-
Notifications
You must be signed in to change notification settings - Fork 22
/
csaf.json
100 lines (100 loc) · 2.66 KB
/
csaf.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "Example VEX document.",
"title": "Document Title"
}
],
"publisher": {
"category": "vendor",
"name": "Example Company",
"namespace": "https://psirt.example.com"
},
"title": "Example VEX Document",
"tracking": {
"current_release_date": "2022-03-03T11:00:00.000Z",
"generator": {
"date": "2022-03-03T11:00:00.000Z",
"engine": {
"name": "Secvisogram",
"version": "1.11.0"
}
},
"id": "2022-EVD-UC-01-NA-001",
"initial_release_date": "2022-03-03T11:00:00.000Z",
"revision_history": [
{
"date": "2022-03-03T11:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"product": {
"name": "Example Company ABC 4.2",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"purl": "pkg:maven/@1.3.4"
}
},
"branches": [
{
"category": "product_version",
"name": "4.2",
"product": {
"name": "Example Company ABC 4.2",
"product_id": "INTERNAL-0001",
"product_identification_helper": {
"purl": "pkg:golang/github.com/go-homedir@v1.1.0"
}
}
}
],
"category": "product_name",
"name": "ABC"
}
],
"category": "vendor",
"name": "Example Company"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4487",
"notes": [
{
"category": "description",
"text": "nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.",
"title": "CVE description"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0001"
]
},
"threats": [
{
"category": "impact",
"details": "Class with vulnerable code was removed before shipping.",
"product_ids": [
"CSAFPID-0001"
]
}
]
}
]
}