x/vulndb: add support to severity and cvss metrics in json and report #50004
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
UX
Issues that involve UXD/UXR input
vulncheck or vulndb
Issues for the x/vuln or x/vulndb repo
Milestone
Copied from golang/vulndb#7 (comment):
Hi,
thank you for this amazing project
It looks like severity and CVSS metrics are missing from JSON and report.
example:
module: github.com/gin-gonic/gin
versions:
description: |
The default [
Formatter
][LoggerConfig.Formatter] for the [Logger
][] middleware(included in the [
Default
][] engine) allows attackers to inject arbitrary logentries by manipulating the request path.
published: '2021-04-14T12:00:00.000Z'
credit: "@thinkerou [email protected]"
symbols:
links:
pr: Add mitigation for log injection gin-gonic/gin#2237
commit: gin-gonic/gin@a71af9c
cve_metadata:
id: CVE-9999-0001
cwe: 'CWE-20: Improper Input Validation'
description: |
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
allows remote attackers to inject arbitary log lines.
cvss:
version: v2
score: '4.0'
vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
I have created PR with support for both the severity field on JSON and CVSS data on the report (if exist at that time)
please confirm its satisfied the needs for it and review my PR : 6#
The text was updated successfully, but these errors were encountered: