Closed zilardcherry closed 3 months ago
CVE REST API does not process multiple parameters correctly.
It can be observed on both webpage and curling REST API https://ubuntu.com/security/cves https://ubuntu.com/security/cves.json
If only one parameter is provided, it is fully functional for example: https://ubuntu.com/security/cves.json?package=apport This returns 52 CVEs.
[Describe what happened and what you expected.
For two and more parameters, CVE REST API returns back an incorrect results, all kinds of CVEs are listed from various packages (and not just only apport, as normally it should happen)
For example https://ubuntu.com/security/cves.json?package=apport&version=jammy This return 21436 CVEs.
I used chrome for testing this
Summary
CVE REST API does not process multiple parameters correctly.
Process
It can be observed on both webpage and curling REST API https://ubuntu.com/security/cves https://ubuntu.com/security/cves.json
Current and expected result
If only one parameter is provided, it is fully functional for example: https://ubuntu.com/security/cves.json?package=apport This returns 52 CVEs.
[Describe what happened and what you expected.
For two and more parameters, CVE REST API returns back an incorrect results, all kinds of CVEs are listed from various packages (and not just only apport, as normally it should happen)
For example https://ubuntu.com/security/cves.json?package=apport&version=jammy This return 21436 CVEs.
Browser details
I used chrome for testing this