How to update the vulnerabilities database

[jkubler]

Hi, How can the vulnerability database be updated? I see that some of 2022 are missing, but I don't know where I can get the json with the same format.

Thanks in advance

[p0dalirius]

Hi,

You can create the JSON of the missing vulnerabilities, or just give me the CVE number that you saw missing and I will update it.

Best regards

---

PS: I'm currently at BlackHat Europe, I might be long to respond.

[jkubler]

I have found three new vulnerabilities:

https://www.cvedetails.com/cve/CVE-2022-25762/ https://www.cvedetails.com/cve/CVE-2022-42252/ https://www.cvedetails.com/cve/CVE-2021-43980/

I'm trying to create new json's, but I'm not sure about how two fill the affected versions section. Should I create a new section for every version affected, or are there anyway to set serie of affected like:

"affected_versions": [ { "tag": "8.5.0", "version": "8.5.0-8.5.75", "language": "", "update": "Milestone1", "edition": "" }, { "tag": "9.0.0.M1", "version": "9.0.0.M1 - 9.0.20", "language": "", "update": "Milestone2", "edition": "" },

Also, thank you again for your help.

[p0dalirius]

I just pushed the update script in https://github.com/p0dalirius/ApacheTomcatScanner/commit/b7f690b8241dd98884065a6aad760abf4ab2d85e.

CVE-2021-43980 is already here, CVE-2022-25762 and CVE-2022-42252 are not yet added. I'll add them in a few minutes.

[jkubler]

Hi, thanks, the update script works flawesly, you have solved my life.