The regex used to validate the 'url' string in CVE_JSON_4.0_min.schema checks for only a limit set of whitespace characters and doesn't complain if it contains, for example, a newline.
This issue is being closed as obsolete. If you feel it is still relevant to any currently running AWG initiatives, feel free to re-open it or open a new issue. Thank you!
The regex used to validate the 'url' string in CVE_JSON_4.0_min.schema checks for only a limit set of whitespace characters and doesn't complain if it contains, for example, a newline.