feat: support CVSS v4 #170

jeremylong · 2024-06-29T14:33:35Z

No description provided.

jeremylong · 2024-06-29T14:44:32Z

seriously - the NVD isn't using the https://www.first.org/cvss/cvss-v4.0.json

There is nothing in the schema for vulnerableSystemConfidentiality... Time to put in some aliases...

chadlwilson · 2024-06-29T15:17:03Z

seriously - the NVD isn't using the https://www.first.org/cvss/cvss-v4.0.json

There is nothing in the schema for vulnerableSystemConfidentiality... Time to put in some aliases...

Perhaps it's just bugs they will fix rather than something that is intended and that folks should code against? If it's not in the schema I guess it can be expected to go away any time... In the announcement of the support, they didn't even mention that the schema had been updated to 2.2.0 or anything like that. https://nvd.nist.gov/general/news/cvss-v4-0-official-support

jeremylong · 2024-06-29T15:34:14Z

I've updated the @JsonProperty to point to what the NVD is using and put an @JsonAliasusing what is in the schema.

jeremylong added 2 commits June 29, 2024 07:25

feat: update schema for CVSSv4

b5e10a0

feat: support CVSS v4

b64ffe0

fix: apparently the NVD does not follow the schema

bebc4ee

fix: values

753e204

jeremylong merged commit 6cafd37 into main Jun 29, 2024
2 checks passed

chadlwilson mentioned this pull request Jun 29, 2024

fix: allow lenient parsing of CvssV4Data #175

Merged

jeremylong deleted the scratch/CVSSv4 branch July 18, 2024 15:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: support CVSS v4 #170

feat: support CVSS v4 #170

jeremylong commented Jun 29, 2024

jeremylong commented Jun 29, 2024

chadlwilson commented Jun 29, 2024

jeremylong commented Jun 29, 2024

feat: support CVSS v4 #170

feat: support CVSS v4 #170

Conversation

jeremylong commented Jun 29, 2024

jeremylong commented Jun 29, 2024

chadlwilson commented Jun 29, 2024

jeremylong commented Jun 29, 2024