ghost
commented
5 years ago The URLs would be easy to change from 1.0 to 1.1. The main meta file would be
https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
Closed saboacn14 closed 5 years ago
ghost
commented
5 years ago The URLs would be easy to change from 1.0 to 1.1. The main meta file would be
https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
saboacn14
commented
5 years ago Some other libraries could require the 1.0 feed for whatever reason. So maybe both versions should be mirrored, like it was handled with the XML feeds. Even though the XML feeds should probably be removed now, as they are officially retiring today: https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement
ghost
commented
5 years ago The 1.0 JSON feed still is available and maintained (see https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta). So I suggest to extend the tool to download 1.0 and 1.1 JSON.
OLibutzki
commented
5 years ago Do I get it right that due to the lacking json support in this tool it's not possible to mirror the nist-data?
ghost
commented
5 years ago @OLibutzki No. The tool is very capable of mirroring the JSON data. It is only missing small tweaks to not only download the files for version 1.0 but also for version 1.1.
Maybe I will be able to spare an hour over the weekend to implement this.
stevespringett
commented
5 years ago Released in v1.4.0
Hello,
the NVD recently changed their JSON data feed to version 1.1 to support CVSSv3.1, as per this announcement: https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release
The announcement claims, that the 1.0 feeds are no longer available. They can still be reached for now, but contain incomplete CVE data (e.g.: CVE-2019-16942, which only contains CVSSv2 data in the 1.0 feed as per the time of my issue request).
Therefore it would be great if this library would support the mirroring of the new JSON data feed.
Best regards