Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/vulndb: add support to severity and cvss metrics in json and report #50004

Open
julieqiu opened this issue Dec 6, 2021 · 0 comments
Open
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. UX Issues that involve UXD/UXR input vulncheck or vulndb Issues for the x/vuln or x/vulndb repo

Comments

@julieqiu
Copy link
Member

julieqiu commented Dec 6, 2021

Copied from golang/vulndb#7 (comment):

Hi,
thank you for this amazing project
It looks like severity and CVSS metrics are missing from JSON and report.
example:


module: github.com/gin-gonic/gin
versions:

  • fixed: v1.6.0
    description: |
    The default [Formatter][LoggerConfig.Formatter] for the [Logger][] middleware
    (included in the [Default][] engine) allows attackers to inject arbitrary log
    entries by manipulating the request path.
    published: '2021-04-14T12:00:00.000Z'
    credit: "@thinkerou thinkerou@gmail.com"
    symbols:
  • defaultLogFormatter
    links:
    pr: Add mitigation for log injection gin-gonic/gin#2237
    commit: gin-gonic/gin@a71af9c
    cve_metadata:
    id: CVE-9999-0001
    cwe: 'CWE-20: Improper Input Validation'
    description: |
    Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
    allows remote attackers to inject arbitary log lines.
    cvss:
    version: v2
    score: '4.0'
    vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

I have created PR with support for both the severity field on JSON and CVSS data on the report (if exist at that time)
please confirm its satisfied the needs for it and review my PR : 6#

@gopherbot gopherbot added this to the Unreleased milestone Dec 6, 2021
@toothrot toothrot added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Dec 6, 2021
@gopherbot gopherbot added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Dec 22, 2021
@julieqiu julieqiu changed the title x/vuln: add support to severity and cvss metrics in json and report x/vulndb: add support to severity and cvss metrics in json and report Jan 5, 2022
@julieqiu julieqiu removed the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Jan 5, 2022
@julieqiu julieqiu added vulncheck or vulndb Issues for the x/vuln or x/vulndb repo and removed vulndb labels Sep 2, 2022
@julieqiu julieqiu modified the milestones: Unreleased, vuln/unplanned Sep 8, 2022
@julieqiu julieqiu added the UX Issues that involve UXD/UXR input label Oct 12, 2022
@julieqiu julieqiu removed their assignment Oct 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. UX Issues that involve UXD/UXR input vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Status: No status
Development

No branches or pull requests

3 participants