Closed MaineK00n closed 4 months ago
This PR allows you to obtain the CVE ID list registered in the DB.
$ curl http://127.0.0.1:1323/cves/ids ["CVE-2023-21043","CVE-2023-37256", ... ,"CVE-2023-46765"] $ curl -X POST -H "Content-Type: application/json" --data '["CVE-2023-0706", "CVE-2023-2569"]' http://127.0.0.1:1323/cves | jq { "CVE-2023-0706": { "CveID": "CVE-2023-0706", "Nvds": [ { "CveID": "CVE-2023-0706", "Descriptions": [ { "Lang": "en", "Value": "A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Affected by this issue is some unknown functionality of the file manage_record.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-220340." } ], "Cvss2": [ { "Source": "cna@vuldb.com", "Type": "Secondary", "VectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "AccessVector": "NETWORK", "AccessComplexity": "LOW", "Authentication": "SINGLE", "ConfidentialityImpact": "PARTIAL", "IntegrityImpact": "PARTIAL", "AvailabilityImpact": "PARTIAL", "BaseScore": 6.5, "Severity": "MEDIUM", "ExploitabilityScore": 8, "ImpactScore": 6.4, "ObtainAllPrivilege": false, "ObtainUserPrivilege": false, "ObtainOtherPrivilege": false, "UserInteractionRequired": false } ], "Cvss3": [ { "Source": "nvd@nist.gov", "Type": "Primary", "VectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "AttackVector": "NETWORK", "AttackComplexity": "LOW", "PrivilegesRequired": "LOW", "UserInteraction": "NONE", "Scope": "UNCHANGED", "ConfidentialityImpact": "HIGH", "IntegrityImpact": "HIGH", "AvailabilityImpact": "HIGH", "BaseScore": 8.8, "BaseSeverity": "HIGH", "ExploitabilityScore": 2.8, "ImpactScore": 5.9 }, { "Source": "cna@vuldb.com", "Type": "Secondary", "VectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "AttackVector": "NETWORK", "AttackComplexity": "LOW", "PrivilegesRequired": "LOW", "UserInteraction": "NONE", "Scope": "UNCHANGED", "ConfidentialityImpact": "LOW", "IntegrityImpact": "LOW", "AvailabilityImpact": "LOW", "BaseScore": 6.3, "BaseSeverity": "MEDIUM", "ExploitabilityScore": 2.8, "ImpactScore": 3.4 } ], "Cwes": [ { "Source": "cna@vuldb.com", "Type": "Primary", "CweID": "CWE-89" } ], "Cpes": [ { "URI": "cpe:/a:medical_certificate_generator_app_project:medical_certificate_generator_app:1.0", "FormattedString": "cpe:2.3:a:medical_certificate_generator_app_project:medical_certificate_generator_app:1.0:*:*:*:*:*:*:*", "WellFormedName": "wfn:[part=\"a\", vendor=\"medical_certificate_generator_app_project\", product=\"medical_certificate_generator_app\", version=\"1\\.0\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]", "Part": "a", "Vendor": "medical_certificate_generator_app_project", "Product": "medical_certificate_generator_app", "Version": "1\\.0", "Update": "ANY", "Edition": "ANY", "Language": "ANY", "SoftwareEdition": "ANY", "TargetSW": "ANY", "TargetHW": "ANY", "Other": "ANY", "VersionStartExcluding": "", "VersionStartIncluding": "", "VersionEndExcluding": "", "VersionEndIncluding": "", "EnvCpes": [] } ], "References": [ { "Link": "https://vuldb.com/?ctiid.220340", "Source": "cna@vuldb.com", "Tags": "Permissions Required,Third Party Advisory", "Name": "https://vuldb.com/?ctiid.220340" }, { "Link": "https://vuldb.com/?id.220340", "Source": "cna@vuldb.com", "Tags": "Third Party Advisory", "Name": "https://vuldb.com/?id.220340" } ], "Certs": [], "PublishedDate": "2023-02-07T10:15:52.61Z", "LastModifiedDate": "2023-11-07T04:01:16.2Z", "DetectionMethod": "" } ], "Jvns": [], "Fortinets": [] }, "CVE-2023-2569": { "CveID": "CVE-2023-2569", "Nvds": [ { "CveID": "CVE-2023-2569", "Descriptions": [ { "Lang": "en", "Value": "\nA CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service,\nelevation of privilege, and potentially kernel execution when a malicious actor with local user\naccess crafts a script/program using an IOCTL call in the Foxboro.sys driver.\n\n" } ], "Cvss2": [], "Cvss3": [ { "Source": "nvd@nist.gov", "Type": "Primary", "VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "AttackVector": "LOCAL", "AttackComplexity": "LOW", "PrivilegesRequired": "LOW", "UserInteraction": "NONE", "Scope": "UNCHANGED", "ConfidentialityImpact": "HIGH", "IntegrityImpact": "HIGH", "AvailabilityImpact": "HIGH", "BaseScore": 7.8, "BaseSeverity": "HIGH", "ExploitabilityScore": 1.8, "ImpactScore": 5.9 }, { "Source": "cybersecurity@se.com", "Type": "Secondary", "VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "AttackVector": "LOCAL", "AttackComplexity": "LOW", "PrivilegesRequired": "LOW", "UserInteraction": "NONE", "Scope": "UNCHANGED", "ConfidentialityImpact": "HIGH", "IntegrityImpact": "HIGH", "AvailabilityImpact": "HIGH", "BaseScore": 7.8, "BaseSeverity": "HIGH", "ExploitabilityScore": 1.8, "ImpactScore": 5.9 } ], "Cwes": [ { "Source": "cybersecurity@se.com", "Type": "Primary", "CweID": "CWE-787" } ], "Cpes": [ { "URI": "cpe:/a:schneider-electric:ecostruxure_foxboro_dcs_control_core_services:-", "FormattedString": "cpe:2.3:a:schneider-electric:ecostruxure_foxboro_dcs_control_core_services:-:*:*:*:*:*:*:*", "WellFormedName": "wfn:[part=\"a\", vendor=\"schneider\\-electric\", product=\"ecostruxure_foxboro_dcs_control_core_services\", version=NA, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]", "Part": "a", "Vendor": "schneider\\-electric", "Product": "ecostruxure_foxboro_dcs_control_core_services", "Version": "NA", "Update": "ANY", "Edition": "ANY", "Language": "ANY", "SoftwareEdition": "ANY", "TargetSW": "ANY", "TargetHW": "ANY", "Other": "ANY", "VersionStartExcluding": "", "VersionStartIncluding": "", "VersionEndExcluding": "", "VersionEndIncluding": "", "EnvCpes": [] } ], "References": [ { "Link": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-04.pdf", "Source": "cybersecurity@se.com", "Tags": "Vendor Advisory", "Name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-04.pdf" } ], "Certs": [], "PublishedDate": "2023-06-14T08:15:09.113Z", "LastModifiedDate": "2023-06-22T18:06:50.047Z", "DetectionMethod": "" } ], "Jvns": [], "Fortinets": [] } }
You don't have to satisfy all of the following.
make fmt
make test
Is this ready for review?: YES
What did you implement:
This PR allows you to obtain the CVE ID list registered in the DB.
Type of change
How Has This Been Tested?
Checklist:
You don't have to satisfy all of the following.
make fmtmake testIs this ready for review?: YES
Reference