "OpenSSL Advisory", "reference_type": "advisory", @@ -332,7 +332,7 @@ ] } ], - "references_v2": [ + "references": [ { "reference_id": "3.2.6 git commit", "reference_type": "commit", diff --git a/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json b/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json index 7e8417c30..09f66da72 100644 --- a/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json +++ b/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json @@ -2258,7 +2258,7 @@ "CVE-2016-2183", "VC-OPENSSL-20160824-CVE-2016-2183" ], - "summary": "Because DES (and triple-DES) has only a 64-bit block size, birthday attacks are a real concern. For example, with the ability to run Javascript in a browser, it is possible to send enough traffic to cause a collision, and then use that information to recover something like a session Cookie. Triple-DES, which shows up as “DES-CBC3” in an OpenSSL cipher string, is still used on the Web, and major browsers are not yet willing to completely disable it. If you run a server, you should disable triple-DES. This is generally a configuration issue. If you run an old server that doesn’t support any better ciphers than DES or RC4, you should upgrade. For 1.0.2 and 1.0.1, we removed the triple-DES ciphers from the “HIGH” keyword and put them into “MEDIUM.” Note that we did not remove them from the “DEFAULT” keyword. For the 1.1.0 release, we treat triple-DES just like we are treating RC4. It is not compiled by default; you have to use “enable-weak-ssl-ciphers” as a config option. Even when those ciphers are compiled, triple-DES is only in the “MEDIUM” keyword. In addition we also removed it from the “DEFAULT” keyword.", + "summary": "Because DES (and triple-DES) has only a 64-bit block size, birthday attacks are a real concern. For example, with the ability to run Javascript in a browser, it is possible to send enough traffic to cause a collision, and then use that information to recover something like a session Cookie. Triple-DES, which shows up as \u201cDES-CBC3\u201d in an OpenSSL cipher string, is still used on the Web, and major browsers are not yet willing to completely disable it. If you run a server, you should disable triple-DES. This is generally a configuration issue. If you run an old server that doesn\u2019t support any better ciphers than DES or RC4, you should upgrade. For 1.0.2 and 1.0.1, we removed the triple-DES ciphers from the \u201cHIGH\u201d keyword and put them into \u201cMEDIUM.\u201d Note that we did not remove them from the \u201cDEFAULT\u201d keyword. For the 1.1.0 release, we treat triple-DES just like we are treating RC4. It is not compiled by default; you have to use \u201cenable-weak-ssl-ciphers\u201d as a config option. Even when those ciphers are compiled, triple-DES is only in the \u201cMEDIUM\u201d keyword. In addition we also removed it from the \u201cDEFAULT\u201d keyword.", "affected_packages": [ { "package": { diff --git a/vulnerabilities/tests/test_data/osv_test/github/github-expected-1.json b/vulnerabilities/tests/test_data/osv_test/github/github-expected-1.json index bce052c1c..ffb30de71 100644 --- a/vulnerabilities/tests/test_data/osv_test/github/github-expected-1.json +++ b/vulnerabilities/tests/test_data/osv_test/github/github-expected-1.json @@ -34,7 +34,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/github/github-expected-2.json b/vulnerabilities/tests/test_data/osv_test/github/github-expected-2.json index cdbf9fbfb..ac6d9a24b 100644 --- a/vulnerabilities/tests/test_data/osv_test/github/github-expected-2.json +++ b/vulnerabilities/tests/test_data/osv_test/github/github-expected-2.json @@ -20,7 +20,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/github/github-expected-3.json b/vulnerabilities/tests/test_data/osv_test/github/github-expected-3.json index 1c4ced517..c9defff2b 100644 --- a/vulnerabilities/tests/test_data/osv_test/github/github-expected-3.json +++ b/vulnerabilities/tests/test_data/osv_test/github/github-expected-3.json @@ -32,7 +32,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/github/github-expected-4.json b/vulnerabilities/tests/test_data/osv_test/github/github-expected-4.json index 5b756e998..bb5d4d5ab 100644 --- a/vulnerabilities/tests/test_data/osv_test/github/github-expected-4.json +++ b/vulnerabilities/tests/test_data/osv_test/github/github-expected-4.json @@ -2,23 +2,8 @@ "advisory_id": "GHSA-wjxc-pjx9-4wvm", "aliases": [], "summary": "Nervos CKB Panic on malformed input\n### Impact\nCKB process will panic when received malformed p2p message because of snappy, which is used to compress network messages\n\n### References\nhttps://github.com/BurntSushi/rust-snappy/issues/29", - "affected_packages": [ - { - "package": { - "type": "cargo", - "namespace": "", - "name": "ckb", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:cargo/<=0.34.1", - "fixed_version_range": "vers:cargo/0.34.2", - "introduced_by_commit_patches": [], - "fixed_by_commit_patches": [] - } - ], - "references_v2": [ + "affected_packages": [], + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-1.json b/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-1.json index 86bf4435b..6a1b0768c 100644 --- a/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-1.json +++ b/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-1.json @@ -3,7 +3,7 @@ "aliases": [], "summary": "Security exception in java.base/java.util.stream.AbstractPipeline.evaluate\nOSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66703\n\n```\nCrash type: Security exception\nCrash state:\njava.base/java.util.stream.AbstractPipeline.evaluate\njava.base/java.util.stream.ReferencePipeline.collect\norg.apache.commons.configuration2.AbstractYAMLBasedConfiguration.parseCollection\n```", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-2.json b/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-2.json index 481221ff7..4d39a32e9 100644 --- a/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-2.json +++ b/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-2.json @@ -32,7 +32,7 @@ ] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-3.json b/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-3.json index 5f874f2c9..df5a39b6c 100644 --- a/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-3.json +++ b/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-3.json @@ -38,7 +38,7 @@ ] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-1.json b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-1.json index e456fc938..16c162a36 100644 --- a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-1.json +++ b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-1.json @@ -20,7 +20,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-2.json b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-2.json index e4242e998..4fb999610 100644 --- a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-2.json +++ b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-2.json @@ -27,7 +27,7 @@ ] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-3.json b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-3.json index e0b339db3..16abb36c0 100644 --- a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-3.json +++ b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-3.json @@ -28,7 +28,7 @@ ] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-4.json b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-4.json index 0e3cdb3f0..605491b80 100644 --- a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-4.json +++ b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-4.json @@ -21,7 +21,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-5.json b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-5.json index 49096b5a7..3532a8e3a 100644 --- a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-5.json +++ b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-5.json @@ -28,7 +28,7 @@ ] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-6.json b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-6.json index 2f7fdbeef..4cc6ae9fc 100644 --- a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-6.json +++ b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-6.json @@ -46,7 +46,7 @@ ] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-7.json b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-7.json index 04954a6ee..23eadf5ea 100644 --- a/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-7.json +++ b/vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-7.json @@ -21,7 +21,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/project-kb/kb-statements-expected.json b/vulnerabilities/tests/test_data/project-kb/kb-statements-expected.json index 40bcd044c..07d25f78f 100644 --- a/vulnerabilities/tests/test_data/project-kb/kb-statements-expected.json +++ b/vulnerabilities/tests/test_data/project-kb/kb-statements-expected.json @@ -26,7 +26,7 @@ ] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -71,7 +71,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -231,7 +231,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -349,7 +349,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, diff --git a/vulnerabilities/tests/test_data/project-kb/kbmsr2019-expected.json b/vulnerabilities/tests/test_data/project-kb/kbmsr2019-expected.json index 7b21f9e00..37e43d4ad 100644 --- a/vulnerabilities/tests/test_data/project-kb/kbmsr2019-expected.json +++ b/vulnerabilities/tests/test_data/project-kb/kbmsr2019-expected.json @@ -26,7 +26,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -60,7 +60,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -94,7 +94,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -128,7 +128,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -162,7 +162,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -196,7 +196,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -230,7 +230,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -264,7 +264,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, @@ -298,7 +298,7 @@ ] } ], - "references_v2": [], + "references": [], "patches": [], "severities": [], "date_published": null, diff --git a/vulnerabilities/tests/test_data/redhat/redhat_advisoryv2-expected.json b/vulnerabilities/tests/test_data/redhat/redhat_advisoryv2-expected.json index 9dacb302a..a15ab5984 100644 --- a/vulnerabilities/tests/test_data/redhat/redhat_advisoryv2-expected.json +++ b/vulnerabilities/tests/test_data/redhat/redhat_advisoryv2-expected.json @@ -196,7 +196,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -232,7 +232,7 @@ ], "summary": "Red Hat Developer Hub 1.4 has been released.\n\nRed Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -308,7 +308,7 @@ ], "summary": "Red Hat Quay 3.13.4 is now available with bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nQuay 3.13.4", "affected_packages": [], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -377,7 +377,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -745,7 +745,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -1543,7 +1543,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2020-5257-expected.json b/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2020-5257-expected.json index d8449e0f3..9fcdcf9ff 100644 --- a/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2020-5257-expected.json +++ b/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2020-5257-expected.json @@ -22,7 +22,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2024-6531-expected.json b/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2024-6531-expected.json index 08bf93f3a..1a665ec57 100644 --- a/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2024-6531-expected.json +++ b/vulnerabilities/tests/test_data/ruby-v2/gems/CVE-2024-6531-expected.json @@ -36,7 +36,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2011-2686-expected.json b/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2011-2686-expected.json index e3b83d1fe..0e7d8e8c8 100644 --- a/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2011-2686-expected.json +++ b/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2011-2686-expected.json @@ -35,7 +35,13 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [], + "references": [ + { + "reference_id": "", + "reference_type": "", + "url": "https://osdir.com/ml/lang-ruby-core/2011-01/msg00917.html" + } + ], "patches": [], "severities": [ { diff --git a/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2022-25857-expected.json b/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2022-25857-expected.json index 5825e7d40..639f5f761 100644 --- a/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2022-25857-expected.json +++ b/vulnerabilities/tests/test_data/ruby-v2/rubies/CVE-2022-25857-expected.json @@ -21,7 +21,13 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [], + "references": [ + { + "reference_id": "", + "reference_type": "", + "url": "https://github.com/jruby/jruby/issues/7342" + } + ], "patches": [], "severities": [ { diff --git a/vulnerabilities/tests/test_data/ubuntu/ubuntu_osv_advisoryv2-expected.json b/vulnerabilities/tests/test_data/ubuntu/ubuntu_osv_advisoryv2-expected.json index f1dfe2f5d..427669788 100644 --- a/vulnerabilities/tests/test_data/ubuntu/ubuntu_osv_advisoryv2-expected.json +++ b/vulnerabilities/tests/test_data/ubuntu/ubuntu_osv_advisoryv2-expected.json @@ -21,7 +21,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -109,7 +109,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -184,7 +184,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -230,7 +230,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -323,7 +323,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", @@ -421,7 +421,7 @@ "fixed_by_commit_patches": [] } ], - "references_v2": [ + "references": [ { "reference_id": "", "reference_type": "", diff --git a/vulnerabilities/tests/test_models.py b/vulnerabilities/tests/test_models.py index 8c4e4a9e3..adc603158 100644 --- a/vulnerabilities/tests/test_models.py +++ b/vulnerabilities/tests/test_models.py @@ -23,6 +23,7 @@ from vulnerabilities import models from vulnerabilities.importer import AdvisoryData +from vulnerabilities.importer import AdvisoryDataV2 from vulnerabilities.importer import AffectedPackage from vulnerabilities.importer import AffectedPackageV2 from vulnerabilities.importer import PackageCommitPatchData @@ -743,7 +744,7 @@ def test_constraint_none(self): class TestAdvisoryV2Model(DjangoTestCase): def setUp(self): - self.advisoryv2_data1 = AdvisoryData( + self.advisoryv2_data1 = AdvisoryDataV2( advisory_id="test_adv", aliases=[], summary="vulnerability description here", @@ -758,7 +759,7 @@ def setUp(self): ], ) ], - references_v2=[ReferenceV2(url="https://example.com/with/more/info/CVE-2020-13371337")], + references=[ReferenceV2(url="https://example.com/with/more/info/CVE-2020-13371337")], patches=[PatchData(patch_url="https://foo.bar/", patch_text="test patch")], url="https://test.com", ) diff --git a/vulnerabilities/utils.py b/vulnerabilities/utils.py index b739ec2ca..5e09a9cf9 100644 --- a/vulnerabilities/utils.py +++ b/vulnerabilities/utils.py @@ -639,36 +639,75 @@ def compute_content_id(advisory_data): normalized_data["url"] = advisory_data.url elif isinstance(advisory_data, AdvisoryData): - if advisory_data.references_v2: - normalized_data = { - "aliases": normalize_list(advisory_data.aliases), - "summary": normalize_text(advisory_data.summary), - "affected_packages": [ - pkg.to_dict() for pkg in normalize_list(advisory_data.affected_packages) if pkg - ], - "references": [ - ref.to_dict() for ref in normalize_list(advisory_data.references_v2) if ref - ], - "severities": [ - sev.to_dict() for sev in normalize_list(advisory_data.severities) if sev - ], - "weaknesses": normalize_list(advisory_data.weaknesses), - } - elif advisory_data.references or advisory_data.references == []: - normalized_data = { - "aliases": normalize_list(advisory_data.aliases), - "summary": normalize_text(advisory_data.summary), - "affected_packages": [ - pkg.to_dict() for pkg in normalize_list(advisory_data.affected_packages) if pkg - ], - "references": [ - ref.to_dict() for ref in normalize_list(advisory_data.references) if ref - ], - "weaknesses": normalize_list(advisory_data.weaknesses), - } + normalized_data = { + "aliases": normalize_list(advisory_data.aliases), + "summary": normalize_text(advisory_data.summary), + "affected_packages": [ + pkg.to_dict() for pkg in normalize_list(advisory_data.affected_packages) if pkg + ], + "references": [ + ref.to_dict() for ref in normalize_list(advisory_data.references) if ref + ], + "weaknesses": normalize_list(advisory_data.weaknesses), + } normalized_data["url"] = advisory_data.url + else: + raise ValueError("Unsupported advisory data type for content ID computation") + + normalized_json = json.dumps(normalized_data, separators=(",", ":"), sort_keys=True) + content_id = hashlib.sha256(normalized_json.encode("utf-8")).hexdigest() + + return content_id + + +def compute_content_id_v2(advisory_data): + """ + Compute a unique content_id for an advisory by normalizing its data and hashing it. + + :param advisory_data: An AdvisoryData object + :return: SHA-256 hash digest as content_id + """ + + # Normalize fields + from vulnerabilities.importer import AdvisoryDataV2 + from vulnerabilities.models import AdvisoryV2 + + if isinstance(advisory_data, AdvisoryV2): + normalized_data = { + "aliases": normalize_list(advisory_data.aliases), + "summary": normalize_text(advisory_data.summary), + "affected_packages": [ + pkg for pkg in normalize_list(advisory_data.affected_packages) if pkg + ], + "references": [ref for ref in normalize_list(advisory_data.references) if ref], + "weaknesses": normalize_list(advisory_data.weaknesses), + "patches": normalize_list(advisory_data.patches), + } + normalized_data["url"] = advisory_data.url + + elif isinstance(advisory_data, AdvisoryDataV2): + normalized_data = { + "aliases": normalize_list(advisory_data.aliases), + "summary": normalize_text(advisory_data.summary), + "affected_packages": [ + pkg.to_dict() for pkg in normalize_list(advisory_data.affected_packages) if pkg + ], + "references": [ + ref.to_dict() for ref in normalize_list(advisory_data.references) if ref + ], + "severities": [ + sev.to_dict() for sev in normalize_list(advisory_data.severities) if sev + ], + "weaknesses": normalize_list(advisory_data.weaknesses), + "patches": [patch.to_dict() for patch in normalize_list(advisory_data.patches)], + } + normalized_data["url"] = advisory_data.url + + else: + raise ValueError("Unsupported advisory data type for content ID computation") + normalized_json = json.dumps(normalized_data, separators=(",", ":"), sort_keys=True) content_id = hashlib.sha256(normalized_json.encode("utf-8")).hexdigest()