Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
GNU General Public License v3.0
10.8k
stars
1.16k
forks
source link
feat(cve/nvd): support CVSS v4.0 #1979
Closed
MaineK00n closed 5 days ago
If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.
What did you implement:
CVSS V4.0 Schema has been added to the NVD of go-cve-dictionary by the following PR. https://github.com/vulsio/go-cve-dictionary/pull/393
Vuls supports NVD CVSS v4.0.
Type of change
How Has This Been Tested?
before
$ vuls scan $ vuls report $ cat results/2024-06-27T22-16-01+0900/pseudo.json | jq '.scannedCves[].cveContents[][] | {type: .type, cveID: .cveID, cvssv40Vector: .cvss40Vector, optional: .optional}' { "type": "mitre", "cveID": "CVE-2024-5732", "cvssv40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "optional": { "source": "CNA:VulDB" } } { "type": "mitre", "cveID": "CVE-2024-5732", "cvssv40Vector": "", "optional": { "source": "ADP:CISA-ADP" } } { "type": "nvd", "cveID": "CVE-2024-5732", "cvssv40Vector": "", "optional": { "source": "cna@vuldb.com" } } { "type": "nvd", "cveID": "CVE-2024-5732", "cvssv40Vector": "", "optional": { "source": "nvd@nist.gov" } }
Checklist:
You don't have to satisfy all of the following.
make fmt
make test
Is this ready for review?: YES
Reference