Add support for https://divd.nl

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

https://public.vulnerablecode.io

Apache License 2.0

519 stars 190 forks source link

Add support for https://divd.nl #1397

Closed pombredanne closed 7 months ago

pombredanne commented 7 months ago

They track things like https://csirt.divd.nl/cases/DIVD-2023-00027/ There may be extra resolution data available there

jayanth-kumar-morem commented 7 months ago

I took a took at that site, we can get the Recommendation and Workaround section of each case and use it in our AdvisoryData summary, apart from that, I see no scope of getting additional data related to Packages.

Is that what you're referring to, in resolution data ? @pombredanne

pombredanne commented 7 months ago

@jayanth-kumar-morem I am not sure what you mean exactly. Say for instance this: https://csirt.divd.nl/cves/CVE-2023-22580/

These is an upstream advisory for this CVE https://nvd.nist.gov/vuln/detail/CVE-2023-22580
The CVE has confusing ranges for https://www.npmjs.com/package/sequelize?activeTab=versions
And the record from DIVD seems simpler

Though I am not sure which one is right (if any)... in any case the point is that the advisory is about a package at https://sequelize.org/ and https://www.npmjs.com/package/sequelize and https://github.com/sequelize/sequelize

armijnhemel commented 7 months ago

Same as #760

pombredanne commented 7 months ago

@armijnhemel Thanks! Marking as dupe of #760 in https://github.com/nexB/vulnerablecode/issues/760#issuecomment-1914756761