feat(nvd): support CVSS v4.0

[MaineK00n]

If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.

What did you implement:

support NVD CVSS v4.0 schema

Type of change

• [x] New feature (non-breaking change which adds functionality)

How Has This Been Tested?

$ go-cve-dictionary fetch nvd 2024
$ go-cve-dictionary search cve CVE-2024-5732
{
  "CveID": "CVE-2024-5732",
  "Nvds": [
    {
      "CveID": "CVE-2024-5732",
      "Descriptions": [
        {
          "Lang": "en",
          "Value": "A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-267406 is the identifier assigned to this vulnerability."
        },
        {
          "Lang": "es",
          "Value": "Se encontró una vulnerabilidad en Clash hasta 0.20.1 en Windows. Ha sido declarada crítica. Esta vulnerabilidad afecta a un código desconocido del componente Proxy Port. La manipulación conduce a una autenticación incorrecta. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. Se recomienda cambiar los ajustes de configuración. VDB-267406 es el identificador asignado a esta vulnerabilidad."
        }
      ],
      "Cvss2": [
        {
          "Source": "cna@vuldb.com",
          "Type": "Secondary",
          "VectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "AccessVector": "NETWORK",
          "AccessComplexity": "LOW",
          "Authentication": "NONE",
          "ConfidentialityImpact": "PARTIAL",
          "IntegrityImpact": "PARTIAL",
          "AvailabilityImpact": "PARTIAL",
          "BaseScore": 7.5,
          "Severity": "HIGH",
          "ExploitabilityScore": 10,
          "ImpactScore": 6.4,
          "ObtainAllPrivilege": false,
          "ObtainUserPrivilege": false,
          "ObtainOtherPrivilege": false,
          "UserInteractionRequired": false
        }
      ],
      "Cvss3": [
        {
          "Source": "nvd@nist.gov",
          "Type": "Primary",
          "VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "AttackVector": "NETWORK",
          "AttackComplexity": "LOW",
          "PrivilegesRequired": "NONE",
          "UserInteraction": "NONE",
          "Scope": "UNCHANGED",
          "ConfidentialityImpact": "HIGH",
          "IntegrityImpact": "HIGH",
          "AvailabilityImpact": "HIGH",
          "BaseScore": 9.8,
          "BaseSeverity": "CRITICAL",
          "ExploitabilityScore": 3.9,
          "ImpactScore": 5.9
        },
        {
          "Source": "cna@vuldb.com",
          "Type": "Secondary",
          "VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "AttackVector": "NETWORK",
          "AttackComplexity": "LOW",
          "PrivilegesRequired": "NONE",
          "UserInteraction": "NONE",
          "Scope": "UNCHANGED",
          "ConfidentialityImpact": "LOW",
          "IntegrityImpact": "LOW",
          "AvailabilityImpact": "LOW",
          "BaseScore": 7.3,
          "BaseSeverity": "HIGH",
          "ExploitabilityScore": 3.9,
          "ImpactScore": 3.4
        }
      ],
      "Cvss40": [
        {
          "Source": "cna@vuldb.com",
          "Type": "Secondary",
          "VectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 6.9,
          "BaseSeverity": "MEDIUM",
          "ThreatScore": null,
          "ThreatSeverity": null,
          "EnvironmentalScore": null,
          "EnvironmentalSeverity": null
        }
      ],
      "Cwes": [
        {
          "Source": "cna@vuldb.com",
          "Type": "Primary",
          "CweID": "CWE-287"
        }
      ],
      "Cpes": [
        {
          "URI": "cpe:/a:clashforwindows:clash:::~~~windows~~",
          "FormattedString": "cpe:2.3:a:clashforwindows:clash:*:*:*:*:*:windows:*:*",
          "WellFormedName": "wfn:[part=\"a\", vendor=\"clashforwindows\", product=\"clash\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=\"windows\", target_hw=ANY, other=ANY]",
          "Part": "a",
          "Vendor": "clashforwindows",
          "Product": "clash",
          "Version": "ANY",
          "Update": "ANY",
          "Edition": "ANY",
          "Language": "ANY",
          "SoftwareEdition": "ANY",
          "TargetSW": "windows",
          "TargetHW": "ANY",
          "Other": "ANY",
          "VersionStartExcluding": "",
          "VersionStartIncluding": "0.1.0",
          "VersionEndExcluding": "",
          "VersionEndIncluding": "0.20.1",
          "EnvCpes": []
        }
      ],
      "References": [
        {
          "Link": "https://github.com/GTA12138/vul/blob/main/clash%20for%20windows.md",
          "Source": "cna@vuldb.com",
          "Tags": "Exploit,Third Party Advisory",
          "Name": "https://github.com/GTA12138/vul/blob/main/clash%20for%20windows.md"
        },
        {
          "Link": "https://vuldb.com/?ctiid.267406",
          "Source": "cna@vuldb.com",
          "Tags": "Permissions Required,VDB Entry",
          "Name": "https://vuldb.com/?ctiid.267406"
        },
        {
          "Link": "https://vuldb.com/?id.267406",
          "Source": "cna@vuldb.com",
          "Tags": "Permissions Required,Third Party Advisory,VDB Entry",
          "Name": "https://vuldb.com/?id.267406"
        },
        {
          "Link": "https://vuldb.com/?submit.345469",
          "Source": "cna@vuldb.com",
          "Tags": "Third Party Advisory,VDB Entry",
          "Name": "https://vuldb.com/?submit.345469"
        }
      ],
      "Certs": [],
      "PublishedDate": "2024-06-07T10:15:12.293Z",
      "LastModifiedDate": "2024-06-11T17:57:13.767Z",
      "DetectionMethod": ""
    }
  ],
  "Jvns": [],
  "Fortinets": [],
  "Mitres": []
}

Checklist:

You don't have to satisfy all of the following.

• [ ] Write tests
• [ ] Write documentation
• [x] Check that there aren't other open pull requests for the same issue/feature
• [x] Format your source code by make fmt
• [x] Pass the test by make test
• [x] Provide verification config / commands
• [x] Enable "Allow edits from maintainers" for this PR
• [x] Update the messages below

Is this ready for review?: YES

Reference

[jbmaillet]

@MaineK00n @shino While I'm at it, as for me as a user, now is a perfect time for all changes you can think of, since I am in the process of re-doing a go-cve-dictionary production server and documenting it. :sweat_smile: So I could probably try and give feedback on anything you do, enjoy and thanks for all your work! :partying_face: