Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vuls in server mode since v0.15.14: json schema update ? #1303

Open
fredericg78 opened this issue Sep 13, 2021 · 1 comment
Open

Vuls in server mode since v0.15.14: json schema update ? #1303

fredericg78 opened this issue Sep 13, 2021 · 1 comment
Labels
question

Comments

@fredericg78
Copy link

Hi,
we detected that the json schema has been updated since vuls 0.15.14.
In the cveContents level, the OS sublevel is now an array (it was a dict before), with duplicated datas (see an example below). Is it a new breaking change feature or a defect ? Which informations to expect in this array ?
Thank you, best regards

"cveContents":{
"ubuntu":[
{
"type":"ubuntu",
"cveID":"CVE-2020-12762",
"title":"CVE-2020-12762 on Ubuntu 20.04 (focal) - medium.",
"summary":"json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.",
"cvss2Score":0,
"cvss2Vector":"",
"cvss2Severity":"Medium",
"cvss3Score":0,
"cvss3Vector":"",
"cvss3Severity":"Medium",
"sourceLink":"",
"references":[
{
"link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12762",
"source":"CVE",
"refID":"CVE-2020-12762"
},
{
"link":"http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12762.html",
"source":"Ref"
},
{
"link":"https://github.com/json-c/json-c/pull/592",
"source":"Ref"
},
{
"link":"https://ubuntu.com/security/notices/USN-4360-1",
"source":"Ref"
},
{
"link":"https://ubuntu.com/security/notices/USN-4360-4",
"source":"Ref"
},
{
"link":"https://bugs.launchpad.net/ubuntu/+source/json-c/+bug/1878723 (regression)",
"source":"Bug"
},
{
"link":"https://github.com/json-c/json-c/issues/599 (regression)",
"source":"Bug"
}
],
"published":"0001-01-01T00:00:00Z",
"lastModified":"0001-01-01T00:00:00Z"
},
{
"type":"ubuntu",
"cveID":"CVE-2020-12762",
"title":"CVE-2020-12762 on Ubuntu 20.04 (focal) - medium.",
"summary":"json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.",
"cvss2Score":0,
"cvss2Vector":"",
"cvss2Severity":"Medium",
"cvss3Score":0,
"cvss3Vector":"",
"cvss3Severity":"Medium",
"sourceLink":"http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-12762",
"references":[
{
"link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12762",
"source":"CVE",
"refID":"CVE-2020-12762"
},
{
"link":"http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12762.html",
"source":"Ref"
},
{
"link":"https://github.com/json-c/json-c/pull/592",
"source":"Ref"
},
{
"link":"https://ubuntu.com/security/notices/USN-4360-1",
"source":"Ref"
},
{
"link":"https://ubuntu.com/security/notices/USN-4360-4",
"source":"Ref"
},
{
"link":"https://bugs.launchpad.net/ubuntu/+source/json-c/+bug/1878723 (regression)",
"source":"Bug"
},
{
"link":"https://github.com/json-c/json-c/issues/599 (regression)",
"source":"Bug"
}
],
"published":"0001-01-01T00:00:00Z",
"lastModified":"0001-01-01T00:00:00Z"
}
]
@MaineK00n
Copy link
Collaborator

The JVN data source used by go-cve-dictionary may have multiple data for a single CVE-ID, and to support this, we use the cveContents format as map[string][]CveContent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MaineK00n @fredericg78