diff --git a/.github/workflows/validate-schema.yml b/.github/workflows/validate-schema.yml index 13b0e92c1c9..6545dee93b1 100644 --- a/.github/workflows/validate-schema.yml +++ b/.github/workflows/validate-schema.yml @@ -9,8 +9,8 @@ on: branches: - master env: - CVE_SCHEMA_DIR: schema/v5.0 - CVE_SCHEMA_FILENAME: CVE_JSON_5.0_schema.json + CVE_SCHEMA_DIR: schema + CVE_SCHEMA_FILENAME: CVE_Record_Format.json jobs: verify-json-validation: runs-on: ubuntu-latest @@ -28,9 +28,11 @@ jobs: sed 's/file\://g' "${CVE_SCHEMA_DIR}/${CVE_SCHEMA_FILENAME}" > "${CVE_SCHEMA_DIR}/cve-schema.json" - name: Bundle schema for AJV run: | - node "${CVE_SCHEMA_DIR}/support/schema2markmap/schema-bundle.js" "${CVE_SCHEMA_DIR}/cve-schema.json" > "${CVE_SCHEMA_DIR}/docs/CVE_JSON_5.0_bundled.json" + node "${CVE_SCHEMA_DIR}/support/schema2markmap/schema-bundle.js" "${CVE_SCHEMA_DIR}/cve-schema.json" "${CVE_SCHEMA_DIR}/docs/" - name: Validate JSON schema run: | - ajv compile -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_JSON_5.0_bundled.json" - ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_JSON_5.0_bundled.json" -d "${CVE_SCHEMA_DIR}/docs/full-record-basic-example.json" - ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_JSON_5.0_bundled.json" -d "${CVE_SCHEMA_DIR}/docs/full-record-advanced-example.json" + ajv compile -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_Record_Format_bundled.json" + ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_Record_Format_bundled.json" -d "${CVE_SCHEMA_DIR}/docs/full-record-basic-example.json" + ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_Record_Format_bundled.json" -d "${CVE_SCHEMA_DIR}/docs/full-record-advanced-example.json" + ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_Record_Format_bundled_cnaPublishedContainer.json" -d "${CVE_SCHEMA_DIR}/docs/cnaContainer-advanced-example.json" + ajv validate -c ajv-formats -s "${CVE_SCHEMA_DIR}/docs/CVE_Record_Format_bundled_cnaPublishedContainer.json" -d "${CVE_SCHEMA_DIR}/docs/cnaContainer-basic-example.json" diff --git a/README.md b/README.md index 62ff16b1d10..629a16c209d 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,41 @@ -# Current Version of CVE Schema +# Current Version of CVE Record Format -The latest version of the CVE JSON is 5.0. A single schema file with bundled dependencies is available [here](https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/docs/CVE_JSON_5.0_bundled.json). +Major changes to cve-schema repo architecture!! if you have integrations that rely on the cve-schema repo structure, please review the changes here. The latest version of the CVE JSON record format is 5.1.0. A single schema file with bundled dependencies is available [here](https://github.com/CVEProject/cve-schema/blob/master/schema/docs/CVE_Record_Format_bundled.json). -# CVE Schema Overview -cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of CVE JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE records for community benefit. +Note: The ADP functionality in the current schema is not yet deployed in CVE Services. The ADP functionality is currently under development and is for future use. -Learn more about the CVE program at [cve.org](https://www.cve.org/) +Note: Please refer to the CVE Services page [here](https://www.cve.org/AllResources/CveServices) for known issues with the schema. -This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/) +# CVE Record Format Overview -A single schema file with bundled dependencies is at [CVE_JSON_5.0_bundled.json](https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/docs/CVE_JSON_5.0_bundled.json) +cve-schema specifies the CVE record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE record. Some examples of CVE record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE records for community benefit. -Documentation about this format is available in [docs](https://cveproject.github.io/cve-schema/schema/v5.0/docs/) +### Learn -A mindmap version of the CVE record structure is at [mindmap](https://cveproject.github.io/cve-schema/schema/v5.0/docs/mindmap.html) +Learn more about the CVE program at: https://www.cve.org/ -A basic example of a full record in 5.0 format with minimally required fields is available at [full-record-basic-example.json](https://github.com/cveproject/cve-schema/blob/master/schema/v5.0/docs/full-record-basic-example.json) +This CVE record format is defined using JSON Schema. Learn more about JSON Schema at: https://json-schema.org/ . -An advanced example of a full record in 5.0 format is available at [full-record-advanced-example.json](https://github.com/cveproject/cve-schema/blob/master/schema/v5.0/docs/full-record-advanced-example.json) +### Latest -A basic example of a cnaContainer, to be used with CVE Services, is available at [cnaContainer-basic-example.json](https://github.com/cveproject/cve-schema/blob/master/schema/v5.0/docs/cnaContainer-basic-example.json) +The latest version of the record format is 5.1.0. It is specified in the JSON schema at https://github.com/CVEProject/cve-schema/blob/master/schema/CVE_Record_Format.json -An advanced example of a cnaContainer, to be used with CVE Services, is available at [cnaContainer-advanced-example.json](https://github.com/cveproject/cve-schema/blob/master/schema/v5.0/docs/cnaContainer-advanced-example.json) +A single schema file with bundled dependencies is at https://github.com/CVEProject/cve-schema/blob/master/schema/docs/CVE_Record_Format_bundled.json -More details about Product and Version Encodings in CVE JSON 5.0 record is at [versions.md](https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/docs/versions.md) +### Documentation and Guidance + +Documentation about this format is available at https://cveproject.github.io/cve-schema/schema/docs/ + +A mindmap version of the CVE record structure is at https://cveproject.github.io/cve-schema/schema/docs/mindmap.html + +More details about Product and Version Encodings in CVE JSON 5.1.0 record is at https://github.com/CVEProject/cve-schema/blob/master/schema/docs/versions.md + +### Examples + +A basic example of a full record in 5.1.0 format with minimally required fields is available at https://github.com/cveproject/cve-schema/blob/master/schema/docs/full-record-basic-example.json + +An advanced example of a full record in 5.1.0 format is available at https://github.com/cveproject/cve-schema/blob/master/schema/docs/full-record-advanced-example.json + +A basic example of a cnaContainer, to be used with CVE Services, is available at https://github.com/cveproject/cve-schema/blob/master/schema/docs/cnaContainer-basic-example.json + +An advanced example of a cnaContainer, to be used with CVE Services, is available at https://github.com/cveproject/cve-schema/blob/master/schema/docs/cnaContainer-advanced-example.json \ No newline at end of file diff --git a/schema/CVE_Record_Format.json b/schema/CVE_Record_Format.json new file mode 100644 index 00000000000..f74450c32c8 --- /dev/null +++ b/schema/CVE_Record_Format.json @@ -0,0 +1,1234 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cveproject.github.io/cve-schema/schema/CVE_Record_Format.json", + "title": "CVE JSON record format", + "description": "cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at [the official website](https://cve.mitre.org). This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).", + "definitions": { + "uriType": { + "description": "A universal resource identifier (URI), according to [RFC 3986](https://tools.ietf.org/html/rfc3986).", + "type": "string", + "format": "uri", + "minLength": 1, + "maxLength": 2048 + }, + "uuidType": { + "description": "A version 4 (random) universally unique identifier (UUID) as defined by [RFC 4122](https://tools.ietf.org/html/rfc4122#section-4.1.3).", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "reference": { + "type": "object", + "required": ["url"], + "properties": { + "url": { + "description": "The uniform resource locator (URL), according to [RFC 3986](https://tools.ietf.org/html/rfc3986#section-1.1.3), that can be used to retrieve the referenced resource.", + "$ref": "#/definitions/uriType" + }, + "name": { + "description": "User created name for the reference, often the title of the page.", + "type": "string", + "maxLength": 512, + "minLength": 1 + }, + "tags": { + "description": "An array of one or more tags that describe the resource referenced by 'url'.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$ref": "file:tags/reference-tags.json" + } + ] + } + } + }, + "additionalProperties": false + }, + "cveId": { + "type": "string", + "pattern": "^CVE-[0-9]{4}-[0-9]{4,19}$" + }, + "orgId": { + "description": "A UUID for an organization participating in the CVE program. This UUID can be used to lookup the organization record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "userId": { + "description": "A UUID for a user participating in the CVE program. This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "shortName": { + "description": "A 2-32 character name that can be used to complement an organization's UUID.", + "type": "string", + "minLength": 2, + "maxLength": 32 + }, + "datestamp": { + "description": "Date/time format based on RFC3339 and ISO ISO8601.", + "type": "string", + "format": "date", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))$" + }, + "timestamp": { + "type": "string", + "description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM'. If timezone offset is not given, GMT (+00:00) is assumed.", + "pattern": "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$" + }, + "version": { + "description": "A single version of a product, as expressed in its own version numbering scheme.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + }, + "status": { + "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", + "type": "string", + "enum": ["affected", "unaffected", "unknown"] + }, + "product": { + "type": "object", + "description": "Provides information about the set of products and services affected by this vulnerability.", + "allOf": [ + { + "anyOf": [ + {"required": ["vendor", "product"]}, + {"required": ["collectionURL", "packageName"]} + ] + }, + { + "anyOf": [ + {"required": ["versions"]}, + {"required": ["defaultStatus"]} + ] + } + ], + "properties": { + "vendor": { + "type": "string", + "description": "Name of the organization, project, community, individual, or user that created or maintains this product or hosted service. Can be 'N/A' if none of those apply. When collectionURL and packageName are used, this field may optionally represent the user or account within the package collection associated with the package.", + "minLength": 1, + "maxLength": 512 + }, + "product": { + "type": "string", + "description": "Name of the affected product.", + "minLength": 1, + "maxLength": 2048 + }, + "collectionURL": { + "description": "URL identifying a package collection (determines the meaning of packageName).", + "$ref": "#/definitions/uriType", + "examples": [ + "https://access.redhat.com/downloads/content/package-browser", + "https://addons.mozilla.org", + "https://addons.thunderbird.net", + "https://anaconda.org/anaconda/repo", + "https://app.vagrantup.com/boxes/search", + "https://apps.apple.com", + "https://archlinux.org/packages", + "https://atmospherejs.meteor.com", + "https://atom.io/packages", + "https://bitbucket.org", + "https://bower.io", + "https://brew.sh/", + "https://chocolatey.org/packages", + "https://chrome.google.com/webstore", + "https://clojars.org", + "https://cocoapods.org", + "https://code.dlang.org", + "https://conan.io/center", + "https://cpan.org/modules", + "https://cran.r-project.org", + "https://crates.io", + "https://ctan.org/pkg", + "https://drupal.org", + "https://exchange.adobe.com", + "https://forge.puppet.com/modules", + "https://github.com", + "https://gitlab.com/explore", + "https://golang.org/pkg", + "https://guix.gnu.org/packages", + "https://hackage.haskell.org", + "https://helm.sh", + "https://hub.docker.com", + "https://juliahub.com", + "https://lib.haxe.org", + "https://luarocks.org", + "https://marketplace.visualstudio.com", + "https://melpa.org", + "https://microsoft.com/en-us/store/apps", + "https://nimble.directory", + "https://nuget.org/packages", + "https://opam.ocaml.org/packages", + "https://openwrt.org/packages/index", + "https://package.elm-lang.org", + "https://packagecontrol.io", + "https://packages.debian.org", + "https://packages.gentoo.org", + "https://packagist.org", + "https://pear.php.net/packages.php", + "https://pecl.php.net", + "https://platformio.org/lib", + "https://play.google.com/store", + "https://plugins.gradle.org", + "https://projects.eclipse.org", + "https://pub.dev", + "https://pypi.python.org", + "https://registry.npmjs.org", + "https://registry.terraform.io", + "https://repo.hex.pm", + "https://repo.maven.apache.org/maven2", + "https://rubygems.org", + "https://search.nixos.org/packages", + "https://sourceforge.net", + "https://wordpress.org/plugins" + ] + }, + "packageName": { + "type": "string", + "description": "Name or identifier of the affected software package as used in the package collection.", + "minLength": 1, + "maxLength": 2048 + }, + "cpes": { + "type": "array", + "description": "Affected products defined by CPE. This is an array of CPE values (vulnerable and not), we use an array so that we can make multiple statements about the same version and they are separate (if we used a JSON object we'd essentially be keying on the CPE name and they would have to overlap). Also, this allows things like cveDataVersion or cveDescription to be applied directly to the product entry. This also allows more complex statements such as \"Product X between versions 10.2 and 10.8\" to be put in a machine-readable format. As well since multiple statements can be used multiple branches of the same product can be defined here.", + "uniqueItems": true, + "items": { + "title": "CPE Name", + "type": "string", + "description":"Common Platform Enumeration (CPE) Name in either 2.2 or 2.3 format", + "pattern": "([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})", + "minLength": 1, + "maxLength": 2048 + } + }, + "modules": { + "type": "array", + "description": "A list of the affected components, features, modules, sub-components, sub-products, APIs, commands, utilities, programs, or functionalities (optional).", + "uniqueItems": true, + "items": { + "type": "string", + "description": "Name of the affected component, feature, module, sub-component, sub-product, API, command, utility, program, or functionality (optional).", + "minLength": 1, + "maxLength": 4096 + } + }, + "programFiles": { + "type": "array", + "description": "A list of the affected source code files (optional).", + "uniqueItems": true, + "items": { + "description": "Name or path or location of the affected source code file.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + } + }, + "programRoutines": { + "type": "array", + "description": "A list of the affected source code functions, methods, subroutines, or procedures (optional).", + "uniqueItems": true, + "items": { + "type": "object", + "description": "An object describing program routine.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "Name of the affected source code file, function, method, subroutine, or procedure.", + "minLength": 1, + "maxLength": 4096 + } + }, + "additionalProperties": false + } + }, + "platforms": { + "title": "Platforms", + "description": "List of specific platforms if the vulnerability is only relevant in the context of these platforms (optional). Platforms may include execution environments, operating systems, virtualization technologies, hardware models, or computing architectures. The lack of this field or an empty array implies that the other fields are applicable to all relevant platforms.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "string", + "examples": ["iOS", "Android", "Windows", "macOS", "x86", "ARM", "64 bit", "Big Endian", "iPad", "Chromebook", "Docker", "Model T"], + "maxLength": 1024 + } + }, + "repo": { + "description": "The URL of the source code repository, for informational purposes and/or to resolve git hash version ranges.", + "$ref": "#/definitions/uriType" + }, + "defaultStatus": { + "description": "The default status for versions that are not otherwise listed in the versions list. If not specified, defaultStatus defaults to 'unknown'. Versions or defaultStatus may be omitted, but not both.", + "$ref": "#/definitions/status" + }, + "versions": { + "type": "array", + "description": "Set of product versions or version ranges related to the vulnerability. The versions satisfy the CNA Rules [8.1.2 requirement](https://cve.mitre.org/cve/cna/rules.html#section_8-1_cve_entry_information_requirements). Versions or defaultStatus may be omitted, but not both.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A single version or a range of versions, with vulnerability status.\n\nAn entry with only 'version' and 'status' indicates the status of a single version.\n\nOtherwise, an entry describes a range; it must include the 'versionType' property, to define the version numbering semantics in use, and 'limit', to indicate the non-inclusive upper limit of the range. The object describes the status for versions V such that 'version' <= V and V < 'limit', using the <= and < semantics defined for the specific kind of 'versionType'. Status changes within the range can be specified by an optional 'changes' list.\n\nThe algorithm to decide the status specified for a version V is:\n\n\tfor entry in product.versions {\n\t\tif entry.lessThan is not present and entry.lessThanOrEqual is not present and v == entry.version {\n\t\t\treturn entry.status\n\t\t}\n\t\tif (entry.lessThan is present and entry.version <= v and v < entry.lessThan) or\n\t\t (entry.lessThanOrEqual is present and entry.version <= v and v <= entry.lessThanOrEqual) { // <= and < defined by entry.versionType\n\t\t\tstatus = entry.status\n\t\t\tfor change in entry.changes {\n\t\t\t\tif change.at <= v {\n\t\t\t\t\tstatus = change.status\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn status\n\t\t}\n\t}\n\treturn product.defaultStatus\n\n.", + "oneOf": [ + { + "required": ["version", "status"], + "maxProperties": 2 + }, + { + "required": ["version", "status", "versionType"], + "maxProperties": 3 + }, + { + "required": ["version", "status", "versionType", "lessThan"] + }, + { + "required": ["version", "status", "versionType", "lessThanOrEqual"] + } + ], + "properties": { + "version": { + "description": "The single version being described, or the version at the start of the range. By convention, typically 0 denotes the earliest possible version.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The vulnerability status for the version or range of versions. For a range, the status may be refined by the 'changes' list.", + "$ref": "#/definitions/status" + }, + "versionType": { + "type": "string", + "description": "The version numbering system used for specifying the range. This defines the exact semantics of the comparison (less-than) operation on versions, which is required to understand the range itself. 'Custom' indicates that the version type is unspecified and should be avoided whenever possible. It is included primarily for use in conversion of older data files.", + "minLength": 1, + "maxLength": 128, + "examples": [ + "custom", + "git", + "maven", + "python", + "rpm", + "semver" + ] + }, + "lessThan": { + "description": "The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk `(*)`, indicating an arbitrarily large number in the version ordering. For example, `{version: 1.0 lessThan: 1.*}` would describe the entire 1.X branch for most range kinds, and `{version: 2.0, lessThan: *}` describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.", + "$ref": "#/definitions/version" + }, + "lessThanOrEqual": { + "description": "The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, `{version: 1.0, lessThanOrEqual: 1.3}` covers all versions from 1.0 up to and including 1.3.", + "$ref": "#/definitions/version" + }, + "changes": { + "type": "array", + "description": "A list of status changes that take place during the range. The array should be sorted in increasing order by the 'at' field, according to the versionType, but clients must re-sort the list themselves rather than assume it is sorted.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "The start of a single status change during the range.", + "required": ["at", "status"], + "additionalProperties": false, + "properties": { + "at": { + "description": "The version at which a status change occurs.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The new status in the range starting at the given version.", + "$ref": "#/definitions/status" + } + } + } + } + }, + "additionalProperties": false + } + } + } + }, + "dataType": { + "description": "Indicates the type of information represented in the JSON instance.", + "type": "string", + "enum": [ + "CVE_RECORD" + ] + }, + "dataVersion": { + "description": "The version of the CVE schema used for validating this record. Used to support multiple versions of this format.", + "type": "string", + "pattern": "^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$", + "default": "5.1.0" + }, + "cveMetadataPublished": { + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "type": "object", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned. This UUID can be used to lookup the organization record in the user registry service." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "requesterUserId": { + "$ref": "#/definitions/userId", + "description": "The user that requested the CVE identifier." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "state": { + "description": "State of CVE - PUBLISHED, REJECTED.", + "type": "string", + "enum": ["PUBLISHED"] + } + }, + "additionalProperties": false + }, + "cveMetadataRejected": { + "type": "object", + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "dateRejected": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE ID was rejected." + }, + "state": { + "type": "string", + + "description": "State of CVE - PUBLISHED, REJECTED.", + "enum": ["REJECTED"] + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + } + }, + "additionalProperties": false + }, + "providerMetadata": { + "type": "object", + "description": "Details related to the information container provider (CNA or ADP).", + "properties": { + "orgId": { + "$ref": "#/definitions/orgId", + "description": "The container provider's organizational UUID." + }, + "shortName": { + "$ref": "#/definitions/shortName", + "description": "The container provider's organizational short name." + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp", + "description": "Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission." + } + }, + "required": ["orgId"], + "additionalProperties": false + }, + "cnaPublishedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a published CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA. The CNA container must include the required information defined in the CVE Rules, which includes a product, version, problem type, prose description, and a reference.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "dateAssigned": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was associated with a vulnerability by a CNA." + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "A title, headline, or a brief phrase summarizing the CVE record. Eg., Buffer overflow in Example Soft.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/cnaTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata", + "descriptions", + "affected", + "references" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "cnaRejectedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a rejected CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "rejectedReasons": { + "description": "Reasons for rejecting this CVE Record.", + "$ref": "#/definitions/descriptions" + }, + "replacedBy": { + "type": "array", + "description": "Contains an array of CVE IDs that this CVE ID was rejected in favor of because this CVE ID was assigned to the vulnerabilities.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/cveId" + } + } + }, + "required": [ + "providerMetadata", + "rejectedReasons" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "adpContainer": { + "description": "An object containing the vulnerability information provided by an Authorized Data Publisher (ADP). Since multiple ADPs can provide information for a CVE ID, an ADP container must indicate which ADP is the source of the information in the object.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "A title, headline, or a brief phrase summarizing the information in an ADP container.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/adpTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata" + ], + "minProperties": 2, + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "affected": { + "type": "array", + "description": "List of affected products.", + "minItems": 1, + "items": {"$ref": "#/definitions/product"} + }, + "description": { + "type": "object", + "description": "Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.", + "properties": { + "lang": {"$ref": "#/definitions/language"}, + "value": { + "type": "string", + "description": "Plain text description.", + "minLength": 1, + "maxLength": 4096 + }, + "supportingMedia": { + "type": "array", + "title": "Supporting media", + "description": "Supporting media data for the description such as markdown, diagrams, .. (optional). Similar to RFC 2397 each media object has three main parts: media type, media data value, and an optional boolean flag to indicate if the media data is base64 encoded.", + "uniqueItems": true, + "minItems": 1, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "title": "Media type", + "minLength": 1, + "maxLength": 256, + "description": "RFC2046 compliant IANA Media type for eg., text/markdown, text/html.", + "examples": [ + "text/markdown", + "text/html", + "image/png", + "image/svg", + "audio/mp3" + ] + }, + "base64": { + "type": "boolean", + "title": "Encoding", + "description": "If true then the value field contains the media data encoded in base64. If false then the value field contains the UTF-8 media content.", + "default": false + }, + "value": { + "type": "string", + "description": "Supporting media content, up to 16K. If base64 is true, this field stores base64 encoded data.", + "minLength": 1, + "maxLength": 16384 + } + }, + "required": [ + "type", + "value" + ], + "additionalProperties": false + } + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + }, + "englishLanguageDescription": { + "type": "object", + "description": "A description with lang set to an English language (en, en_US, en_UK, and so on).", + "properties": {"lang": {"$ref": "#/definitions/englishLanguage"}}, + "required": ["lang"], + "$comment": "Cannot use additionalProperties: false here, as this prevents the other properties used by /definitions/description." + }, + "descriptions": { + "type": "array", + "description": "A list of multi-lingual descriptions of the vulnerability. E.g., [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]. OR [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] [ROOT CAUSE], which allows [ATTACKER] to [IMPACT] via [VECTOR].", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + }, + "contains": { + "$ref": "#/definitions/englishLanguageDescription" + } + }, + "problemTypes": { + "type": "array", + "description": "This is problem type information (e.g. CWE identifier). Must contain: At least one entry, can be text, OWASP, CWE, please note that while only one is required you can use more than one (or indeed all three) as long as they are correct). (CNA requirement: [PROBLEMTYPE]).", + "items": { + "type": "object", + "required": ["descriptions"], + "properties": { + "descriptions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "lang", + "description" + ], + "properties": { + "lang": {"$ref": "#/definitions/language"}, + "description": { + "type": "string", + "description": "Text description of problemType, or title from CWE or OWASP.", + "minLength": 1, + "maxLength": 4096 + }, + "cweId": { + "type": "string", + "description": "CWE ID of the CWE that best describes this problemType entry.", + "minLength": 5, + "maxLength": 9, + "pattern": "^CWE-[1-9][0-9]*$" + }, + "type": { + "type": "string", + "description": "Problemtype source, text, OWASP, CWE, etc.,", + "minLength": 1, + "maxLength": 128 + }, + "references": {"$ref": "#/definitions/references"} + }, + "additionalProperties": false + }, + "minItems": 1, + "uniqueItems": true + } + }, + "additionalProperties": false + }, + "minItems": 1, + "uniqueItems": true + }, + "references": { + "type": "array", + "description": "This is reference data in the form of URLs or file objects (uuencoded and embedded within the JSON file, exact format to be decided, e.g. we may require a compressed format so the objects require unpacking before they are \"dangerous\").", + "items": {"$ref": "#/definitions/reference"}, + "minItems": 1, + "maxItems": 512, + "uniqueItems": true + }, + "impacts": { + "type": "array", + "description": "Collection of impacts of this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description.", + "required": ["descriptions"], + "properties": { + "capecId": { + "type": "string", + "description": "CAPEC ID that best relates to this impact.", + "minLength": 7, + "maxLength": 11, + "pattern": "^CAPEC-[1-9][0-9]{0,4}$" + }, + "descriptions": { + "description": "Prose description of the impact scenario. At a minimum provide the description given by CAPEC.", + "$ref": "#/definitions/descriptions" + } + }, + "additionalProperties": false + } + }, + "metrics": { + "type": "array", + "description": "Collection of impact scores with attribution.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description, CVSSv2, CVSSv3, CVSSV4, etc.). Must contain: At least one entry, can be text, CVSSv2, CVSSv3, others may be added.", + "anyOf": [ + { + "required": ["cvssV4_0"] + }, + { + "required": ["cvssV3_1"] + }, + { + "required": ["cvssV3_0"] + }, + { + "required": ["cvssV2_0"] + }, + { + "required": ["other"] + } + ], + "properties": { + "format": { + "type": "string", + "description": "Name of the scoring format. This provides a bit of future proofing. Additional properties are not prohibited, so this will support the inclusion of proprietary formats. It also provides an easy future conversion mechanism when future score formats become part of the schema. example: cvssV44, format = 'cvssV44', other = cvssV4_4 JSON object. In the future, the other properties can be converted to score properties when they become part of the schema.", + "minLength": 1, + "maxLength": 64 + }, + "scenarios": { + "type": "array", + "description": "Description of the scenarios this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": {"$ref": "#/definitions/language"}, + "value": { + "type": "string", + "default": "GENERAL", + "description": "Description of the scenario this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minLength": 1, + "maxLength": 4096 + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + } + }, + "cvssV4_0": {"$ref": "file:imports/cvss/cvss-v4.0.json"}, + "cvssV3_1": {"$ref": "file:imports/cvss/cvss-v3.1.json"}, + "cvssV3_0": {"$ref": "file:imports/cvss/cvss-v3.0.json"}, + "cvssV2_0": {"$ref": "file:imports/cvss/cvss-v2.0.json"}, + "other": { + "type": "object", + "description": "A non-standard impact description, may be prose or JSON block.", + "required": [ + "type", + "content" + ], + "properties": { + "type": { + "description": "Name of the non-standard impact metrics format used.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "content": { + "type": "object", + "$comment": "additionalProperties are allowed here, since this construct supports arbitrary JSON.", + "description": "JSON object not covered by another metrics format.", + "minProperties": 1 + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "configurations": { + "type": "array", + "description": "Configurations required for exploiting this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "workarounds": { + "type": "array", + "description": "Workarounds and mitigations for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "solutions": { + "type": "array", + "description": "Information about solutions or remediations available for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "exploits": { + "type": "array", + "description": "Information about exploits of the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "timeline": { + "type": "array", + "description": "This is timeline information for significant events about this vulnerability or changes to the CVE Record.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "time", + "lang", + "value" + ], + "properties": { + "time": { + "description": "Timestamp representing when the event in the timeline occurred. The timestamp format is based on RFC3339 and ISO ISO8601, with an optional timezone. yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM - if the timezone offset is not given, GMT (+00:00) is assumed.", + "$ref": "#/definitions/timestamp" + }, + "lang": { + "description": "The language used in the description of the event. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "description": "A summary of the event.", + "type": "string", + "minLength": 1, + "maxLength": 4096 + } + }, + "additionalProperties": false + } + }, + "credits": { + "type": "array", + "description": "Statements acknowledging specific people, organizations, or tools recognizing the work done in researching, discovering, remediating or helping with activities related to this CVE.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "description": "The language used when describing the credits. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "minLength": 1, + "maxLength": 4096 + }, + "user": { + "description": "UUID of the user being credited if present in the CVE User Registry (optional). This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "type": { + "type": "string", + "description": "Type or role of the entity being credited (optional). finder: identifies the vulnerability.\nreporter: notifies the vendor of the vulnerability to a CNA.\nanalyst: validates the vulnerability to ensure accuracy or severity.\ncoordinator: facilitates the coordinated response process.\nremediation developer: prepares a code change or other remediation plans.\nremediation reviewer: reviews vulnerability remediation plans or code changes for effectiveness and completeness.\nremediation verifier: tests and verifies the vulnerability or its remediation.\ntool: names of tools used in vulnerability discovery or identification.\nsponsor: supports the vulnerability identification or remediation activities.", + "default": "finder", + "enum": [ + "finder", + "reporter", + "analyst", + "coordinator", + "remediation developer", + "remediation reviewer", + "remediation verifier", + "tool", + "sponsor", + "other" + ] + } + }, + "additionalProperties": false, + "required": [ + "lang", + "value" + ] + } + }, + "source": { + "type": "object", + "description": "This is the source information (who discovered it, who researched it, etc.) and optionally a chain of CNA information (e.g. the originating CNA and subsequent parent CNAs who have processed it before it arrives at the MITRE root).\n Must contain: IF this is in the root level it MUST contain a CNA_chain entry, IF this source entry is NOT in the root (e.g. it is part of a vendor statement) then it must contain at least one type of data entry.", + "minProperties": 1 + }, + "language": { + "type": "string", + "description": "BCP 47 language code, language-region.", + "default": "en", + "pattern": "^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "englishLanguage": { + "type": "string", + "description": "BCP 47 language code, language-region, required to be English.", + "pattern": "^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "taxonomyMappings": { + "type": "array", + "description": "List of taxonomy items related to the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A taxonomy mapping object identifies the taxonomy by a name and version (eg., ATT&CK v13.1, CVSS 3.1, CWE 4.12) along with a list of relations relevant to this CVE.", + "required": [ + "taxonomyName", + "taxonomyRelations" + ], + "properties": { + "taxonomyName": { + "type": "string", + "description": "The name of the taxonomy, eg., ATT&CK, D3FEND, CWE, CVSS", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyVersion": { + "type": "string", + "description": "The version of taxonomy the identifiers come from.", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyRelations": { + "type": "array", + "description": "List of relationships to the taxonomy for the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A relationship between the taxonomy and the CVE or two taxonomy items.", + "required": [ + "taxonomyId", + "relationshipName", + "relationshipValue" + ], + "properties": { + "taxonomyId": { + "type": "string", + "description": "Identifier of the item in the taxonomy. Used as the subject of the relationship.", + "minLength": 1, + "maxLength": 2048 + }, + "relationshipName": { + "type": "string", + "description": "A description of the relationship.", + "minLength": 1, + "maxLength": 128 + }, + "relationshipValue": { + "type": "string", + "description": "The target of the relationship. Can be the CVE ID or another taxonomy identifier.", + "minLength": 1, + "maxLength": 2048 + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "tagExtension": { + "type": "string", + "minLength": 2, + "maxLength": 128, + "pattern": "^x_.*$", + "$comment": "These values are not used as JSON property names, so there is not a need to work-around property naming limitations in some common implementations." + }, + "cnaTags": { + "type": "array", + "description": "Tags provided by a CNA describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$ref": "file:tags/cna-tags.json" + } + ] + } + }, + "adpTags": { + "type": "array", + "description": "Tags provided by an ADP describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$ref": "file:tags/adp-tags.json" + } + ] + } + } + }, + "oneOf": [ + { + "title": "Published", + "description": "When a CNA populates the data associated with a CVE ID as a CVE Record, the state of the CVE Record is Published.", + "type": "object", + "properties": { + "dataType": { + "$ref": "#/definitions/dataType" + }, + "dataVersion": { + "$ref": "#/definitions/dataVersion" + }, + "cveMetadata": { + "$ref": "#/definitions/cveMetadataPublished" + }, + "containers": { + "description": "A set of structures (called containers) used to store vulnerability information related to a specific CVE ID provided by a specific organization participating in the CVE program. Each container includes information provided by a different source.\n\nAt a minimum, a 'cna' container containing the vulnerability information provided by the CNA who initially assigned the CVE ID must be included.\n\nThere can only be one 'cna' container, as there can only be one assigning CNA. However, there can be multiple 'adp' containers, allowing multiple organizations participating in the CVE program to add additional information related to the vulnerability. For the most part, the 'cna' and 'adp' containers contain the same properties. The main differences are the source of the information. The 'cna' container requires the CNA to include certain fields, while the 'adp' container does not.", + "type": "object", + "properties": { + "cna": {"$ref": "#/definitions/cnaPublishedContainer"}, + "adp": { + "type": "array", + "items": {"$ref": "#/definitions/adpContainer"}, + "minItems": 1, + "uniqueItems": true + } + }, + "required": ["cna"], + "additionalProperties": false + } + }, + "required": [ + "dataType", + "dataVersion", + "cveMetadata", + "containers" + ], + "additionalProperties": false + }, + { + "title": "Rejected", + "description": "If the CVE ID and associated CVE Record should no longer be used, the CVE Record is placed in the Rejected state. A Rejected CVE Record remains on the CVE List so that users can know when it is invalid.", + "type": "object", + "properties": { + "dataType": { + "$ref": "#/definitions/dataType" + }, + "dataVersion": { + "$ref": "#/definitions/dataVersion" + }, + "cveMetadata": { + "$ref": "#/definitions/cveMetadataRejected" + }, + "containers": { + "description": "A set of structures (called containers) used to store vulnerability information related to a specific CVE ID provided by a specific organization participating in the CVE program. Each container includes information provided by a different source.\n\nAt minimum, a 'cna' container containing the vulnerability information provided by the CNA who initially assigned the CVE ID must be included.\n\nThere can only be one 'cna' container, as there can only be one assigning CNA.", + "type": "object", + "properties": { + "cna": {"$ref": "#/definitions/cnaRejectedContainer"} + }, + "required": ["cna"], + "additionalProperties": false + } + }, + "required": [ + "dataType", + "dataVersion", + "cveMetadata", + "containers" + ], + "additionalProperties": false + } + ] +} diff --git a/schema/v1.0/JSON-file-format-v1.md b/schema/archive/v1.0/JSON-file-format-v1.md similarity index 100% rename from schema/v1.0/JSON-file-format-v1.md rename to schema/archive/v1.0/JSON-file-format-v1.md diff --git a/schema/v2.0/JSON-file-format-v2.md b/schema/archive/v2.0/JSON-file-format-v2.md similarity index 100% rename from schema/v2.0/JSON-file-format-v2.md rename to schema/archive/v2.0/JSON-file-format-v2.md diff --git a/schema/v3.1/CVE_JSON_example_full-3.1.json b/schema/archive/v3.1/CVE_JSON_example_full-3.1.json similarity index 95% rename from schema/v3.1/CVE_JSON_example_full-3.1.json rename to schema/archive/v3.1/CVE_JSON_example_full-3.1.json index 790f2036cae..d6f9937a59f 100644 --- a/schema/v3.1/CVE_JSON_example_full-3.1.json +++ b/schema/archive/v3.1/CVE_JSON_example_full-3.1.json @@ -1,218 +1,218 @@ -{ - "data_version": "3.1", - "cve_id":"CVE-YYYY-XXXXXX", - "updated":"DATE-TIMESTAMP", - "serial":"INT", - "date_requested":"DATE-TIMESTAMP", - "date_assigned":"DATE-TIMESTAMP", - "date_public":"DATE-TIMESTAMP", - "requester":"Requester id String", - "assigner": "Assigner id String", - "state":"string of state of CVE", - "replaced_by":"string replace by data", - "title":[ - { - "lang":"string ISO 639-2", - "value":"string short title of issue" - } - ], - "products": [ - { - "vendor_name": "string", - "product": [ - { - "product_name": "string", - "version": "string", - "affects": "string =/>/=/!", - "cpe":[ - { - "cpe_value":"string" - } - ], - "swid":[ - { - "swid_value":"string" - } - ] - } - ] - } - ], - "problem_types":[ - { - "description":[ - { - "lang":"string ISO 639-2", - "value":"string description of problem_type" - } - ], - "cwes":[ - "strings of cwes","strings separated by commas" - ], - "owasp":[ - "string of OWASP information","strings separated by commas" - ] - } - ], - "references":[ - { - "url":"string for url location", - "name":"string Name of reference i.e. if advisory has name", - "publish_date":"DATE-TIMESTAMP of reference release to public" - } - ], - "description":[ - { - "lang":"string ISO 639-2", - "value":"string description of vulnerability" - } - ], - "attack":[ - { - "attackers":[ - { - "extent":"string explaining extent of vulnerability", - "authentication":"string stating whether authentication is needed for vulnerability", - "user_assistance":"string stating whether user assistance is needed for vulnerability" - } - ], - "impacts":[ - "string of impacts","strings separated by commas" - ], - "attack_methods":[ - { - "vectors":[ - "string list of vectors", "strings separated by commas" - ], - "components":[ - "string list of components", "strings separated by commas" - ], - "capecs":"string of repective capec" - } - ] - } - ], - "files":[ - { - "url":"url string", - "import_time":"DATE-TIMESTAMP", - "local_name":"string name of file" - } - ], - "exploitation":{ - "lang":"string ISO 639-2", - "value":"string description of issue" - }, - "work_around":[ - { - "lang":"string ISO 639-2", - "value":"string description of issue" - } - ], - "time_line":[ - { - "time_stamp":"DATE-TIMESTAMP", - "reference":{ - "reference_name":"string", - "reference_value":"string" - }, - "text":[ - { - "lang":"string ISO 639-2", - "value":"string decription of issue" - } - ] - } - ], - "source":{ - "discovered_by":"name of discover", - "discovered_with":"name of parties involved", - "verification":"string", - "cna_chain":[ - "string initial CNA", - "string Parent CNA", - "string root CNA" - ] - }, - "conditions":[ - "strings of conditions", - "separated by commas" - ], - "notes":{ - "lang":"string ISO 639-2" - }, - "credits":[ - { - "id":"string to identify person recieving credit", - "role":[ - { - "discoverer":"string", - "research_assist":"string", - "exploit_code":"string" - } - ] - } - ], - "impact_metrics":{ - "cvss2":{ - "vector":"string value for CVSS score ie. CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "bm":{ - "av":"string value", - "ac":"string value", - "au":"string value", - "c":"string value", - "i":"string value", - "a":"string value", - "score":"string value" - }, - "tm":{ - "e":"string value", - "rl":"string value", - "rc":"string value", - "score":"string value" - }, - "em":{ - "cdp":"string value", - "td":"string value", - "cr":"string value", - "ir":"string value", - "ar":"string value", - "score":"string value" - } - }, - "cvss3":{ - "vector":"string value for CVSS score ie. CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "bm":{ - "av":"string value", - "ac":"string value", - "pr":"string value", - "ui":"string value", - "scope":"string value", - "c":"string value", - "i":"string value", - "a":"string value", - "score":"string value" - }, - "tm":{ - "e":"string value", - "rl":"string value", - "rc":"string value", - "score":"string value" - }, - "em":{ - "mav":"string value", - "mac":"string value", - "mpr":"string value", - "mui":"string value", - "ms":"string value", - "mc":"string value", - "mi":"string value", - "ma":"string value", - "cr":"string value", - "ir":"string value", - "ar":"string value", - "score":"string value" - } - } - } +{ + "data_version": "3.1", + "cve_id":"CVE-YYYY-XXXXXX", + "updated":"DATE-TIMESTAMP", + "serial":"INT", + "date_requested":"DATE-TIMESTAMP", + "date_assigned":"DATE-TIMESTAMP", + "date_public":"DATE-TIMESTAMP", + "requester":"Requester id String", + "assigner": "Assigner id String", + "state":"string of state of CVE", + "replaced_by":"string replace by data", + "title":[ + { + "lang":"string ISO 639-2", + "value":"string short title of issue" + } + ], + "products": [ + { + "vendor_name": "string", + "product": [ + { + "product_name": "string", + "version": "string", + "affects": "string =/>/=/!", + "cpe":[ + { + "cpe_value":"string" + } + ], + "swid":[ + { + "swid_value":"string" + } + ] + } + ] + } + ], + "problem_types":[ + { + "description":[ + { + "lang":"string ISO 639-2", + "value":"string description of problem_type" + } + ], + "cwes":[ + "strings of cwes","strings separated by commas" + ], + "owasp":[ + "string of OWASP information","strings separated by commas" + ] + } + ], + "references":[ + { + "url":"string for url location", + "name":"string Name of reference i.e. if advisory has name", + "publish_date":"DATE-TIMESTAMP of reference release to public" + } + ], + "description":[ + { + "lang":"string ISO 639-2", + "value":"string description of vulnerability" + } + ], + "attack":[ + { + "attackers":[ + { + "extent":"string explaining extent of vulnerability", + "authentication":"string stating whether authentication is needed for vulnerability", + "user_assistance":"string stating whether user assistance is needed for vulnerability" + } + ], + "impacts":[ + "string of impacts","strings separated by commas" + ], + "attack_methods":[ + { + "vectors":[ + "string list of vectors", "strings separated by commas" + ], + "components":[ + "string list of components", "strings separated by commas" + ], + "capecs":"string of repective capec" + } + ] + } + ], + "files":[ + { + "url":"url string", + "import_time":"DATE-TIMESTAMP", + "local_name":"string name of file" + } + ], + "exploitation":{ + "lang":"string ISO 639-2", + "value":"string description of issue" + }, + "work_around":[ + { + "lang":"string ISO 639-2", + "value":"string description of issue" + } + ], + "time_line":[ + { + "time_stamp":"DATE-TIMESTAMP", + "reference":{ + "reference_name":"string", + "reference_value":"string" + }, + "text":[ + { + "lang":"string ISO 639-2", + "value":"string decription of issue" + } + ] + } + ], + "source":{ + "discovered_by":"name of discover", + "discovered_with":"name of parties involved", + "verification":"string", + "cna_chain":[ + "string initial CNA", + "string Parent CNA", + "string root CNA" + ] + }, + "conditions":[ + "strings of conditions", + "separated by commas" + ], + "notes":{ + "lang":"string ISO 639-2" + }, + "credits":[ + { + "id":"string to identify person recieving credit", + "role":[ + { + "discoverer":"string", + "research_assist":"string", + "exploit_code":"string" + } + ] + } + ], + "impact_metrics":{ + "cvss2":{ + "vector":"string value for CVSS score ie. CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "bm":{ + "av":"string value", + "ac":"string value", + "au":"string value", + "c":"string value", + "i":"string value", + "a":"string value", + "score":"string value" + }, + "tm":{ + "e":"string value", + "rl":"string value", + "rc":"string value", + "score":"string value" + }, + "em":{ + "cdp":"string value", + "td":"string value", + "cr":"string value", + "ir":"string value", + "ar":"string value", + "score":"string value" + } + }, + "cvss3":{ + "vector":"string value for CVSS score ie. CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "bm":{ + "av":"string value", + "ac":"string value", + "pr":"string value", + "ui":"string value", + "scope":"string value", + "c":"string value", + "i":"string value", + "a":"string value", + "score":"string value" + }, + "tm":{ + "e":"string value", + "rl":"string value", + "rc":"string value", + "score":"string value" + }, + "em":{ + "mav":"string value", + "mac":"string value", + "mpr":"string value", + "mui":"string value", + "ms":"string value", + "mc":"string value", + "mi":"string value", + "ma":"string value", + "cr":"string value", + "ir":"string value", + "ar":"string value", + "score":"string value" + } + } + } } \ No newline at end of file diff --git a/schema/v3.1/CVE_JSON_example_min-3.1.json b/schema/archive/v3.1/CVE_JSON_example_min-3.1.json similarity index 94% rename from schema/v3.1/CVE_JSON_example_min-3.1.json rename to schema/archive/v3.1/CVE_JSON_example_min-3.1.json index 63cd6906fcd..e7e6fcf6364 100644 --- a/schema/v3.1/CVE_JSON_example_min-3.1.json +++ b/schema/archive/v3.1/CVE_JSON_example_min-3.1.json @@ -1,37 +1,37 @@ -{ - "data_version": "3.1", - "cve_id":"CVE-YYYY-XXXXXX", - "products": [ - { - "vendor_name": "string", - "product": [ - { - "product_name": "string", - "version": "string", - "affects": "string =/>/=/!" - } - ] - } - ], - "problem_types":[ - { - "description":[ - { - "lang":"string ISO 639-2", - "value":"string description of problem_type" - } - ] - } - ], - "references":[ - { - "url":"string for url location" - } - ], - "description":[ - { - "lang":"string ISO 639-2", - "value":"string description of vulnerability" - } - ] +{ + "data_version": "3.1", + "cve_id":"CVE-YYYY-XXXXXX", + "products": [ + { + "vendor_name": "string", + "product": [ + { + "product_name": "string", + "version": "string", + "affects": "string =/>/=/!" + } + ] + } + ], + "problem_types":[ + { + "description":[ + { + "lang":"string ISO 639-2", + "value":"string description of problem_type" + } + ] + } + ], + "references":[ + { + "url":"string for url location" + } + ], + "description":[ + { + "lang":"string ISO 639-2", + "value":"string description of vulnerability" + } + ] } \ No newline at end of file diff --git a/schema/v3.1/CVE_JSON_schema-3.1.json b/schema/archive/v3.1/CVE_JSON_schema-3.1.json similarity index 95% rename from schema/v3.1/CVE_JSON_schema-3.1.json rename to schema/archive/v3.1/CVE_JSON_schema-3.1.json index d32a917af71..f21ce28b3b8 100644 --- a/schema/v3.1/CVE_JSON_schema-3.1.json +++ b/schema/archive/v3.1/CVE_JSON_schema-3.1.json @@ -1,543 +1,543 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "data_version":{ - "type": "string" - }, - "cve_id": { - "type": "string" - }, - "updated":{ - "type":"string" - }, - "serial":{ - "type":"integer" - }, - "date_requested":{ - "type":"string" - }, - "date_assigned":{ - "type":"string" - }, - "date_public":{ - "type":"string" - }, - "requester":{ - "type":"string" - }, - "assigner":{ - "type":"string" - }, - "state":{ - "type":"string" - }, - "replaced_by":{ - "type":"string" - }, - "title":{ - "type":"array", - "items":{ - "type":"object", - "properties":{ - "lang":{ - "type":"string" - }, - "value":{ - "type":"string" - } - } - } - }, - "products": { - "type":"array", - "items":{ - "type":"object", - "properties":{ - "vendor_name":{ - "type":"string" - }, - "product":{ - "type":"array", - "items":{ - "type":"object", - "properties":{ - "product_name":{ - "type":"string" - }, - "version":{ - "type":"string" - }, - "affects":{ - "type":"string" - }, - "cpe":{ - "type":"array", - "items":{ - "type":"object", - "properties":{ - "cpe_value":{ - "type":"string" - } - } - } - }, - "swid":{ - "type":"array", - "items":{ - "type":"object", - "properties":{ - "swid_value":{ - "type":"string" - } - } - } - } - },"required": ["product_name","version"] - } - } - } - } - }, - "problem_types": { - "type": "array", - "items": { - "type":"object", - "properties":{ - "description": { - "type": "array", - "items":{ - "type":"object", - "properties":{ - "lang":{ - "type":"string" - }, - "value":{ - "type":"string" - } - } - } - }, - "cwes": { - "type": "array", - "items": { - "type": "string" - } - }, - "owasp":{ - "type":"array", - "items":{ - "type":"string" - } - } - }, "required":["description"] - } - }, - "references": { - "type": "array", - "items": { - "type": "object", - "properties": { - "url": { - "type": "string" - }, - "name": { - "type": "string" - }, - "publish_date": { - "type": "string" - } - },"required": ["url"] - } - }, - "description": { - "type": "array", - "items":{ - "type":"object", - "properties":{ - "lang":{ - "type":"string" - }, - "value":{ - "type":"string" - } - } - } - }, - "attack": { - "type": "array", - "items": { - "type": "object", - "properties": { - "attackers": { - "type": "array", - "items":{ - "type":"object", - "properties":{ - "extent":{ - "type":"string" - }, - "authentication":{ - "type":"string" - }, - "user_assistance":{ - "type":"string" - } - } - } - }, - "impacts": { - "type": "array", - "items": { - "type":"string" - } - }, - "attack_methods": { - "type": "array", - "items":{ - "type":"object", - "properties":{ - "vectors":{ - "type":"array", - "items":{ - "type":"string" - } - }, - "components":{ - "type":"array", - "items":{ - "type":"string" - } - }, - "capecs":{ - "type":"string" - } - } - } - } - } - } - }, - "files":{ - "type":"array", - "items":{ - "type":"object", - "properties":{ - "url":{ - "type":"string" - }, - "import_time":{ - "type":"string" - }, - "local_name":{ - "type":"string" - } - } - } - }, - "exploitation":{ - "type":"object", - "properties":{ - "lang":{ - "type":"string" - }, - "value":{ - "type":"string" - } - } - }, - "work_around":{ - "type":"array", - "items":{ - "type":"object", - "properties":{ - "lang":{ - "type":"string" - }, - "value":{ - "type":"string" - } - } - } - }, - "time_line":{ - "type":"array", - "items":{ - "type":"object", - "properties":{ - "time_stamp":{ - "type":"string" - }, - "reference":{ - "type":"object", - "properties":{ - "reference_name":{ - "type":"string" - }, - "reference":{ - "type":"string" - } - } - }, - "text":{ - "type":"array", - "items":{ - "type":"object", - "properties":{ - "lang":{ - "type":"string" - }, - "value":{ - "type":"string" - } - } - } - } - } - } - }, - "source":{ - "type":"object", - "properties":{ - "discovered_by":{ - "type":"string" - }, - "discovered_with":{ - "type":"string" - }, - "verification":{ - "type":"string" - }, - "cna_chain":{ - "type":"array", - "items":{ - "type":"string" - } - } - } - }, - "conditions":{ - "type":"array", - "items":{ - "type":"string" - } - }, - "notes":{ - "type":"object", - "properties":{ - "lang":{ - "type":"string" - }, - "value":{ - "type":"string" - } - } - }, - "credits":{ - "type":"array", - "items":{ - "type":"object", - "properties":{ - "id":{ - "type":"string" - }, - "role":{ - "type":"array", - "items":{ - "type":"object", - "properties":{ - "discoverer":{ - "type":"string" - }, - "research_assist":{ - "type":"string" - }, - "exploit_code":{ - "type":"string" - } - } - } - } - } - } - }, - "impact_metrics":{ - "type":"object", - "properties":{ - "cvss2": { - "type": "object", - "properties": { - "vector":{ - "type":"string" - }, - "bm": { - "type": "object", - "properties": { - "av":{ - "type":"string" - }, - "ac":{ - "type":"string" - }, - "au":{ - "type":"string" - }, - "c":{ - "type":"string" - }, - "i":{ - "type":"string" - }, - "a":{ - "type":"string" - }, - "score": { - "type": "string" - } - } - }, - "tm": { - "type": "object", - "properties": { - "e":{ - "type":"string" - }, - "rl":{ - "type":"string" - }, - "rc":{ - "type":"string" - }, - "score": { - "type": "string" - } - } - }, - "em": { - "type": "object", - "properties": { - "cdp":{ - "type":"string" - }, - "td":{ - "type":"string" - }, - "cr":{ - "type":"string" - }, - "ir":{ - "type":"string" - }, - "ar":{ - "type":"string" - }, - "score": { - "type": "string" - } - } - } - } - }, - "cvss3": { - "type": "object", - "properties": { - "vector":{ - "type":"string" - }, - "bm": { - "type": "object", - "properties": { - "av":{ - "type":"string" - }, - "ac":{ - "type":"string" - }, - "pr":{ - "type":"string" - }, - "ui":{ - "type":"string" - }, - "scope":{ - "type":"string" - }, - "c":{ - "type":"string" - }, - "i":{ - "type":"string" - }, - "a":{ - "type":"string" - }, - "score": { - "type": "string" - } - } - }, - "tm": { - "type": "object", - "properties": { - "e":{ - "type":"string" - }, - "rl":{ - "type":"string" - }, - "rc":{ - "type":"string" - }, - "score": { - "type": "string" - } - } - }, - "em": { - "type": "object", - "properties": { - "mav":{ - "type":"string" - }, - "mac":{ - "type":"string" - }, - "mpr":{ - "type":"string" - }, - "mui":{ - "type":"string" - }, - "ms":{ - "type":"string" - }, - "mc":{ - "type":"string" - }, - "mi":{ - "type":"string" - }, - "ma":{ - "type":"string" - }, - "cr":{ - "type":"string" - }, - "ir":{ - "type":"string" - }, - "ar":{ - "type":"string" - }, - "score": { - "type": "string" - } - } - } - } - } - } - } - },"required": ["data_version","cve_id", "products", "problem_types", "references", "description"] -} - +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "data_version":{ + "type": "string" + }, + "cve_id": { + "type": "string" + }, + "updated":{ + "type":"string" + }, + "serial":{ + "type":"integer" + }, + "date_requested":{ + "type":"string" + }, + "date_assigned":{ + "type":"string" + }, + "date_public":{ + "type":"string" + }, + "requester":{ + "type":"string" + }, + "assigner":{ + "type":"string" + }, + "state":{ + "type":"string" + }, + "replaced_by":{ + "type":"string" + }, + "title":{ + "type":"array", + "items":{ + "type":"object", + "properties":{ + "lang":{ + "type":"string" + }, + "value":{ + "type":"string" + } + } + } + }, + "products": { + "type":"array", + "items":{ + "type":"object", + "properties":{ + "vendor_name":{ + "type":"string" + }, + "product":{ + "type":"array", + "items":{ + "type":"object", + "properties":{ + "product_name":{ + "type":"string" + }, + "version":{ + "type":"string" + }, + "affects":{ + "type":"string" + }, + "cpe":{ + "type":"array", + "items":{ + "type":"object", + "properties":{ + "cpe_value":{ + "type":"string" + } + } + } + }, + "swid":{ + "type":"array", + "items":{ + "type":"object", + "properties":{ + "swid_value":{ + "type":"string" + } + } + } + } + },"required": ["product_name","version"] + } + } + } + } + }, + "problem_types": { + "type": "array", + "items": { + "type":"object", + "properties":{ + "description": { + "type": "array", + "items":{ + "type":"object", + "properties":{ + "lang":{ + "type":"string" + }, + "value":{ + "type":"string" + } + } + } + }, + "cwes": { + "type": "array", + "items": { + "type": "string" + } + }, + "owasp":{ + "type":"array", + "items":{ + "type":"string" + } + } + }, "required":["description"] + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string" + }, + "name": { + "type": "string" + }, + "publish_date": { + "type": "string" + } + },"required": ["url"] + } + }, + "description": { + "type": "array", + "items":{ + "type":"object", + "properties":{ + "lang":{ + "type":"string" + }, + "value":{ + "type":"string" + } + } + } + }, + "attack": { + "type": "array", + "items": { + "type": "object", + "properties": { + "attackers": { + "type": "array", + "items":{ + "type":"object", + "properties":{ + "extent":{ + "type":"string" + }, + "authentication":{ + "type":"string" + }, + "user_assistance":{ + "type":"string" + } + } + } + }, + "impacts": { + "type": "array", + "items": { + "type":"string" + } + }, + "attack_methods": { + "type": "array", + "items":{ + "type":"object", + "properties":{ + "vectors":{ + "type":"array", + "items":{ + "type":"string" + } + }, + "components":{ + "type":"array", + "items":{ + "type":"string" + } + }, + "capecs":{ + "type":"string" + } + } + } + } + } + } + }, + "files":{ + "type":"array", + "items":{ + "type":"object", + "properties":{ + "url":{ + "type":"string" + }, + "import_time":{ + "type":"string" + }, + "local_name":{ + "type":"string" + } + } + } + }, + "exploitation":{ + "type":"object", + "properties":{ + "lang":{ + "type":"string" + }, + "value":{ + "type":"string" + } + } + }, + "work_around":{ + "type":"array", + "items":{ + "type":"object", + "properties":{ + "lang":{ + "type":"string" + }, + "value":{ + "type":"string" + } + } + } + }, + "time_line":{ + "type":"array", + "items":{ + "type":"object", + "properties":{ + "time_stamp":{ + "type":"string" + }, + "reference":{ + "type":"object", + "properties":{ + "reference_name":{ + "type":"string" + }, + "reference":{ + "type":"string" + } + } + }, + "text":{ + "type":"array", + "items":{ + "type":"object", + "properties":{ + "lang":{ + "type":"string" + }, + "value":{ + "type":"string" + } + } + } + } + } + } + }, + "source":{ + "type":"object", + "properties":{ + "discovered_by":{ + "type":"string" + }, + "discovered_with":{ + "type":"string" + }, + "verification":{ + "type":"string" + }, + "cna_chain":{ + "type":"array", + "items":{ + "type":"string" + } + } + } + }, + "conditions":{ + "type":"array", + "items":{ + "type":"string" + } + }, + "notes":{ + "type":"object", + "properties":{ + "lang":{ + "type":"string" + }, + "value":{ + "type":"string" + } + } + }, + "credits":{ + "type":"array", + "items":{ + "type":"object", + "properties":{ + "id":{ + "type":"string" + }, + "role":{ + "type":"array", + "items":{ + "type":"object", + "properties":{ + "discoverer":{ + "type":"string" + }, + "research_assist":{ + "type":"string" + }, + "exploit_code":{ + "type":"string" + } + } + } + } + } + } + }, + "impact_metrics":{ + "type":"object", + "properties":{ + "cvss2": { + "type": "object", + "properties": { + "vector":{ + "type":"string" + }, + "bm": { + "type": "object", + "properties": { + "av":{ + "type":"string" + }, + "ac":{ + "type":"string" + }, + "au":{ + "type":"string" + }, + "c":{ + "type":"string" + }, + "i":{ + "type":"string" + }, + "a":{ + "type":"string" + }, + "score": { + "type": "string" + } + } + }, + "tm": { + "type": "object", + "properties": { + "e":{ + "type":"string" + }, + "rl":{ + "type":"string" + }, + "rc":{ + "type":"string" + }, + "score": { + "type": "string" + } + } + }, + "em": { + "type": "object", + "properties": { + "cdp":{ + "type":"string" + }, + "td":{ + "type":"string" + }, + "cr":{ + "type":"string" + }, + "ir":{ + "type":"string" + }, + "ar":{ + "type":"string" + }, + "score": { + "type": "string" + } + } + } + } + }, + "cvss3": { + "type": "object", + "properties": { + "vector":{ + "type":"string" + }, + "bm": { + "type": "object", + "properties": { + "av":{ + "type":"string" + }, + "ac":{ + "type":"string" + }, + "pr":{ + "type":"string" + }, + "ui":{ + "type":"string" + }, + "scope":{ + "type":"string" + }, + "c":{ + "type":"string" + }, + "i":{ + "type":"string" + }, + "a":{ + "type":"string" + }, + "score": { + "type": "string" + } + } + }, + "tm": { + "type": "object", + "properties": { + "e":{ + "type":"string" + }, + "rl":{ + "type":"string" + }, + "rc":{ + "type":"string" + }, + "score": { + "type": "string" + } + } + }, + "em": { + "type": "object", + "properties": { + "mav":{ + "type":"string" + }, + "mac":{ + "type":"string" + }, + "mpr":{ + "type":"string" + }, + "mui":{ + "type":"string" + }, + "ms":{ + "type":"string" + }, + "mc":{ + "type":"string" + }, + "mi":{ + "type":"string" + }, + "ma":{ + "type":"string" + }, + "cr":{ + "type":"string" + }, + "ir":{ + "type":"string" + }, + "ar":{ + "type":"string" + }, + "score": { + "type": "string" + } + } + } + } + } + } + } + },"required": ["data_version","cve_id", "products", "problem_types", "references", "description"] +} + diff --git a/schema/v4.0/CVE_JSON_4.0_min_public.schema b/schema/archive/v4.0/CVE_JSON_4.0_min_public.schema similarity index 100% rename from schema/v4.0/CVE_JSON_4.0_min_public.schema rename to schema/archive/v4.0/CVE_JSON_4.0_min_public.schema diff --git a/schema/v4.0/CVE_JSON_4.0_min_reject.schema b/schema/archive/v4.0/CVE_JSON_4.0_min_reject.schema similarity index 100% rename from schema/v4.0/CVE_JSON_4.0_min_reject.schema rename to schema/archive/v4.0/CVE_JSON_4.0_min_reject.schema diff --git a/schema/v4.0/CVE_JSON_4.0_min_reserved.schema b/schema/archive/v4.0/CVE_JSON_4.0_min_reserved.schema similarity index 100% rename from schema/v4.0/CVE_JSON_4.0_min_reserved.schema rename to schema/archive/v4.0/CVE_JSON_4.0_min_reserved.schema diff --git a/schema/v4.0/DRAFT-JSON-file-format-v4.md b/schema/archive/v4.0/DRAFT-JSON-file-format-v4.md similarity index 100% rename from schema/v4.0/DRAFT-JSON-file-format-v4.md rename to schema/archive/v4.0/DRAFT-JSON-file-format-v4.md diff --git a/schema/v5.0/CVE_JSON_5.0_schema.json b/schema/archive/v5.0/CVE_JSON_5.0_schema.json similarity index 100% rename from schema/v5.0/CVE_JSON_5.0_schema.json rename to schema/archive/v5.0/CVE_JSON_5.0_schema.json diff --git a/schema/v5.0/docs/CVE_JSON_5.0_bundled.json b/schema/archive/v5.0/docs/CVE_JSON_5.0_bundled.json similarity index 100% rename from schema/v5.0/docs/CVE_JSON_5.0_bundled.json rename to schema/archive/v5.0/docs/CVE_JSON_5.0_bundled.json diff --git a/schema/v5.0/docs/cnaContainer-advanced-example.json b/schema/archive/v5.0/docs/cnaContainer-advanced-example.json similarity index 100% rename from schema/v5.0/docs/cnaContainer-advanced-example.json rename to schema/archive/v5.0/docs/cnaContainer-advanced-example.json diff --git a/schema/v5.0/docs/cnaContainer-basic-example.json b/schema/archive/v5.0/docs/cnaContainer-basic-example.json similarity index 100% rename from schema/v5.0/docs/cnaContainer-basic-example.json rename to schema/archive/v5.0/docs/cnaContainer-basic-example.json diff --git a/schema/v5.0/docs/full-record-advanced-example.json b/schema/archive/v5.0/docs/full-record-advanced-example.json similarity index 100% rename from schema/v5.0/docs/full-record-advanced-example.json rename to schema/archive/v5.0/docs/full-record-advanced-example.json diff --git a/schema/v5.0/docs/full-record-basic-example.json b/schema/archive/v5.0/docs/full-record-basic-example.json similarity index 100% rename from schema/v5.0/docs/full-record-basic-example.json rename to schema/archive/v5.0/docs/full-record-basic-example.json diff --git a/schema/v5.0/docs/index.html b/schema/archive/v5.0/docs/index.html similarity index 100% rename from schema/v5.0/docs/index.html rename to schema/archive/v5.0/docs/index.html diff --git a/schema/v5.0/docs/mindmap.html b/schema/archive/v5.0/docs/mindmap.html similarity index 100% rename from schema/v5.0/docs/mindmap.html rename to schema/archive/v5.0/docs/mindmap.html diff --git a/schema/v5.0/docs/schema_doc.css b/schema/archive/v5.0/docs/schema_doc.css similarity index 100% rename from schema/v5.0/docs/schema_doc.css rename to schema/archive/v5.0/docs/schema_doc.css diff --git a/schema/v5.0/docs/schema_doc.min.js b/schema/archive/v5.0/docs/schema_doc.min.js similarity index 100% rename from schema/v5.0/docs/schema_doc.min.js rename to schema/archive/v5.0/docs/schema_doc.min.js diff --git a/schema/v5.0/docs/versions.md b/schema/archive/v5.0/docs/versions.md similarity index 100% rename from schema/v5.0/docs/versions.md rename to schema/archive/v5.0/docs/versions.md diff --git a/schema/v5.0/imports/cvss/README.md b/schema/archive/v5.0/imports/cvss/README.md similarity index 100% rename from schema/v5.0/imports/cvss/README.md rename to schema/archive/v5.0/imports/cvss/README.md diff --git a/schema/v5.0/imports/cvss/cvss-v2.0.json b/schema/archive/v5.0/imports/cvss/cvss-v2.0.json similarity index 100% rename from schema/v5.0/imports/cvss/cvss-v2.0.json rename to schema/archive/v5.0/imports/cvss/cvss-v2.0.json diff --git a/schema/v5.0/imports/cvss/cvss-v3.0.json b/schema/archive/v5.0/imports/cvss/cvss-v3.0.json similarity index 100% rename from schema/v5.0/imports/cvss/cvss-v3.0.json rename to schema/archive/v5.0/imports/cvss/cvss-v3.0.json diff --git a/schema/v5.0/imports/cvss/cvss-v3.1.json b/schema/archive/v5.0/imports/cvss/cvss-v3.1.json similarity index 100% rename from schema/v5.0/imports/cvss/cvss-v3.1.json rename to schema/archive/v5.0/imports/cvss/cvss-v3.1.json diff --git a/schema/v5.0/support/CVE_4_to_5_converter/PUBLISHED_CVE_JSON_5.0_bundled.json b/schema/archive/v5.0/support/CVE_4_to_5_converter/PUBLISHED_CVE_JSON_5.0_bundled.json similarity index 100% rename from schema/v5.0/support/CVE_4_to_5_converter/PUBLISHED_CVE_JSON_5.0_bundled.json rename to schema/archive/v5.0/support/CVE_4_to_5_converter/PUBLISHED_CVE_JSON_5.0_bundled.json diff --git a/schema/v5.0/support/CVE_4_to_5_converter/convert.log b/schema/archive/v5.0/support/CVE_4_to_5_converter/convert.log similarity index 100% rename from schema/v5.0/support/CVE_4_to_5_converter/convert.log rename to schema/archive/v5.0/support/CVE_4_to_5_converter/convert.log diff --git a/schema/v5.0/support/CVE_4_to_5_converter/cve4to5up.py b/schema/archive/v5.0/support/CVE_4_to_5_converter/cve4to5up.py similarity index 100% rename from schema/v5.0/support/CVE_4_to_5_converter/cve4to5up.py rename to schema/archive/v5.0/support/CVE_4_to_5_converter/cve4to5up.py diff --git a/schema/v5.0/support/CVE_4_to_5_converter/cve_record_dates.json.example b/schema/archive/v5.0/support/CVE_4_to_5_converter/cve_record_dates.json.example similarity index 100% rename from schema/v5.0/support/CVE_4_to_5_converter/cve_record_dates.json.example rename to schema/archive/v5.0/support/CVE_4_to_5_converter/cve_record_dates.json.example diff --git a/schema/v5.0/support/CVE_4_to_5_converter/ref_tag_map.json b/schema/archive/v5.0/support/CVE_4_to_5_converter/ref_tag_map.json similarity index 100% rename from schema/v5.0/support/CVE_4_to_5_converter/ref_tag_map.json rename to schema/archive/v5.0/support/CVE_4_to_5_converter/ref_tag_map.json diff --git a/schema/v5.0/support/CVE_4_to_5_converter/settings_example.py b/schema/archive/v5.0/support/CVE_4_to_5_converter/settings_example.py similarity index 100% rename from schema/v5.0/support/CVE_4_to_5_converter/settings_example.py rename to schema/archive/v5.0/support/CVE_4_to_5_converter/settings_example.py diff --git a/schema/v5.0/support/CVE_4_to_5_converter/user_map_example.csv b/schema/archive/v5.0/support/CVE_4_to_5_converter/user_map_example.csv similarity index 96% rename from schema/v5.0/support/CVE_4_to_5_converter/user_map_example.csv rename to schema/archive/v5.0/support/CVE_4_to_5_converter/user_map_example.csv index b0ca60c1785..b5781b98fd0 100644 --- a/schema/v5.0/support/CVE_4_to_5_converter/user_map_example.csv +++ b/schema/archive/v5.0/support/CVE_4_to_5_converter/user_map_example.csv @@ -1,2 +1,2 @@ -manual@hack.bob,fake,fake,cnaShortName,notacna - +manual@hack.bob,fake,fake,cnaShortName,notacna + diff --git a/schema/v5.0/support/Node_Validator/.gitignore b/schema/archive/v5.0/support/Node_Validator/.gitignore similarity index 100% rename from schema/v5.0/support/Node_Validator/.gitignore rename to schema/archive/v5.0/support/Node_Validator/.gitignore diff --git a/schema/v5.0/support/Node_Validator/README.md b/schema/archive/v5.0/support/Node_Validator/README.md similarity index 100% rename from schema/v5.0/support/Node_Validator/README.md rename to schema/archive/v5.0/support/Node_Validator/README.md diff --git a/schema/v5.0/support/Node_Validator/build.js b/schema/archive/v5.0/support/Node_Validator/build.js similarity index 100% rename from schema/v5.0/support/Node_Validator/build.js rename to schema/archive/v5.0/support/Node_Validator/build.js diff --git a/schema/v5.0/support/Node_Validator/dist/cve5validator.js b/schema/archive/v5.0/support/Node_Validator/dist/cve5validator.js similarity index 100% rename from schema/v5.0/support/Node_Validator/dist/cve5validator.js rename to schema/archive/v5.0/support/Node_Validator/dist/cve5validator.js diff --git a/schema/v5.0/support/Node_Validator/package.json b/schema/archive/v5.0/support/Node_Validator/package.json similarity index 100% rename from schema/v5.0/support/Node_Validator/package.json rename to schema/archive/v5.0/support/Node_Validator/package.json diff --git a/schema/v5.0/support/Node_Validator/reportValidation.js b/schema/archive/v5.0/support/Node_Validator/reportValidation.js similarity index 100% rename from schema/v5.0/support/Node_Validator/reportValidation.js rename to schema/archive/v5.0/support/Node_Validator/reportValidation.js diff --git a/schema/v5.0/support/Node_Validator/validate.js b/schema/archive/v5.0/support/Node_Validator/validate.js similarity index 100% rename from schema/v5.0/support/Node_Validator/validate.js rename to schema/archive/v5.0/support/Node_Validator/validate.js diff --git a/schema/v5.0/support/Python3.x_Validator/D7Validator.py b/schema/archive/v5.0/support/Python3.x_Validator/D7Validator.py similarity index 100% rename from schema/v5.0/support/Python3.x_Validator/D7Validator.py rename to schema/archive/v5.0/support/Python3.x_Validator/D7Validator.py diff --git a/schema/v5.0/support/Python3.x_Validator/cvss-v2.0.json b/schema/archive/v5.0/support/Python3.x_Validator/cvss-v2.0.json similarity index 100% rename from schema/v5.0/support/Python3.x_Validator/cvss-v2.0.json rename to schema/archive/v5.0/support/Python3.x_Validator/cvss-v2.0.json diff --git a/schema/v5.0/support/Python3.x_Validator/cvss-v3.0.json b/schema/archive/v5.0/support/Python3.x_Validator/cvss-v3.0.json similarity index 100% rename from schema/v5.0/support/Python3.x_Validator/cvss-v3.0.json rename to schema/archive/v5.0/support/Python3.x_Validator/cvss-v3.0.json diff --git a/schema/v5.0/support/Python3.x_Validator/cvss-v3.1.json b/schema/archive/v5.0/support/Python3.x_Validator/cvss-v3.1.json similarity index 100% rename from schema/v5.0/support/Python3.x_Validator/cvss-v3.1.json rename to schema/archive/v5.0/support/Python3.x_Validator/cvss-v3.1.json diff --git a/schema/v5.0/support/docs/css_override.css b/schema/archive/v5.0/support/docs/css_override.css similarity index 100% rename from schema/v5.0/support/docs/css_override.css rename to schema/archive/v5.0/support/docs/css_override.css diff --git a/schema/v5.0/support/docs/docs.sh b/schema/archive/v5.0/support/docs/docs.sh similarity index 100% rename from schema/v5.0/support/docs/docs.sh rename to schema/archive/v5.0/support/docs/docs.sh diff --git a/schema/v5.0/support/schema2markmap/index.js b/schema/archive/v5.0/support/schema2markmap/index.js similarity index 100% rename from schema/v5.0/support/schema2markmap/index.js rename to schema/archive/v5.0/support/schema2markmap/index.js diff --git a/schema/v5.0/support/schema2markmap/package.json b/schema/archive/v5.0/support/schema2markmap/package.json similarity index 100% rename from schema/v5.0/support/schema2markmap/package.json rename to schema/archive/v5.0/support/schema2markmap/package.json diff --git a/schema/v5.0/support/schema2markmap/schema-bundle.js b/schema/archive/v5.0/support/schema2markmap/schema-bundle.js similarity index 100% rename from schema/v5.0/support/schema2markmap/schema-bundle.js rename to schema/archive/v5.0/support/schema2markmap/schema-bundle.js diff --git a/schema/v5.0/tags/adp-tags.json b/schema/archive/v5.0/tags/adp-tags.json similarity index 100% rename from schema/v5.0/tags/adp-tags.json rename to schema/archive/v5.0/tags/adp-tags.json diff --git a/schema/v5.0/tags/cna-tags.json b/schema/archive/v5.0/tags/cna-tags.json similarity index 100% rename from schema/v5.0/tags/cna-tags.json rename to schema/archive/v5.0/tags/cna-tags.json diff --git a/schema/v5.0/tags/reference-tags.json b/schema/archive/v5.0/tags/reference-tags.json similarity index 100% rename from schema/v5.0/tags/reference-tags.json rename to schema/archive/v5.0/tags/reference-tags.json diff --git a/schema/docs/CVE_Record_Format_bundled.json b/schema/docs/CVE_Record_Format_bundled.json new file mode 100644 index 00000000000..4b8f98b4cf6 --- /dev/null +++ b/schema/docs/CVE_Record_Format_bundled.json @@ -0,0 +1,3417 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cveproject.github.io/cve-schema/schema/docs/CVE_Record_Format_bundled.json", + "title": "CVE JSON record format", + "description": "cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at [the official website](https://cve.mitre.org). This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).", + "definitions": { + "uriType": { + "description": "A universal resource identifier (URI), according to [RFC 3986](https://tools.ietf.org/html/rfc3986).", + "type": "string", + "format": "uri", + "minLength": 1, + "maxLength": 2048 + }, + "uuidType": { + "description": "A version 4 (random) universally unique identifier (UUID) as defined by [RFC 4122](https://tools.ietf.org/html/rfc4122#section-4.1.3).", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "reference": { + "type": "object", + "required": [ + "url" + ], + "properties": { + "url": { + "description": "The uniform resource locator (URL), according to [RFC 3986](https://tools.ietf.org/html/rfc3986#section-1.1.3), that can be used to retrieve the referenced resource.", + "$ref": "#/definitions/uriType" + }, + "name": { + "description": "User created name for the reference, often the title of the page.", + "type": "string", + "maxLength": 512, + "minLength": 1 + }, + "tags": { + "description": "An array of one or more tags that describe the resource referenced by 'url'.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", + "type": "string", + "description": "broken-link: The reference link is returning a 404 error, or the site is no longer online.\n\ncustomer-entitlement: Similar to Privileges Required, but specific to references that require non-public/paid access for customers of the particular vendor.\n\nexploit: Reference contains an in-depth/detailed description of steps to exploit a vulnerability OR the reference contains any legitimate Proof of Concept (PoC) code or exploit kit.\n\ngovernment-resource: All reference links that are from a government agency or organization should be given the Government Resource tag.\n\nissue-tracking: The reference is a post from a bug tracking tool such as MantisBT, Bugzilla, JIRA, Github Issues, etc...\n\nmailing-list: The reference is from a mailing list -- often specific to a product or vendor.\n\nmitigation: The reference contains information on steps to mitigate against the vulnerability in the event a patch can't be applied or is unavailable or for EOL product situations.\n\nnot-applicable: The reference link is not applicable to the vulnerability and was likely associated by MITRE accidentally (should be used sparingly).\n\npatch: The reference contains an update to the software that fixes the vulnerability.\n\npermissions-required: The reference link provided is blocked by a logon page. If credentials are required to see any information this tag must be applied.\n\nmedia-coverage: The reference is from a media outlet such as a newspaper, magazine, social media, or weblog. This tag is not intended to apply to any individual's personal social media account. It is strictly intended for public media entities.\n\nproduct: A reference appropriate for describing a product for the purpose of CPE or SWID.\n\nrelated: A reference that is for a related (but not the same) vulnerability.\n\nrelease-notes: The reference is in the format of a vendor or open source project's release notes or change log.\n\nsignature: The reference contains a method to detect or prevent the presence or exploitation of the vulnerability.\n\ntechnical-description: The reference contains in-depth technical information about a vulnerability and its exploitation process, typically in the form of a presentation or whitepaper.\n\nthird-party-advisory: Advisory is from an organization that is not the vulnerable product's vendor/publisher/maintainer.\n\nvendor-advisory: Advisory is from the vendor/publisher/maintainer of the product or the parent organization.\n\nvdb-entry: VDBs are loosely defined as sites that provide information about this vulnerability, such as advisories, with identifiers. Included VDBs are free to access, substantially public, and have broad scope and coverage (not limited to a single vendor or research organization). See: https://www.first.org/global/sigs/vrdx/vdb-catalog", + "enum": [ + "broken-link", + "customer-entitlement", + "exploit", + "government-resource", + "issue-tracking", + "mailing-list", + "mitigation", + "not-applicable", + "patch", + "permissions-required", + "media-coverage", + "product", + "related", + "release-notes", + "signature", + "technical-description", + "third-party-advisory", + "vendor-advisory", + "vdb-entry" + ] + } + ] + } + } + }, + "additionalProperties": false + }, + "cveId": { + "type": "string", + "pattern": "^CVE-[0-9]{4}-[0-9]{4,19}$" + }, + "orgId": { + "description": "A UUID for an organization participating in the CVE program. This UUID can be used to lookup the organization record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "userId": { + "description": "A UUID for a user participating in the CVE program. This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "shortName": { + "description": "A 2-32 character name that can be used to complement an organization's UUID.", + "type": "string", + "minLength": 2, + "maxLength": 32 + }, + "datestamp": { + "description": "Date/time format based on RFC3339 and ISO ISO8601.", + "type": "string", + "format": "date", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))$" + }, + "timestamp": { + "type": "string", + "description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM'. If timezone offset is not given, GMT (+00:00) is assumed.", + "pattern": "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$" + }, + "version": { + "description": "A single version of a product, as expressed in its own version numbering scheme.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + }, + "status": { + "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", + "type": "string", + "enum": [ + "affected", + "unaffected", + "unknown" + ] + }, + "product": { + "type": "object", + "description": "Provides information about the set of products and services affected by this vulnerability.", + "allOf": [ + { + "anyOf": [ + { + "required": [ + "vendor", + "product" + ] + }, + { + "required": [ + "collectionURL", + "packageName" + ] + } + ] + }, + { + "anyOf": [ + { + "required": [ + "versions" + ] + }, + { + "required": [ + "defaultStatus" + ] + } + ] + } + ], + "properties": { + "vendor": { + "type": "string", + "description": "Name of the organization, project, community, individual, or user that created or maintains this product or hosted service. Can be 'N/A' if none of those apply. When collectionURL and packageName are used, this field may optionally represent the user or account within the package collection associated with the package.", + "minLength": 1, + "maxLength": 512 + }, + "product": { + "type": "string", + "description": "Name of the affected product.", + "minLength": 1, + "maxLength": 2048 + }, + "collectionURL": { + "description": "URL identifying a package collection (determines the meaning of packageName).", + "$ref": "#/definitions/uriType", + "examples": [ + "https://access.redhat.com/downloads/content/package-browser", + "https://addons.mozilla.org", + "https://addons.thunderbird.net", + "https://anaconda.org/anaconda/repo", + "https://app.vagrantup.com/boxes/search", + "https://apps.apple.com", + "https://archlinux.org/packages", + "https://atmospherejs.meteor.com", + "https://atom.io/packages", + "https://bitbucket.org", + "https://bower.io", + "https://brew.sh/", + "https://chocolatey.org/packages", + "https://chrome.google.com/webstore", + "https://clojars.org", + "https://cocoapods.org", + "https://code.dlang.org", + "https://conan.io/center", + "https://cpan.org/modules", + "https://cran.r-project.org", + "https://crates.io", + "https://ctan.org/pkg", + "https://drupal.org", + "https://exchange.adobe.com", + "https://forge.puppet.com/modules", + "https://github.com", + "https://gitlab.com/explore", + "https://golang.org/pkg", + "https://guix.gnu.org/packages", + "https://hackage.haskell.org", + "https://helm.sh", + "https://hub.docker.com", + "https://juliahub.com", + "https://lib.haxe.org", + "https://luarocks.org", + "https://marketplace.visualstudio.com", + "https://melpa.org", + "https://microsoft.com/en-us/store/apps", + "https://nimble.directory", + "https://nuget.org/packages", + "https://opam.ocaml.org/packages", + "https://openwrt.org/packages/index", + "https://package.elm-lang.org", + "https://packagecontrol.io", + "https://packages.debian.org", + "https://packages.gentoo.org", + "https://packagist.org", + "https://pear.php.net/packages.php", + "https://pecl.php.net", + "https://platformio.org/lib", + "https://play.google.com/store", + "https://plugins.gradle.org", + "https://projects.eclipse.org", + "https://pub.dev", + "https://pypi.python.org", + "https://registry.npmjs.org", + "https://registry.terraform.io", + "https://repo.hex.pm", + "https://repo.maven.apache.org/maven2", + "https://rubygems.org", + "https://search.nixos.org/packages", + "https://sourceforge.net", + "https://wordpress.org/plugins" + ] + }, + "packageName": { + "type": "string", + "description": "Name or identifier of the affected software package as used in the package collection.", + "minLength": 1, + "maxLength": 2048 + }, + "cpes": { + "type": "array", + "description": "Affected products defined by CPE. This is an array of CPE values (vulnerable and not), we use an array so that we can make multiple statements about the same version and they are separate (if we used a JSON object we'd essentially be keying on the CPE name and they would have to overlap). Also, this allows things like cveDataVersion or cveDescription to be applied directly to the product entry. This also allows more complex statements such as \"Product X between versions 10.2 and 10.8\" to be put in a machine-readable format. As well since multiple statements can be used multiple branches of the same product can be defined here.", + "uniqueItems": true, + "items": { + "title": "CPE Name", + "type": "string", + "description": "Common Platform Enumeration (CPE) Name in either 2.2 or 2.3 format", + "pattern": "([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})", + "minLength": 1, + "maxLength": 2048 + } + }, + "modules": { + "type": "array", + "description": "A list of the affected components, features, modules, sub-components, sub-products, APIs, commands, utilities, programs, or functionalities (optional).", + "uniqueItems": true, + "items": { + "type": "string", + "description": "Name of the affected component, feature, module, sub-component, sub-product, API, command, utility, program, or functionality (optional).", + "minLength": 1, + "maxLength": 4096 + } + }, + "programFiles": { + "type": "array", + "description": "A list of the affected source code files (optional).", + "uniqueItems": true, + "items": { + "description": "Name or path or location of the affected source code file.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + } + }, + "programRoutines": { + "type": "array", + "description": "A list of the affected source code functions, methods, subroutines, or procedures (optional).", + "uniqueItems": true, + "items": { + "type": "object", + "description": "An object describing program routine.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "Name of the affected source code file, function, method, subroutine, or procedure.", + "minLength": 1, + "maxLength": 4096 + } + }, + "additionalProperties": false + } + }, + "platforms": { + "title": "Platforms", + "description": "List of specific platforms if the vulnerability is only relevant in the context of these platforms (optional). Platforms may include execution environments, operating systems, virtualization technologies, hardware models, or computing architectures. The lack of this field or an empty array implies that the other fields are applicable to all relevant platforms.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "string", + "examples": [ + "iOS", + "Android", + "Windows", + "macOS", + "x86", + "ARM", + "64 bit", + "Big Endian", + "iPad", + "Chromebook", + "Docker", + "Model T" + ], + "maxLength": 1024 + } + }, + "repo": { + "description": "The URL of the source code repository, for informational purposes and/or to resolve git hash version ranges.", + "$ref": "#/definitions/uriType" + }, + "defaultStatus": { + "description": "The default status for versions that are not otherwise listed in the versions list. If not specified, defaultStatus defaults to 'unknown'. Versions or defaultStatus may be omitted, but not both.", + "$ref": "#/definitions/status" + }, + "versions": { + "type": "array", + "description": "Set of product versions or version ranges related to the vulnerability. The versions satisfy the CNA Rules [8.1.2 requirement](https://cve.mitre.org/cve/cna/rules.html#section_8-1_cve_entry_information_requirements). Versions or defaultStatus may be omitted, but not both.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A single version or a range of versions, with vulnerability status.\n\nAn entry with only 'version' and 'status' indicates the status of a single version.\n\nOtherwise, an entry describes a range; it must include the 'versionType' property, to define the version numbering semantics in use, and 'limit', to indicate the non-inclusive upper limit of the range. The object describes the status for versions V such that 'version' <= V and V < 'limit', using the <= and < semantics defined for the specific kind of 'versionType'. Status changes within the range can be specified by an optional 'changes' list.\n\nThe algorithm to decide the status specified for a version V is:\n\n\tfor entry in product.versions {\n\t\tif entry.lessThan is not present and entry.lessThanOrEqual is not present and v == entry.version {\n\t\t\treturn entry.status\n\t\t}\n\t\tif (entry.lessThan is present and entry.version <= v and v < entry.lessThan) or\n\t\t (entry.lessThanOrEqual is present and entry.version <= v and v <= entry.lessThanOrEqual) { // <= and < defined by entry.versionType\n\t\t\tstatus = entry.status\n\t\t\tfor change in entry.changes {\n\t\t\t\tif change.at <= v {\n\t\t\t\t\tstatus = change.status\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn status\n\t\t}\n\t}\n\treturn product.defaultStatus\n\n.", + "oneOf": [ + { + "required": [ + "version", + "status" + ], + "maxProperties": 2 + }, + { + "required": [ + "version", + "status", + "versionType" + ], + "maxProperties": 3 + }, + { + "required": [ + "version", + "status", + "versionType", + "lessThan" + ] + }, + { + "required": [ + "version", + "status", + "versionType", + "lessThanOrEqual" + ] + } + ], + "properties": { + "version": { + "description": "The single version being described, or the version at the start of the range. By convention, typically 0 denotes the earliest possible version.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The vulnerability status for the version or range of versions. For a range, the status may be refined by the 'changes' list.", + "$ref": "#/definitions/status" + }, + "versionType": { + "type": "string", + "description": "The version numbering system used for specifying the range. This defines the exact semantics of the comparison (less-than) operation on versions, which is required to understand the range itself. 'Custom' indicates that the version type is unspecified and should be avoided whenever possible. It is included primarily for use in conversion of older data files.", + "minLength": 1, + "maxLength": 128, + "examples": [ + "custom", + "git", + "maven", + "python", + "rpm", + "semver" + ] + }, + "lessThan": { + "description": "The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk `(*)`, indicating an arbitrarily large number in the version ordering. For example, `{version: 1.0 lessThan: 1.*}` would describe the entire 1.X branch for most range kinds, and `{version: 2.0, lessThan: *}` describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.", + "$ref": "#/definitions/version" + }, + "lessThanOrEqual": { + "description": "The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, `{version: 1.0, lessThanOrEqual: 1.3}` covers all versions from 1.0 up to and including 1.3.", + "$ref": "#/definitions/version" + }, + "changes": { + "type": "array", + "description": "A list of status changes that take place during the range. The array should be sorted in increasing order by the 'at' field, according to the versionType, but clients must re-sort the list themselves rather than assume it is sorted.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "The start of a single status change during the range.", + "required": [ + "at", + "status" + ], + "additionalProperties": false, + "properties": { + "at": { + "description": "The version at which a status change occurs.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The new status in the range starting at the given version.", + "$ref": "#/definitions/status" + } + } + } + } + }, + "additionalProperties": false + } + } + } + }, + "dataType": { + "description": "Indicates the type of information represented in the JSON instance.", + "type": "string", + "enum": [ + "CVE_RECORD" + ] + }, + "dataVersion": { + "description": "The version of the CVE schema used for validating this record. Used to support multiple versions of this format.", + "type": "string", + "pattern": "^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$", + "default": "5.1.0" + }, + "cveMetadataPublished": { + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "type": "object", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned. This UUID can be used to lookup the organization record in the user registry service." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "requesterUserId": { + "$ref": "#/definitions/userId", + "description": "The user that requested the CVE identifier." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "state": { + "description": "State of CVE - PUBLISHED, REJECTED.", + "type": "string", + "enum": [ + "PUBLISHED" + ] + } + }, + "additionalProperties": false + }, + "cveMetadataRejected": { + "type": "object", + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "dateRejected": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE ID was rejected." + }, + "state": { + "type": "string", + "description": "State of CVE - PUBLISHED, REJECTED.", + "enum": [ + "REJECTED" + ] + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + } + }, + "additionalProperties": false + }, + "providerMetadata": { + "type": "object", + "description": "Details related to the information container provider (CNA or ADP).", + "properties": { + "orgId": { + "$ref": "#/definitions/orgId", + "description": "The container provider's organizational UUID." + }, + "shortName": { + "$ref": "#/definitions/shortName", + "description": "The container provider's organizational short name." + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp", + "description": "Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission." + } + }, + "required": [ + "orgId" + ], + "additionalProperties": false + }, + "cnaPublishedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a published CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA. The CNA container must include the required information defined in the CVE Rules, which includes a product, version, problem type, prose description, and a reference.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "dateAssigned": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was associated with a vulnerability by a CNA." + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "A title, headline, or a brief phrase summarizing the CVE record. Eg., Buffer overflow in Example Soft.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/cnaTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata", + "descriptions", + "affected", + "references" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "cnaRejectedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a rejected CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "rejectedReasons": { + "description": "Reasons for rejecting this CVE Record.", + "$ref": "#/definitions/descriptions" + }, + "replacedBy": { + "type": "array", + "description": "Contains an array of CVE IDs that this CVE ID was rejected in favor of because this CVE ID was assigned to the vulnerabilities.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/cveId" + } + } + }, + "required": [ + "providerMetadata", + "rejectedReasons" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "adpContainer": { + "description": "An object containing the vulnerability information provided by an Authorized Data Publisher (ADP). Since multiple ADPs can provide information for a CVE ID, an ADP container must indicate which ADP is the source of the information in the object.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "A title, headline, or a brief phrase summarizing the information in an ADP container.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/adpTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata" + ], + "minProperties": 2, + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "affected": { + "type": "array", + "description": "List of affected products.", + "minItems": 1, + "items": { + "$ref": "#/definitions/product" + } + }, + "description": { + "type": "object", + "description": "Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "description": "Plain text description.", + "minLength": 1, + "maxLength": 4096 + }, + "supportingMedia": { + "type": "array", + "title": "Supporting media", + "description": "Supporting media data for the description such as markdown, diagrams, .. (optional). Similar to RFC 2397 each media object has three main parts: media type, media data value, and an optional boolean flag to indicate if the media data is base64 encoded.", + "uniqueItems": true, + "minItems": 1, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "title": "Media type", + "minLength": 1, + "maxLength": 256, + "description": "RFC2046 compliant IANA Media type for eg., text/markdown, text/html.", + "examples": [ + "text/markdown", + "text/html", + "image/png", + "image/svg", + "audio/mp3" + ] + }, + "base64": { + "type": "boolean", + "title": "Encoding", + "description": "If true then the value field contains the media data encoded in base64. If false then the value field contains the UTF-8 media content.", + "default": false + }, + "value": { + "type": "string", + "description": "Supporting media content, up to 16K. If base64 is true, this field stores base64 encoded data.", + "minLength": 1, + "maxLength": 16384 + } + }, + "required": [ + "type", + "value" + ], + "additionalProperties": false + } + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + }, + "englishLanguageDescription": { + "type": "object", + "description": "A description with lang set to an English language (en, en_US, en_UK, and so on).", + "properties": { + "lang": { + "$ref": "#/definitions/englishLanguage" + } + }, + "required": [ + "lang" + ], + "$comment": "Cannot use additionalProperties: false here, as this prevents the other properties used by /definitions/description." + }, + "descriptions": { + "type": "array", + "description": "A list of multi-lingual descriptions of the vulnerability. E.g., [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]. OR [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] [ROOT CAUSE], which allows [ATTACKER] to [IMPACT] via [VECTOR].", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + }, + "contains": { + "$ref": "#/definitions/englishLanguageDescription" + } + }, + "problemTypes": { + "type": "array", + "description": "This is problem type information (e.g. CWE identifier). Must contain: At least one entry, can be text, OWASP, CWE, please note that while only one is required you can use more than one (or indeed all three) as long as they are correct). (CNA requirement: [PROBLEMTYPE]).", + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "descriptions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "lang", + "description" + ], + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "description": { + "type": "string", + "description": "Text description of problemType, or title from CWE or OWASP.", + "minLength": 1, + "maxLength": 4096 + }, + "cweId": { + "type": "string", + "description": "CWE ID of the CWE that best describes this problemType entry.", + "minLength": 5, + "maxLength": 9, + "pattern": "^CWE-[1-9][0-9]*$" + }, + "type": { + "type": "string", + "description": "Problemtype source, text, OWASP, CWE, etc.,", + "minLength": 1, + "maxLength": 128 + }, + "references": { + "$ref": "#/definitions/references" + } + }, + "additionalProperties": false + }, + "minItems": 1, + "uniqueItems": true + } + }, + "additionalProperties": false + }, + "minItems": 1, + "uniqueItems": true + }, + "references": { + "type": "array", + "description": "This is reference data in the form of URLs or file objects (uuencoded and embedded within the JSON file, exact format to be decided, e.g. we may require a compressed format so the objects require unpacking before they are \"dangerous\").", + "items": { + "$ref": "#/definitions/reference" + }, + "minItems": 1, + "maxItems": 512, + "uniqueItems": true + }, + "impacts": { + "type": "array", + "description": "Collection of impacts of this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description.", + "required": [ + "descriptions" + ], + "properties": { + "capecId": { + "type": "string", + "description": "CAPEC ID that best relates to this impact.", + "minLength": 7, + "maxLength": 11, + "pattern": "^CAPEC-[1-9][0-9]{0,4}$" + }, + "descriptions": { + "description": "Prose description of the impact scenario. At a minimum provide the description given by CAPEC.", + "$ref": "#/definitions/descriptions" + } + }, + "additionalProperties": false + } + }, + "metrics": { + "type": "array", + "description": "Collection of impact scores with attribution.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description, CVSSv2, CVSSv3, CVSSV4, etc.). Must contain: At least one entry, can be text, CVSSv2, CVSSv3, others may be added.", + "anyOf": [ + { + "required": [ + "cvssV4_0" + ] + }, + { + "required": [ + "cvssV3_1" + ] + }, + { + "required": [ + "cvssV3_0" + ] + }, + { + "required": [ + "cvssV2_0" + ] + }, + { + "required": [ + "other" + ] + } + ], + "properties": { + "format": { + "type": "string", + "description": "Name of the scoring format. This provides a bit of future proofing. Additional properties are not prohibited, so this will support the inclusion of proprietary formats. It also provides an easy future conversion mechanism when future score formats become part of the schema. example: cvssV44, format = 'cvssV44', other = cvssV4_4 JSON object. In the future, the other properties can be converted to score properties when they become part of the schema.", + "minLength": 1, + "maxLength": 64 + }, + "scenarios": { + "type": "array", + "description": "Description of the scenarios this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "default": "GENERAL", + "description": "Description of the scenario this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minLength": 1, + "maxLength": 4096 + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + } + }, + "cvssV4_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 4.0", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "attackRequirementsType": { + "type": "string", + "enum": [ + "NONE", + "PRESENT" + ] + }, + "modifiedAttackRequirementsType": { + "type": "string", + "enum": [ + "NONE", + "PRESENT", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "PASSIVE", + "ACTIVE" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "PASSIVE", + "ACTIVE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "vulnCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedVulnCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "subCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedSubCType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "modifiedSubIaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "SAFETY", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "exploitMaturityType": { + "type": "string", + "enum": [ + "UNREPORTED", + "PROOF_OF_CONCEPT", + "ATTACKED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "safetyType": { + "type": "string", + "enum": [ + "NEGLIGIBLE", + "PRESENT", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "automatableType": { + "type": "string", + "enum": [ + "NO", + "YES", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "recoveryType": { + "type": "string", + "enum": [ + "AUTOMATIC", + "USER", + "IRRECOVERABLE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "valueDensityType": { + "type": "string", + "enum": [ + "DIFFUSE", + "CONCENTRATED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "vulnerabilityResponseEffortType": { + "type": "string", + "enum": [ + "LOW", + "MODERATE", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "providerUrgencyType": { + "type": "string", + "enum": [ + "CLEAR", + "GREEN", + "AMBER", + "RED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "4.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType" + }, + "attackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType" + }, + "vulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "subConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "exploitMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType" + }, + "modifiedAttackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType" + }, + "modifiedVulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedSubConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType" + }, + "modifiedSubIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedSubAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "Safety": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType" + }, + "Automatable": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType" + }, + "Recovery": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType" + }, + "valueDensity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType" + }, + "vulnerabilityResponseEffort": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType" + }, + "providerUrgency": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType" + } + }, + "allOf": [ + { + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + }, + { + "anyOf": [ + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + }, + { + "anyOf": [ + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV3_1": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.1", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.1" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + } + }, + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/criticalSeverityType" + } + } + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV3_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.0", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + } + }, + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/criticalSeverityType" + } + } + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV2_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 2.0", + "type": "object", + "definitions": { + "accessVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL" + ] + }, + "accessComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "MEDIUM", + "LOW" + ] + }, + "authenticationType": { + "type": "string", + "enum": [ + "MULTIPLE", + "SINGLE", + "NONE" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "PARTIAL", + "COMPLETE" + ] + }, + "exploitabilityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "reportConfidenceType": { + "type": "string", + "enum": [ + "UNCONFIRMED", + "UNCORROBORATED", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "collateralDamagePotentialType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "LOW_MEDIUM", + "MEDIUM_HIGH", + "HIGH", + "NOT_DEFINED" + ] + }, + "targetDistributionType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "2.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$" + }, + "accessVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType" + }, + "accessComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType" + }, + "authentication": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "exploitability": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "collateralDamagePotential": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType" + }, + "targetDistribution": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore" + ], + "additionalProperties": false + }, + "other": { + "type": "object", + "description": "A non-standard impact description, may be prose or JSON block.", + "required": [ + "type", + "content" + ], + "properties": { + "type": { + "description": "Name of the non-standard impact metrics format used.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "content": { + "type": "object", + "$comment": "additionalProperties are allowed here, since this construct supports arbitrary JSON.", + "description": "JSON object not covered by another metrics format.", + "minProperties": 1 + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "configurations": { + "type": "array", + "description": "Configurations required for exploiting this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "workarounds": { + "type": "array", + "description": "Workarounds and mitigations for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "solutions": { + "type": "array", + "description": "Information about solutions or remediations available for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "exploits": { + "type": "array", + "description": "Information about exploits of the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "timeline": { + "type": "array", + "description": "This is timeline information for significant events about this vulnerability or changes to the CVE Record.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "time", + "lang", + "value" + ], + "properties": { + "time": { + "description": "Timestamp representing when the event in the timeline occurred. The timestamp format is based on RFC3339 and ISO ISO8601, with an optional timezone. yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM - if the timezone offset is not given, GMT (+00:00) is assumed.", + "$ref": "#/definitions/timestamp" + }, + "lang": { + "description": "The language used in the description of the event. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "description": "A summary of the event.", + "type": "string", + "minLength": 1, + "maxLength": 4096 + } + }, + "additionalProperties": false + } + }, + "credits": { + "type": "array", + "description": "Statements acknowledging specific people, organizations, or tools recognizing the work done in researching, discovering, remediating or helping with activities related to this CVE.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "description": "The language used when describing the credits. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "minLength": 1, + "maxLength": 4096 + }, + "user": { + "description": "UUID of the user being credited if present in the CVE User Registry (optional). This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "type": { + "type": "string", + "description": "Type or role of the entity being credited (optional). finder: identifies the vulnerability.\nreporter: notifies the vendor of the vulnerability to a CNA.\nanalyst: validates the vulnerability to ensure accuracy or severity.\ncoordinator: facilitates the coordinated response process.\nremediation developer: prepares a code change or other remediation plans.\nremediation reviewer: reviews vulnerability remediation plans or code changes for effectiveness and completeness.\nremediation verifier: tests and verifies the vulnerability or its remediation.\ntool: names of tools used in vulnerability discovery or identification.\nsponsor: supports the vulnerability identification or remediation activities.", + "default": "finder", + "enum": [ + "finder", + "reporter", + "analyst", + "coordinator", + "remediation developer", + "remediation reviewer", + "remediation verifier", + "tool", + "sponsor", + "other" + ] + } + }, + "additionalProperties": false, + "required": [ + "lang", + "value" + ] + } + }, + "source": { + "type": "object", + "description": "This is the source information (who discovered it, who researched it, etc.) and optionally a chain of CNA information (e.g. the originating CNA and subsequent parent CNAs who have processed it before it arrives at the MITRE root).\n Must contain: IF this is in the root level it MUST contain a CNA_chain entry, IF this source entry is NOT in the root (e.g. it is part of a vendor statement) then it must contain at least one type of data entry.", + "minProperties": 1 + }, + "language": { + "type": "string", + "description": "BCP 47 language code, language-region.", + "default": "en", + "pattern": "^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "englishLanguage": { + "type": "string", + "description": "BCP 47 language code, language-region, required to be English.", + "pattern": "^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "taxonomyMappings": { + "type": "array", + "description": "List of taxonomy items related to the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A taxonomy mapping object identifies the taxonomy by a name and version (eg., ATT&CK v13.1, CVSS 3.1, CWE 4.12) along with a list of relations relevant to this CVE.", + "required": [ + "taxonomyName", + "taxonomyRelations" + ], + "properties": { + "taxonomyName": { + "type": "string", + "description": "The name of the taxonomy, eg., ATT&CK, D3FEND, CWE, CVSS", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyVersion": { + "type": "string", + "description": "The version of taxonomy the identifiers come from.", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyRelations": { + "type": "array", + "description": "List of relationships to the taxonomy for the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A relationship between the taxonomy and the CVE or two taxonomy items.", + "required": [ + "taxonomyId", + "relationshipName", + "relationshipValue" + ], + "properties": { + "taxonomyId": { + "type": "string", + "description": "Identifier of the item in the taxonomy. Used as the subject of the relationship.", + "minLength": 1, + "maxLength": 2048 + }, + "relationshipName": { + "type": "string", + "description": "A description of the relationship.", + "minLength": 1, + "maxLength": 128 + }, + "relationshipValue": { + "type": "string", + "description": "The target of the relationship. Can be the CVE ID or another taxonomy identifier.", + "minLength": 1, + "maxLength": 2048 + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "tagExtension": { + "type": "string", + "minLength": 2, + "maxLength": 128, + "pattern": "^x_.*$", + "$comment": "These values are not used as JSON property names, so there is not a need to work-around property naming limitations in some common implementations." + }, + "cnaTags": { + "type": "array", + "description": "Tags provided by a CNA describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", + "type": "string", + "description": "exclusively-hosted-service: All known software and/or hardware affected by this CVE Record is known to exist only in the affected hosted service. If the vulnerability affects both hosted and on-prem software and/or hardware, then the tag should not be used.\n\nunsupported-when-assigned: Used by the assigning CNA to indicate that when a request for a CVE assignment was received, the product was already end-of-life (EOL) or a product or specific version was deemed not to be supported by the vendor. This tag should only be applied to a CVE Record when all affected products or version lines referenced in the CVE-Record are EOL.\n\ndisputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": [ + "unsupported-when-assigned", + "exclusively-hosted-service", + "disputed" + ] + } + ] + } + }, + "adpTags": { + "type": "array", + "description": "Tags provided by an ADP describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", + "type": "string", + "description": "disputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": [ + "disputed" + ] + } + ] + } + } + }, + "oneOf": [ + { + "title": "Published", + "description": "When a CNA populates the data associated with a CVE ID as a CVE Record, the state of the CVE Record is Published.", + "type": "object", + "properties": { + "dataType": { + "$ref": "#/definitions/dataType" + }, + "dataVersion": { + "$ref": "#/definitions/dataVersion" + }, + "cveMetadata": { + "$ref": "#/definitions/cveMetadataPublished" + }, + "containers": { + "description": "A set of structures (called containers) used to store vulnerability information related to a specific CVE ID provided by a specific organization participating in the CVE program. Each container includes information provided by a different source.\n\nAt a minimum, a 'cna' container containing the vulnerability information provided by the CNA who initially assigned the CVE ID must be included.\n\nThere can only be one 'cna' container, as there can only be one assigning CNA. However, there can be multiple 'adp' containers, allowing multiple organizations participating in the CVE program to add additional information related to the vulnerability. For the most part, the 'cna' and 'adp' containers contain the same properties. The main differences are the source of the information. The 'cna' container requires the CNA to include certain fields, while the 'adp' container does not.", + "type": "object", + "properties": { + "cna": { + "$ref": "#/definitions/cnaPublishedContainer" + }, + "adp": { + "type": "array", + "items": { + "$ref": "#/definitions/adpContainer" + }, + "minItems": 1, + "uniqueItems": true + } + }, + "required": [ + "cna" + ], + "additionalProperties": false + } + }, + "required": [ + "dataType", + "dataVersion", + "cveMetadata", + "containers" + ], + "additionalProperties": false + }, + { + "title": "Rejected", + "description": "If the CVE ID and associated CVE Record should no longer be used, the CVE Record is placed in the Rejected state. A Rejected CVE Record remains on the CVE List so that users can know when it is invalid.", + "type": "object", + "properties": { + "dataType": { + "$ref": "#/definitions/dataType" + }, + "dataVersion": { + "$ref": "#/definitions/dataVersion" + }, + "cveMetadata": { + "$ref": "#/definitions/cveMetadataRejected" + }, + "containers": { + "description": "A set of structures (called containers) used to store vulnerability information related to a specific CVE ID provided by a specific organization participating in the CVE program. Each container includes information provided by a different source.\n\nAt minimum, a 'cna' container containing the vulnerability information provided by the CNA who initially assigned the CVE ID must be included.\n\nThere can only be one 'cna' container, as there can only be one assigning CNA.", + "type": "object", + "properties": { + "cna": { + "$ref": "#/definitions/cnaRejectedContainer" + } + }, + "required": [ + "cna" + ], + "additionalProperties": false + } + }, + "required": [ + "dataType", + "dataVersion", + "cveMetadata", + "containers" + ], + "additionalProperties": false + } + ] +} \ No newline at end of file diff --git a/schema/docs/CVE_Record_Format_bundled_adpContainer.json b/schema/docs/CVE_Record_Format_bundled_adpContainer.json new file mode 100644 index 00000000000..c225c381d44 --- /dev/null +++ b/schema/docs/CVE_Record_Format_bundled_adpContainer.json @@ -0,0 +1,3341 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cveproject.github.io/cve-schema/schema/docs/CVE_Record_Format_bundled_adpContainer.json", + "title": "CVE JSON adpContainer sub schema", + "description": "CVE JSON adpContainer format", + "definitions": { + "uriType": { + "description": "A universal resource identifier (URI), according to [RFC 3986](https://tools.ietf.org/html/rfc3986).", + "type": "string", + "format": "uri", + "minLength": 1, + "maxLength": 2048 + }, + "uuidType": { + "description": "A version 4 (random) universally unique identifier (UUID) as defined by [RFC 4122](https://tools.ietf.org/html/rfc4122#section-4.1.3).", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "reference": { + "type": "object", + "required": [ + "url" + ], + "properties": { + "url": { + "description": "The uniform resource locator (URL), according to [RFC 3986](https://tools.ietf.org/html/rfc3986#section-1.1.3), that can be used to retrieve the referenced resource.", + "$ref": "#/definitions/uriType" + }, + "name": { + "description": "User created name for the reference, often the title of the page.", + "type": "string", + "maxLength": 512, + "minLength": 1 + }, + "tags": { + "description": "An array of one or more tags that describe the resource referenced by 'url'.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", + "type": "string", + "description": "broken-link: The reference link is returning a 404 error, or the site is no longer online.\n\ncustomer-entitlement: Similar to Privileges Required, but specific to references that require non-public/paid access for customers of the particular vendor.\n\nexploit: Reference contains an in-depth/detailed description of steps to exploit a vulnerability OR the reference contains any legitimate Proof of Concept (PoC) code or exploit kit.\n\ngovernment-resource: All reference links that are from a government agency or organization should be given the Government Resource tag.\n\nissue-tracking: The reference is a post from a bug tracking tool such as MantisBT, Bugzilla, JIRA, Github Issues, etc...\n\nmailing-list: The reference is from a mailing list -- often specific to a product or vendor.\n\nmitigation: The reference contains information on steps to mitigate against the vulnerability in the event a patch can't be applied or is unavailable or for EOL product situations.\n\nnot-applicable: The reference link is not applicable to the vulnerability and was likely associated by MITRE accidentally (should be used sparingly).\n\npatch: The reference contains an update to the software that fixes the vulnerability.\n\npermissions-required: The reference link provided is blocked by a logon page. If credentials are required to see any information this tag must be applied.\n\nmedia-coverage: The reference is from a media outlet such as a newspaper, magazine, social media, or weblog. This tag is not intended to apply to any individual's personal social media account. It is strictly intended for public media entities.\n\nproduct: A reference appropriate for describing a product for the purpose of CPE or SWID.\n\nrelated: A reference that is for a related (but not the same) vulnerability.\n\nrelease-notes: The reference is in the format of a vendor or open source project's release notes or change log.\n\nsignature: The reference contains a method to detect or prevent the presence or exploitation of the vulnerability.\n\ntechnical-description: The reference contains in-depth technical information about a vulnerability and its exploitation process, typically in the form of a presentation or whitepaper.\n\nthird-party-advisory: Advisory is from an organization that is not the vulnerable product's vendor/publisher/maintainer.\n\nvendor-advisory: Advisory is from the vendor/publisher/maintainer of the product or the parent organization.\n\nvdb-entry: VDBs are loosely defined as sites that provide information about this vulnerability, such as advisories, with identifiers. Included VDBs are free to access, substantially public, and have broad scope and coverage (not limited to a single vendor or research organization). See: https://www.first.org/global/sigs/vrdx/vdb-catalog", + "enum": [ + "broken-link", + "customer-entitlement", + "exploit", + "government-resource", + "issue-tracking", + "mailing-list", + "mitigation", + "not-applicable", + "patch", + "permissions-required", + "media-coverage", + "product", + "related", + "release-notes", + "signature", + "technical-description", + "third-party-advisory", + "vendor-advisory", + "vdb-entry" + ] + } + ] + } + } + }, + "additionalProperties": false + }, + "cveId": { + "type": "string", + "pattern": "^CVE-[0-9]{4}-[0-9]{4,19}$" + }, + "orgId": { + "description": "A UUID for an organization participating in the CVE program. This UUID can be used to lookup the organization record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "userId": { + "description": "A UUID for a user participating in the CVE program. This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "shortName": { + "description": "A 2-32 character name that can be used to complement an organization's UUID.", + "type": "string", + "minLength": 2, + "maxLength": 32 + }, + "datestamp": { + "description": "Date/time format based on RFC3339 and ISO ISO8601.", + "type": "string", + "format": "date", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))$" + }, + "timestamp": { + "type": "string", + "description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM'. If timezone offset is not given, GMT (+00:00) is assumed.", + "pattern": "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$" + }, + "version": { + "description": "A single version of a product, as expressed in its own version numbering scheme.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + }, + "status": { + "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", + "type": "string", + "enum": [ + "affected", + "unaffected", + "unknown" + ] + }, + "product": { + "type": "object", + "description": "Provides information about the set of products and services affected by this vulnerability.", + "allOf": [ + { + "anyOf": [ + { + "required": [ + "vendor", + "product" + ] + }, + { + "required": [ + "collectionURL", + "packageName" + ] + } + ] + }, + { + "anyOf": [ + { + "required": [ + "versions" + ] + }, + { + "required": [ + "defaultStatus" + ] + } + ] + } + ], + "properties": { + "vendor": { + "type": "string", + "description": "Name of the organization, project, community, individual, or user that created or maintains this product or hosted service. Can be 'N/A' if none of those apply. When collectionURL and packageName are used, this field may optionally represent the user or account within the package collection associated with the package.", + "minLength": 1, + "maxLength": 512 + }, + "product": { + "type": "string", + "description": "Name of the affected product.", + "minLength": 1, + "maxLength": 2048 + }, + "collectionURL": { + "description": "URL identifying a package collection (determines the meaning of packageName).", + "$ref": "#/definitions/uriType", + "examples": [ + "https://access.redhat.com/downloads/content/package-browser", + "https://addons.mozilla.org", + "https://addons.thunderbird.net", + "https://anaconda.org/anaconda/repo", + "https://app.vagrantup.com/boxes/search", + "https://apps.apple.com", + "https://archlinux.org/packages", + "https://atmospherejs.meteor.com", + "https://atom.io/packages", + "https://bitbucket.org", + "https://bower.io", + "https://brew.sh/", + "https://chocolatey.org/packages", + "https://chrome.google.com/webstore", + "https://clojars.org", + "https://cocoapods.org", + "https://code.dlang.org", + "https://conan.io/center", + "https://cpan.org/modules", + "https://cran.r-project.org", + "https://crates.io", + "https://ctan.org/pkg", + "https://drupal.org", + "https://exchange.adobe.com", + "https://forge.puppet.com/modules", + "https://github.com", + "https://gitlab.com/explore", + "https://golang.org/pkg", + "https://guix.gnu.org/packages", + "https://hackage.haskell.org", + "https://helm.sh", + "https://hub.docker.com", + "https://juliahub.com", + "https://lib.haxe.org", + "https://luarocks.org", + "https://marketplace.visualstudio.com", + "https://melpa.org", + "https://microsoft.com/en-us/store/apps", + "https://nimble.directory", + "https://nuget.org/packages", + "https://opam.ocaml.org/packages", + "https://openwrt.org/packages/index", + "https://package.elm-lang.org", + "https://packagecontrol.io", + "https://packages.debian.org", + "https://packages.gentoo.org", + "https://packagist.org", + "https://pear.php.net/packages.php", + "https://pecl.php.net", + "https://platformio.org/lib", + "https://play.google.com/store", + "https://plugins.gradle.org", + "https://projects.eclipse.org", + "https://pub.dev", + "https://pypi.python.org", + "https://registry.npmjs.org", + "https://registry.terraform.io", + "https://repo.hex.pm", + "https://repo.maven.apache.org/maven2", + "https://rubygems.org", + "https://search.nixos.org/packages", + "https://sourceforge.net", + "https://wordpress.org/plugins" + ] + }, + "packageName": { + "type": "string", + "description": "Name or identifier of the affected software package as used in the package collection.", + "minLength": 1, + "maxLength": 2048 + }, + "cpes": { + "type": "array", + "description": "Affected products defined by CPE. This is an array of CPE values (vulnerable and not), we use an array so that we can make multiple statements about the same version and they are separate (if we used a JSON object we'd essentially be keying on the CPE name and they would have to overlap). Also, this allows things like cveDataVersion or cveDescription to be applied directly to the product entry. This also allows more complex statements such as \"Product X between versions 10.2 and 10.8\" to be put in a machine-readable format. As well since multiple statements can be used multiple branches of the same product can be defined here.", + "uniqueItems": true, + "items": { + "title": "CPE Name", + "type": "string", + "description": "Common Platform Enumeration (CPE) Name in either 2.2 or 2.3 format", + "pattern": "([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})", + "minLength": 1, + "maxLength": 2048 + } + }, + "modules": { + "type": "array", + "description": "A list of the affected components, features, modules, sub-components, sub-products, APIs, commands, utilities, programs, or functionalities (optional).", + "uniqueItems": true, + "items": { + "type": "string", + "description": "Name of the affected component, feature, module, sub-component, sub-product, API, command, utility, program, or functionality (optional).", + "minLength": 1, + "maxLength": 4096 + } + }, + "programFiles": { + "type": "array", + "description": "A list of the affected source code files (optional).", + "uniqueItems": true, + "items": { + "description": "Name or path or location of the affected source code file.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + } + }, + "programRoutines": { + "type": "array", + "description": "A list of the affected source code functions, methods, subroutines, or procedures (optional).", + "uniqueItems": true, + "items": { + "type": "object", + "description": "An object describing program routine.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "Name of the affected source code file, function, method, subroutine, or procedure.", + "minLength": 1, + "maxLength": 4096 + } + }, + "additionalProperties": false + } + }, + "platforms": { + "title": "Platforms", + "description": "List of specific platforms if the vulnerability is only relevant in the context of these platforms (optional). Platforms may include execution environments, operating systems, virtualization technologies, hardware models, or computing architectures. The lack of this field or an empty array implies that the other fields are applicable to all relevant platforms.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "string", + "examples": [ + "iOS", + "Android", + "Windows", + "macOS", + "x86", + "ARM", + "64 bit", + "Big Endian", + "iPad", + "Chromebook", + "Docker", + "Model T" + ], + "maxLength": 1024 + } + }, + "repo": { + "description": "The URL of the source code repository, for informational purposes and/or to resolve git hash version ranges.", + "$ref": "#/definitions/uriType" + }, + "defaultStatus": { + "description": "The default status for versions that are not otherwise listed in the versions list. If not specified, defaultStatus defaults to 'unknown'. Versions or defaultStatus may be omitted, but not both.", + "$ref": "#/definitions/status" + }, + "versions": { + "type": "array", + "description": "Set of product versions or version ranges related to the vulnerability. The versions satisfy the CNA Rules [8.1.2 requirement](https://cve.mitre.org/cve/cna/rules.html#section_8-1_cve_entry_information_requirements). Versions or defaultStatus may be omitted, but not both.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A single version or a range of versions, with vulnerability status.\n\nAn entry with only 'version' and 'status' indicates the status of a single version.\n\nOtherwise, an entry describes a range; it must include the 'versionType' property, to define the version numbering semantics in use, and 'limit', to indicate the non-inclusive upper limit of the range. The object describes the status for versions V such that 'version' <= V and V < 'limit', using the <= and < semantics defined for the specific kind of 'versionType'. Status changes within the range can be specified by an optional 'changes' list.\n\nThe algorithm to decide the status specified for a version V is:\n\n\tfor entry in product.versions {\n\t\tif entry.lessThan is not present and entry.lessThanOrEqual is not present and v == entry.version {\n\t\t\treturn entry.status\n\t\t}\n\t\tif (entry.lessThan is present and entry.version <= v and v < entry.lessThan) or\n\t\t (entry.lessThanOrEqual is present and entry.version <= v and v <= entry.lessThanOrEqual) { // <= and < defined by entry.versionType\n\t\t\tstatus = entry.status\n\t\t\tfor change in entry.changes {\n\t\t\t\tif change.at <= v {\n\t\t\t\t\tstatus = change.status\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn status\n\t\t}\n\t}\n\treturn product.defaultStatus\n\n.", + "oneOf": [ + { + "required": [ + "version", + "status" + ], + "maxProperties": 2 + }, + { + "required": [ + "version", + "status", + "versionType" + ], + "maxProperties": 3 + }, + { + "required": [ + "version", + "status", + "versionType", + "lessThan" + ] + }, + { + "required": [ + "version", + "status", + "versionType", + "lessThanOrEqual" + ] + } + ], + "properties": { + "version": { + "description": "The single version being described, or the version at the start of the range. By convention, typically 0 denotes the earliest possible version.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The vulnerability status for the version or range of versions. For a range, the status may be refined by the 'changes' list.", + "$ref": "#/definitions/status" + }, + "versionType": { + "type": "string", + "description": "The version numbering system used for specifying the range. This defines the exact semantics of the comparison (less-than) operation on versions, which is required to understand the range itself. 'Custom' indicates that the version type is unspecified and should be avoided whenever possible. It is included primarily for use in conversion of older data files.", + "minLength": 1, + "maxLength": 128, + "examples": [ + "custom", + "git", + "maven", + "python", + "rpm", + "semver" + ] + }, + "lessThan": { + "description": "The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk `(*)`, indicating an arbitrarily large number in the version ordering. For example, `{version: 1.0 lessThan: 1.*}` would describe the entire 1.X branch for most range kinds, and `{version: 2.0, lessThan: *}` describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.", + "$ref": "#/definitions/version" + }, + "lessThanOrEqual": { + "description": "The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, `{version: 1.0, lessThanOrEqual: 1.3}` covers all versions from 1.0 up to and including 1.3.", + "$ref": "#/definitions/version" + }, + "changes": { + "type": "array", + "description": "A list of status changes that take place during the range. The array should be sorted in increasing order by the 'at' field, according to the versionType, but clients must re-sort the list themselves rather than assume it is sorted.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "The start of a single status change during the range.", + "required": [ + "at", + "status" + ], + "additionalProperties": false, + "properties": { + "at": { + "description": "The version at which a status change occurs.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The new status in the range starting at the given version.", + "$ref": "#/definitions/status" + } + } + } + } + }, + "additionalProperties": false + } + } + } + }, + "dataType": { + "description": "Indicates the type of information represented in the JSON instance.", + "type": "string", + "enum": [ + "CVE_RECORD" + ] + }, + "dataVersion": { + "description": "The version of the CVE schema used for validating this record. Used to support multiple versions of this format.", + "type": "string", + "pattern": "^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$", + "default": "5.1.0" + }, + "cveMetadataPublished": { + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "type": "object", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned. This UUID can be used to lookup the organization record in the user registry service." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "requesterUserId": { + "$ref": "#/definitions/userId", + "description": "The user that requested the CVE identifier." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "state": { + "description": "State of CVE - PUBLISHED, REJECTED.", + "type": "string", + "enum": [ + "PUBLISHED" + ] + } + }, + "additionalProperties": false + }, + "cveMetadataRejected": { + "type": "object", + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "dateRejected": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE ID was rejected." + }, + "state": { + "type": "string", + "description": "State of CVE - PUBLISHED, REJECTED.", + "enum": [ + "REJECTED" + ] + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + } + }, + "additionalProperties": false + }, + "providerMetadata": { + "type": "object", + "description": "Details related to the information container provider (CNA or ADP).", + "properties": { + "orgId": { + "$ref": "#/definitions/orgId", + "description": "The container provider's organizational UUID." + }, + "shortName": { + "$ref": "#/definitions/shortName", + "description": "The container provider's organizational short name." + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp", + "description": "Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission." + } + }, + "required": [ + "orgId" + ], + "additionalProperties": false + }, + "cnaPublishedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a published CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA. The CNA container must include the required information defined in the CVE Rules, which includes a product, version, problem type, prose description, and a reference.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "dateAssigned": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was associated with a vulnerability by a CNA." + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "A title, headline, or a brief phrase summarizing the CVE record. Eg., Buffer overflow in Example Soft.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/cnaTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata", + "descriptions", + "affected", + "references" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "cnaRejectedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a rejected CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "rejectedReasons": { + "description": "Reasons for rejecting this CVE Record.", + "$ref": "#/definitions/descriptions" + }, + "replacedBy": { + "type": "array", + "description": "Contains an array of CVE IDs that this CVE ID was rejected in favor of because this CVE ID was assigned to the vulnerabilities.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/cveId" + } + } + }, + "required": [ + "providerMetadata", + "rejectedReasons" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "adpContainer": { + "description": "An object containing the vulnerability information provided by an Authorized Data Publisher (ADP). Since multiple ADPs can provide information for a CVE ID, an ADP container must indicate which ADP is the source of the information in the object.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "A title, headline, or a brief phrase summarizing the information in an ADP container.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/adpTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata" + ], + "minProperties": 2, + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "affected": { + "type": "array", + "description": "List of affected products.", + "minItems": 1, + "items": { + "$ref": "#/definitions/product" + } + }, + "description": { + "type": "object", + "description": "Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "description": "Plain text description.", + "minLength": 1, + "maxLength": 4096 + }, + "supportingMedia": { + "type": "array", + "title": "Supporting media", + "description": "Supporting media data for the description such as markdown, diagrams, .. (optional). Similar to RFC 2397 each media object has three main parts: media type, media data value, and an optional boolean flag to indicate if the media data is base64 encoded.", + "uniqueItems": true, + "minItems": 1, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "title": "Media type", + "minLength": 1, + "maxLength": 256, + "description": "RFC2046 compliant IANA Media type for eg., text/markdown, text/html.", + "examples": [ + "text/markdown", + "text/html", + "image/png", + "image/svg", + "audio/mp3" + ] + }, + "base64": { + "type": "boolean", + "title": "Encoding", + "description": "If true then the value field contains the media data encoded in base64. If false then the value field contains the UTF-8 media content.", + "default": false + }, + "value": { + "type": "string", + "description": "Supporting media content, up to 16K. If base64 is true, this field stores base64 encoded data.", + "minLength": 1, + "maxLength": 16384 + } + }, + "required": [ + "type", + "value" + ], + "additionalProperties": false + } + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + }, + "englishLanguageDescription": { + "type": "object", + "description": "A description with lang set to an English language (en, en_US, en_UK, and so on).", + "properties": { + "lang": { + "$ref": "#/definitions/englishLanguage" + } + }, + "required": [ + "lang" + ], + "$comment": "Cannot use additionalProperties: false here, as this prevents the other properties used by /definitions/description." + }, + "descriptions": { + "type": "array", + "description": "A list of multi-lingual descriptions of the vulnerability. E.g., [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]. OR [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] [ROOT CAUSE], which allows [ATTACKER] to [IMPACT] via [VECTOR].", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + }, + "contains": { + "$ref": "#/definitions/englishLanguageDescription" + } + }, + "problemTypes": { + "type": "array", + "description": "This is problem type information (e.g. CWE identifier). Must contain: At least one entry, can be text, OWASP, CWE, please note that while only one is required you can use more than one (or indeed all three) as long as they are correct). (CNA requirement: [PROBLEMTYPE]).", + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "descriptions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "lang", + "description" + ], + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "description": { + "type": "string", + "description": "Text description of problemType, or title from CWE or OWASP.", + "minLength": 1, + "maxLength": 4096 + }, + "cweId": { + "type": "string", + "description": "CWE ID of the CWE that best describes this problemType entry.", + "minLength": 5, + "maxLength": 9, + "pattern": "^CWE-[1-9][0-9]*$" + }, + "type": { + "type": "string", + "description": "Problemtype source, text, OWASP, CWE, etc.,", + "minLength": 1, + "maxLength": 128 + }, + "references": { + "$ref": "#/definitions/references" + } + }, + "additionalProperties": false + }, + "minItems": 1, + "uniqueItems": true + } + }, + "additionalProperties": false + }, + "minItems": 1, + "uniqueItems": true + }, + "references": { + "type": "array", + "description": "This is reference data in the form of URLs or file objects (uuencoded and embedded within the JSON file, exact format to be decided, e.g. we may require a compressed format so the objects require unpacking before they are \"dangerous\").", + "items": { + "$ref": "#/definitions/reference" + }, + "minItems": 1, + "maxItems": 512, + "uniqueItems": true + }, + "impacts": { + "type": "array", + "description": "Collection of impacts of this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description.", + "required": [ + "descriptions" + ], + "properties": { + "capecId": { + "type": "string", + "description": "CAPEC ID that best relates to this impact.", + "minLength": 7, + "maxLength": 11, + "pattern": "^CAPEC-[1-9][0-9]{0,4}$" + }, + "descriptions": { + "description": "Prose description of the impact scenario. At a minimum provide the description given by CAPEC.", + "$ref": "#/definitions/descriptions" + } + }, + "additionalProperties": false + } + }, + "metrics": { + "type": "array", + "description": "Collection of impact scores with attribution.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description, CVSSv2, CVSSv3, CVSSV4, etc.). Must contain: At least one entry, can be text, CVSSv2, CVSSv3, others may be added.", + "anyOf": [ + { + "required": [ + "cvssV4_0" + ] + }, + { + "required": [ + "cvssV3_1" + ] + }, + { + "required": [ + "cvssV3_0" + ] + }, + { + "required": [ + "cvssV2_0" + ] + }, + { + "required": [ + "other" + ] + } + ], + "properties": { + "format": { + "type": "string", + "description": "Name of the scoring format. This provides a bit of future proofing. Additional properties are not prohibited, so this will support the inclusion of proprietary formats. It also provides an easy future conversion mechanism when future score formats become part of the schema. example: cvssV44, format = 'cvssV44', other = cvssV4_4 JSON object. In the future, the other properties can be converted to score properties when they become part of the schema.", + "minLength": 1, + "maxLength": 64 + }, + "scenarios": { + "type": "array", + "description": "Description of the scenarios this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "default": "GENERAL", + "description": "Description of the scenario this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minLength": 1, + "maxLength": 4096 + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + } + }, + "cvssV4_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 4.0", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "attackRequirementsType": { + "type": "string", + "enum": [ + "NONE", + "PRESENT" + ] + }, + "modifiedAttackRequirementsType": { + "type": "string", + "enum": [ + "NONE", + "PRESENT", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "PASSIVE", + "ACTIVE" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "PASSIVE", + "ACTIVE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "vulnCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedVulnCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "subCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedSubCType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "modifiedSubIaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "SAFETY", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "exploitMaturityType": { + "type": "string", + "enum": [ + "UNREPORTED", + "PROOF_OF_CONCEPT", + "ATTACKED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "safetyType": { + "type": "string", + "enum": [ + "NEGLIGIBLE", + "PRESENT", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "automatableType": { + "type": "string", + "enum": [ + "NO", + "YES", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "recoveryType": { + "type": "string", + "enum": [ + "AUTOMATIC", + "USER", + "IRRECOVERABLE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "valueDensityType": { + "type": "string", + "enum": [ + "DIFFUSE", + "CONCENTRATED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "vulnerabilityResponseEffortType": { + "type": "string", + "enum": [ + "LOW", + "MODERATE", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "providerUrgencyType": { + "type": "string", + "enum": [ + "CLEAR", + "GREEN", + "AMBER", + "RED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "4.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType" + }, + "attackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType" + }, + "vulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "subConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "exploitMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType" + }, + "modifiedAttackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType" + }, + "modifiedVulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedSubConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType" + }, + "modifiedSubIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedSubAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "Safety": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType" + }, + "Automatable": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType" + }, + "Recovery": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType" + }, + "valueDensity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType" + }, + "vulnerabilityResponseEffort": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType" + }, + "providerUrgency": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType" + } + }, + "allOf": [ + { + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + }, + { + "anyOf": [ + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + }, + { + "anyOf": [ + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV3_1": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.1", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.1" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + } + }, + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/criticalSeverityType" + } + } + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV3_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.0", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + } + }, + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/criticalSeverityType" + } + } + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV2_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 2.0", + "type": "object", + "definitions": { + "accessVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL" + ] + }, + "accessComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "MEDIUM", + "LOW" + ] + }, + "authenticationType": { + "type": "string", + "enum": [ + "MULTIPLE", + "SINGLE", + "NONE" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "PARTIAL", + "COMPLETE" + ] + }, + "exploitabilityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "reportConfidenceType": { + "type": "string", + "enum": [ + "UNCONFIRMED", + "UNCORROBORATED", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "collateralDamagePotentialType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "LOW_MEDIUM", + "MEDIUM_HIGH", + "HIGH", + "NOT_DEFINED" + ] + }, + "targetDistributionType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "2.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$" + }, + "accessVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType" + }, + "accessComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType" + }, + "authentication": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "exploitability": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "collateralDamagePotential": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType" + }, + "targetDistribution": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore" + ], + "additionalProperties": false + }, + "other": { + "type": "object", + "description": "A non-standard impact description, may be prose or JSON block.", + "required": [ + "type", + "content" + ], + "properties": { + "type": { + "description": "Name of the non-standard impact metrics format used.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "content": { + "type": "object", + "$comment": "additionalProperties are allowed here, since this construct supports arbitrary JSON.", + "description": "JSON object not covered by another metrics format.", + "minProperties": 1 + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "configurations": { + "type": "array", + "description": "Configurations required for exploiting this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "workarounds": { + "type": "array", + "description": "Workarounds and mitigations for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "solutions": { + "type": "array", + "description": "Information about solutions or remediations available for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "exploits": { + "type": "array", + "description": "Information about exploits of the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "timeline": { + "type": "array", + "description": "This is timeline information for significant events about this vulnerability or changes to the CVE Record.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "time", + "lang", + "value" + ], + "properties": { + "time": { + "description": "Timestamp representing when the event in the timeline occurred. The timestamp format is based on RFC3339 and ISO ISO8601, with an optional timezone. yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM - if the timezone offset is not given, GMT (+00:00) is assumed.", + "$ref": "#/definitions/timestamp" + }, + "lang": { + "description": "The language used in the description of the event. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "description": "A summary of the event.", + "type": "string", + "minLength": 1, + "maxLength": 4096 + } + }, + "additionalProperties": false + } + }, + "credits": { + "type": "array", + "description": "Statements acknowledging specific people, organizations, or tools recognizing the work done in researching, discovering, remediating or helping with activities related to this CVE.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "description": "The language used when describing the credits. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "minLength": 1, + "maxLength": 4096 + }, + "user": { + "description": "UUID of the user being credited if present in the CVE User Registry (optional). This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "type": { + "type": "string", + "description": "Type or role of the entity being credited (optional). finder: identifies the vulnerability.\nreporter: notifies the vendor of the vulnerability to a CNA.\nanalyst: validates the vulnerability to ensure accuracy or severity.\ncoordinator: facilitates the coordinated response process.\nremediation developer: prepares a code change or other remediation plans.\nremediation reviewer: reviews vulnerability remediation plans or code changes for effectiveness and completeness.\nremediation verifier: tests and verifies the vulnerability or its remediation.\ntool: names of tools used in vulnerability discovery or identification.\nsponsor: supports the vulnerability identification or remediation activities.", + "default": "finder", + "enum": [ + "finder", + "reporter", + "analyst", + "coordinator", + "remediation developer", + "remediation reviewer", + "remediation verifier", + "tool", + "sponsor", + "other" + ] + } + }, + "additionalProperties": false, + "required": [ + "lang", + "value" + ] + } + }, + "source": { + "type": "object", + "description": "This is the source information (who discovered it, who researched it, etc.) and optionally a chain of CNA information (e.g. the originating CNA and subsequent parent CNAs who have processed it before it arrives at the MITRE root).\n Must contain: IF this is in the root level it MUST contain a CNA_chain entry, IF this source entry is NOT in the root (e.g. it is part of a vendor statement) then it must contain at least one type of data entry.", + "minProperties": 1 + }, + "language": { + "type": "string", + "description": "BCP 47 language code, language-region.", + "default": "en", + "pattern": "^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "englishLanguage": { + "type": "string", + "description": "BCP 47 language code, language-region, required to be English.", + "pattern": "^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "taxonomyMappings": { + "type": "array", + "description": "List of taxonomy items related to the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A taxonomy mapping object identifies the taxonomy by a name and version (eg., ATT&CK v13.1, CVSS 3.1, CWE 4.12) along with a list of relations relevant to this CVE.", + "required": [ + "taxonomyName", + "taxonomyRelations" + ], + "properties": { + "taxonomyName": { + "type": "string", + "description": "The name of the taxonomy, eg., ATT&CK, D3FEND, CWE, CVSS", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyVersion": { + "type": "string", + "description": "The version of taxonomy the identifiers come from.", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyRelations": { + "type": "array", + "description": "List of relationships to the taxonomy for the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A relationship between the taxonomy and the CVE or two taxonomy items.", + "required": [ + "taxonomyId", + "relationshipName", + "relationshipValue" + ], + "properties": { + "taxonomyId": { + "type": "string", + "description": "Identifier of the item in the taxonomy. Used as the subject of the relationship.", + "minLength": 1, + "maxLength": 2048 + }, + "relationshipName": { + "type": "string", + "description": "A description of the relationship.", + "minLength": 1, + "maxLength": 128 + }, + "relationshipValue": { + "type": "string", + "description": "The target of the relationship. Can be the CVE ID or another taxonomy identifier.", + "minLength": 1, + "maxLength": 2048 + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "tagExtension": { + "type": "string", + "minLength": 2, + "maxLength": 128, + "pattern": "^x_.*$", + "$comment": "These values are not used as JSON property names, so there is not a need to work-around property naming limitations in some common implementations." + }, + "cnaTags": { + "type": "array", + "description": "Tags provided by a CNA describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", + "type": "string", + "description": "exclusively-hosted-service: All known software and/or hardware affected by this CVE Record is known to exist only in the affected hosted service. If the vulnerability affects both hosted and on-prem software and/or hardware, then the tag should not be used.\n\nunsupported-when-assigned: Used by the assigning CNA to indicate that when a request for a CVE assignment was received, the product was already end-of-life (EOL) or a product or specific version was deemed not to be supported by the vendor. This tag should only be applied to a CVE Record when all affected products or version lines referenced in the CVE-Record are EOL.\n\ndisputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": [ + "unsupported-when-assigned", + "exclusively-hosted-service", + "disputed" + ] + } + ] + } + }, + "adpTags": { + "type": "array", + "description": "Tags provided by an ADP describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", + "type": "string", + "description": "disputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": [ + "disputed" + ] + } + ] + } + } + }, + "properties": { + "adpContainer": { + "$ref": "#/definitions/adpContainer" + } + }, + "additionalProperties": false +} \ No newline at end of file diff --git a/schema/docs/CVE_Record_Format_bundled_cnaPublishedContainer.json b/schema/docs/CVE_Record_Format_bundled_cnaPublishedContainer.json new file mode 100644 index 00000000000..db7dffd02ce --- /dev/null +++ b/schema/docs/CVE_Record_Format_bundled_cnaPublishedContainer.json @@ -0,0 +1,3341 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cveproject.github.io/cve-schema/schema/docs/CVE_Record_Format_bundled_cnaPublishedContainer.json", + "title": "CVE JSON cnaPublishedContainer sub schema", + "description": "CVE JSON cnaPublishedContainer format", + "definitions": { + "uriType": { + "description": "A universal resource identifier (URI), according to [RFC 3986](https://tools.ietf.org/html/rfc3986).", + "type": "string", + "format": "uri", + "minLength": 1, + "maxLength": 2048 + }, + "uuidType": { + "description": "A version 4 (random) universally unique identifier (UUID) as defined by [RFC 4122](https://tools.ietf.org/html/rfc4122#section-4.1.3).", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "reference": { + "type": "object", + "required": [ + "url" + ], + "properties": { + "url": { + "description": "The uniform resource locator (URL), according to [RFC 3986](https://tools.ietf.org/html/rfc3986#section-1.1.3), that can be used to retrieve the referenced resource.", + "$ref": "#/definitions/uriType" + }, + "name": { + "description": "User created name for the reference, often the title of the page.", + "type": "string", + "maxLength": 512, + "minLength": 1 + }, + "tags": { + "description": "An array of one or more tags that describe the resource referenced by 'url'.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", + "type": "string", + "description": "broken-link: The reference link is returning a 404 error, or the site is no longer online.\n\ncustomer-entitlement: Similar to Privileges Required, but specific to references that require non-public/paid access for customers of the particular vendor.\n\nexploit: Reference contains an in-depth/detailed description of steps to exploit a vulnerability OR the reference contains any legitimate Proof of Concept (PoC) code or exploit kit.\n\ngovernment-resource: All reference links that are from a government agency or organization should be given the Government Resource tag.\n\nissue-tracking: The reference is a post from a bug tracking tool such as MantisBT, Bugzilla, JIRA, Github Issues, etc...\n\nmailing-list: The reference is from a mailing list -- often specific to a product or vendor.\n\nmitigation: The reference contains information on steps to mitigate against the vulnerability in the event a patch can't be applied or is unavailable or for EOL product situations.\n\nnot-applicable: The reference link is not applicable to the vulnerability and was likely associated by MITRE accidentally (should be used sparingly).\n\npatch: The reference contains an update to the software that fixes the vulnerability.\n\npermissions-required: The reference link provided is blocked by a logon page. If credentials are required to see any information this tag must be applied.\n\nmedia-coverage: The reference is from a media outlet such as a newspaper, magazine, social media, or weblog. This tag is not intended to apply to any individual's personal social media account. It is strictly intended for public media entities.\n\nproduct: A reference appropriate for describing a product for the purpose of CPE or SWID.\n\nrelated: A reference that is for a related (but not the same) vulnerability.\n\nrelease-notes: The reference is in the format of a vendor or open source project's release notes or change log.\n\nsignature: The reference contains a method to detect or prevent the presence or exploitation of the vulnerability.\n\ntechnical-description: The reference contains in-depth technical information about a vulnerability and its exploitation process, typically in the form of a presentation or whitepaper.\n\nthird-party-advisory: Advisory is from an organization that is not the vulnerable product's vendor/publisher/maintainer.\n\nvendor-advisory: Advisory is from the vendor/publisher/maintainer of the product or the parent organization.\n\nvdb-entry: VDBs are loosely defined as sites that provide information about this vulnerability, such as advisories, with identifiers. Included VDBs are free to access, substantially public, and have broad scope and coverage (not limited to a single vendor or research organization). See: https://www.first.org/global/sigs/vrdx/vdb-catalog", + "enum": [ + "broken-link", + "customer-entitlement", + "exploit", + "government-resource", + "issue-tracking", + "mailing-list", + "mitigation", + "not-applicable", + "patch", + "permissions-required", + "media-coverage", + "product", + "related", + "release-notes", + "signature", + "technical-description", + "third-party-advisory", + "vendor-advisory", + "vdb-entry" + ] + } + ] + } + } + }, + "additionalProperties": false + }, + "cveId": { + "type": "string", + "pattern": "^CVE-[0-9]{4}-[0-9]{4,19}$" + }, + "orgId": { + "description": "A UUID for an organization participating in the CVE program. This UUID can be used to lookup the organization record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "userId": { + "description": "A UUID for a user participating in the CVE program. This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "shortName": { + "description": "A 2-32 character name that can be used to complement an organization's UUID.", + "type": "string", + "minLength": 2, + "maxLength": 32 + }, + "datestamp": { + "description": "Date/time format based on RFC3339 and ISO ISO8601.", + "type": "string", + "format": "date", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))$" + }, + "timestamp": { + "type": "string", + "description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM'. If timezone offset is not given, GMT (+00:00) is assumed.", + "pattern": "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$" + }, + "version": { + "description": "A single version of a product, as expressed in its own version numbering scheme.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + }, + "status": { + "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", + "type": "string", + "enum": [ + "affected", + "unaffected", + "unknown" + ] + }, + "product": { + "type": "object", + "description": "Provides information about the set of products and services affected by this vulnerability.", + "allOf": [ + { + "anyOf": [ + { + "required": [ + "vendor", + "product" + ] + }, + { + "required": [ + "collectionURL", + "packageName" + ] + } + ] + }, + { + "anyOf": [ + { + "required": [ + "versions" + ] + }, + { + "required": [ + "defaultStatus" + ] + } + ] + } + ], + "properties": { + "vendor": { + "type": "string", + "description": "Name of the organization, project, community, individual, or user that created or maintains this product or hosted service. Can be 'N/A' if none of those apply. When collectionURL and packageName are used, this field may optionally represent the user or account within the package collection associated with the package.", + "minLength": 1, + "maxLength": 512 + }, + "product": { + "type": "string", + "description": "Name of the affected product.", + "minLength": 1, + "maxLength": 2048 + }, + "collectionURL": { + "description": "URL identifying a package collection (determines the meaning of packageName).", + "$ref": "#/definitions/uriType", + "examples": [ + "https://access.redhat.com/downloads/content/package-browser", + "https://addons.mozilla.org", + "https://addons.thunderbird.net", + "https://anaconda.org/anaconda/repo", + "https://app.vagrantup.com/boxes/search", + "https://apps.apple.com", + "https://archlinux.org/packages", + "https://atmospherejs.meteor.com", + "https://atom.io/packages", + "https://bitbucket.org", + "https://bower.io", + "https://brew.sh/", + "https://chocolatey.org/packages", + "https://chrome.google.com/webstore", + "https://clojars.org", + "https://cocoapods.org", + "https://code.dlang.org", + "https://conan.io/center", + "https://cpan.org/modules", + "https://cran.r-project.org", + "https://crates.io", + "https://ctan.org/pkg", + "https://drupal.org", + "https://exchange.adobe.com", + "https://forge.puppet.com/modules", + "https://github.com", + "https://gitlab.com/explore", + "https://golang.org/pkg", + "https://guix.gnu.org/packages", + "https://hackage.haskell.org", + "https://helm.sh", + "https://hub.docker.com", + "https://juliahub.com", + "https://lib.haxe.org", + "https://luarocks.org", + "https://marketplace.visualstudio.com", + "https://melpa.org", + "https://microsoft.com/en-us/store/apps", + "https://nimble.directory", + "https://nuget.org/packages", + "https://opam.ocaml.org/packages", + "https://openwrt.org/packages/index", + "https://package.elm-lang.org", + "https://packagecontrol.io", + "https://packages.debian.org", + "https://packages.gentoo.org", + "https://packagist.org", + "https://pear.php.net/packages.php", + "https://pecl.php.net", + "https://platformio.org/lib", + "https://play.google.com/store", + "https://plugins.gradle.org", + "https://projects.eclipse.org", + "https://pub.dev", + "https://pypi.python.org", + "https://registry.npmjs.org", + "https://registry.terraform.io", + "https://repo.hex.pm", + "https://repo.maven.apache.org/maven2", + "https://rubygems.org", + "https://search.nixos.org/packages", + "https://sourceforge.net", + "https://wordpress.org/plugins" + ] + }, + "packageName": { + "type": "string", + "description": "Name or identifier of the affected software package as used in the package collection.", + "minLength": 1, + "maxLength": 2048 + }, + "cpes": { + "type": "array", + "description": "Affected products defined by CPE. This is an array of CPE values (vulnerable and not), we use an array so that we can make multiple statements about the same version and they are separate (if we used a JSON object we'd essentially be keying on the CPE name and they would have to overlap). Also, this allows things like cveDataVersion or cveDescription to be applied directly to the product entry. This also allows more complex statements such as \"Product X between versions 10.2 and 10.8\" to be put in a machine-readable format. As well since multiple statements can be used multiple branches of the same product can be defined here.", + "uniqueItems": true, + "items": { + "title": "CPE Name", + "type": "string", + "description": "Common Platform Enumeration (CPE) Name in either 2.2 or 2.3 format", + "pattern": "([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})", + "minLength": 1, + "maxLength": 2048 + } + }, + "modules": { + "type": "array", + "description": "A list of the affected components, features, modules, sub-components, sub-products, APIs, commands, utilities, programs, or functionalities (optional).", + "uniqueItems": true, + "items": { + "type": "string", + "description": "Name of the affected component, feature, module, sub-component, sub-product, API, command, utility, program, or functionality (optional).", + "minLength": 1, + "maxLength": 4096 + } + }, + "programFiles": { + "type": "array", + "description": "A list of the affected source code files (optional).", + "uniqueItems": true, + "items": { + "description": "Name or path or location of the affected source code file.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + } + }, + "programRoutines": { + "type": "array", + "description": "A list of the affected source code functions, methods, subroutines, or procedures (optional).", + "uniqueItems": true, + "items": { + "type": "object", + "description": "An object describing program routine.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "Name of the affected source code file, function, method, subroutine, or procedure.", + "minLength": 1, + "maxLength": 4096 + } + }, + "additionalProperties": false + } + }, + "platforms": { + "title": "Platforms", + "description": "List of specific platforms if the vulnerability is only relevant in the context of these platforms (optional). Platforms may include execution environments, operating systems, virtualization technologies, hardware models, or computing architectures. The lack of this field or an empty array implies that the other fields are applicable to all relevant platforms.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "string", + "examples": [ + "iOS", + "Android", + "Windows", + "macOS", + "x86", + "ARM", + "64 bit", + "Big Endian", + "iPad", + "Chromebook", + "Docker", + "Model T" + ], + "maxLength": 1024 + } + }, + "repo": { + "description": "The URL of the source code repository, for informational purposes and/or to resolve git hash version ranges.", + "$ref": "#/definitions/uriType" + }, + "defaultStatus": { + "description": "The default status for versions that are not otherwise listed in the versions list. If not specified, defaultStatus defaults to 'unknown'. Versions or defaultStatus may be omitted, but not both.", + "$ref": "#/definitions/status" + }, + "versions": { + "type": "array", + "description": "Set of product versions or version ranges related to the vulnerability. The versions satisfy the CNA Rules [8.1.2 requirement](https://cve.mitre.org/cve/cna/rules.html#section_8-1_cve_entry_information_requirements). Versions or defaultStatus may be omitted, but not both.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A single version or a range of versions, with vulnerability status.\n\nAn entry with only 'version' and 'status' indicates the status of a single version.\n\nOtherwise, an entry describes a range; it must include the 'versionType' property, to define the version numbering semantics in use, and 'limit', to indicate the non-inclusive upper limit of the range. The object describes the status for versions V such that 'version' <= V and V < 'limit', using the <= and < semantics defined for the specific kind of 'versionType'. Status changes within the range can be specified by an optional 'changes' list.\n\nThe algorithm to decide the status specified for a version V is:\n\n\tfor entry in product.versions {\n\t\tif entry.lessThan is not present and entry.lessThanOrEqual is not present and v == entry.version {\n\t\t\treturn entry.status\n\t\t}\n\t\tif (entry.lessThan is present and entry.version <= v and v < entry.lessThan) or\n\t\t (entry.lessThanOrEqual is present and entry.version <= v and v <= entry.lessThanOrEqual) { // <= and < defined by entry.versionType\n\t\t\tstatus = entry.status\n\t\t\tfor change in entry.changes {\n\t\t\t\tif change.at <= v {\n\t\t\t\t\tstatus = change.status\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn status\n\t\t}\n\t}\n\treturn product.defaultStatus\n\n.", + "oneOf": [ + { + "required": [ + "version", + "status" + ], + "maxProperties": 2 + }, + { + "required": [ + "version", + "status", + "versionType" + ], + "maxProperties": 3 + }, + { + "required": [ + "version", + "status", + "versionType", + "lessThan" + ] + }, + { + "required": [ + "version", + "status", + "versionType", + "lessThanOrEqual" + ] + } + ], + "properties": { + "version": { + "description": "The single version being described, or the version at the start of the range. By convention, typically 0 denotes the earliest possible version.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The vulnerability status for the version or range of versions. For a range, the status may be refined by the 'changes' list.", + "$ref": "#/definitions/status" + }, + "versionType": { + "type": "string", + "description": "The version numbering system used for specifying the range. This defines the exact semantics of the comparison (less-than) operation on versions, which is required to understand the range itself. 'Custom' indicates that the version type is unspecified and should be avoided whenever possible. It is included primarily for use in conversion of older data files.", + "minLength": 1, + "maxLength": 128, + "examples": [ + "custom", + "git", + "maven", + "python", + "rpm", + "semver" + ] + }, + "lessThan": { + "description": "The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk `(*)`, indicating an arbitrarily large number in the version ordering. For example, `{version: 1.0 lessThan: 1.*}` would describe the entire 1.X branch for most range kinds, and `{version: 2.0, lessThan: *}` describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.", + "$ref": "#/definitions/version" + }, + "lessThanOrEqual": { + "description": "The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, `{version: 1.0, lessThanOrEqual: 1.3}` covers all versions from 1.0 up to and including 1.3.", + "$ref": "#/definitions/version" + }, + "changes": { + "type": "array", + "description": "A list of status changes that take place during the range. The array should be sorted in increasing order by the 'at' field, according to the versionType, but clients must re-sort the list themselves rather than assume it is sorted.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "The start of a single status change during the range.", + "required": [ + "at", + "status" + ], + "additionalProperties": false, + "properties": { + "at": { + "description": "The version at which a status change occurs.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The new status in the range starting at the given version.", + "$ref": "#/definitions/status" + } + } + } + } + }, + "additionalProperties": false + } + } + } + }, + "dataType": { + "description": "Indicates the type of information represented in the JSON instance.", + "type": "string", + "enum": [ + "CVE_RECORD" + ] + }, + "dataVersion": { + "description": "The version of the CVE schema used for validating this record. Used to support multiple versions of this format.", + "type": "string", + "pattern": "^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$", + "default": "5.1.0" + }, + "cveMetadataPublished": { + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "type": "object", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned. This UUID can be used to lookup the organization record in the user registry service." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "requesterUserId": { + "$ref": "#/definitions/userId", + "description": "The user that requested the CVE identifier." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "state": { + "description": "State of CVE - PUBLISHED, REJECTED.", + "type": "string", + "enum": [ + "PUBLISHED" + ] + } + }, + "additionalProperties": false + }, + "cveMetadataRejected": { + "type": "object", + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "dateRejected": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE ID was rejected." + }, + "state": { + "type": "string", + "description": "State of CVE - PUBLISHED, REJECTED.", + "enum": [ + "REJECTED" + ] + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + } + }, + "additionalProperties": false + }, + "providerMetadata": { + "type": "object", + "description": "Details related to the information container provider (CNA or ADP).", + "properties": { + "orgId": { + "$ref": "#/definitions/orgId", + "description": "The container provider's organizational UUID." + }, + "shortName": { + "$ref": "#/definitions/shortName", + "description": "The container provider's organizational short name." + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp", + "description": "Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission." + } + }, + "required": [ + "orgId" + ], + "additionalProperties": false + }, + "cnaPublishedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a published CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA. The CNA container must include the required information defined in the CVE Rules, which includes a product, version, problem type, prose description, and a reference.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "dateAssigned": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was associated with a vulnerability by a CNA." + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "A title, headline, or a brief phrase summarizing the CVE record. Eg., Buffer overflow in Example Soft.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/cnaTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata", + "descriptions", + "affected", + "references" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "cnaRejectedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a rejected CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "rejectedReasons": { + "description": "Reasons for rejecting this CVE Record.", + "$ref": "#/definitions/descriptions" + }, + "replacedBy": { + "type": "array", + "description": "Contains an array of CVE IDs that this CVE ID was rejected in favor of because this CVE ID was assigned to the vulnerabilities.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/cveId" + } + } + }, + "required": [ + "providerMetadata", + "rejectedReasons" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "adpContainer": { + "description": "An object containing the vulnerability information provided by an Authorized Data Publisher (ADP). Since multiple ADPs can provide information for a CVE ID, an ADP container must indicate which ADP is the source of the information in the object.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "A title, headline, or a brief phrase summarizing the information in an ADP container.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/adpTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata" + ], + "minProperties": 2, + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "affected": { + "type": "array", + "description": "List of affected products.", + "minItems": 1, + "items": { + "$ref": "#/definitions/product" + } + }, + "description": { + "type": "object", + "description": "Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "description": "Plain text description.", + "minLength": 1, + "maxLength": 4096 + }, + "supportingMedia": { + "type": "array", + "title": "Supporting media", + "description": "Supporting media data for the description such as markdown, diagrams, .. (optional). Similar to RFC 2397 each media object has three main parts: media type, media data value, and an optional boolean flag to indicate if the media data is base64 encoded.", + "uniqueItems": true, + "minItems": 1, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "title": "Media type", + "minLength": 1, + "maxLength": 256, + "description": "RFC2046 compliant IANA Media type for eg., text/markdown, text/html.", + "examples": [ + "text/markdown", + "text/html", + "image/png", + "image/svg", + "audio/mp3" + ] + }, + "base64": { + "type": "boolean", + "title": "Encoding", + "description": "If true then the value field contains the media data encoded in base64. If false then the value field contains the UTF-8 media content.", + "default": false + }, + "value": { + "type": "string", + "description": "Supporting media content, up to 16K. If base64 is true, this field stores base64 encoded data.", + "minLength": 1, + "maxLength": 16384 + } + }, + "required": [ + "type", + "value" + ], + "additionalProperties": false + } + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + }, + "englishLanguageDescription": { + "type": "object", + "description": "A description with lang set to an English language (en, en_US, en_UK, and so on).", + "properties": { + "lang": { + "$ref": "#/definitions/englishLanguage" + } + }, + "required": [ + "lang" + ], + "$comment": "Cannot use additionalProperties: false here, as this prevents the other properties used by /definitions/description." + }, + "descriptions": { + "type": "array", + "description": "A list of multi-lingual descriptions of the vulnerability. E.g., [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]. OR [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] [ROOT CAUSE], which allows [ATTACKER] to [IMPACT] via [VECTOR].", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + }, + "contains": { + "$ref": "#/definitions/englishLanguageDescription" + } + }, + "problemTypes": { + "type": "array", + "description": "This is problem type information (e.g. CWE identifier). Must contain: At least one entry, can be text, OWASP, CWE, please note that while only one is required you can use more than one (or indeed all three) as long as they are correct). (CNA requirement: [PROBLEMTYPE]).", + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "descriptions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "lang", + "description" + ], + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "description": { + "type": "string", + "description": "Text description of problemType, or title from CWE or OWASP.", + "minLength": 1, + "maxLength": 4096 + }, + "cweId": { + "type": "string", + "description": "CWE ID of the CWE that best describes this problemType entry.", + "minLength": 5, + "maxLength": 9, + "pattern": "^CWE-[1-9][0-9]*$" + }, + "type": { + "type": "string", + "description": "Problemtype source, text, OWASP, CWE, etc.,", + "minLength": 1, + "maxLength": 128 + }, + "references": { + "$ref": "#/definitions/references" + } + }, + "additionalProperties": false + }, + "minItems": 1, + "uniqueItems": true + } + }, + "additionalProperties": false + }, + "minItems": 1, + "uniqueItems": true + }, + "references": { + "type": "array", + "description": "This is reference data in the form of URLs or file objects (uuencoded and embedded within the JSON file, exact format to be decided, e.g. we may require a compressed format so the objects require unpacking before they are \"dangerous\").", + "items": { + "$ref": "#/definitions/reference" + }, + "minItems": 1, + "maxItems": 512, + "uniqueItems": true + }, + "impacts": { + "type": "array", + "description": "Collection of impacts of this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description.", + "required": [ + "descriptions" + ], + "properties": { + "capecId": { + "type": "string", + "description": "CAPEC ID that best relates to this impact.", + "minLength": 7, + "maxLength": 11, + "pattern": "^CAPEC-[1-9][0-9]{0,4}$" + }, + "descriptions": { + "description": "Prose description of the impact scenario. At a minimum provide the description given by CAPEC.", + "$ref": "#/definitions/descriptions" + } + }, + "additionalProperties": false + } + }, + "metrics": { + "type": "array", + "description": "Collection of impact scores with attribution.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description, CVSSv2, CVSSv3, CVSSV4, etc.). Must contain: At least one entry, can be text, CVSSv2, CVSSv3, others may be added.", + "anyOf": [ + { + "required": [ + "cvssV4_0" + ] + }, + { + "required": [ + "cvssV3_1" + ] + }, + { + "required": [ + "cvssV3_0" + ] + }, + { + "required": [ + "cvssV2_0" + ] + }, + { + "required": [ + "other" + ] + } + ], + "properties": { + "format": { + "type": "string", + "description": "Name of the scoring format. This provides a bit of future proofing. Additional properties are not prohibited, so this will support the inclusion of proprietary formats. It also provides an easy future conversion mechanism when future score formats become part of the schema. example: cvssV44, format = 'cvssV44', other = cvssV4_4 JSON object. In the future, the other properties can be converted to score properties when they become part of the schema.", + "minLength": 1, + "maxLength": 64 + }, + "scenarios": { + "type": "array", + "description": "Description of the scenarios this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "default": "GENERAL", + "description": "Description of the scenario this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minLength": 1, + "maxLength": 4096 + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + } + }, + "cvssV4_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 4.0", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "attackRequirementsType": { + "type": "string", + "enum": [ + "NONE", + "PRESENT" + ] + }, + "modifiedAttackRequirementsType": { + "type": "string", + "enum": [ + "NONE", + "PRESENT", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "PASSIVE", + "ACTIVE" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "PASSIVE", + "ACTIVE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "vulnCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedVulnCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "subCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedSubCType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "modifiedSubIaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "SAFETY", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "exploitMaturityType": { + "type": "string", + "enum": [ + "UNREPORTED", + "PROOF_OF_CONCEPT", + "ATTACKED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "safetyType": { + "type": "string", + "enum": [ + "NEGLIGIBLE", + "PRESENT", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "automatableType": { + "type": "string", + "enum": [ + "NO", + "YES", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "recoveryType": { + "type": "string", + "enum": [ + "AUTOMATIC", + "USER", + "IRRECOVERABLE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "valueDensityType": { + "type": "string", + "enum": [ + "DIFFUSE", + "CONCENTRATED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "vulnerabilityResponseEffortType": { + "type": "string", + "enum": [ + "LOW", + "MODERATE", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "providerUrgencyType": { + "type": "string", + "enum": [ + "CLEAR", + "GREEN", + "AMBER", + "RED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "4.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType" + }, + "attackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType" + }, + "vulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "subConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "exploitMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType" + }, + "modifiedAttackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType" + }, + "modifiedVulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedSubConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType" + }, + "modifiedSubIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedSubAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "Safety": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType" + }, + "Automatable": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType" + }, + "Recovery": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType" + }, + "valueDensity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType" + }, + "vulnerabilityResponseEffort": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType" + }, + "providerUrgency": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType" + } + }, + "allOf": [ + { + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + }, + { + "anyOf": [ + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + }, + { + "anyOf": [ + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV3_1": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.1", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.1" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + } + }, + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/criticalSeverityType" + } + } + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV3_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.0", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + } + }, + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/criticalSeverityType" + } + } + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV2_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 2.0", + "type": "object", + "definitions": { + "accessVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL" + ] + }, + "accessComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "MEDIUM", + "LOW" + ] + }, + "authenticationType": { + "type": "string", + "enum": [ + "MULTIPLE", + "SINGLE", + "NONE" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "PARTIAL", + "COMPLETE" + ] + }, + "exploitabilityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "reportConfidenceType": { + "type": "string", + "enum": [ + "UNCONFIRMED", + "UNCORROBORATED", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "collateralDamagePotentialType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "LOW_MEDIUM", + "MEDIUM_HIGH", + "HIGH", + "NOT_DEFINED" + ] + }, + "targetDistributionType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "2.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$" + }, + "accessVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType" + }, + "accessComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType" + }, + "authentication": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "exploitability": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "collateralDamagePotential": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType" + }, + "targetDistribution": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore" + ], + "additionalProperties": false + }, + "other": { + "type": "object", + "description": "A non-standard impact description, may be prose or JSON block.", + "required": [ + "type", + "content" + ], + "properties": { + "type": { + "description": "Name of the non-standard impact metrics format used.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "content": { + "type": "object", + "$comment": "additionalProperties are allowed here, since this construct supports arbitrary JSON.", + "description": "JSON object not covered by another metrics format.", + "minProperties": 1 + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "configurations": { + "type": "array", + "description": "Configurations required for exploiting this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "workarounds": { + "type": "array", + "description": "Workarounds and mitigations for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "solutions": { + "type": "array", + "description": "Information about solutions or remediations available for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "exploits": { + "type": "array", + "description": "Information about exploits of the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "timeline": { + "type": "array", + "description": "This is timeline information for significant events about this vulnerability or changes to the CVE Record.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "time", + "lang", + "value" + ], + "properties": { + "time": { + "description": "Timestamp representing when the event in the timeline occurred. The timestamp format is based on RFC3339 and ISO ISO8601, with an optional timezone. yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM - if the timezone offset is not given, GMT (+00:00) is assumed.", + "$ref": "#/definitions/timestamp" + }, + "lang": { + "description": "The language used in the description of the event. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "description": "A summary of the event.", + "type": "string", + "minLength": 1, + "maxLength": 4096 + } + }, + "additionalProperties": false + } + }, + "credits": { + "type": "array", + "description": "Statements acknowledging specific people, organizations, or tools recognizing the work done in researching, discovering, remediating or helping with activities related to this CVE.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "description": "The language used when describing the credits. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "minLength": 1, + "maxLength": 4096 + }, + "user": { + "description": "UUID of the user being credited if present in the CVE User Registry (optional). This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "type": { + "type": "string", + "description": "Type or role of the entity being credited (optional). finder: identifies the vulnerability.\nreporter: notifies the vendor of the vulnerability to a CNA.\nanalyst: validates the vulnerability to ensure accuracy or severity.\ncoordinator: facilitates the coordinated response process.\nremediation developer: prepares a code change or other remediation plans.\nremediation reviewer: reviews vulnerability remediation plans or code changes for effectiveness and completeness.\nremediation verifier: tests and verifies the vulnerability or its remediation.\ntool: names of tools used in vulnerability discovery or identification.\nsponsor: supports the vulnerability identification or remediation activities.", + "default": "finder", + "enum": [ + "finder", + "reporter", + "analyst", + "coordinator", + "remediation developer", + "remediation reviewer", + "remediation verifier", + "tool", + "sponsor", + "other" + ] + } + }, + "additionalProperties": false, + "required": [ + "lang", + "value" + ] + } + }, + "source": { + "type": "object", + "description": "This is the source information (who discovered it, who researched it, etc.) and optionally a chain of CNA information (e.g. the originating CNA and subsequent parent CNAs who have processed it before it arrives at the MITRE root).\n Must contain: IF this is in the root level it MUST contain a CNA_chain entry, IF this source entry is NOT in the root (e.g. it is part of a vendor statement) then it must contain at least one type of data entry.", + "minProperties": 1 + }, + "language": { + "type": "string", + "description": "BCP 47 language code, language-region.", + "default": "en", + "pattern": "^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "englishLanguage": { + "type": "string", + "description": "BCP 47 language code, language-region, required to be English.", + "pattern": "^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "taxonomyMappings": { + "type": "array", + "description": "List of taxonomy items related to the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A taxonomy mapping object identifies the taxonomy by a name and version (eg., ATT&CK v13.1, CVSS 3.1, CWE 4.12) along with a list of relations relevant to this CVE.", + "required": [ + "taxonomyName", + "taxonomyRelations" + ], + "properties": { + "taxonomyName": { + "type": "string", + "description": "The name of the taxonomy, eg., ATT&CK, D3FEND, CWE, CVSS", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyVersion": { + "type": "string", + "description": "The version of taxonomy the identifiers come from.", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyRelations": { + "type": "array", + "description": "List of relationships to the taxonomy for the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A relationship between the taxonomy and the CVE or two taxonomy items.", + "required": [ + "taxonomyId", + "relationshipName", + "relationshipValue" + ], + "properties": { + "taxonomyId": { + "type": "string", + "description": "Identifier of the item in the taxonomy. Used as the subject of the relationship.", + "minLength": 1, + "maxLength": 2048 + }, + "relationshipName": { + "type": "string", + "description": "A description of the relationship.", + "minLength": 1, + "maxLength": 128 + }, + "relationshipValue": { + "type": "string", + "description": "The target of the relationship. Can be the CVE ID or another taxonomy identifier.", + "minLength": 1, + "maxLength": 2048 + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "tagExtension": { + "type": "string", + "minLength": 2, + "maxLength": 128, + "pattern": "^x_.*$", + "$comment": "These values are not used as JSON property names, so there is not a need to work-around property naming limitations in some common implementations." + }, + "cnaTags": { + "type": "array", + "description": "Tags provided by a CNA describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", + "type": "string", + "description": "exclusively-hosted-service: All known software and/or hardware affected by this CVE Record is known to exist only in the affected hosted service. If the vulnerability affects both hosted and on-prem software and/or hardware, then the tag should not be used.\n\nunsupported-when-assigned: Used by the assigning CNA to indicate that when a request for a CVE assignment was received, the product was already end-of-life (EOL) or a product or specific version was deemed not to be supported by the vendor. This tag should only be applied to a CVE Record when all affected products or version lines referenced in the CVE-Record are EOL.\n\ndisputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": [ + "unsupported-when-assigned", + "exclusively-hosted-service", + "disputed" + ] + } + ] + } + }, + "adpTags": { + "type": "array", + "description": "Tags provided by an ADP describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", + "type": "string", + "description": "disputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": [ + "disputed" + ] + } + ] + } + } + }, + "properties": { + "cnaContainer": { + "$ref": "#/definitions/cnaPublishedContainer" + } + }, + "additionalProperties": false +} \ No newline at end of file diff --git a/schema/docs/CVE_Record_Format_bundled_cnaRejectedContainer.json b/schema/docs/CVE_Record_Format_bundled_cnaRejectedContainer.json new file mode 100644 index 00000000000..7a404c3af02 --- /dev/null +++ b/schema/docs/CVE_Record_Format_bundled_cnaRejectedContainer.json @@ -0,0 +1,3341 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cveproject.github.io/cve-schema/schema/docs/CVE_Record_Format_bundled_cnaRejectedContainer.json", + "title": "CVE JSON cnaRejectedContainer sub schema", + "description": "CVE JSON cnaRejectedContainer format", + "definitions": { + "uriType": { + "description": "A universal resource identifier (URI), according to [RFC 3986](https://tools.ietf.org/html/rfc3986).", + "type": "string", + "format": "uri", + "minLength": 1, + "maxLength": 2048 + }, + "uuidType": { + "description": "A version 4 (random) universally unique identifier (UUID) as defined by [RFC 4122](https://tools.ietf.org/html/rfc4122#section-4.1.3).", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "reference": { + "type": "object", + "required": [ + "url" + ], + "properties": { + "url": { + "description": "The uniform resource locator (URL), according to [RFC 3986](https://tools.ietf.org/html/rfc3986#section-1.1.3), that can be used to retrieve the referenced resource.", + "$ref": "#/definitions/uriType" + }, + "name": { + "description": "User created name for the reference, often the title of the page.", + "type": "string", + "maxLength": 512, + "minLength": 1 + }, + "tags": { + "description": "An array of one or more tags that describe the resource referenced by 'url'.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", + "type": "string", + "description": "broken-link: The reference link is returning a 404 error, or the site is no longer online.\n\ncustomer-entitlement: Similar to Privileges Required, but specific to references that require non-public/paid access for customers of the particular vendor.\n\nexploit: Reference contains an in-depth/detailed description of steps to exploit a vulnerability OR the reference contains any legitimate Proof of Concept (PoC) code or exploit kit.\n\ngovernment-resource: All reference links that are from a government agency or organization should be given the Government Resource tag.\n\nissue-tracking: The reference is a post from a bug tracking tool such as MantisBT, Bugzilla, JIRA, Github Issues, etc...\n\nmailing-list: The reference is from a mailing list -- often specific to a product or vendor.\n\nmitigation: The reference contains information on steps to mitigate against the vulnerability in the event a patch can't be applied or is unavailable or for EOL product situations.\n\nnot-applicable: The reference link is not applicable to the vulnerability and was likely associated by MITRE accidentally (should be used sparingly).\n\npatch: The reference contains an update to the software that fixes the vulnerability.\n\npermissions-required: The reference link provided is blocked by a logon page. If credentials are required to see any information this tag must be applied.\n\nmedia-coverage: The reference is from a media outlet such as a newspaper, magazine, social media, or weblog. This tag is not intended to apply to any individual's personal social media account. It is strictly intended for public media entities.\n\nproduct: A reference appropriate for describing a product for the purpose of CPE or SWID.\n\nrelated: A reference that is for a related (but not the same) vulnerability.\n\nrelease-notes: The reference is in the format of a vendor or open source project's release notes or change log.\n\nsignature: The reference contains a method to detect or prevent the presence or exploitation of the vulnerability.\n\ntechnical-description: The reference contains in-depth technical information about a vulnerability and its exploitation process, typically in the form of a presentation or whitepaper.\n\nthird-party-advisory: Advisory is from an organization that is not the vulnerable product's vendor/publisher/maintainer.\n\nvendor-advisory: Advisory is from the vendor/publisher/maintainer of the product or the parent organization.\n\nvdb-entry: VDBs are loosely defined as sites that provide information about this vulnerability, such as advisories, with identifiers. Included VDBs are free to access, substantially public, and have broad scope and coverage (not limited to a single vendor or research organization). See: https://www.first.org/global/sigs/vrdx/vdb-catalog", + "enum": [ + "broken-link", + "customer-entitlement", + "exploit", + "government-resource", + "issue-tracking", + "mailing-list", + "mitigation", + "not-applicable", + "patch", + "permissions-required", + "media-coverage", + "product", + "related", + "release-notes", + "signature", + "technical-description", + "third-party-advisory", + "vendor-advisory", + "vdb-entry" + ] + } + ] + } + } + }, + "additionalProperties": false + }, + "cveId": { + "type": "string", + "pattern": "^CVE-[0-9]{4}-[0-9]{4,19}$" + }, + "orgId": { + "description": "A UUID for an organization participating in the CVE program. This UUID can be used to lookup the organization record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "userId": { + "description": "A UUID for a user participating in the CVE program. This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "shortName": { + "description": "A 2-32 character name that can be used to complement an organization's UUID.", + "type": "string", + "minLength": 2, + "maxLength": 32 + }, + "datestamp": { + "description": "Date/time format based on RFC3339 and ISO ISO8601.", + "type": "string", + "format": "date", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))$" + }, + "timestamp": { + "type": "string", + "description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM'. If timezone offset is not given, GMT (+00:00) is assumed.", + "pattern": "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$" + }, + "version": { + "description": "A single version of a product, as expressed in its own version numbering scheme.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + }, + "status": { + "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", + "type": "string", + "enum": [ + "affected", + "unaffected", + "unknown" + ] + }, + "product": { + "type": "object", + "description": "Provides information about the set of products and services affected by this vulnerability.", + "allOf": [ + { + "anyOf": [ + { + "required": [ + "vendor", + "product" + ] + }, + { + "required": [ + "collectionURL", + "packageName" + ] + } + ] + }, + { + "anyOf": [ + { + "required": [ + "versions" + ] + }, + { + "required": [ + "defaultStatus" + ] + } + ] + } + ], + "properties": { + "vendor": { + "type": "string", + "description": "Name of the organization, project, community, individual, or user that created or maintains this product or hosted service. Can be 'N/A' if none of those apply. When collectionURL and packageName are used, this field may optionally represent the user or account within the package collection associated with the package.", + "minLength": 1, + "maxLength": 512 + }, + "product": { + "type": "string", + "description": "Name of the affected product.", + "minLength": 1, + "maxLength": 2048 + }, + "collectionURL": { + "description": "URL identifying a package collection (determines the meaning of packageName).", + "$ref": "#/definitions/uriType", + "examples": [ + "https://access.redhat.com/downloads/content/package-browser", + "https://addons.mozilla.org", + "https://addons.thunderbird.net", + "https://anaconda.org/anaconda/repo", + "https://app.vagrantup.com/boxes/search", + "https://apps.apple.com", + "https://archlinux.org/packages", + "https://atmospherejs.meteor.com", + "https://atom.io/packages", + "https://bitbucket.org", + "https://bower.io", + "https://brew.sh/", + "https://chocolatey.org/packages", + "https://chrome.google.com/webstore", + "https://clojars.org", + "https://cocoapods.org", + "https://code.dlang.org", + "https://conan.io/center", + "https://cpan.org/modules", + "https://cran.r-project.org", + "https://crates.io", + "https://ctan.org/pkg", + "https://drupal.org", + "https://exchange.adobe.com", + "https://forge.puppet.com/modules", + "https://github.com", + "https://gitlab.com/explore", + "https://golang.org/pkg", + "https://guix.gnu.org/packages", + "https://hackage.haskell.org", + "https://helm.sh", + "https://hub.docker.com", + "https://juliahub.com", + "https://lib.haxe.org", + "https://luarocks.org", + "https://marketplace.visualstudio.com", + "https://melpa.org", + "https://microsoft.com/en-us/store/apps", + "https://nimble.directory", + "https://nuget.org/packages", + "https://opam.ocaml.org/packages", + "https://openwrt.org/packages/index", + "https://package.elm-lang.org", + "https://packagecontrol.io", + "https://packages.debian.org", + "https://packages.gentoo.org", + "https://packagist.org", + "https://pear.php.net/packages.php", + "https://pecl.php.net", + "https://platformio.org/lib", + "https://play.google.com/store", + "https://plugins.gradle.org", + "https://projects.eclipse.org", + "https://pub.dev", + "https://pypi.python.org", + "https://registry.npmjs.org", + "https://registry.terraform.io", + "https://repo.hex.pm", + "https://repo.maven.apache.org/maven2", + "https://rubygems.org", + "https://search.nixos.org/packages", + "https://sourceforge.net", + "https://wordpress.org/plugins" + ] + }, + "packageName": { + "type": "string", + "description": "Name or identifier of the affected software package as used in the package collection.", + "minLength": 1, + "maxLength": 2048 + }, + "cpes": { + "type": "array", + "description": "Affected products defined by CPE. This is an array of CPE values (vulnerable and not), we use an array so that we can make multiple statements about the same version and they are separate (if we used a JSON object we'd essentially be keying on the CPE name and they would have to overlap). Also, this allows things like cveDataVersion or cveDescription to be applied directly to the product entry. This also allows more complex statements such as \"Product X between versions 10.2 and 10.8\" to be put in a machine-readable format. As well since multiple statements can be used multiple branches of the same product can be defined here.", + "uniqueItems": true, + "items": { + "title": "CPE Name", + "type": "string", + "description": "Common Platform Enumeration (CPE) Name in either 2.2 or 2.3 format", + "pattern": "([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})", + "minLength": 1, + "maxLength": 2048 + } + }, + "modules": { + "type": "array", + "description": "A list of the affected components, features, modules, sub-components, sub-products, APIs, commands, utilities, programs, or functionalities (optional).", + "uniqueItems": true, + "items": { + "type": "string", + "description": "Name of the affected component, feature, module, sub-component, sub-product, API, command, utility, program, or functionality (optional).", + "minLength": 1, + "maxLength": 4096 + } + }, + "programFiles": { + "type": "array", + "description": "A list of the affected source code files (optional).", + "uniqueItems": true, + "items": { + "description": "Name or path or location of the affected source code file.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + } + }, + "programRoutines": { + "type": "array", + "description": "A list of the affected source code functions, methods, subroutines, or procedures (optional).", + "uniqueItems": true, + "items": { + "type": "object", + "description": "An object describing program routine.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "Name of the affected source code file, function, method, subroutine, or procedure.", + "minLength": 1, + "maxLength": 4096 + } + }, + "additionalProperties": false + } + }, + "platforms": { + "title": "Platforms", + "description": "List of specific platforms if the vulnerability is only relevant in the context of these platforms (optional). Platforms may include execution environments, operating systems, virtualization technologies, hardware models, or computing architectures. The lack of this field or an empty array implies that the other fields are applicable to all relevant platforms.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "string", + "examples": [ + "iOS", + "Android", + "Windows", + "macOS", + "x86", + "ARM", + "64 bit", + "Big Endian", + "iPad", + "Chromebook", + "Docker", + "Model T" + ], + "maxLength": 1024 + } + }, + "repo": { + "description": "The URL of the source code repository, for informational purposes and/or to resolve git hash version ranges.", + "$ref": "#/definitions/uriType" + }, + "defaultStatus": { + "description": "The default status for versions that are not otherwise listed in the versions list. If not specified, defaultStatus defaults to 'unknown'. Versions or defaultStatus may be omitted, but not both.", + "$ref": "#/definitions/status" + }, + "versions": { + "type": "array", + "description": "Set of product versions or version ranges related to the vulnerability. The versions satisfy the CNA Rules [8.1.2 requirement](https://cve.mitre.org/cve/cna/rules.html#section_8-1_cve_entry_information_requirements). Versions or defaultStatus may be omitted, but not both.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A single version or a range of versions, with vulnerability status.\n\nAn entry with only 'version' and 'status' indicates the status of a single version.\n\nOtherwise, an entry describes a range; it must include the 'versionType' property, to define the version numbering semantics in use, and 'limit', to indicate the non-inclusive upper limit of the range. The object describes the status for versions V such that 'version' <= V and V < 'limit', using the <= and < semantics defined for the specific kind of 'versionType'. Status changes within the range can be specified by an optional 'changes' list.\n\nThe algorithm to decide the status specified for a version V is:\n\n\tfor entry in product.versions {\n\t\tif entry.lessThan is not present and entry.lessThanOrEqual is not present and v == entry.version {\n\t\t\treturn entry.status\n\t\t}\n\t\tif (entry.lessThan is present and entry.version <= v and v < entry.lessThan) or\n\t\t (entry.lessThanOrEqual is present and entry.version <= v and v <= entry.lessThanOrEqual) { // <= and < defined by entry.versionType\n\t\t\tstatus = entry.status\n\t\t\tfor change in entry.changes {\n\t\t\t\tif change.at <= v {\n\t\t\t\t\tstatus = change.status\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn status\n\t\t}\n\t}\n\treturn product.defaultStatus\n\n.", + "oneOf": [ + { + "required": [ + "version", + "status" + ], + "maxProperties": 2 + }, + { + "required": [ + "version", + "status", + "versionType" + ], + "maxProperties": 3 + }, + { + "required": [ + "version", + "status", + "versionType", + "lessThan" + ] + }, + { + "required": [ + "version", + "status", + "versionType", + "lessThanOrEqual" + ] + } + ], + "properties": { + "version": { + "description": "The single version being described, or the version at the start of the range. By convention, typically 0 denotes the earliest possible version.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The vulnerability status for the version or range of versions. For a range, the status may be refined by the 'changes' list.", + "$ref": "#/definitions/status" + }, + "versionType": { + "type": "string", + "description": "The version numbering system used for specifying the range. This defines the exact semantics of the comparison (less-than) operation on versions, which is required to understand the range itself. 'Custom' indicates that the version type is unspecified and should be avoided whenever possible. It is included primarily for use in conversion of older data files.", + "minLength": 1, + "maxLength": 128, + "examples": [ + "custom", + "git", + "maven", + "python", + "rpm", + "semver" + ] + }, + "lessThan": { + "description": "The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk `(*)`, indicating an arbitrarily large number in the version ordering. For example, `{version: 1.0 lessThan: 1.*}` would describe the entire 1.X branch for most range kinds, and `{version: 2.0, lessThan: *}` describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.", + "$ref": "#/definitions/version" + }, + "lessThanOrEqual": { + "description": "The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, `{version: 1.0, lessThanOrEqual: 1.3}` covers all versions from 1.0 up to and including 1.3.", + "$ref": "#/definitions/version" + }, + "changes": { + "type": "array", + "description": "A list of status changes that take place during the range. The array should be sorted in increasing order by the 'at' field, according to the versionType, but clients must re-sort the list themselves rather than assume it is sorted.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "The start of a single status change during the range.", + "required": [ + "at", + "status" + ], + "additionalProperties": false, + "properties": { + "at": { + "description": "The version at which a status change occurs.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The new status in the range starting at the given version.", + "$ref": "#/definitions/status" + } + } + } + } + }, + "additionalProperties": false + } + } + } + }, + "dataType": { + "description": "Indicates the type of information represented in the JSON instance.", + "type": "string", + "enum": [ + "CVE_RECORD" + ] + }, + "dataVersion": { + "description": "The version of the CVE schema used for validating this record. Used to support multiple versions of this format.", + "type": "string", + "pattern": "^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$", + "default": "5.1.0" + }, + "cveMetadataPublished": { + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "type": "object", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned. This UUID can be used to lookup the organization record in the user registry service." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "requesterUserId": { + "$ref": "#/definitions/userId", + "description": "The user that requested the CVE identifier." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "state": { + "description": "State of CVE - PUBLISHED, REJECTED.", + "type": "string", + "enum": [ + "PUBLISHED" + ] + } + }, + "additionalProperties": false + }, + "cveMetadataRejected": { + "type": "object", + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "dateRejected": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE ID was rejected." + }, + "state": { + "type": "string", + "description": "State of CVE - PUBLISHED, REJECTED.", + "enum": [ + "REJECTED" + ] + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + } + }, + "additionalProperties": false + }, + "providerMetadata": { + "type": "object", + "description": "Details related to the information container provider (CNA or ADP).", + "properties": { + "orgId": { + "$ref": "#/definitions/orgId", + "description": "The container provider's organizational UUID." + }, + "shortName": { + "$ref": "#/definitions/shortName", + "description": "The container provider's organizational short name." + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp", + "description": "Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission." + } + }, + "required": [ + "orgId" + ], + "additionalProperties": false + }, + "cnaPublishedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a published CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA. The CNA container must include the required information defined in the CVE Rules, which includes a product, version, problem type, prose description, and a reference.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "dateAssigned": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was associated with a vulnerability by a CNA." + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "A title, headline, or a brief phrase summarizing the CVE record. Eg., Buffer overflow in Example Soft.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/cnaTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata", + "descriptions", + "affected", + "references" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "cnaRejectedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a rejected CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "rejectedReasons": { + "description": "Reasons for rejecting this CVE Record.", + "$ref": "#/definitions/descriptions" + }, + "replacedBy": { + "type": "array", + "description": "Contains an array of CVE IDs that this CVE ID was rejected in favor of because this CVE ID was assigned to the vulnerabilities.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/cveId" + } + } + }, + "required": [ + "providerMetadata", + "rejectedReasons" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "adpContainer": { + "description": "An object containing the vulnerability information provided by an Authorized Data Publisher (ADP). Since multiple ADPs can provide information for a CVE ID, an ADP container must indicate which ADP is the source of the information in the object.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "A title, headline, or a brief phrase summarizing the information in an ADP container.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/adpTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata" + ], + "minProperties": 2, + "patternProperties": { + "^x_[^.]*$": {} + }, + "$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.", + "additionalProperties": false + }, + "affected": { + "type": "array", + "description": "List of affected products.", + "minItems": 1, + "items": { + "$ref": "#/definitions/product" + } + }, + "description": { + "type": "object", + "description": "Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "description": "Plain text description.", + "minLength": 1, + "maxLength": 4096 + }, + "supportingMedia": { + "type": "array", + "title": "Supporting media", + "description": "Supporting media data for the description such as markdown, diagrams, .. (optional). Similar to RFC 2397 each media object has three main parts: media type, media data value, and an optional boolean flag to indicate if the media data is base64 encoded.", + "uniqueItems": true, + "minItems": 1, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "title": "Media type", + "minLength": 1, + "maxLength": 256, + "description": "RFC2046 compliant IANA Media type for eg., text/markdown, text/html.", + "examples": [ + "text/markdown", + "text/html", + "image/png", + "image/svg", + "audio/mp3" + ] + }, + "base64": { + "type": "boolean", + "title": "Encoding", + "description": "If true then the value field contains the media data encoded in base64. If false then the value field contains the UTF-8 media content.", + "default": false + }, + "value": { + "type": "string", + "description": "Supporting media content, up to 16K. If base64 is true, this field stores base64 encoded data.", + "minLength": 1, + "maxLength": 16384 + } + }, + "required": [ + "type", + "value" + ], + "additionalProperties": false + } + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + }, + "englishLanguageDescription": { + "type": "object", + "description": "A description with lang set to an English language (en, en_US, en_UK, and so on).", + "properties": { + "lang": { + "$ref": "#/definitions/englishLanguage" + } + }, + "required": [ + "lang" + ], + "$comment": "Cannot use additionalProperties: false here, as this prevents the other properties used by /definitions/description." + }, + "descriptions": { + "type": "array", + "description": "A list of multi-lingual descriptions of the vulnerability. E.g., [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]. OR [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] [ROOT CAUSE], which allows [ATTACKER] to [IMPACT] via [VECTOR].", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + }, + "contains": { + "$ref": "#/definitions/englishLanguageDescription" + } + }, + "problemTypes": { + "type": "array", + "description": "This is problem type information (e.g. CWE identifier). Must contain: At least one entry, can be text, OWASP, CWE, please note that while only one is required you can use more than one (or indeed all three) as long as they are correct). (CNA requirement: [PROBLEMTYPE]).", + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "descriptions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "lang", + "description" + ], + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "description": { + "type": "string", + "description": "Text description of problemType, or title from CWE or OWASP.", + "minLength": 1, + "maxLength": 4096 + }, + "cweId": { + "type": "string", + "description": "CWE ID of the CWE that best describes this problemType entry.", + "minLength": 5, + "maxLength": 9, + "pattern": "^CWE-[1-9][0-9]*$" + }, + "type": { + "type": "string", + "description": "Problemtype source, text, OWASP, CWE, etc.,", + "minLength": 1, + "maxLength": 128 + }, + "references": { + "$ref": "#/definitions/references" + } + }, + "additionalProperties": false + }, + "minItems": 1, + "uniqueItems": true + } + }, + "additionalProperties": false + }, + "minItems": 1, + "uniqueItems": true + }, + "references": { + "type": "array", + "description": "This is reference data in the form of URLs or file objects (uuencoded and embedded within the JSON file, exact format to be decided, e.g. we may require a compressed format so the objects require unpacking before they are \"dangerous\").", + "items": { + "$ref": "#/definitions/reference" + }, + "minItems": 1, + "maxItems": 512, + "uniqueItems": true + }, + "impacts": { + "type": "array", + "description": "Collection of impacts of this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description.", + "required": [ + "descriptions" + ], + "properties": { + "capecId": { + "type": "string", + "description": "CAPEC ID that best relates to this impact.", + "minLength": 7, + "maxLength": 11, + "pattern": "^CAPEC-[1-9][0-9]{0,4}$" + }, + "descriptions": { + "description": "Prose description of the impact scenario. At a minimum provide the description given by CAPEC.", + "$ref": "#/definitions/descriptions" + } + }, + "additionalProperties": false + } + }, + "metrics": { + "type": "array", + "description": "Collection of impact scores with attribution.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description, CVSSv2, CVSSv3, CVSSV4, etc.). Must contain: At least one entry, can be text, CVSSv2, CVSSv3, others may be added.", + "anyOf": [ + { + "required": [ + "cvssV4_0" + ] + }, + { + "required": [ + "cvssV3_1" + ] + }, + { + "required": [ + "cvssV3_0" + ] + }, + { + "required": [ + "cvssV2_0" + ] + }, + { + "required": [ + "other" + ] + } + ], + "properties": { + "format": { + "type": "string", + "description": "Name of the scoring format. This provides a bit of future proofing. Additional properties are not prohibited, so this will support the inclusion of proprietary formats. It also provides an easy future conversion mechanism when future score formats become part of the schema. example: cvssV44, format = 'cvssV44', other = cvssV4_4 JSON object. In the future, the other properties can be converted to score properties when they become part of the schema.", + "minLength": 1, + "maxLength": 64 + }, + "scenarios": { + "type": "array", + "description": "Description of the scenarios this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "default": "GENERAL", + "description": "Description of the scenario this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minLength": 1, + "maxLength": 4096 + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + } + }, + "cvssV4_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 4.0", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "attackRequirementsType": { + "type": "string", + "enum": [ + "NONE", + "PRESENT" + ] + }, + "modifiedAttackRequirementsType": { + "type": "string", + "enum": [ + "NONE", + "PRESENT", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "PASSIVE", + "ACTIVE" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "PASSIVE", + "ACTIVE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "vulnCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedVulnCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "subCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedSubCType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "modifiedSubIaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "SAFETY", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "exploitMaturityType": { + "type": "string", + "enum": [ + "UNREPORTED", + "PROOF_OF_CONCEPT", + "ATTACKED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "safetyType": { + "type": "string", + "enum": [ + "NEGLIGIBLE", + "PRESENT", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "automatableType": { + "type": "string", + "enum": [ + "NO", + "YES", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "recoveryType": { + "type": "string", + "enum": [ + "AUTOMATIC", + "USER", + "IRRECOVERABLE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "valueDensityType": { + "type": "string", + "enum": [ + "DIFFUSE", + "CONCENTRATED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "vulnerabilityResponseEffortType": { + "type": "string", + "enum": [ + "LOW", + "MODERATE", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "providerUrgencyType": { + "type": "string", + "enum": [ + "CLEAR", + "GREEN", + "AMBER", + "RED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "4.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType" + }, + "attackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType" + }, + "vulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "subConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "exploitMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType" + }, + "modifiedAttackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType" + }, + "modifiedVulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedSubConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType" + }, + "modifiedSubIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedSubAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "Safety": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType" + }, + "Automatable": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType" + }, + "Recovery": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType" + }, + "valueDensity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType" + }, + "vulnerabilityResponseEffort": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType" + }, + "providerUrgency": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType" + } + }, + "allOf": [ + { + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + }, + { + "anyOf": [ + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + }, + { + "anyOf": [ + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType" + } + } + } + ] + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV3_1": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.1", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.1" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + } + }, + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/criticalSeverityType" + } + } + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV3_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.0", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "enum": [ + 0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + } + }, + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/criticalSeverityType" + } + } + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false + }, + "cvssV2_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 2.0", + "type": "object", + "definitions": { + "accessVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL" + ] + }, + "accessComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "MEDIUM", + "LOW" + ] + }, + "authenticationType": { + "type": "string", + "enum": [ + "MULTIPLE", + "SINGLE", + "NONE" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "PARTIAL", + "COMPLETE" + ] + }, + "exploitabilityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "reportConfidenceType": { + "type": "string", + "enum": [ + "UNCONFIRMED", + "UNCORROBORATED", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "collateralDamagePotentialType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "LOW_MEDIUM", + "MEDIUM_HIGH", + "HIGH", + "NOT_DEFINED" + ] + }, + "targetDistributionType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "2.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$" + }, + "accessVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType" + }, + "accessComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType" + }, + "authentication": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "exploitability": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "collateralDamagePotential": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType" + }, + "targetDistribution": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore" + ], + "additionalProperties": false + }, + "other": { + "type": "object", + "description": "A non-standard impact description, may be prose or JSON block.", + "required": [ + "type", + "content" + ], + "properties": { + "type": { + "description": "Name of the non-standard impact metrics format used.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "content": { + "type": "object", + "$comment": "additionalProperties are allowed here, since this construct supports arbitrary JSON.", + "description": "JSON object not covered by another metrics format.", + "minProperties": 1 + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "configurations": { + "type": "array", + "description": "Configurations required for exploiting this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "workarounds": { + "type": "array", + "description": "Workarounds and mitigations for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "solutions": { + "type": "array", + "description": "Information about solutions or remediations available for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "exploits": { + "type": "array", + "description": "Information about exploits of the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "timeline": { + "type": "array", + "description": "This is timeline information for significant events about this vulnerability or changes to the CVE Record.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "time", + "lang", + "value" + ], + "properties": { + "time": { + "description": "Timestamp representing when the event in the timeline occurred. The timestamp format is based on RFC3339 and ISO ISO8601, with an optional timezone. yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM - if the timezone offset is not given, GMT (+00:00) is assumed.", + "$ref": "#/definitions/timestamp" + }, + "lang": { + "description": "The language used in the description of the event. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "description": "A summary of the event.", + "type": "string", + "minLength": 1, + "maxLength": 4096 + } + }, + "additionalProperties": false + } + }, + "credits": { + "type": "array", + "description": "Statements acknowledging specific people, organizations, or tools recognizing the work done in researching, discovering, remediating or helping with activities related to this CVE.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "description": "The language used when describing the credits. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "minLength": 1, + "maxLength": 4096 + }, + "user": { + "description": "UUID of the user being credited if present in the CVE User Registry (optional). This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "type": { + "type": "string", + "description": "Type or role of the entity being credited (optional). finder: identifies the vulnerability.\nreporter: notifies the vendor of the vulnerability to a CNA.\nanalyst: validates the vulnerability to ensure accuracy or severity.\ncoordinator: facilitates the coordinated response process.\nremediation developer: prepares a code change or other remediation plans.\nremediation reviewer: reviews vulnerability remediation plans or code changes for effectiveness and completeness.\nremediation verifier: tests and verifies the vulnerability or its remediation.\ntool: names of tools used in vulnerability discovery or identification.\nsponsor: supports the vulnerability identification or remediation activities.", + "default": "finder", + "enum": [ + "finder", + "reporter", + "analyst", + "coordinator", + "remediation developer", + "remediation reviewer", + "remediation verifier", + "tool", + "sponsor", + "other" + ] + } + }, + "additionalProperties": false, + "required": [ + "lang", + "value" + ] + } + }, + "source": { + "type": "object", + "description": "This is the source information (who discovered it, who researched it, etc.) and optionally a chain of CNA information (e.g. the originating CNA and subsequent parent CNAs who have processed it before it arrives at the MITRE root).\n Must contain: IF this is in the root level it MUST contain a CNA_chain entry, IF this source entry is NOT in the root (e.g. it is part of a vendor statement) then it must contain at least one type of data entry.", + "minProperties": 1 + }, + "language": { + "type": "string", + "description": "BCP 47 language code, language-region.", + "default": "en", + "pattern": "^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "englishLanguage": { + "type": "string", + "description": "BCP 47 language code, language-region, required to be English.", + "pattern": "^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "taxonomyMappings": { + "type": "array", + "description": "List of taxonomy items related to the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A taxonomy mapping object identifies the taxonomy by a name and version (eg., ATT&CK v13.1, CVSS 3.1, CWE 4.12) along with a list of relations relevant to this CVE.", + "required": [ + "taxonomyName", + "taxonomyRelations" + ], + "properties": { + "taxonomyName": { + "type": "string", + "description": "The name of the taxonomy, eg., ATT&CK, D3FEND, CWE, CVSS", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyVersion": { + "type": "string", + "description": "The version of taxonomy the identifiers come from.", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyRelations": { + "type": "array", + "description": "List of relationships to the taxonomy for the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A relationship between the taxonomy and the CVE or two taxonomy items.", + "required": [ + "taxonomyId", + "relationshipName", + "relationshipValue" + ], + "properties": { + "taxonomyId": { + "type": "string", + "description": "Identifier of the item in the taxonomy. Used as the subject of the relationship.", + "minLength": 1, + "maxLength": 2048 + }, + "relationshipName": { + "type": "string", + "description": "A description of the relationship.", + "minLength": 1, + "maxLength": 128 + }, + "relationshipValue": { + "type": "string", + "description": "The target of the relationship. Can be the CVE ID or another taxonomy identifier.", + "minLength": 1, + "maxLength": 2048 + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "tagExtension": { + "type": "string", + "minLength": 2, + "maxLength": 128, + "pattern": "^x_.*$", + "$comment": "These values are not used as JSON property names, so there is not a need to work-around property naming limitations in some common implementations." + }, + "cnaTags": { + "type": "array", + "description": "Tags provided by a CNA describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", + "type": "string", + "description": "exclusively-hosted-service: All known software and/or hardware affected by this CVE Record is known to exist only in the affected hosted service. If the vulnerability affects both hosted and on-prem software and/or hardware, then the tag should not be used.\n\nunsupported-when-assigned: Used by the assigning CNA to indicate that when a request for a CVE assignment was received, the product was already end-of-life (EOL) or a product or specific version was deemed not to be supported by the vendor. This tag should only be applied to a CVE Record when all affected products or version lines referenced in the CVE-Record are EOL.\n\ndisputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": [ + "unsupported-when-assigned", + "exclusively-hosted-service", + "disputed" + ] + } + ] + } + }, + "adpTags": { + "type": "array", + "description": "Tags provided by an ADP describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", + "type": "string", + "description": "disputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": [ + "disputed" + ] + } + ] + } + } + }, + "properties": { + "cnaContainer": { + "$ref": "#/definitions/cnaRejectedContainer" + } + }, + "additionalProperties": false +} \ No newline at end of file diff --git a/schema/docs/cnaContainer-advanced-example.json b/schema/docs/cnaContainer-advanced-example.json new file mode 100644 index 00000000000..c255d81b336 --- /dev/null +++ b/schema/docs/cnaContainer-advanced-example.json @@ -0,0 +1,302 @@ +{ + "cnaContainer": { + "providerMetadata": { + "orgId": "00000000-0000-4000-9000-000000000000" + }, + "title": "Buffer overflow in Example Enterprise allows Privilege Escalation.", + "datePublic": "2021-09-08T16:24:00.000Z", + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-78", + "description": "CWE-78 OS Command Injection", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-233", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-233 Privilege Escalation" + } + ] + } + ], + "affected": [ + { + "vendor": "Example.org", + "product": "Example Enterprise", + "platforms": [ + "Windows", + "MacOS", + "XT-4500" + ], + "collectionURL": "https://example.org/packages", + "packageName": "example_enterprise", + "repo": "git://example.org/source/example_enterprise", + "modules": [ + "Web-Management-Interface" + ], + "programFiles": [ + "example_enterprise/example.php" + ], + "programRoutines": [ + { + "name": "parseFilename" + } + ], + "versions": [ + { + "version": "1.0.0", + "status": "affected", + "lessThan": "1.0.6", + "versionType": "semver" + }, + { + "version": "2.1.0", + "status": "unaffected", + "lessThan": "2.1.*", + "changes": [ + { + "at": "2.1.6", + "status": "affected" + }, + { + "at": "2.1.9", + "status": "unaffected" + } + ], + "versionType": "semver" + }, + { + "version": "3.0.0", + "status": "unaffected", + "lessThan": "*", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges. This issue affects: 1.0 versions before 1.0.6, 2.1 versions from 2.16 until 2.1.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges.

This issue affects:
" + } + ] + }, + { + "lang": "eo", + "value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise \u0109e Windows, macOS kaj XT-4500 permesas al malproksimaj nea\u016dtentikigitaj atakantoj eskaladi privilegiojn. \u0108i tiu afero efikas: 1.0-versioj anta\u016d 1.0.6, 2.1-versioj de 2.16 \u011dis 2.1.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise \u0109e Windows, macOS kaj XT-4500 permesas al malproksimaj nea\u016dtentikigitaj atakantoj eskaladi privilegiojn.

\u0108i tiu afero efikas:
" + } + ] + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV4_0": { + "baseScore": 7.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L", + "version": "4.0" + }, + "cvssV3_1": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + }, + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "If the enhanced host protection mode is turned on, this vulnerability can only be exploited to run os commands as user 'nobody'. Privilege escalation is not possible." + } + ], + "cvssV3_1": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + } + ], + "solutions": [ + { + "lang": "en", + "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions." + } + ] + } + ], + "workarounds": [ + { + "lang": "en", + "value": "Disable the web management interface with the command\n> service disable webmgmt", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "Disable the web management interface with the command
> service disable webmgmt
" + } + ] + } + ], + "configurations": [ + { + "lang": "en", + "value": "Web management interface should be enabled.\n> service status webmgmt\nwebmgmt running", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "Web management interface should be enabled.
> service status webmgmt
webmgmt running
" + } + ] + } + ], + "exploits": [ + { + "lang": "en", + "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available." + } + ] + } + ], + "timeline": [ + { + "time": "2001-09-01T07:31:00.000Z", + "lang": "en", + "value": "Issue discovered by Alice using Acme Autofuzz" + }, + { + "time": "2021-09-02T16:36:00.000Z", + "lang": "en", + "value": "Confirmed by Bob" + }, + { + "time": "2021-09-07T16:37:00.000Z", + "lang": "en", + "value": "Fixes released" + } + ], + "credits": [ + { + "lang": "en", + "value": "Alice", + "type": "finder" + }, + { + "lang": "en", + "value": "Bob", + "type": "analyst" + }, + { + "lang": "en", + "value": "Acme Autofuzz", + "type": "tool" + } + ], + "references": [ + { + "url": "https://example.org/ESA-22-11-CVE-1337-1234", + "name": "ESA-22-11", + "tags": [ + "vendor-advisory" + ] + }, + { + "url": "https://example.com/blog/alice/pwning_example_enterprise", + "name": "Pwning Example Enterprise", + "tags": [ + "technical-description", + "third-party-advisory" + ] + }, + { + "url": "https://example.org/bugs/EXAMPLE-1234", + "name": "EXAMPLE-1234", + "tags": [ + "issue-tracking" + ] + }, + { + "url": "https://example.org/ExampleEnterprise", + "tags": [ + "product" + ] + } + ], + "source": { + "defects": [ + "EXAMPLE-1234" + ], + "advisory": "ESA-22-11", + "discovery": "EXTERNAL" + }, + "taxonomyMappings": [ + { + "taxonomyName": "ATT&CK", + "taxonomyVersion": "v9", + "taxonomyRelations": [ + { + "taxonomyId": "T1190", + "relationshipName": "mitigated by", + "relationshipValue": "M1048" + } + ] + } + ] + } +} diff --git a/schema/docs/cnaContainer-basic-example.json b/schema/docs/cnaContainer-basic-example.json new file mode 100644 index 00000000000..0b474d3e5f6 --- /dev/null +++ b/schema/docs/cnaContainer-basic-example.json @@ -0,0 +1,43 @@ +{ + "cnaContainer": { + "providerMetadata": { + "orgId": "00000000-0000-4000-9000-000000000000" + }, + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "description": "CWE-78 OS Command Injection" + } + ] + } + ], + "affected": [ + { + "vendor": "Example.org", + "product": "Example Enterprise", + "versions": [ + { + "version": "1.0.0", + "status": "affected", + "lessThan": "1.0.6", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, MacOS and XT-4500 allows remote unauthenticated attackers to escalate privileges.\n\nThis issue affects:\n * 1.0 versions before 1.0.6\n * 2.1 versions from 2.16 until 2.1.9." + } + ], + "references": [ + { + "url": "https://example.org/ESA-22-11-CVE-1337-1234" + } + ] + } +} diff --git a/schema/docs/cnaContainer-rejected-example.json b/schema/docs/cnaContainer-rejected-example.json new file mode 100644 index 00000000000..dce4296a3b3 --- /dev/null +++ b/schema/docs/cnaContainer-rejected-example.json @@ -0,0 +1,14 @@ +{ + "cnaContainer": { + "providerMetadata": { + "orgId": "00000000-0000-4000-9000-000000000000", + "shortName": "example" + }, + "rejectedReasons": [ + { + "lang": "en", + "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + } + ] + } +} \ No newline at end of file diff --git a/schema/docs/full-record-advanced-example.json b/schema/docs/full-record-advanced-example.json new file mode 100644 index 00000000000..da1532278cd --- /dev/null +++ b/schema/docs/full-record-advanced-example.json @@ -0,0 +1,316 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-1337-1234", + "assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6", + "assignerShortName": "example", + "requesterUserId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6", + "serial": 1, + "state": "PUBLISHED" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6", + "shortName": "example", + "dateUpdated": "2021-09-08T16:24:00.000Z" + }, + "title": "Buffer overflow in Example Enterprise allows Privilege Escalation.", + "datePublic": "2021-09-08T16:24:00.000Z", + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "cweId": "CWE-78", + "description": "CWE-78 OS Command Injection", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-233", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-233 Privilege Escalation" + } + ] + } + ], + "affected": [ + { + "vendor": "Example.org", + "product": "Example Enterprise", + "platforms": [ + "Windows", + "MacOS", + "XT-4500" + ], + "collectionURL": "https://example.org/packages", + "packageName": "example_enterprise", + "repo": "git://example.org/source/example_enterprise", + "modules": [ + "Web-Management-Interface" + ], + "programFiles": [ + "example_enterprise/example.php" + ], + "programRoutines": [ + { + "name": "parseFilename" + } + ], + "versions": [ + { + "version": "1.0.0", + "status": "affected", + "lessThan": "1.0.6", + "versionType": "semver" + }, + { + "version": "2.1.0", + "status": "unaffected", + "lessThan": "2.1.*", + "changes": [ + { + "at": "2.1.6", + "status": "affected" + }, + { + "at": "2.1.9", + "status": "unaffected" + } + ], + "versionType": "semver" + }, + { + "version": "3.0.0", + "status": "unaffected", + "lessThan": "*", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges. This issue affects: 1.0 versions before 1.0.6, 2.1 versions from 2.16 until 2.1.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges.

This issue affects:
" + } + ] + }, + { + "lang": "eo", + "value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise ĉe Windows, macOS kaj XT-4500 permesas al malproksimaj neaŭtentikigitaj atakantoj eskaladi privilegiojn. Ĉi tiu afero efikas: 1.0-versioj antaŭ 1.0.6, 2.1-versioj de 2.16 ĝis 2.1.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise ĉe Windows, macOS kaj XT-4500 permesas al malproksimaj neaŭtentikigitaj atakantoj eskaladi privilegiojn.

Ĉi tiu afero efikas:
" + } + ] + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV4_0": { + "baseScore": 7.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L", + "version":"4.0" + }, + "cvssV3_1": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + }, + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "If the enhanced host protection mode is turned on, this vulnerability can only be exploited to run os commands as user 'nobody'. Privilege escalation is not possible." + } + ], + "cvssV3_1": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + } + ], + "solutions": [ + { + "lang": "en", + "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions." + } + ] + } + ], + "workarounds": [ + { + "lang": "en", + "value": "Disable the web management interface with the command\n> service disable webmgmt", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "Disable the web management interface with the command
> service disable webmgmt
" + } + ] + } + ], + "configurations": [ + { + "lang": "en", + "value": "Web management interface should be enabled.\n> service status webmgmt\nwebmgmt running", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "Web management interface should be enabled.
> service status webmgmt
webmgmt running
" + } + ] + } + ], + "exploits": [ + { + "lang": "en", + "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available." + } + ] + } + ], + "timeline": [ + { + "time": "2001-09-01T07:31:00.000Z", + "lang": "en", + "value": "Issue discovered by Alice using Acme Autofuzz" + }, + { + "time": "2021-09-02T16:36:00.000Z", + "lang": "en", + "value": "Confirmed by Bob" + }, + { + "time": "2021-09-07T16:37:00.000Z", + "lang": "en", + "value": "Fixes released" + } + ], + "credits": [ + { + "lang": "en", + "value": "Alice", + "type": "finder" + }, + { + "lang": "en", + "value": "Bob", + "type": "analyst" + }, + { + "lang": "en", + "value": "Acme Autofuzz", + "type": "tool" + } + ], + "references": [ + { + "url": "https://example.org/ESA-22-11-CVE-1337-1234", + "name": "ESA-22-11", + "tags": [ + "vendor-advisory" + ] + }, + { + "url": "https://example.com/blog/alice/pwning_example_enterprise", + "name": "Pwning Example Enterprise", + "tags": [ + "technical-description", + "third-party-advisory" + ] + }, + { + "url": "https://example.org/bugs/EXAMPLE-1234", + "name": "EXAMPLE-1234", + "tags": [ + "issue-tracking" + ] + }, + { + "url": "https://example.org/ExampleEnterprise", + "tags": [ + "product" + ] + } + ], + "source": { + "defects": [ + "EXAMPLE-1234" + ], + "advisory": "ESA-22-11", + "discovery": "EXTERNAL" + }, + "taxonomyMappings": [ + { + "taxonomyName": "ATT&CK", + "taxonomyVersion": "v9", + "taxonomyRelations": [ + { + "taxonomyId": "T1190", + "relationshipName": "mitigated by", + "relationshipValue": "M1048" + } + ] + } + ] + } + } +} diff --git a/schema/docs/full-record-basic-example.json b/schema/docs/full-record-basic-example.json new file mode 100644 index 00000000000..b1c3f5eaac0 --- /dev/null +++ b/schema/docs/full-record-basic-example.json @@ -0,0 +1,52 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-1337-1234", + "assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6", + "state": "PUBLISHED" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6" + }, + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "description": "CWE-78 OS Command Injection" + } + ] + } + ], + "affected": [ + { + "vendor": "Example.org", + "product": "Example Enterprise", + "versions": [ + { + "version": "1.0.0", + "status": "affected", + "lessThan": "1.0.6", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, MacOS and XT-4500 allows remote unauthenticated attackers to escalate privileges.\n\nThis issue affects:\n * 1.0 versions before 1.0.6\n * 2.1 versions from 2.16 until 2.1.9." + } + ], + "references": [ + { + "url": "https://example.org/ESA-22-11-CVE-1337-1234" + } + ] + } + } +} \ No newline at end of file diff --git a/schema/docs/index.html b/schema/docs/index.html new file mode 100644 index 00000000000..d47da866163 --- /dev/null +++ b/schema/docs/index.html @@ -0,0 +1,103 @@ + CVE JSON record format

CVE JSON record format


cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at the official website. This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema here.

Type: object

When a CNA populates the data associated with a CVE ID as a CVE Record, the state of the CVE Record is Published.

No Additional Properties

Type: enum (of string)

Indicates the type of information represented in the JSON instance.

Must be one of:

  • "CVE_RECORD"

Type: string Default: "5.1.0"

The version of the CVE schema used for validating this record. Used to support multiple versions of this format.

Must match regular expression: ^5\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))?$

Type: object

This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.

No Additional Properties

Type: string

The CVE identifier that this record pertains to.

Must match regular expression: ^CVE-[0-9]{4}-[0-9]{4,19}$

Type: string

The UUID for the organization to which the CVE ID was originally assigned. This UUID can be used to lookup the organization record in the user registry service.

Must match regular expression: ^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$

Type: string

The short name for the organization to which the CVE ID was originally assigned.

Must be at least 2 characters long

Must be at most 32 characters long

Type: string

The user that requested the CVE identifier.

Same definition as assignerOrgId

Type: string

The date/time the record was last updated.

Must match regular expression: ^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$

Type: integer

The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition.

Value must be greater or equal to 1

Type: string

The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Same definition as dateUpdated

Type: string

The date/time the CVE Record was first published in the CVE List.

Same definition as dateUpdated

Type: enum (of string)

State of CVE - PUBLISHED, REJECTED.

Must be one of:

  • "PUBLISHED"

Type: object

A set of structures (called containers) used to store vulnerability information related to a specific CVE ID provided by a specific organization participating in the CVE program. Each container includes information provided by a different source.

At a minimum, a 'cna' container containing the vulnerability information provided by the CNA who initially assigned the CVE ID must be included.

There can only be one 'cna' container, as there can only be one assigning CNA. However, there can be multiple 'adp' containers, allowing multiple organizations participating in the CVE program to add additional information related to the vulnerability. For the most part, the 'cna' and 'adp' containers contain the same properties. The main differences are the source of the information. The 'cna' container requires the CNA to include certain fields, while the 'adp' container does not.

No Additional Properties

Type: object

An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a published CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA. The CNA container must include the required information defined in the CVE Rules, which includes a product, version, problem type, prose description, and a reference.

No Additional Properties

Type: object

Details related to the information container provider (CNA or ADP).

No Additional Properties

Type: string

The container provider's organizational UUID.

Same definition as assignerOrgId

Type: string

The container provider's organizational short name.

Same definition as assignerShortName

Type: string

Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission.

Same definition as dateUpdated

Type: string

The date/time this CVE ID was associated with a vulnerability by a CNA.

Same definition as dateUpdated

Type: string

If known, the date/time the vulnerability was disclosed publicly.

Same definition as dateUpdated

Type: string

A title, headline, or a brief phrase summarizing the CVE record. Eg., Buffer overflow in Example Soft.

Must be at least 1 characters long

Must be at most 256 characters long

Type: array

A list of multi-lingual descriptions of the vulnerability. E.g., [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]. OR [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] [ROOT CAUSE], which allows [ATTACKER] to [IMPACT] via [VECTOR].

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object

Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.

No Additional Properties

Type: string Default: "en"

BCP 47 language code, language-region.

Must match regular expression: ^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$

Type: string

Plain text description.

Must be at least 1 characters long

Must be at most 4096 characters long

Type: array of object

Supporting media data for the description such as markdown, diagrams, .. (optional). Similar to RFC 2397 each media object has three main parts: media type, media data value, and an optional boolean flag to indicate if the media data is base64 encoded.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object
No Additional Properties

Type: string

RFC2046 compliant IANA Media type for eg., text/markdown, text/html.

Must be at least 1 characters long

Must be at most 256 characters long


Examples:

"text/markdown"
+
"text/html"
+
"image/png"
+
"image/svg"
+
"audio/mp3"
+

Type: boolean Default: false

If true then the value field contains the media data encoded in base64. If false then the value field contains the UTF-8 media content.

Type: string

Supporting media content, up to 16K. If base64 is true, this field stores base64 encoded data.

Must be at least 1 characters long

Must be at most 16384 characters long

At least one of the items must be:

Type: object

A description with lang set to an English language (en, enUS, enUK, and so on).

Type: string

BCP 47 language code, language-region, required to be English.

Must match regular expression: ^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$

Type: array

List of affected products.

Must contain a minimum of 1 items

Each item of this array must be:

Type: object

Provides information about the set of products and services affected by this vulnerability.


Type: object

The following properties are required:

  • product
  • vendor
Type: object

The following properties are required:

  • packageName
  • collectionURL

Type: object

The following properties are required:

  • versions
Type: object

The following properties are required:

  • defaultStatus

Type: string

Name of the organization, project, community, individual, or user that created or maintains this product or hosted service. Can be 'N/A' if none of those apply. When collectionURL and packageName are used, this field may optionally represent the user or account within the package collection associated with the package.

Must be at least 1 characters long

Must be at most 512 characters long

Type: string

Name of the affected product.

Must be at least 1 characters long

Must be at most 2048 characters long

Type: string

URL identifying a package collection (determines the meaning of packageName).

Must be at least 1 characters long

Must be at most 2048 characters long


Examples:

"https://access.redhat.com/downloads/content/package-browser"
+
"https://addons.mozilla.org"
+
"https://addons.thunderbird.net"
+
"https://anaconda.org/anaconda/repo"
+
"https://app.vagrantup.com/boxes/search"
+
"https://apps.apple.com"
+
"https://archlinux.org/packages"
+
"https://atmospherejs.meteor.com"
+
"https://atom.io/packages"
+
"https://bitbucket.org"
+
"https://bower.io"
+
"https://brew.sh/"
+
"https://chocolatey.org/packages"
+
"https://chrome.google.com/webstore"
+
"https://clojars.org"
+
"https://cocoapods.org"
+
"https://code.dlang.org"
+
"https://conan.io/center"
+
"https://cpan.org/modules"
+
"https://cran.r-project.org"
+
"https://crates.io"
+
"https://ctan.org/pkg"
+
"https://drupal.org"
+
"https://exchange.adobe.com"
+
"https://forge.puppet.com/modules"
+
"https://github.com"
+
"https://gitlab.com/explore"
+
"https://golang.org/pkg"
+
"https://guix.gnu.org/packages"
+
"https://hackage.haskell.org"
+
"https://helm.sh"
+
"https://hub.docker.com"
+
"https://juliahub.com"
+
"https://lib.haxe.org"
+
"https://luarocks.org"
+
"https://marketplace.visualstudio.com"
+
"https://melpa.org"
+
"https://microsoft.com/en-us/store/apps"
+
"https://nimble.directory"
+
"https://nuget.org/packages"
+
"https://opam.ocaml.org/packages"
+
"https://openwrt.org/packages/index"
+
"https://package.elm-lang.org"
+
"https://packagecontrol.io"
+
"https://packages.debian.org"
+
"https://packages.gentoo.org"
+
"https://packagist.org"
+
"https://pear.php.net/packages.php"
+
"https://pecl.php.net"
+
"https://platformio.org/lib"
+
"https://play.google.com/store"
+
"https://plugins.gradle.org"
+
"https://projects.eclipse.org"
+
"https://pub.dev"
+
"https://pypi.python.org"
+
"https://registry.npmjs.org"
+
"https://registry.terraform.io"
+
"https://repo.hex.pm"
+
"https://repo.maven.apache.org/maven2"
+
"https://rubygems.org"
+
"https://search.nixos.org/packages"
+
"https://sourceforge.net"
+
"https://wordpress.org/plugins"
+

Type: string

Name or identifier of the affected software package as used in the package collection.

Must be at least 1 characters long

Must be at most 2048 characters long

Type: array of string

Affected products defined by CPE. This is an array of CPE values (vulnerable and not), we use an array so that we can make multiple statements about the same version and they are separate (if we used a JSON object we'd essentially be keying on the CPE name and they would have to overlap). Also, this allows things like cveDataVersion or cveDescription to be applied directly to the product entry. This also allows more complex statements such as "Product X between versions 10.2 and 10.8" to be put in a machine-readable format. As well since multiple statements can be used multiple branches of the same product can be defined here.

All items must be unique

Each item of this array must be:

Type: string

Common Platform Enumeration (CPE) Name in either 2.2 or 2.3 format

Must match regular expression: ([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\-~%]*){0,6})|(cpe:2\.3:[aho*\-](:(((\?*|\*?)([a-zA-Z0-9\-._]|(\\[\\*?!"#$%&'()+,/:;<=>@\[\]\^`{|}~]))+(\?*|\*?))|[*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-._]|(\\[\\*?!"#$%&'()+,/:;<=>@\[\]\^`{|}~]))+(\?*|\*?))|[*\-])){4})

Must be at least 1 characters long

Must be at most 2048 characters long

Type: array of string

A list of the affected components, features, modules, sub-components, sub-products, APIs, commands, utilities, programs, or functionalities (optional).

All items must be unique

Each item of this array must be:

Type: string

Name of the affected component, feature, module, sub-component, sub-product, API, command, utility, program, or functionality (optional).

Must be at least 1 characters long

Must be at most 4096 characters long

Type: array of string

A list of the affected source code files (optional).

All items must be unique

Each item of this array must be:

Type: string

Name or path or location of the affected source code file.

Must be at least 1 characters long

Must be at most 1024 characters long

Type: array of object

A list of the affected source code functions, methods, subroutines, or procedures (optional).

All items must be unique

Each item of this array must be:

Type: object

An object describing program routine.

No Additional Properties

Type: string

Name of the affected source code file, function, method, subroutine, or procedure.

Must be at least 1 characters long

Must be at most 4096 characters long

Type: array of string

List of specific platforms if the vulnerability is only relevant in the context of these platforms (optional). Platforms may include execution environments, operating systems, virtualization technologies, hardware models, or computing architectures. The lack of this field or an empty array implies that the other fields are applicable to all relevant platforms.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: string

Must be at most 1024 characters long


Examples:

"iOS"
+
"Android"
+
"Windows"
+
"macOS"
+
"x86"
+
"ARM"
+
"64 bit"
+
"Big Endian"
+
"iPad"
+
"Chromebook"
+
"Docker"
+
"Model T"
+

Type: string

The URL of the source code repository, for informational purposes and/or to resolve git hash version ranges.

Same definition as collectionURL

Type: enum (of string)

The default status for versions that are not otherwise listed in the versions list. If not specified, defaultStatus defaults to 'unknown'. Versions or defaultStatus may be omitted, but not both.

Must be one of:

  • "affected"
  • "unaffected"
  • "unknown"

Type: array of object

Set of product versions or version ranges related to the vulnerability. The versions satisfy the CNA Rules 8.1.2 requirement. Versions or defaultStatus may be omitted, but not both.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:


A single version or a range of versions, with vulnerability status.

An entry with only 'version' and 'status' indicates the status of a single version.

Otherwise, an entry describes a range; it must include the 'versionType' property, to define the version numbering semantics in use, and 'limit', to indicate the non-inclusive upper limit of the range. The object describes the status for versions V such that 'version' <= V and V < 'limit', using the <= and < semantics defined for the specific kind of 'versionType'. Status changes within the range can be specified by an optional 'changes' list.

The algorithm to decide the status specified for a version V is:

for entry in product.versions {
+    if entry.lessThan is not present and entry.lessThanOrEqual is not present and v == entry.version {
+        return entry.status
+    }
+    if (entry.lessThan is present and entry.version <= v and v < entry.lessThan) or
+       (entry.lessThanOrEqual is present and entry.version <= v and v <= entry.lessThanOrEqual) { // <= and < defined by entry.versionType
+        status = entry.status
+        for change in entry.changes {
+            if change.at <= v {
+                status = change.status
+            }
+        }
+        return status
+    }
+}
+return product.defaultStatus
+

.

No Additional Properties

Type: object

The following properties are required:

  • version
  • status
Type: object

The following properties are required:

  • version
  • versionType
  • status
Type: object

The following properties are required:

  • lessThan
  • version
  • versionType
  • status
Type: object

The following properties are required:

  • lessThanOrEqual
  • version
  • versionType
  • status

Type: string

The single version being described, or the version at the start of the range. By convention, typically 0 denotes the earliest possible version.

Must be at least 1 characters long

Must be at most 1024 characters long

Type: enum (of string)

The vulnerability status for the version or range of versions. For a range, the status may be refined by the 'changes' list.

Same definition as defaultStatus

Type: string

The version numbering system used for specifying the range. This defines the exact semantics of the comparison (less-than) operation on versions, which is required to understand the range itself. 'Custom' indicates that the version type is unspecified and should be avoided whenever possible. It is included primarily for use in conversion of older data files.

Must be at least 1 characters long

Must be at most 128 characters long


Examples:

"custom"
+
"git"
+
"maven"
+
"python"
+
"rpm"
+
"semver"
+

Type: string

The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk (*), indicating an arbitrarily large number in the version ordering. For example, {version: 1.0 lessThan: 1.*} would describe the entire 1.X branch for most range kinds, and {version: 2.0, lessThan: *} describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.

Same definition as version

Type: string

The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, {version: 1.0, lessThanOrEqual: 1.3} covers all versions from 1.0 up to and including 1.3.

Same definition as version

Type: array of object

A list of status changes that take place during the range. The array should be sorted in increasing order by the 'at' field, according to the versionType, but clients must re-sort the list themselves rather than assume it is sorted.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object

The start of a single status change during the range.

No Additional Properties

Type: string

The version at which a status change occurs.

Same definition as version

Type: enum (of string)

The new status in the range starting at the given version.

Same definition as defaultStatus

Type: array of object

This is problem type information (e.g. CWE identifier). Must contain: At least one entry, can be text, OWASP, CWE, please note that while only one is required you can use more than one (or indeed all three) as long as they are correct). (CNA requirement: [PROBLEMTYPE]).

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object
No Additional Properties

Type: array of object

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object
No Additional Properties

Type: string Default: "en"

BCP 47 language code, language-region.

Same definition as lang

Type: string

Text description of problemType, or title from CWE or OWASP.

Must be at least 1 characters long

Must be at most 4096 characters long

Type: string

CWE ID of the CWE that best describes this problemType entry.

Must match regular expression: ^CWE-[1-9][0-9]*$

Must be at least 5 characters long

Must be at most 9 characters long

Type: string

Problemtype source, text, OWASP, CWE, etc.,

Must be at least 1 characters long

Must be at most 128 characters long

Type: array

This is reference data in the form of URLs or file objects (uuencoded and embedded within the JSON file, exact format to be decided, e.g. we may require a compressed format so the objects require unpacking before they are "dangerous").

Same definition as references

Type: array

This is reference data in the form of URLs or file objects (uuencoded and embedded within the JSON file, exact format to be decided, e.g. we may require a compressed format so the objects require unpacking before they are "dangerous").

Must contain a minimum of 1 items

Must contain a maximum of 512 items

All items must be unique

Each item of this array must be:

Type: object
No Additional Properties

Type: string

The uniform resource locator (URL), according to RFC 3986, that can be used to retrieve the referenced resource.

Same definition as collectionURL

Type: string

User created name for the reference, often the title of the page.

Must be at least 1 characters long

Must be at most 512 characters long

Type: array

An array of one or more tags that describe the resource referenced by 'url'.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:


Type: enum (of string)

broken-link: The reference link is returning a 404 error, or the site is no longer online.

customer-entitlement: Similar to Privileges Required, but specific to references that require non-public/paid access for customers of the particular vendor.

exploit: Reference contains an in-depth/detailed description of steps to exploit a vulnerability OR the reference contains any legitimate Proof of Concept (PoC) code or exploit kit.

government-resource: All reference links that are from a government agency or organization should be given the Government Resource tag.

issue-tracking: The reference is a post from a bug tracking tool such as MantisBT, Bugzilla, JIRA, Github Issues, etc...

mailing-list: The reference is from a mailing list -- often specific to a product or vendor.

mitigation: The reference contains information on steps to mitigate against the vulnerability in the event a patch can't be applied or is unavailable or for EOL product situations.

not-applicable: The reference link is not applicable to the vulnerability and was likely associated by MITRE accidentally (should be used sparingly).

patch: The reference contains an update to the software that fixes the vulnerability.

permissions-required: The reference link provided is blocked by a logon page. If credentials are required to see any information this tag must be applied.

media-coverage: The reference is from a media outlet such as a newspaper, magazine, social media, or weblog. This tag is not intended to apply to any individual's personal social media account. It is strictly intended for public media entities.

product: A reference appropriate for describing a product for the purpose of CPE or SWID.

related: A reference that is for a related (but not the same) vulnerability.

release-notes: The reference is in the format of a vendor or open source project's release notes or change log.

signature: The reference contains a method to detect or prevent the presence or exploitation of the vulnerability.

technical-description: The reference contains in-depth technical information about a vulnerability and its exploitation process, typically in the form of a presentation or whitepaper.

third-party-advisory: Advisory is from an organization that is not the vulnerable product's vendor/publisher/maintainer.

vendor-advisory: Advisory is from the vendor/publisher/maintainer of the product or the parent organization.

vdb-entry: VDBs are loosely defined as sites that provide information about this vulnerability, such as advisories, with identifiers. Included VDBs are free to access, substantially public, and have broad scope and coverage (not limited to a single vendor or research organization). See: https://www.first.org/global/sigs/vrdx/vdb-catalog

Must be one of:

  • "broken-link"
  • "customer-entitlement"
  • "exploit"
  • "government-resource"
  • "issue-tracking"
  • "mailing-list"
  • "mitigation"
  • "not-applicable"
  • "patch"
  • "permissions-required"
  • "media-coverage"
  • "product"
  • "related"
  • "release-notes"
  • "signature"
  • "technical-description"
  • "third-party-advisory"
  • "vendor-advisory"
  • "vdb-entry"

Type: array of object

Collection of impacts of this vulnerability.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object

This is impact type information (e.g. a text description.

No Additional Properties

Type: string

CAPEC ID that best relates to this impact.

Must match regular expression: ^CAPEC-[1-9][0-9]{0,4}$

Must be at least 7 characters long

Must be at most 11 characters long

Type: array

Prose description of the impact scenario. At a minimum provide the description given by CAPEC.

Same definition as descriptions

Type: array of object

Collection of impact scores with attribution.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:


This is impact type information (e.g. a text description, CVSSv2, CVSSv3, CVSSV4, etc.). Must contain: At least one entry, can be text, CVSSv2, CVSSv3, others may be added.

No Additional Properties

Type: object

The following properties are required:

  • cvssV4_0
Type: object

The following properties are required:

  • cvssV3_1
Type: object

The following properties are required:

  • cvssV3_0
Type: object

The following properties are required:

  • cvssV2_0
Type: object

The following properties are required:

  • other

Type: string

Name of the scoring format. This provides a bit of future proofing. Additional properties are not prohibited, so this will support the inclusion of proprietary formats. It also provides an easy future conversion mechanism when future score formats become part of the schema. example: cvssV44, format = 'cvssV44', other = cvssV4_4 JSON object. In the future, the other properties can be converted to score properties when they become part of the schema.

Must be at least 1 characters long

Must be at most 64 characters long

Type: array of object

Description of the scenarios this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object
No Additional Properties

Type: string Default: "en"

BCP 47 language code, language-region.

Same definition as lang

Type: string Default: "GENERAL"

Description of the scenario this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.

Must be at least 1 characters long

Must be at most 4096 characters long

Type: object
No Additional Properties


Type: object

Type: number

Value must be greater or equal to 0.0 and lesser or equal to 0.0

Type: const
Specific value: "NONE"
Type: object

Type: number

Value must be greater or equal to 0.1 and lesser or equal to 3.9 and a multiple of 0.1

Type: const
Specific value: "LOW"
Type: object

Type: number

Value must be greater or equal to 4.0 and lesser or equal to 6.9 and a multiple of 0.1

Type: const
Specific value: "MEDIUM"
Type: object

Type: number

Value must be greater or equal to 7.0 and lesser or equal to 8.9 and a multiple of 0.1

Type: const
Specific value: "HIGH"
Type: object

Type: number

Value must be greater or equal to 9.0 and lesser or equal to 10 and a multiple of 0.1

Type: const
Specific value: "CRITICAL"


Type: enum (of string)

CVSS Version

Must be one of:

  • "4.0"

Type: string
Must match regular expression: ^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$

Type: number

Value must be greater or equal to 0.0 and lesser or equal to 10.0 and a multiple of 0.1

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "MEDIUM"
  • "HIGH"
  • "CRITICAL"

Type: enum (of string)

Must be one of:

  • "NETWORK"
  • "ADJACENT"
  • "LOCAL"
  • "PHYSICAL"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "LOW"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "PRESENT"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "LOW"
  • "NONE"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "PASSIVE"
  • "ACTIVE"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "HIGH"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "HIGH"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "UNREPORTED"
  • "PROOF_OF_CONCEPT"
  • "ATTACKED"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "LOW"
  • "MEDIUM"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"
Same definition as confidentialityRequirement

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "NETWORK"
  • "ADJACENT"
  • "LOCAL"
  • "PHYSICAL"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "HIGH"
  • "LOW"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "NONE"
  • "PRESENT"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "HIGH"
  • "LOW"
  • "NONE"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "NONE"
  • "PASSIVE"
  • "ACTIVE"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "NONE"
  • "LOW"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "NONE"
  • "LOW"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "NONE"
  • "LOW"
  • "HIGH"
  • "SAFETY"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "NEGLIGIBLE"
  • "PRESENT"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "NO"
  • "YES"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "AUTOMATIC"
  • "USER"
  • "IRRECOVERABLE"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "DIFFUSE"
  • "CONCENTRATED"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "LOW"
  • "MODERATE"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string) Default: "NOT_DEFINED"

Must be one of:

  • "CLEAR"
  • "GREEN"
  • "AMBER"
  • "RED"
  • "NOT_DEFINED"

Type: object
No Additional Properties

Type: enum (of string)

CVSS Version

Must be one of:

  • "3.1"

Type: string
Must match regular expression: ^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$

Type: enum (of string)

Must be one of:

  • "NETWORK"
  • "ADJACENT_NETWORK"
  • "LOCAL"
  • "PHYSICAL"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "LOW"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "LOW"
  • "NONE"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "REQUIRED"

Type: enum (of string)

Must be one of:

  • "UNCHANGED"
  • "CHANGED"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "HIGH"

Type: number

Value must be greater or equal to 0 and lesser or equal to 10

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "MEDIUM"
  • "HIGH"
  • "CRITICAL"

Type: enum (of string)

Must be one of:

  • "UNPROVEN"
  • "PROOF_OF_CONCEPT"
  • "FUNCTIONAL"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "OFFICIAL_FIX"
  • "TEMPORARY_FIX"
  • "WORKAROUND"
  • "UNAVAILABLE"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "UNKNOWN"
  • "REASONABLE"
  • "CONFIRMED"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "LOW"
  • "MEDIUM"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "NETWORK"
  • "ADJACENT_NETWORK"
  • "LOCAL"
  • "PHYSICAL"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "LOW"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "LOW"
  • "NONE"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "REQUIRED"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "UNCHANGED"
  • "CHANGED"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "HIGH"
  • "NOT_DEFINED"

Type: object
No Additional Properties

Type: enum (of string)

CVSS Version

Must be one of:

  • "3.0"

Type: string
Must match regular expression: ^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$

Type: enum (of string)

Must be one of:

  • "NETWORK"
  • "ADJACENT_NETWORK"
  • "LOCAL"
  • "PHYSICAL"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "LOW"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "LOW"
  • "NONE"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "REQUIRED"

Type: enum (of string)

Must be one of:

  • "UNCHANGED"
  • "CHANGED"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "HIGH"

Type: number

Value must be greater or equal to 0 and lesser or equal to 10

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "MEDIUM"
  • "HIGH"
  • "CRITICAL"

Type: enum (of string)

Must be one of:

  • "UNPROVEN"
  • "PROOF_OF_CONCEPT"
  • "FUNCTIONAL"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "OFFICIAL_FIX"
  • "TEMPORARY_FIX"
  • "WORKAROUND"
  • "UNAVAILABLE"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "UNKNOWN"
  • "REASONABLE"
  • "CONFIRMED"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "LOW"
  • "MEDIUM"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "NETWORK"
  • "ADJACENT_NETWORK"
  • "LOCAL"
  • "PHYSICAL"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "LOW"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "LOW"
  • "NONE"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "REQUIRED"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "UNCHANGED"
  • "CHANGED"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "HIGH"
  • "NOT_DEFINED"

Type: object
No Additional Properties

Type: enum (of string)

CVSS Version

Must be one of:

  • "2.0"

Type: string
Must match regular expression: ^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$

Type: enum (of string)

Must be one of:

  • "NETWORK"
  • "ADJACENT_NETWORK"
  • "LOCAL"

Type: enum (of string)

Must be one of:

  • "HIGH"
  • "MEDIUM"
  • "LOW"

Type: enum (of string)

Must be one of:

  • "MULTIPLE"
  • "SINGLE"
  • "NONE"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "PARTIAL"
  • "COMPLETE"

Type: number

Value must be greater or equal to 0 and lesser or equal to 10

Type: enum (of string)

Must be one of:

  • "UNPROVEN"
  • "PROOF_OF_CONCEPT"
  • "FUNCTIONAL"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "OFFICIAL_FIX"
  • "TEMPORARY_FIX"
  • "WORKAROUND"
  • "UNAVAILABLE"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "UNCONFIRMED"
  • "UNCORROBORATED"
  • "CONFIRMED"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "LOW_MEDIUM"
  • "MEDIUM_HIGH"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "NONE"
  • "LOW"
  • "MEDIUM"
  • "HIGH"
  • "NOT_DEFINED"

Type: enum (of string)

Must be one of:

  • "LOW"
  • "MEDIUM"
  • "HIGH"
  • "NOT_DEFINED"

Type: object

A non-standard impact description, may be prose or JSON block.

No Additional Properties

Type: string

Name of the non-standard impact metrics format used.

Must be at least 1 characters long

Must be at most 128 characters long

Type: object

JSON object not covered by another metrics format.

Type: array

Configurations required for exploiting this vulnerability.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object

Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.

Same definition as description

Type: array

Workarounds and mitigations for this vulnerability.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object

Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.

Same definition as description

Type: array

Information about solutions or remediations available for this vulnerability.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object

Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.

Same definition as description

Type: array

Information about exploits of the vulnerability.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object

Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.

Same definition as description

Type: array of object

This is timeline information for significant events about this vulnerability or changes to the CVE Record.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object
No Additional Properties

Type: string

Timestamp representing when the event in the timeline occurred. The timestamp format is based on RFC3339 and ISO ISO8601, with an optional timezone. yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM - if the timezone offset is not given, GMT (+00:00) is assumed.

Same definition as dateUpdated

Type: string Default: "en"

The language used in the description of the event. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.

Same definition as lang

Type: string

A summary of the event.

Must be at least 1 characters long

Must be at most 4096 characters long

Type: array of object

Statements acknowledging specific people, organizations, or tools recognizing the work done in researching, discovering, remediating or helping with activities related to this CVE.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object
No Additional Properties

Type: string Default: "en"

The language used when describing the credits. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.

Same definition as lang

Type: string

Must be at least 1 characters long

Must be at most 4096 characters long

Type: string

UUID of the user being credited if present in the CVE User Registry (optional). This UUID can be used to lookup the user record in the user registry service.

Same definition as assignerOrgId

Type: enum (of string) Default: "finder"

Type or role of the entity being credited (optional). finder: identifies the vulnerability.
reporter: notifies the vendor of the vulnerability to a CNA.
analyst: validates the vulnerability to ensure accuracy or severity.
coordinator: facilitates the coordinated response process.
remediation developer: prepares a code change or other remediation plans.
remediation reviewer: reviews vulnerability remediation plans or code changes for effectiveness and completeness.
remediation verifier: tests and verifies the vulnerability or its remediation.
tool: names of tools used in vulnerability discovery or identification.
sponsor: supports the vulnerability identification or remediation activities.

Must be one of:

  • "finder"
  • "reporter"
  • "analyst"
  • "coordinator"
  • "remediation developer"
  • "remediation reviewer"
  • "remediation verifier"
  • "tool"
  • "sponsor"
  • "other"

Type: object

This is the source information (who discovered it, who researched it, etc.) and optionally a chain of CNA information (e.g. the originating CNA and subsequent parent CNAs who have processed it before it arrives at the MITRE root).
Must contain: IF this is in the root level it MUST contain a CNA_chain entry, IF this source entry is NOT in the root (e.g. it is part of a vendor statement) then it must contain at least one type of data entry.

Type: array

Tags provided by a CNA describing the CVE Record.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:


Type: string
Must match regular expression: ^x_.*$

Must be at least 2 characters long

Must be at most 128 characters long

Type: enum (of string)

exclusively-hosted-service: All known software and/or hardware affected by this CVE Record is known to exist only in the affected hosted service. If the vulnerability affects both hosted and on-prem software and/or hardware, then the tag should not be used.

unsupported-when-assigned: Used by the assigning CNA to indicate that when a request for a CVE assignment was received, the product was already end-of-life (EOL) or a product or specific version was deemed not to be supported by the vendor. This tag should only be applied to a CVE Record when all affected products or version lines referenced in the CVE-Record are EOL.

disputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.

Must be one of:

  • "unsupported-when-assigned"
  • "exclusively-hosted-service"
  • "disputed"

Type: array of object

List of taxonomy items related to the vulnerability.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object

A taxonomy mapping object identifies the taxonomy by a name and version (eg., ATT&CK v13.1, CVSS 3.1, CWE 4.12) along with a list of relations relevant to this CVE.

No Additional Properties

Type: string

The name of the taxonomy, eg., ATT&CK, D3FEND, CWE, CVSS

Must be at least 1 characters long

Must be at most 128 characters long

Type: string

The version of taxonomy the identifiers come from.

Must be at least 1 characters long

Must be at most 128 characters long

Type: array of object

List of relationships to the taxonomy for the vulnerability.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object

A relationship between the taxonomy and the CVE or two taxonomy items.

No Additional Properties

Type: string

Identifier of the item in the taxonomy. Used as the subject of the relationship.

Must be at least 1 characters long

Must be at most 2048 characters long

Type: string

A description of the relationship.

Must be at least 1 characters long

Must be at most 128 characters long

Type: string

The target of the relationship. Can be the CVE ID or another taxonomy identifier.

Must be at least 1 characters long

Must be at most 2048 characters long

All property whose name matches the following regular expression must respect the following conditions

Property name regular expression: ^x_[^.]*$
Type: object

Type: array

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

Type: object

An object containing the vulnerability information provided by an Authorized Data Publisher (ADP). Since multiple ADPs can provide information for a CVE ID, an ADP container must indicate which ADP is the source of the information in the object.

No Additional Properties

Type: object

Details related to the information container provider (CNA or ADP).

Same definition as providerMetadata

Type: string

If known, the date/time the vulnerability was disclosed publicly.

Same definition as dateUpdated

Type: string

A title, headline, or a brief phrase summarizing the information in an ADP container.

Must be at least 1 characters long

Must be at most 256 characters long

Type: array

A list of multi-lingual descriptions of the vulnerability. E.g., [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]. OR [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] [ROOT CAUSE], which allows [ATTACKER] to [IMPACT] via [VECTOR].

Same definition as descriptions

Type: array

List of affected products.

Same definition as affected

Type: array of object

This is problem type information (e.g. CWE identifier). Must contain: At least one entry, can be text, OWASP, CWE, please note that while only one is required you can use more than one (or indeed all three) as long as they are correct). (CNA requirement: [PROBLEMTYPE]).

Same definition as problemTypes

Type: array

This is reference data in the form of URLs or file objects (uuencoded and embedded within the JSON file, exact format to be decided, e.g. we may require a compressed format so the objects require unpacking before they are "dangerous").

Same definition as references

Type: array of object

Collection of impacts of this vulnerability.

Same definition as impacts

Type: array of object

Collection of impact scores with attribution.

Same definition as metrics

Type: array

Configurations required for exploiting this vulnerability.

Same definition as configurations

Type: array

Workarounds and mitigations for this vulnerability.

Same definition as workarounds

Type: array

Information about solutions or remediations available for this vulnerability.

Same definition as solutions

Type: array

Information about exploits of the vulnerability.

Same definition as exploits

Type: array of object

This is timeline information for significant events about this vulnerability or changes to the CVE Record.

Same definition as timeline

Type: array of object

Statements acknowledging specific people, organizations, or tools recognizing the work done in researching, discovering, remediating or helping with activities related to this CVE.

Same definition as credits

Type: object

This is the source information (who discovered it, who researched it, etc.) and optionally a chain of CNA information (e.g. the originating CNA and subsequent parent CNAs who have processed it before it arrives at the MITRE root).
Must contain: IF this is in the root level it MUST contain a CNA_chain entry, IF this source entry is NOT in the root (e.g. it is part of a vendor statement) then it must contain at least one type of data entry.

Same definition as source

Type: array

Tags provided by an ADP describing the CVE Record.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:


Type: enum (of string)

disputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.

Must be one of:

  • "disputed"

Type: array of object

List of taxonomy items related to the vulnerability.

Same definition as taxonomyMappings

All property whose name matches the following regular expression must respect the following conditions

Property name regular expression: ^x_[^.]*$
Type: object
Type: object

If the CVE ID and associated CVE Record should no longer be used, the CVE Record is placed in the Rejected state. A Rejected CVE Record remains on the CVE List so that users can know when it is invalid.

No Additional Properties

Type: enum (of string)

Indicates the type of information represented in the JSON instance.

Same definition as dataType

Type: string Default: "5.1.0"

The version of the CVE schema used for validating this record. Used to support multiple versions of this format.

Same definition as dataVersion

Type: object

This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.

No Additional Properties

Type: string

The CVE identifier that this record pertains to.

Same definition as cveId

Type: string

The UUID for the organization to which the CVE ID was originally assigned.

Same definition as assignerOrgId

Type: string

The short name for the organization to which the CVE ID was originally assigned.

Same definition as assignerShortName

Type: integer

The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition.

Value must be greater or equal to 1

Type: string

The date/time the record was last updated.

Same definition as dateUpdated

Type: string

The date/time the CVE Record was first published in the CVE List.

Same definition as dateUpdated

Type: string

The date/time the CVE ID was rejected.

Same definition as dateUpdated

Type: enum (of string)

State of CVE - PUBLISHED, REJECTED.

Must be one of:

  • "REJECTED"

Type: string

The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Same definition as dateUpdated

Type: object

A set of structures (called containers) used to store vulnerability information related to a specific CVE ID provided by a specific organization participating in the CVE program. Each container includes information provided by a different source.

At minimum, a 'cna' container containing the vulnerability information provided by the CNA who initially assigned the CVE ID must be included.

There can only be one 'cna' container, as there can only be one assigning CNA.

No Additional Properties

Type: object

An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a rejected CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA.

No Additional Properties

Type: object

Details related to the information container provider (CNA or ADP).

Same definition as providerMetadata

Type: array

Reasons for rejecting this CVE Record.

Same definition as descriptions

Type: array

Contains an array of CVE IDs that this CVE ID was rejected in favor of because this CVE ID was assigned to the vulnerabilities.

Must contain a minimum of 1 items

All items must be unique

Each item of this array must be:

All property whose name matches the following regular expression must respect the following conditions

Property name regular expression: ^x_[^.]*$
Type: object
\ No newline at end of file diff --git a/schema/docs/mindmap.html b/schema/docs/mindmap.html new file mode 100644 index 00000000000..52d4df15174 --- /dev/null +++ b/schema/docs/mindmap.html @@ -0,0 +1,31 @@ + + + + + + +CVE JSON v5 Mindmap + + + + + + + + + diff --git a/schema/docs/schema_doc.css b/schema/docs/schema_doc.css new file mode 100644 index 00000000000..3f5da9eb118 --- /dev/null +++ b/schema/docs/schema_doc.css @@ -0,0 +1,230 @@ +body { + font: 16px/1.5em "Overpass", "Open Sans", Helvetica, sans-serif; + color: #333; + font-weight: 300; + padding: 40px; +} + +.btn.btn-link { + font-size: 18px; +} + +.jsfh-animated-property { + animation: eclair; + animation-iteration-count: 1; + animation-fill-mode: forwards; + animation-duration: .75s; + +} + +@keyframes eclair { + 0%,100% { + transform: scale(1); + } + 50% { + transform: scale(1.03); + } +} + +.btn.btn-primary { + margin: 10px; +} + +.btn.example-show.collapsed:before { + content: "show" +} + +.btn.example-show:before { + content: "hide" +} + +.description.collapse:not(.show) { + max-height: 100px !important; + overflow: hidden; + + display: -webkit-box; + -webkit-line-clamp: 2; + -webkit-box-orient: vertical; +} + +.description.collapsing { + min-height: 100px !important; +} + +.collapse-description-link.collapsed:after { + content: '+ Read More'; +} + +.collapse-description-link:not(.collapsed):after { + content: '- Read Less'; +} + +.badge { + font-size: 100%; + margin-bottom: 0.5rem; + margin-top: 0.5rem; +} + +.badge.value-type { + font-size: 120%; + margin-right: 5px; + margin-bottom: 10px; +} + + +.badge.default-value { + font-size: 120%; + margin-left: 5px; + margin-bottom: 10px; +} + +.badge.restriction { + display: inline-block; +} + +.badge.required-property,.badge.deprecated-property,.badge.pattern-property,.badge.no-additional { + font-size: 100%; + margin-left: 10px; +} + +.accordion div.card:only-child { + border-bottom: 1px solid rgba(0, 0, 0, 0.125); +} + +.examples { + padding: 1rem !important; +} + +.examples pre { + margin-bottom: 0; +} + +.highlight.jumbotron { + padding: 1rem !important; +} + +.generated-by-footer { + margin-top: 1em; + text-align: right; +} + +/* From https://github.com/richleland/pygments-css/blob/master/friendly.css, see https://github.com/trentm/python-markdown2/wiki/fenced-code-blocks */ +.highlight { background: #e9ecef; } /* Changed from #f0f0f0 in the original style to be the same as bootstrap's jumbotron */ +.highlight .hll { background-color: #ffffcc } +.highlight .c { color: #60a0b0; font-style: italic } /* Comment */ +.highlight .err { border: 1px solid #FF0000 } /* Error */ +.highlight .k { color: #007020; font-weight: bold } /* Keyword */ +.highlight .o { color: #666666 } /* Operator */ +.highlight .ch { color: #60a0b0; font-style: italic } /* Comment.Hashbang */ +.highlight .cm { color: #60a0b0; font-style: italic } /* Comment.Multiline */ +.highlight .cp { color: #007020 } /* Comment.Preproc */ +.highlight .cpf { color: #60a0b0; font-style: italic } /* Comment.PreprocFile */ +.highlight .c1 { color: #60a0b0; font-style: italic } /* Comment.Single */ +.highlight .cs { color: #60a0b0; background-color: #fff0f0 } /* Comment.Special */ +.highlight .gd { color: #A00000 } /* Generic.Deleted */ +.highlight .ge { font-style: italic } /* Generic.Emph */ +.highlight .gr { color: #FF0000 } /* Generic.Error */ +.highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */ +.highlight .gi { color: #00A000 } /* Generic.Inserted */ +.highlight .go { color: #888888 } /* Generic.Output */ +.highlight .gp { color: #c65d09; font-weight: bold } /* Generic.Prompt */ +.highlight .gs { font-weight: bold } /* Generic.Strong */ +.highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */ +.highlight .gt { color: #0044DD } /* Generic.Traceback */ +.highlight .kc { color: #007020; font-weight: bold } /* Keyword.Constant */ +.highlight .kd { color: #007020; font-weight: bold } /* Keyword.Declaration */ +.highlight .kn { color: #007020; font-weight: bold } /* Keyword.Namespace */ +.highlight .kp { color: #007020 } /* Keyword.Pseudo */ +.highlight .kr { color: #007020; font-weight: bold } /* Keyword.Reserved */ +.highlight .kt { color: #902000 } /* Keyword.Type */ +.highlight .m { color: #40a070 } /* Literal.Number */ +.highlight .s { color: #4070a0 } /* Literal.String */ +.highlight .na { color: #4070a0 } /* Name.Attribute */ +.highlight .nb { color: #007020 } /* Name.Builtin */ +.highlight .nc { color: #0e84b5; font-weight: bold } /* Name.Class */ +.highlight .no { color: #60add5 } /* Name.Constant */ +.highlight .nd { color: #555555; font-weight: bold } /* Name.Decorator */ +.highlight .ni { color: #d55537; font-weight: bold } /* Name.Entity */ +.highlight .ne { color: #007020 } /* Name.Exception */ +.highlight .nf { color: #06287e } /* Name.Function */ +.highlight .nl { color: #002070; font-weight: bold } /* Name.Label */ +.highlight .nn { color: #0e84b5; font-weight: bold } /* Name.Namespace */ +.highlight .nt { color: #062873; font-weight: bold } /* Name.Tag */ +.highlight .nv { color: #bb60d5 } /* Name.Variable */ +.highlight .ow { color: #007020; font-weight: bold } /* Operator.Word */ +.highlight .w { color: #bbbbbb } /* Text.Whitespace */ +.highlight .mb { color: #40a070 } /* Literal.Number.Bin */ +.highlight .mf { color: #40a070 } /* Literal.Number.Float */ +.highlight .mh { color: #40a070 } /* Literal.Number.Hex */ +.highlight .mi { color: #40a070 } /* Literal.Number.Integer */ +.highlight .mo { color: #40a070 } /* Literal.Number.Oct */ +.highlight .sa { color: #4070a0 } /* Literal.String.Affix */ +.highlight .sb { color: #4070a0 } /* Literal.String.Backtick */ +.highlight .sc { color: #4070a0 } /* Literal.String.Char */ +.highlight .dl { color: #4070a0 } /* Literal.String.Delimiter */ +.highlight .sd { color: #4070a0; font-style: italic } /* Literal.String.Doc */ +.highlight .s2 { color: #4070a0 } /* Literal.String.Double */ +.highlight .se { color: #4070a0; font-weight: bold } /* Literal.String.Escape */ +.highlight .sh { color: #4070a0 } /* Literal.String.Heredoc */ +.highlight .si { color: #70a0d0; font-style: italic } /* Literal.String.Interpol */ +.highlight .sx { color: #c65d09 } /* Literal.String.Other */ +.highlight .sr { color: #235388 } /* Literal.String.Regex */ +.highlight .s1 { color: #4070a0 } /* Literal.String.Single */ +.highlight .ss { color: #517918 } /* Literal.String.Symbol */ +.highlight .bp { color: #007020 } /* Name.Builtin.Pseudo */ +.highlight .fm { color: #06287e } /* Name.Function.Magic */ +.highlight .vc { color: #bb60d5 } /* Name.Variable.Class */ +.highlight .vg { color: #bb60d5 } /* Name.Variable.Global */ +.highlight .vi { color: #bb60d5 } /* Name.Variable.Instance */ +.highlight .vm { color: #bb60d5 } /* Name.Variable.Magic */ +.highlight .il { color: #40a070 } /* Literal.Number.Integer.Long */ +.examples, .highlight.jumbotron, .card-header { + padding: 0rem !important; +} +.jumbotron { + margin-bottom: 0px !important; +} + +.badge { + font-size: 80% !important; + margin-bottom: 0px !important; +} +h2, h4, .h2, .h4 { + font-size: 100% !important; +} +.btn.btn-link { + font-size: 16px; +} +.property-name-button { + padding: 0px 5px; +} +.btn.btn-primary { + margin: 5px; +} + +p { + margin-bottom: 0px; +} + +.list-group-item { + padding: 3px 8px; +} + +.pl-5, .card-body { + padding-left: 0.5em !important; +} + +#root h1:before { + background: url("https://cve.mitre.org/images/cvelogobanner.png") no-repeat; + background-size: contain; + background-position-y: center; + width: 120px; + height: 30px; + display: inline-block; + content: ""; +} + +span.description ~ p { + display: inline-block; + margin-right: 3px; +} diff --git a/schema/docs/schema_doc.min.js b/schema/docs/schema_doc.min.js new file mode 100644 index 00000000000..0d9c7882d8f --- /dev/null +++ b/schema/docs/schema_doc.min.js @@ -0,0 +1 @@ +function flashElement(t){myElement=document.getElementById(t),myElement.classList.add("jsfh-animated-property"),setTimeout(function(){myElement.classList.remove("jsfh-animated-property")},1e3)}function setAnchor(t){history.pushState({},"",t)}function anchorOnLoad(){let t=window.location.hash.split("?")[0].split("&")[0];"#"===t[0]&&(t=t.substr(1)),t.length>0&&anchorLink(t)}function anchorLink(t){$("#"+t).parents().addBack().filter(".collapse:not(.show), .tab-pane, [role='tab']").each(function(t){if($(this).hasClass("collapse"))$(this).collapse("show");else if($(this).hasClass("tab-pane")){const t=$("a[href='#"+$(this).attr("id")+"']");t&&t.tab("show")}else"tab"===$(this).attr("role")&&$(this).tab("show")}),setTimeout(function(){let e=document.getElementById(t);e&&(e.scrollIntoView({block:"center",behavior:"smooth"}),setTimeout(function(){flashElement(t)},500))},1e3)}$(document).on("click",'a[href^="#"]',function(t){t.preventDefault(),history.pushState({},"",this.href)}); \ No newline at end of file diff --git a/schema/docs/versions.md b/schema/docs/versions.md new file mode 100644 index 00000000000..e87a6a26a17 --- /dev/null +++ b/schema/docs/versions.md @@ -0,0 +1,536 @@ +# CVE 5.0 Product and Version Encodings + +CVE 5.0 introduces a simpler schema for defining a product +and a clearer schema for encoding the vulnerable versions of a product. +This document explains how to use these new schemas. + +## Product Objects + +In earlier versions of CVE, the `affected` object contained a `vendors` array, +and each `vendor` object contained a `products` array. +This forced specifying a vendor name even for products without vendors, +such as open source software. + +To make it clearer how to identify open-source software, the CVE 5.0 `affected` object +contains the `products` array directly. Each product object can provide these properties: + + - `vendor`: the name of the organization, project, community, individual, or user + that created or maintains the product or hosted service. + When `collectionURL` and `packageName` are used, + this field may specify the user or account associated with the package + within the package collection. + Formerly `vendorName` in the `vendor` object. + + - `product`: the name of the product itself. + Formerly `productName`. + + - `collectionURL`: a URL identifying a software package collection. + For example: `https://registry.npmjs.org` or `https://rubygems.org`. + + - `packageName`: the name of the package within the collection. + For example: `left-pad`. + + - `cpes`: a list of affected products encoded in + Common Platform Enumeration (CPE) 2.2 or 2.3 format. + Formerly `affectsCpes` in the `affected` object. + + - `modules`: a list of the the affected components, features, modules, sub-components, + sub-products, APIs, commands, utilities, programs, or functionalities`. + + - `programFiles`: a list of the affected source code files. + + - `programRoutines`: a list of the affected source code functions, + methods, subroutines, or procedures. + Each entry in the list is an object, and the `name` property is required. + Other properties may be added as appropriate depending on the context. + + - `platforms`: a list of the affected platforms. When omitted, all platforms are assumed affected + by this product description. + Platforms may include execution environments, operating systems, virtualization technolgies, + hardware models, or computing architectures. + For example: `Android`, `iOS`, `macOS`, `Windows`, `x86`, `ARM`, `iPad`, `Chromebook`, `Docker`. + Formerly in the `version` object. + + - `versions` and `defaultStatus`: a description of which versions are affected. + (See next section for details.) + +Most of these properties are optional. +The only requirements are identifying information and version information. +Identifying information may be provided by +_either_ `vendor` and `product` (for commercial offerings) +_or_ `collectionURL` and `packageName` (for open-source packages). +It is fine to list both pairs, such as in the case of a +commercial offering of packaged open-source products. +Version information is provided by `versions` and/or `defaultStatus`, detailed in the next section. + +For example, a minimal entry for a commercial product: + + "affected": [ + { + "vendor": "Widgets LLC", + "product": "Flux Capacitor", + "versions": [ ... ] + } + ] + +And for an open-source package: + + "affected": [ + { + "collectionURL": "https://registry.npmjs.org", + "packageName": "left-pad", + "versions": [ ... ] + } + ] + +A product's affected versions may differ by platform. +In this case, multiple product objects would be listed in `affected` to +encode the different version information, with `platforms` restricting +each object to the relevant platform. +For example: + + "affected": [ + { + "vendor": "Widgets LLC", + "product": "Flux Capacitor", + "platforms": ["macOS"], + "versions": [ ... macOS versions ... ] + }, + { + "vendor": "Widgets LLC", + "product": "Flux Capacitor", + "platforms": ["Linux", "Windows"], + "versions": [ ... Linux and Windows versions ... ] + } + ] + +## Version Status Decisions + +The version encoding in CVE 5.0 comes with a clear algorithm for deciding +the status of a given product version—affected, unaffected, or unknown—while +still being easy for analysts and users to read and reason about. + +In the product object, the `versions` and `defaultStatus` fields together +define an algorithmic mapping from any product version to its vulnerability status, +which is one of these strings: + + - `affected`: The version is affected by the vulnerability. + - `unaffected`: The version is unaffected by the vulnerability. + - `unknown`: It is unknown or unspecified whether the version is affected by the vulnerability. + There can be many reasons for this status, including that an investigation + has not been undertaken or that a vendor has not disclosed the status. + +The `versions` field contains a list of version objects, each of which matches +a single version or a range of versions and specifies the status for the matched versions. +The versions matched by different objects should be disjoint; +that is, any specific version should be matched by at most one version object. + +Versions not matched by any version object take the status listed in `defaultStatus`. +When `defaultStatus` is itself omitted, it defaults to `unknown`. + +Omitting for the moment the details of how a particular entry +encodes the status for the versions it matches, +the algorithm for deciding the status of any particular version V is: + + for entry in product.versions { + if entry matches V { + return status specified by entry for V + } + } + return product.defaultStatus + +For example, this is an encoding in which versions 2.0.0 through 2.5.1 are affected, +2.5.2 and later 2.x.x are unaffected, and all other versions have unknown vulnerability status: + + "versions": [ + { ... 2.0.0 through 2.5.1 affected ... }, + { ... 2.5.2 through 2.x.x unaffected ... } + ] + +For contrast, this is an encoding in which version 2.0.0 through 2.5.1 are affected, +and all other versions, both before 2.0.0 and after 2.5.1, are considered unaffected: + + "versions": [ + { ... 2.0.0 through 2.5.1 affected ... } + ], + "defaultStatus": "unaffected" + +It is also possible to say that 2.5.2 and later are unaffected and everything else affected: + + "versions": [ + { ... 2.5.2 and later unaffected ... } + ], + "defaultStatus": "affected" + +The specific choice of default depends mainly on how much the author of the CVE +understands about the affected version set. For example, a vulnerability researcher +who has tested a few specific versions and is making no claims about others might write: + + "versions": [ + { ... 2.4 affected ... }, + { ... 2.5 affected ... }, + { ... 2.6 unaffected ... } + ] + +In this case, `defaultStatus` defaults to `unknown`, which is correct for this report. + +On the other hand, a vendor that knows there are exactly two affected versions +might write: + + "versions": [ + { ... 2.4 affected ... }, + { ... 2.5 affected ... } + ], + "defaultStatus": "unaffected" + +The CVE schema itself does not encourage or discourage any particular choice +of `defaultStatus`. +CVE encodings can use the `defaultStatus` that makes their status description clearest. + +## Versions and Version Ranges + +As mentioned above, each version object matches a single version +or a range of versions and specifies the status for the matched versions. + +A version object specifies the status for a single version by setting only +the `version` and `status` fields. For example: + + { + "version": "2.4", + "status": "affected" + } + +Therefore, the full encoding of the final example in the previous section, +in which only 2.4 and 2.5 are affected, would be: + + "versions": [ + {"version": "2.4", "status": "affected"}, + {"version": "2.5", "status": "affected"} + ], + "defaultStatus": "unaffected" + +A version object can also specify the status for a range of versions, +by adding the `versionType` field as well as either the `lessThan` or `lessThanOrEqual` field. +For example, this version object specifies that semantic versions starting at 2.0.0 up to and including 2.5.1 are affected: + + { + "version": "2.0.0", + "versionType": "semver", + "lessThanOrEqual": "2.5.1", + "status": "affected" + } + +More precisely, this kind of version object matches any version V +such that `version` ≤ V ≤ `lessThanOrEqual`. +If the `lessThan` field is used instead of `lessThanOrEqual`, then +the condition is `version` ≤ V \< `lessThanOrEqual`. +For example, this version object specifies that semantic versions starting at 2.0.0 up to but not including 2.5.2 are affected: + + { + "version": "2.0.0", + "versionType": "semver", + "lessThan": "2.5.2", + "status": "affected" + } + +When identifying a precise range of affected versions, +the `lessThan` form is more common, +since it allows naming the exact version that introduced the fix. + +The `versionType` is required when specifying ranges, +because there is no single definition of “less than” for versions. +Each different version numbering system has its own ordering rules. +For example, in [semantic versioning](https://semver.org/), `1.0.0-cr1` \< `1.0.0-m1`, +while [in Maven, the opposite is true](https://octopus.com/blog/maven-versioning-explained). +Example version types include `maven`, `python`, `rpm`, and `semver`. +Another version type is `git`, described later. + +The version type `custom` is also defined, to mean an otherwise unspecified ordering, +specific to the vendor or product. Using `custom` means that the version status +algorithm cannot be executed, so its use is discouraged; it is included in order +to be able to convert older CVE data that had no concept of version type. + +In any version range, the details of the version syntax and semantics depend on the version type, +but by convention, `"version": "0"` means that the range has no lower bound, +and a `*` in an upper bound denotes “infinity”, +as in `"lessThan": "2.*"`, which denotes a range where the 2.X version series is the upper bound, +or `"lessThan": "*"`, which denotes a range with no upper bound at all. + +Note that `*` is “infinity”, not a wildcard pattern. For example, + + { + "version": "1.0", + "versionType": "semver", + "lessThan": "2.*", + "status": "affected" + } + +says that the entire 1.X and 2.X version series are affected. + +We saw above the example of a product in which 2.0.0 up to but not including 2.5.2 are affected, +which we wrote as: + + "versions": [ + { ... 2.0.0 through 2.5.1 affected ... }, + { ... 2.5.2 through 2.x.x unaffected ... } + ] + +Now that we know how to encode version objects, that would be written as: + + "versions": [ + { + "version": "2.0.0", "versionType": "semver", "lessThan": "2.5.2", + "status": "affected" + }, + { + "version": "2.5.2", "versionType": "semver", "lessThan": "2.*", + "status": "unaffected" + } + ] + +## Version Status Changes + +As presented in the previous section, +a version object's range form (with `versionType` and `lessThan` or `lessThanOrEqual`) +specifies a single status for every version in the range it describes. +It is also possible for the version object to indicate status changes at +transition points, breaking the range up into segments with different status. +This allows a compact way to explain the full status of a particular version branch. + +Using status changes, the previous example can be shortened to a single version object: + + "versions": [ + { + "version": "2.0.0", "versionType": "semver", "lessThan": "2.*", + "status": "affected", + "changes": [ + {"at": "2.5.2", "status": "unaffected"} + ] + } + ] + +Note that in this form, the version 2.5.2 is no longer listed twice. + +A more complex situation, such as when 2.6.0 had also been released with the vulnerability +and was fixed in 2.6.3, is also easily encoded: + + "versions": [ + { + "version": "2.0.0", "versionType": "semver", "lessThan": "2.*", + "status": "affected", + "changes": [ + {"at": "2.5.2", "status": "unaffected"}, + {"at": "2.6.0", "status": "affected"}, + {"at": "2.6.3", "status": "unaffected"} + ] + } + ] + +When a version is matched by a version range object `entry`, +we have assumed until now that its status is `entry.status`. +With the addition of status changes, the computation of the status +of a matching version is: + + status = entry.status + for change in entry.changes, sorted in increasing order { + if change.at ≤ V { + status = change.status + } + } + return status + +For any versioning system with a strict linear ordering (including semantic versioning), +a status change form can always be rewritten into an equivalent, longer list of version objects +without status changes. +Status changes become particularly important for non-linear versions, +such as in source control systems. + +## Source Control Versions + +For vulnerabilities in open-source software, it can be very helpful to list the +precise changes that introduced and fixed the vulnerability. +To allow this, ranges using `versionType` set to `git` (or `hg` and so on) +can use version control identifiers, such as Git commit hashes, +as version strings. + +The previous example might add the source control information to the +`versions` list as follows: + + "versions": [ + { + "version": "2.0.0", "versionType": "semver", "lessThan": "2.*", + "status": "affected", + "changes": [ + {"at": "2.5.2", "status": "unaffected"}, + {"at": "2.6.0", "status": "affected"}, + {"at": "2.6.3", "status": "unaffected"} + ] + }, + { + "version": "0", "versionType": "git", "lessThan": "*", + "repo": "https://github.com/example/test", + "status": "unaffected", + "changes": [ + {"at": "123abc...", "status": "affected"}, + {"at": "234bcd...", "status": "unaffected"}, + {"at": "567ef0...", "status": "unaffected"} + ] + } + ] + +Note that the list now contains two different kinds of version information: +semantic versions that users are likely to see +as well as Git commit hashes that are more useful to developers trying to +understand the vulnerability. + +Focusing on the Git version range, +the overall range is written to match all Git commits, +declaring them `unaffected` unless specified otherwise by status changes. +(The conventional `0` and `*` specify +“no lower bound, no upper bound” for the range.) +Because the Git version identifiers cannot be understood without +reference to a specific Git repository, this form adds a new `repo` field +containing the URL of the repository. Let's suppose the repository's commit +graph looks like this: + + 1.0.0 1.0.3 + ↓ ↓ + o---o---o---o---o---o---o---o ← 012fab... + / + / 2.5.1 2.5.2 + / ↓ ↓ + / o---o---o---o---o---o---o---o ← 345cde... + / 123abc... / ↑ + / ↓ / 234bcd... + ---o---o---o---o---o ← 2.0.0 + \ 456def... 567ef0... + \ ↓ ↓ + o---o---o---o---o---o---o---o---o---o---o ← 678f01... + ↑ ↑ ↑ + 2.6.0 2.6.2 2.6.3 + +In the graph, time moves left to right: if a commit A (denoted by an `o`) +is connected by one or more lines to another commit B to the right of A, +then A is an _ancestor_ of B, and B is a _descendant_ of A. +For source control version types, the less than operator on versions +A \< B is defined to mean that A is an ancestor of B in the commit graph, +and similarly A ≤ B means that A = B or A \< B. +The complete set of less-than relations between the pictured commits is: + + - `123abc...` \< `234bcd...`, `345cde...`, `456def...`, `567ef0...`, and `678f01...`. + - `234bcd...` \< `345cde...`. + - `456def...` \< `567ef0...` and `678f01...`. + - `567ef0...` \< `678f01...`. + +The matching and status algorithms then proceed as before, +using that definition of \<. +The iteration “in sorted order” allows any topological sort: +when A \< B, then a status change at A +must be considered before a status change at B. +In this example, the changes list can be processed in two +possible orders: `123abc...` must be first, and then the +other two can be considered in either order, +since neither is less than the other. + +Given this repository graph and the source control version information, +we can see exactly what happened with this vulnerability: + + - It was introduced in `123abc...` (released in 2.0.0). + - It was fixed in `234bcd...` (between 2.5.1 and 2.5.2 on the 2.5 branch). + - It was fixed in `567ef0...` (between 2.6.2 and 2.6.3 on the 2.6 branch). + +The status change list specifies these exact events, which makes it possible +for us to decide whether any given commit has the vulnerability. +For example: + + - `012fab...` is unaffected: it is not a descendant of `123abc...`. + - `345cde...` is unaffected: it is a descendant of `123abc...` but also of `234bcd...`. + - `456def...` is affected: it is a descendant of `123abc...` and not a descendant of `234bcd...` or `567ef0...`. + +Given this kind of precise source control-level information about which changes +introduced and fixed a vulnerability, it is possible to derive the +affected version ranges automatically. +The [OSV project](https://osv.dev/) is building tooling to do exactly that. + +When the `lessThan` field in a source control range is set to something other than `*`, +it has the effect of limiting the commits to which the range applies +to just those commits with `lessThan` as a descendant. +This is typically not useful, but it does allow encoding the +(unusual) practice of issuing different CVEs for different version branches. +For example, if the 2.5 branch and 2.6 branch instances of this +vulnerability needed to be in two different CVE entries, they could be +encoded by giving the CVE for the 2.5 branch this information: + + "defaultStatus": "unaffected" + "versions": [ + { + "version": "123abc...", "versionType": "git", "lessThan": "234bcd...", + "status": "affected" + } + ] + +And by giving the CVE for the 2.6 branch this information: + + "defaultStatus": "unaffected" + "versions": [ + { + "version": "123abc...", "versionType": "git", "lessThan": "567ef0...", + "status": "affected" + } + ] + +Again, this is an unusual choice and should typically be discouraged. +It is more useful in many ways to have a single CVE for each vulnerability. + +## Version Objects + +For reference, here are all the fields defined for version objects: + + - `version`: the single version being described, + or the version at the start of the range. + By convention, `0` typically denotes the earliest possible version. + + - `versionType`: the version numbering system used for specifying the range. + This defines the exact semantics of the comparison (\< and ≤) operations + on versions, which is necessary to understand the range itself. + The value `custom` indicates that the version type is unspecified, + which should be avoided whenever possible: + it is included primarily for use in conversion of older data files. + + - `lessThan` or `lessThanOrEqual`: the upper limit of the range. + Only one of these can be specified. + For `lessThan`, the least version _not_ in the range. + For `lessThanOrEqual`, the greatest version in the range; + this form is discouraged in favor of writing `lessThan` + with the version that introduced the fix. + + When using `lessThan` (only), the usual version syntax + is expanded to allow a pattern + to end in an asterisk (`*`), indicating an arbitrarily large number + in the version ordering. + For example, `"lessThan": "1.*"` describes the remainder of the 1.X branch, + while `"lessThan": "*"` describes all versions greater than or equal to + the base `version`. + + - `status`: the vulnerability status for the version or range of versions. + For a range, the status may be refined by the 'changes' list. + + - `changes`: a list of status changes that take place during a range. + The list should be sorted in (linearly or topologically) + increasing order by the 'at' field, according to the `versionType`, + but clients must not assume this. + Instead, clients must re-sort the list themselves before using it. + +A version object describing a single version must specify +both `version` and `status`, and no other fields. + +A version object describing a range must specify +`version`, `versionType`, one of `lessThan` or `lessThanOrEqual`, and `status`. +The `changes` field is optional. + +Each change object in the `changes` list has two fields: + + - `at`: the version at which a status change occurs. + + - `status`: the new status in the range starting at the given version. + diff --git a/schema/imports/cvss/README.md b/schema/imports/cvss/README.md new file mode 100644 index 00000000000..174dd1658af --- /dev/null +++ b/schema/imports/cvss/README.md @@ -0,0 +1 @@ +ATTENTION: The files in this folder are local modified versions of the CVSS JSON schemas [maintained](https://www.first.org/cvss/data-representations) by the [Forum of Incident Response and Security Teams](https://www.first.org/) (FIRST). Changes have been made to correct bug fixes in certain validators and to provide additional validation in older cvss schemas. diff --git a/schema/imports/cvss/cvss-v2.0.json b/schema/imports/cvss/cvss-v2.0.json new file mode 100644 index 00000000000..caa64037aab --- /dev/null +++ b/schema/imports/cvss/cvss-v2.0.json @@ -0,0 +1,105 @@ +{ + "license": [ + "Copyright (c) 2017, FIRST.ORG, INC.", + "All rights reserved.", + "", + "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ", + "following conditions are met:", + "1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ", + " disclaimer.", + "2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ", + " following disclaimer in the documentation and/or other materials provided with the distribution.", + "3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ", + " products derived from this software without specific prior written permission.", + "", + "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", + "INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ", + "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ", + "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ", + "SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ", + "WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ", + "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." + ], + + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 2.0", + "id": "https://www.first.org/cvss/cvss-v2.0.json?20170531", + "type": "object", + "definitions": { + "accessVectorType": { + "type": "string", + "enum": [ "NETWORK", "ADJACENT_NETWORK", "LOCAL" ] + }, + "accessComplexityType": { + "type": "string", + "enum": [ "HIGH", "MEDIUM", "LOW" ] + }, + "authenticationType": { + "type": "string", + "enum": [ "MULTIPLE", "SINGLE", "NONE" ] + }, + "ciaType": { + "type": "string", + "enum": [ "NONE", "PARTIAL", "COMPLETE" ] + }, + "exploitabilityType": { + "type": "string", + "enum": [ "UNPROVEN", "PROOF_OF_CONCEPT", "FUNCTIONAL", "HIGH", "NOT_DEFINED" ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ "OFFICIAL_FIX", "TEMPORARY_FIX", "WORKAROUND", "UNAVAILABLE", "NOT_DEFINED" ] + }, + "reportConfidenceType": { + "type": "string", + "enum": [ "UNCONFIRMED", "UNCORROBORATED", "CONFIRMED", "NOT_DEFINED" ] + }, + "collateralDamagePotentialType": { + "type": "string", + "enum": [ "NONE", "LOW", "LOW_MEDIUM", "MEDIUM_HIGH", "HIGH", "NOT_DEFINED" ] + }, + "targetDistributionType": { + "type": "string", + "enum": [ "NONE", "LOW", "MEDIUM", "HIGH", "NOT_DEFINED" ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ "LOW", "MEDIUM", "HIGH", "NOT_DEFINED" ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ "2.0" ] + }, + "vectorString": { + "type": "string", + "pattern": "^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$" + }, + "accessVector": { "$ref": "#/definitions/accessVectorType" }, + "accessComplexity": { "$ref": "#/definitions/accessComplexityType" }, + "authentication": { "$ref": "#/definitions/authenticationType" }, + "confidentialityImpact": { "$ref": "#/definitions/ciaType" }, + "integrityImpact": { "$ref": "#/definitions/ciaType" }, + "availabilityImpact": { "$ref": "#/definitions/ciaType" }, + "baseScore": { "$ref": "#/definitions/scoreType" }, + "exploitability": { "$ref": "#/definitions/exploitabilityType" }, + "remediationLevel": { "$ref": "#/definitions/remediationLevelType" }, + "reportConfidence": { "$ref": "#/definitions/reportConfidenceType" }, + "temporalScore": { "$ref": "#/definitions/scoreType" }, + "collateralDamagePotential": { "$ref": "#/definitions/collateralDamagePotentialType" }, + "targetDistribution": { "$ref": "#/definitions/targetDistributionType" }, + "confidentialityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "integrityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "availabilityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "environmentalScore": { "$ref": "#/definitions/scoreType" } + }, + "required": [ "version", "vectorString", "baseScore" ], + "additionalProperties": false +} diff --git a/schema/imports/cvss/cvss-v3.0.json b/schema/imports/cvss/cvss-v3.0.json new file mode 100644 index 00000000000..fceaf5f825d --- /dev/null +++ b/schema/imports/cvss/cvss-v3.0.json @@ -0,0 +1,577 @@ +{ + "license": [ + "Copyright (c) 2017, FIRST.ORG, INC.", + "All rights reserved.", + "", + "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ", + "following conditions are met:", + "1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ", + " disclaimer.", + "2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ", + " following disclaimer in the documentation and/or other materials provided with the distribution.", + "3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ", + " products derived from this software without specific prior written permission.", + "", + "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", + "INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ", + "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ", + "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ", + "SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ", + "WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ", + "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." + ], + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.0", + "id": "https://www.first.org/cvss/cvss-v3.0.json?20170531", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "enum": [ + 0.0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1.0, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2.0, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3.0, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4.0, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5.0, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6.0, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7.0, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8.0, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9.0, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10.0 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1.0, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2.0, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3.0, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4.0, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5.0, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6.0, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7.0, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8.0, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9.0, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10.0 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/severityType" + } + }, + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/criticalSeverityType" + } + } + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false +} \ No newline at end of file diff --git a/schema/imports/cvss/cvss-v3.1.json b/schema/imports/cvss/cvss-v3.1.json new file mode 100644 index 00000000000..89fcd20cb84 --- /dev/null +++ b/schema/imports/cvss/cvss-v3.1.json @@ -0,0 +1,592 @@ +{ + "license": [ + "Copyright (c) 2021, FIRST.ORG, INC.", + "All rights reserved.", + "", + "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ", + "following conditions are met:", + "1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ", + " disclaimer.", + "2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ", + " following disclaimer in the documentation and/or other materials provided with the distribution.", + "3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ", + " products derived from this software without specific prior written permission.", + "", + "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", + "INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ", + "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ", + "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ", + "SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ", + "WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ", + "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." + ], + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.1", + "id": "https://www.first.org/cvss/cvss-v3.1.json?20210501", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "scoreType": { + "type": "number", + "enum": [ + 0.0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1.0, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2.0, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3.0, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4.0, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5.0, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6.0, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7.0, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8.0, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9.0, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10.0 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1.0, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2.0, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3.0, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4.0, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5.0, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6.0, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7.0, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8.0, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9.0, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10.0 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.1" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/severityType" + } + }, + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/criticalSeverityType" + } + } + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false +} \ No newline at end of file diff --git a/schema/imports/cvss/cvss-v4.0.json b/schema/imports/cvss/cvss-v4.0.json new file mode 100644 index 00000000000..262616b0325 --- /dev/null +++ b/schema/imports/cvss/cvss-v4.0.json @@ -0,0 +1,784 @@ +{ + "license": [ + "Copyright (c) 2023, FIRST.ORG, INC.", + "All rights reserved.", + "", + "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ", + "following conditions are met:", + "1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ", + " disclaimer.", + "2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ", + " following disclaimer in the documentation and/or other materials provided with the distribution.", + "3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ", + " products derived from this software without specific prior written permission.", + "", + "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", + "INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ", + "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ", + "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ", + "SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ", + "WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ", + "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." + ], + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 4.0", + "$id": "https://www.first.org/cvss/cvss-v4.0.json?20231011", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "attackRequirementsType": { + "type": "string", + "enum": [ + "NONE", + "PRESENT" + ] + }, + "modifiedAttackRequirementsType": { + "type": "string", + "enum": [ + "NONE", + "PRESENT", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "PASSIVE", + "ACTIVE" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "PASSIVE", + "ACTIVE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "vulnCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedVulnCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "subCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedSubCType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "modifiedSubIaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "SAFETY", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "exploitMaturityType": { + "type": "string", + "enum": [ + "UNREPORTED", + "PROOF_OF_CONCEPT", + "ATTACKED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "safetyType": { + "type": "string", + "enum": [ + "NEGLIGIBLE", + "PRESENT", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "automatableType": { + "type": "string", + "enum": [ + "NO", + "YES", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "recoveryType": { + "type": "string", + "enum": [ + "AUTOMATIC", + "USER", + "IRRECOVERABLE", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "valueDensityType": { + "type": "string", + "enum": [ + "DIFFUSE", + "CONCENTRATED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "vulnerabilityResponseEffortType": { + "type": "string", + "enum": [ + "LOW", + "MODERATE", + "HIGH", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "providerUrgencyType": { + "type": "string", + "enum": [ + "CLEAR", + "GREEN", + "AMBER", + "RED", + "NOT_DEFINED" + ], + "default": "NOT_DEFINED" + }, + "scoreType": { + "type": "number", + "enum": [ + 0.0, + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1.0, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2.0, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3.0, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4.0, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5.0, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6.0, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7.0, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8.0, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9.0, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10.0 + ] + }, + "noneScoreType": { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + "lowScoreType": { + "type": "number", + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1.0, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2.0, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3.0, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] + }, + "mediumScoreType": { + "type": "number", + "enum": [ + 4.0, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5.0, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6.0, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] + }, + "highScoreType": { + "type": "number", + "enum": [ + 7.0, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8.0, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] + }, + "criticalScoreType": { + "type": "number", + "enum": [ + 9.0, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10.0 + ] + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, + "noneSeverityType": { + "const": "NONE" + }, + "lowSeverityType": { + "const": "LOW" + }, + "mediumSeverityType": { + "const": "MEDIUM" + }, + "highSeverityType": { + "const": "HIGH" + }, + "criticalSeverityType": { + "const": "CRITICAL" + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "4.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$" + }, + "baseScore": { + "$ref": "#/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/severityType" + }, + "attackVector": { + "$ref": "#/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/attackComplexityType" + }, + "attackRequirements": { + "$ref": "#/definitions/attackRequirementsType" + }, + "privilegesRequired": { + "$ref": "#/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/userInteractionType" + }, + "vulnConfidentialityImpact": { + "$ref": "#/definitions/vulnCiaType" + }, + "vulnIntegrityImpact": { + "$ref": "#/definitions/vulnCiaType" + }, + "vulnAvailabilityImpact": { + "$ref": "#/definitions/vulnCiaType" + }, + "subConfidentialityImpact": { + "$ref": "#/definitions/subCiaType" + }, + "subIntegrityImpact": { + "$ref": "#/definitions/subCiaType" + }, + "subAvailabilityImpact": { + "$ref": "#/definitions/subCiaType" + }, + "exploitMaturity": { + "$ref": "#/definitions/exploitMaturityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/modifiedAttackComplexityType" + }, + "modifiedAttackRequirements": { + "$ref": "#/definitions/modifiedAttackRequirementsType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/modifiedUserInteractionType" + }, + "modifiedVulnConfidentialityImpact": { + "$ref": "#/definitions/modifiedVulnCiaType" + }, + "modifiedVulnIntegrityImpact": { + "$ref": "#/definitions/modifiedVulnCiaType" + }, + "modifiedVulnAvailabilityImpact": { + "$ref": "#/definitions/modifiedVulnCiaType" + }, + "modifiedSubConfidentialityImpact": { + "$ref": "#/definitions/modifiedSubCType" + }, + "modifiedSubIntegrityImpact": { + "$ref": "#/definitions/modifiedSubIaType" + }, + "modifiedSubAvailabilityImpact": { + "$ref": "#/definitions/modifiedSubIaType" + }, + "Safety": { + "$ref": "#/definitions/safetyType" + }, + "Automatable": { + "$ref": "#/definitions/automatableType" + }, + "Recovery": { + "$ref": "#/definitions/recoveryType" + }, + "valueDensity": { + "$ref": "#/definitions/valueDensityType" + }, + "vulnerabilityResponseEffort": { + "$ref": "#/definitions/vulnerabilityResponseEffortType" + }, + "providerUrgency": { + "$ref": "#/definitions/providerUrgencyType" + } + }, + "allOf": [ + { + "anyOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/lowScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/mediumScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/highScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/highSeverityType" + } + } + }, + { + "properties": { + "baseScore": { + "$ref": "#/definitions/criticalScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/criticalSeverityType" + } + } + } + ] + }, + { + "anyOf": [ + { + "properties": { + "threatScore": { + "$ref": "#/definitions/noneScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/lowScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/mediumScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/highScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/highSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/criticalScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/criticalSeverityType" + } + } + } + ] + }, + { + "anyOf": [ + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/noneScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/lowScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/lowSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/mediumScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/mediumSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/highScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/highSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/criticalScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/criticalSeverityType" + } + } + } + ] + } + ], + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "additionalProperties": false +} \ No newline at end of file diff --git a/schema/support/CVE_4_to_5_converter/PUBLISHED_CVE_JSON_5.0_bundled.json b/schema/support/CVE_4_to_5_converter/PUBLISHED_CVE_JSON_5.0_bundled.json new file mode 100644 index 00000000000..db85640ad9d --- /dev/null +++ b/schema/support/CVE_4_to_5_converter/PUBLISHED_CVE_JSON_5.0_bundled.json @@ -0,0 +1,1997 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.org/cve/record/v5_00/", + "type": "object", + "title": "CVE JSON record format", + "description": "cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at [the official website](https://cve.mitre.org). This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).", + "definitions": { + "uriType": { + "description": "A universal resource identifier (URI), according to [RFC 3986](https://tools.ietf.org/html/rfc3986).", + "type": "string", + "format": "uri", + "minLength": 1, + "maxLength": 2000 + }, + "uuidType": { + "description": "A version 4 (random) universally unique identifier (UUID) as defined by [RFC 4122](https://tools.ietf.org/html/rfc4122#section-4.1.3).", + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$" + }, + "reference": { + "type": "object", + "required": [ + "url" + ], + "additionalProperties": true, + "properties": { + "url": { + "description": "The uniform resource locator (URL), according to [RFC 3986](https://tools.ietf.org/html/rfc3986#section-1.1.3), that can be used to retrieve the referenced resource.", + "$ref": "#/definitions/uriType" + }, + "name": { + "description": "User created name for the reference, often the title of the page.", + "type": "string", + "maxLength": 500, + "minLength": 1 + }, + "tags": { + "description": "An array of one or more tags that describe the resource referenced by 'url'.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", + "type": "string", + "description": "broken-link: The reference link is returning a 404 error, or the site is no longer online.\n\ncustomer-entitlement: Similar to Privileges Required, but specific to references that require non-public/paid access for customers of the particular vendor.\n\nexploit: Reference contains an in-depth/detailed description of steps to exploit a vulnerability OR the reference contains any legitimate Proof of Concept (PoC) code or exploit kit.\n\ngovernment-resource: All reference links that are from a government agency or organization should be given the Government Resource tag.\n\nissue-tracking: The reference is a post from a bug tracking tool such as MantisBT, Bugzilla, JIRA, Github Issues, etc...\n\nmailing-list: The reference is from a mailing list -- often specific to a product or vendor.\n\nmitigation: The reference contains information on steps to mitigate against the vulnerability in the event a patch can't be applied or is unavailable or for EOL product situations.\n\nnot-applicable: The reference link is not applicable to the vulnerability and was likely associated by MITRE accidentally (should be used sparingly).\n\npatch: The reference contains an update to the software that fixes the vulnerability.\n\npermissions-required: The reference link provided is blocked by a logon page. If credentials are required to see any information this tag must be applied.\n\nmedia-coverage: The reference is from a media outlet such as a newspaper, magazine, social media, or weblog. This tag is not intended to apply to any individual's personal social media account. It is strictly intended for public media entities.\n\nproduct: A reference appropriate for describing a product for the purpose of CPE or SWID.\n\nrelated: A reference that is for a related (but not the same) vulnerability.\n\nrelease-notes: The reference is in the format of a vendor or open source project's release notes or change log.\n\nsignature: The reference contains a method to detect or prevent the presence or exploitation of the vulnerability.\n\ntechnical-description: The reference contains in-depth technical information about a vulnerability and its exploitation process, typically in the form of a presentation or whitepaper.\n\nthird-party-advisory: Advisory is from an organization that is not the vulnerable product's vendor/publisher/maintainer.\n\nvendor-advisory: Advisory is from the vendor/publisher/maintainer of the product or the parent organization.\n\nvdb-entry: VDBs are loosely defined as sites that provide information about this vulnerability, such as advisories, with identifiers. Included VDBs are free to access, substantially public, and have broad scope and coverage (not limited to a single vendor or research organization). See: https://www.first.org/global/sigs/vrdx/vdb-catalog", + "enum": [ + "broken-link", + "customer-entitlement", + "exploit", + "government-resource", + "issue-tracking", + "mailing-list", + "mitigation", + "not-applicable", + "patch", + "permissions-required", + "media-coverage", + "product", + "related", + "release-notes", + "signature", + "technical-description", + "third-party-advisory", + "vendor-advisory", + "vdb-entry" + ] + } + ] + } + } + } + }, + "cveId": { + "type": "string", + "pattern": "^CVE-[0-9]{4}-[0-9]{4,19}$" + }, + "orgId": { + "description": "A UUID for an organization participating in the CVE program. This UUID can be used to lookup the organization record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "userId": { + "description": "A UUID for a user participating in the CVE program. This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "shortName": { + "description": "A 3-12 character name that can be used to complement an organization's UUID.", + "type": "string", + "minLength": 2, + "maxLength": 64 + }, + "datestamp": { + "description": "Date/time format based on RFC3339 and ISO ISO8601.", + "type": "string", + "format": "date", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))$" + }, + "timestamp": { + "type": "string", + "format": "date-time", + "description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ssZZZZ'. If timezone offset is not given, GMT (0000) is assumed.", + "pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$" + }, + "version": { + "description": "A single version of a product, as expressed in its own version numbering scheme.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + }, + "status": { + "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", + "type": "string", + "enum": [ + "affected", + "unaffected", + "unknown" + ] + }, + "product": { + "type": "object", + "description": "Provides information about the set of products and services affected by this vulnerability.", + "allOf": [ + { + "anyOf": [ + { + "required": [ + "vendor", + "product" + ] + }, + { + "required": [ + "collectionURL", + "packageName" + ] + } + ] + }, + { + "anyOf": [ + { + "required": [ + "versions" + ] + }, + { + "required": [ + "defaultStatus" + ] + } + ] + } + ], + "properties": { + "vendor": { + "type": "string", + "description": "Name of the organization, project, community, individual, or user that created or maintains this product or hosted service. Can be 'N/A' if none of those apply. When collectionURL and packageName are used, this field may optionally represent the user or account within the package collection associated with the package.", + "minLength": 1, + "maxLength": 512 + }, + "product": { + "type": "string", + "description": "Name of the affected product.", + "minLength": 1, + "maxLength": 2058 + }, + "collectionURL": { + "description": "URL identifying a package collection (determines meaning of packageName).", + "$ref": "#/definitions/uriType", + "examples": [ + "https://access.redhat.com/downloads/content/package-browser", + "https://addons.mozilla.org", + "https://addons.thunderbird.net", + "https://anaconda.org/anaconda/repo", + "https://app.vagrantup.com/boxes/search", + "https://apps.apple.com", + "https://archlinux.org/packages", + "https://atmospherejs.meteor.com", + "https://atom.io/packages", + "https://bitbucket.org", + "https://bower.io", + "https://brew.sh/", + "https://chocolatey.org/packages", + "https://chrome.google.com/webstore", + "https://clojars.org", + "https://cocoapods.org", + "https://code.dlang.org", + "https://conan.io/center", + "https://cpan.org/modules", + "https://cran.r-project.org", + "https://crates.io", + "https://ctan.org/pkg", + "https://drupal.org", + "https://exchange.adobe.com", + "https://forge.puppet.com/modules", + "https://github.com", + "https://gitlab.com/explore", + "https://golang.org/pkg", + "https://guix.gnu.org/packages", + "https://hackage.haskell.org", + "https://helm.sh", + "https://hub.docker.com", + "https://juliahub.com", + "https://lib.haxe.org", + "https://luarocks.org", + "https://marketplace.visualstudio.com", + "https://melpa.org", + "https://microsoft.com/en-us/store/apps", + "https://nimble.directory", + "https://nuget.org/packages", + "https://opam.ocaml.org/packages", + "https://openwrt.org/packages/index", + "https://package.elm-lang.org", + "https://packagecontrol.io", + "https://packages.debian.org", + "https://packages.gentoo.org", + "https://packagist.org", + "https://pear.php.net/packages.php", + "https://pecl.php.net", + "https://platformio.org/lib", + "https://play.google.com/store", + "https://plugins.gradle.org", + "https://projects.eclipse.org", + "https://pub.dev", + "https://pypi.python.org", + "https://registry.npmjs.org", + "https://registry.terraform.io", + "https://repo.hex.pm", + "https://repo.maven.apache.org/maven2", + "https://rubygems.org", + "https://search.nixos.org/packages", + "https://sourceforge.net", + "https://wordpress.org/plugins" + ] + }, + "packageName": { + "type": "string", + "description": "Name or identifier of the affected software package as used in the package collection.", + "minLength": 1, + "maxLength": 2058 + }, + "cpes": { + "type": "array", + "description": "Affected products defined by CPE. This is an array of CPE values (vulnerable and not), we use an array so that we can make multiple statements about the same version and they are separate (if we used a JSON object we'd essentially be keying on the CPE name and they would have to overlap). Also this allows things like cveDataVersion or cveDescription to be applied directly to the product entry. This also allows more complex statements such as \"Product X between versions 10.2 and 10.8\" to be put in a machine-readable format. As well since multiple statements can be used multiple branches of the same product can be defined here.", + "uniqueItems": true, + "items": { + "title": "CPE Name", + "type": "string", + "description": "Common Platform Enumeration (CPE) Name in either 2.2 or 2.3 format", + "pattern": "([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})", + "minLength": 1, + "maxLength": 2000 + } + }, + "modules": { + "type": "array", + "description": "A list of the affected components, features, modules, sub-components, sub-products, APIs, commands, utilities, programs, or functionalities (optional).", + "uniqueItems": true, + "items": { + "type": "string", + "description": "Name of the affected component, feature, module, sub-component, sub-product, API, command, utility, program, or functionality (optional).", + "minLength": 1, + "maxLength": 4000 + } + }, + "programFiles": { + "type": "array", + "description": "A list of the affected source code files (optional).", + "uniqueItems": true, + "items": { + "description": "Name or path or location of the affected source code file.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + } + }, + "programRoutines": { + "type": "array", + "description": "A list of the affected source code functions, methods, subroutines, or procedures (optional).", + "uniqueItems": true, + "items": { + "type": "object", + "description": "Object describing program routine.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "Name of the affected source code file, function, method, subroutine, or procedure.", + "minLength": 1, + "maxLength": 4000 + } + } + } + }, + "platforms": { + "title": "Platforms", + "description": "List of specific platforms if the vulnerability is only relevant in the context of these platforms (optional). Platforms may include execution environments, operating systems, virtualization technolgies, hardware models, or computing architectures. Lack of this field or an empty array implies that the other fields are applicable for all relevant platforms.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "string", + "examples": [ + "iOS", + "Android", + "Windows", + "macOS", + "x86", + "ARM", + "64 bit", + "Big Endian", + "iPad", + "Chromebook", + "Docker" + ], + "maxLength": 1024 + } + }, + "repo": { + "description": "The URL of the source code repository, for informational purposes and/or to resolve git hash version ranges.", + "$ref": "#/definitions/uriType" + }, + "defaultStatus": { + "description": "The default status for versions that are not otherwise listed in the versions list. If not specified, defaultStatus defaults to 'unknown'. Versions or defaultStatus may be omitted, but not both.", + "$ref": "#/definitions/status" + }, + "versions": { + "type": "array", + "description": "Set of product versions or version ranges related to the vulnerability. The versions satisfy the CNA Rules [8.1.2 requirement](https://cve.mitre.org/cve/cna/rules.html#section_8-1_cve_entry_information_requirements). Versions or defaultStatus may be omitted, but not both.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "A single version or a range of versions, with vulnerability status.\n\nAn entry with only 'version' and 'status' indicates the status of a single version.\n\nOtherwise, an entry describes a range; it must include the 'versionType' property, to define the version numbering semantics in use, and 'limit', to indicate the non-inclusive upper limit of the range. The object describes the status for versions V such that 'version' <= V and V < 'limit', using the <= and < semantics defined for the specific kind of 'versionType'. Status changes within the range can be specified by an optional 'changes' list.\n\nThe algorithm to decide the status specified for a version V is:\n\n\tfor entry in product.versions {\n\t\tif entry.lessThan is not present and entry.lessThanOrEqual is not present and v == entry.version {\n\t\t\treturn entry.status\n\t\t}\n\t\tif (entry.lessThan is present and entry.version <= v and v < entry.lessThan) or\n\t\t (entry.lessThanOrEqual is present and entry.version <= v and v <= entry.lessThanOrEqual) { // <= and < defined by entry.versionType\n\t\t\tstatus = entry.status\n\t\t\tfor change in entry.changes {\n\t\t\t\tif change.at <= v {\n\t\t\t\t\tstatus = change.status\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn status\n\t\t}\n\t}\n\treturn product.defaultStatus\n\n.", + "oneOf": [ + { + "required": [ + "version", + "status" + ], + "maxProperties": 2 + }, + { + "required": [ + "version", + "status", + "versionType" + ], + "oneOf": [ + { + "required": [ + "lessThan" + ] + }, + { + "required": [ + "lessThanOrEqual" + ] + } + ] + } + ], + "properties": { + "version": { + "description": "The single version being described, or the version at the start of the range. By convention, typically 0 denotes the earliest possible version.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The vulnerability status for the version or range of versions. For a range, the status may be refined by the 'changes' list.", + "$ref": "#/definitions/status" + }, + "versionType": { + "type": "string", + "description": "The version numbering system used for specifying the range. This defines the exact semantics of the comparison (less-than) operation on versions, which is required to understand the range itself. 'Custom' indicates that the version type is unspecified and should be avoided whenever possible. It is included primarily for use in conversion of older data files.", + "minLength": 1, + "maxLength": 128, + "examples": [ + "custom", + "git", + "maven", + "python", + "rpm", + "semver" + ] + }, + "lessThan": { + "description": "The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk `(*)`, indicating an arbitrarily large number in the version ordering. For example, `{version: 1.0 lessThan: 1.*}` would describe the entire 1.X branch for most range kinds, and `{version: 2.0, lessThan: *}` describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.", + "$ref": "#/definitions/version" + }, + "lessThanOrEqual": { + "description": "The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, `{version: 1.0, lessThanOrEqual: 1.3}` covers all versions from 1.0 up to and including 1.3.", + "$ref": "#/definitions/version" + }, + "changes": { + "type": "array", + "description": "A list of status changes that take place during the range. The array should be sorted in increasing order by the 'at' field, according to the versionType, but clients must re-sort the list themselves rather than assume it is sorted.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "The start of a single status change during the range.", + "required": [ + "at", + "status" + ], + "properties": { + "at": { + "description": "The version at which a status change occurs.", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The new status in the range starting at the given version.", + "$ref": "#/definitions/status" + } + } + } + } + } + } + } + } + }, + "dataType": { + "description": "Indicates the type of information represented in the JSON instance.", + "type": "string", + "enum": [ + "CVE_RECORD" + ] + }, + "dataVersion": { + "description": "The version of the schema being used. Used to support multiple versions of this format.", + "type": "string", + "enum": [ + "5.0" + ] + }, + "cveMetadataPublished": { + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "type": "object", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned. This UUID can be used to lookup the organization record in the user registry service." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "requesterUserId": { + "$ref": "#/definitions/userId", + "description": "The user that requested the CVE identifier." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "state": { + "description": "State of CVE - PUBLISHED, REJECTED.", + "type": "string", + "enum": [ + "PUBLISHED" + ] + } + }, + "additionalProperties": false + }, + "cveMetadataRejected": { + "type": "object", + "description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "description": "The CVE identifier that this record pertains to.", + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId", + "description": "The UUID for the organization to which the CVE ID was originally assigned." + }, + "assignerShortName": { + "$ref": "#/definitions/shortName", + "description": "The short name for the organization to which the CVE ID was originally assigned." + }, + "serial": { + "type": "integer", + "minimum": 1, + "description": "The system of record causes this to start at 1, and increment by 1 each time a submission from a data provider changes this CVE Record. The incremented value moves to the Rejected schema upon a PUBLISHED->REJECTED transition, and moves to the Published schema upon a REJECTED->PUBLISHED transition." + }, + "dateUpdated": { + "description": "The date/time the record was last updated.", + "$ref": "#/definitions/timestamp" + }, + "datePublished": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE Record was first published in the CVE List." + }, + "dateRejected": { + "$ref": "#/definitions/timestamp", + "description": "The date/time the CVE ID was rejected." + }, + "state": { + "type": "string", + "description": "State of CVE - PUBLISHED, REJECTED.", + "enum": [ + "REJECTED" + ] + }, + "dateReserved": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was reserved in the CVE automation workgroup services system. Disclaimer: This date reflects when the CVE ID was reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE." + } + }, + "additionalProperties": false + }, + "providerMetadata": { + "type": "object", + "description": "Details related to the information container provider (CNA or ADP).", + "properties": { + "orgId": { + "$ref": "#/definitions/orgId", + "description": "The container provider's organizational UUID." + }, + "shortName": { + "$ref": "#/definitions/shortName", + "description": "The container provider's organizational short name." + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp", + "description": "Timestamp to be set by the system of record at time of submission. If updatedDate is provided to the system of record it will be replaced by the current timestamp at the time of submission." + } + }, + "required": [ + "orgId" + ] + }, + "cnaPublishedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a published CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA. The CNA container must include the required information defined in the CVE Rules, which includes a product, version, problem type, prose description, and a reference.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "dateAssigned": { + "$ref": "#/definitions/timestamp", + "description": "The date/time this CVE ID was associated with a vulnerability by a CNA." + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "Short title - if the description is long we may want a short title to refer to.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/cnaTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata", + "descriptions", + "affected", + "references" + ], + "patternProperties": { + "^x_": {} + }, + "additionalProperties": false + }, + "cnaRejectedContainer": { + "description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a rejected CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "rejectedReasons": { + "description": "Reasons for rejecting this CVE Record.", + "$ref": "#/definitions/descriptions" + }, + "replacedBy": { + "type": "array", + "description": "Contains an array of CVE IDs that this CVE ID was rejected in favor of because the this CVE ID was assigned to the vulnerabilities.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/cveId" + } + } + }, + "required": [ + "providerMetadata", + "rejectedReasons" + ], + "patternProperties": { + "^x_": {} + }, + "additionalProperties": false + }, + "adpContainer": { + "description": "An object containing the vulnerability information provided by an Authorized Data Publisher (ADP). Since multiple ADPs can provide information for a CVE ID, an ADP container must indicate which ADP is the source of the information in the object.", + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "datePublic": { + "$ref": "#/definitions/timestamp", + "description": "If known, the date/time the vulnerability was disclosed publicly." + }, + "title": { + "type": "string", + "description": "Short english language title - if the description is long we may want a short title to refer to.", + "minLength": 1, + "maxLength": 256 + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/adpTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata" + ], + "minProperties": 2, + "patternProperties": { + "^x_": {} + }, + "additionalProperties": false + }, + "affected": { + "type": "array", + "description": "List of affected products.", + "minItems": 1, + "items": { + "$ref": "#/definitions/product" + } + }, + "description": { + "type": "object", + "description": "Text in a particular language with optional alternate markup or formatted representation (e.g., Markdown) or embedded media.", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "description": "Plain text description.", + "minLength": 1, + "maxLength": 4000 + }, + "supportingMedia": { + "type": "array", + "title": "Supporting media", + "description": "Supporting media data for the description such as markdown, diagrams, .. (optional). Similar to RFC 2397 each media object has three main parts: media type, media data value, and an optional boolean flag to indicate if the media data is base64 encoded.", + "uniqueItems": true, + "minItems": 1, + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "title": "Media type", + "minLength": 1, + "maxLength": 255, + "description": "RFC2046 compliant IANA Media type for eg., text/markdown, text/html.", + "examples": [ + "text/markdown", + "text/html", + "image/png", + "image/svg", + "audio/mp3" + ] + }, + "base64": { + "type": "boolean", + "title": "Encoding", + "description": "If true then the value field contains the media data encoded in base64. If false then the value field contains the UTF-8 media content.", + "default": false + }, + "value": { + "type": "string", + "description": "Supporting media content, up to 16K. If base64 is true, this field stores base64 encoded data.", + "minLength": 1, + "maxLength": 16384 + } + }, + "required": [ + "type", + "value" + ] + } + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + }, + "englishLanguageDescription": { + "type": "object", + "description": "A description with lang set to an English language (en, en_US, en_UK, and so on).", + "properties": { + "lang": { + "$ref": "#/definitions/englishLanguage" + } + }, + "required": [ + "lang" + ] + }, + "descriptions": { + "type": "array", + "description": "A list of multi-lingual descriptions of the vulnerability. E.g., [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]. OR [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] [ROOT CAUSE], which allows [ATTACKER] to [IMPACT] via [VECTOR].", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + }, + "contains": { + "$ref": "#/definitions/englishLanguageDescription" + } + }, + "problemTypes": { + "type": "array", + "description": "This is problem type information (e.g. CWE identifier). Must contain: At least one entry, can be text, OWASP, CWE, please note that while only one is required you can use more than one (or indeed all three) as long as they are correct). (CNA requirement: [PROBLEMTYPE]).", + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "descriptions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "lang", + "description" + ], + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "description": { + "type": "string", + "description": "Text description of problemType, or title from CWE or OWASP.", + "minLength": 1, + "maxLength": 4000 + }, + "cweId": { + "type": "string", + "description": "CWE ID of the CWE that best describes this problemType entry.", + "minLength": 5, + "maxLength": 9, + "pattern": "^CWE-[1-9][0-9]+$" + }, + "type": { + "type": "string", + "description": "Problemtype source, text, OWASP, CWE, etc.,", + "minLength": 1, + "maxLength": 128 + }, + "references": { + "$ref": "#/definitions/references" + } + } + }, + "minItems": 1, + "uniqueItems": true + } + } + }, + "minItems": 1, + "uniqueItems": true + }, + "references": { + "type": "array", + "description": "This is reference data in the form of URLs or file objects (uuencoded and embedded within the JSON file, exact format to be decided, e.g. we may require a compressed format so the objects require unpacking before they are \"dangerous\").", + "items": { + "$ref": "#/definitions/reference" + }, + "minItems": 1, + "maxItems": 500, + "uniqueItems": true + }, + "impacts": { + "type": "array", + "description": "Collection of impacts of this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description.", + "required": [ + "descriptions" + ], + "properties": { + "capecId": { + "type": "string", + "description": "CAPEC ID that best relates to this impact.", + "minLength": 7, + "maxLength": 11, + "pattern": "^CAPEC-[1-9][0-9]{0,4}$" + }, + "descriptions": { + "description": "Prose description of the impact scenario. At a minimum provide the description given by CAPEC.", + "$ref": "#/definitions/descriptions" + } + } + } + }, + "metrics": { + "type": "array", + "description": "Collection of impact scores with attribution.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "This is impact type information (e.g. a text description, CVSSv2, CVSSv3, etc.). Must contain: At least one entry, can be text, CVSSv2, CVSSv3, others may be added.", + "anyOf": [ + { + "required": [ + "cvssV3_1" + ] + }, + { + "required": [ + "cvssV3_0" + ] + }, + { + "required": [ + "cvssV2_0" + ] + }, + { + "required": [ + "other" + ] + } + ], + "properties": { + "format": { + "type": "string", + "description": "Name of the score format. This provides a bit future proofing. Additional properties are not prohibitied, so this will support inclusion of proprietary formats. It also provides an easy future conversion mechanism when future score formats become part of the schema. example: cvssV4_4, format = 'cvssV4_4', other = cvssV4_4 json object. In the future the other properties can be converted to score properties when they become part of the schema.", + "minLength": 1, + "maxLength": 64 + }, + "scenarios": { + "type": "array", + "description": "Description of the scenarios this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "default": "GENERAL", + "description": "Description of the scenario this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.", + "minLength": 1, + "maxLength": 4000 + } + }, + "required": [ + "lang", + "value" + ] + } + }, + "cvssV3_1": { + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.1", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.1" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ] + }, + "cvssV3_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.0", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL" + ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL", + "PHYSICAL", + "NOT_DEFINED" + ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW" + ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NOT_DEFINED" + ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE" + ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ + "HIGH", + "LOW", + "NONE", + "NOT_DEFINED" + ] + }, + "userInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED" + ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ + "NONE", + "REQUIRED", + "NOT_DEFINED" + ] + }, + "scopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED" + ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ + "UNCHANGED", + "CHANGED", + "NOT_DEFINED" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH" + ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "HIGH", + "NOT_DEFINED" + ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "confidenceType": { + "type": "string", + "enum": [ + "UNKNOWN", + "REASONABLE", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + }, + "severityType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "3.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ] + }, + "cvssV2_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 2.0", + "type": "object", + "definitions": { + "accessVectorType": { + "type": "string", + "enum": [ + "NETWORK", + "ADJACENT_NETWORK", + "LOCAL" + ] + }, + "accessComplexityType": { + "type": "string", + "enum": [ + "HIGH", + "MEDIUM", + "LOW" + ] + }, + "authenticationType": { + "type": "string", + "enum": [ + "MULTIPLE", + "SINGLE", + "NONE" + ] + }, + "ciaType": { + "type": "string", + "enum": [ + "NONE", + "PARTIAL", + "COMPLETE" + ] + }, + "exploitabilityType": { + "type": "string", + "enum": [ + "UNPROVEN", + "PROOF_OF_CONCEPT", + "FUNCTIONAL", + "HIGH", + "NOT_DEFINED" + ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ + "OFFICIAL_FIX", + "TEMPORARY_FIX", + "WORKAROUND", + "UNAVAILABLE", + "NOT_DEFINED" + ] + }, + "reportConfidenceType": { + "type": "string", + "enum": [ + "UNCONFIRMED", + "UNCORROBORATED", + "CONFIRMED", + "NOT_DEFINED" + ] + }, + "collateralDamagePotentialType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "LOW_MEDIUM", + "MEDIUM_HIGH", + "HIGH", + "NOT_DEFINED" + ] + }, + "targetDistributionType": { + "type": "string", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ + "LOW", + "MEDIUM", + "HIGH", + "NOT_DEFINED" + ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ + "2.0" + ] + }, + "vectorString": { + "type": "string", + "pattern": "^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$" + }, + "accessVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType" + }, + "accessComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType" + }, + "authentication": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "exploitability": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "collateralDamagePotential": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType" + }, + "targetDistribution": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore" + ] + }, + "other": { + "type": "object", + "description": "A non-standard impact description, may be prose or JSON block.", + "required": [ + "type", + "content" + ], + "properties": { + "type": { + "description": "Name of the non-standard impact metrics format used.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "content": { + "type": "object", + "description": "JSON object not covered by another metrics format.", + "minProperties": 1 + } + } + } + } + } + }, + "configurations": { + "type": "array", + "description": "Configurations required for exploiting this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "workarounds": { + "type": "array", + "description": "Workarounds and mitigations for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "solutions": { + "type": "array", + "description": "Information about solutions or remediations available for this vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "exploits": { + "type": "array", + "description": "Information about exploits of the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "timeline": { + "type": "array", + "description": "This is timeline information for significant events about this vulnerability or changes to the CVE Record.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "time", + "lang", + "value" + ], + "properties": { + "time": { + "description": "Timestamp representing when the event in the timeline occurred. The timestamp format is based on RFC3339 and ISO ISO8601, with an optional timezone. yyyy-MM-ddTHH:mm:ssZZZZ - if the timezone offset is not given, GMT (0000) is assumed.", + "$ref": "#/definitions/timestamp" + }, + "lang": { + "description": "The language used in the description of the event. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "description": "A summary of the event.", + "type": "string", + "minLength": 1, + "maxLength": 4000 + } + } + } + }, + "credits": { + "type": "array", + "description": "Statements acknowledging specific people, organizations, or tools recognizing the work done in researching, discovering, remediating or helping with activities related to this CVE.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "description": "The language used when describing the credits. The language field is included so that CVE Records can support translations. The value must be a BCP 47 language code.", + "$ref": "#/definitions/language" + }, + "value": { + "type": "string", + "minLength": 1, + "maxLength": 4000 + }, + "user": { + "description": "UUID of the user being credited if present in the CVE User Registry (optional). This UUID can be used to lookup the user record in the user registry service.", + "$ref": "#/definitions/uuidType" + }, + "type": { + "type": "string", + "description": "Type or role of the entity being credited (optional). finder: identifies the vulnerability.\nreporter: notifies the vendor of the vulnerability to a CNA.\nanalyst: validates the vulnerability to ensure accuracy or severity.\ncoordinator: facilitates the coordinated response process.\nremediation developer: prepares a code change or other remediation plans.\nremediation reviewer: reviews vulnerability remediation plans or code changes for effectiveness and completeness.\nremediation verifier: tests and verifies the vulnerability or its remediation.\ntool: names of tools used in vulnerability discovery or identification.\nsponsor: supports the vulnerability identification or remediation activities.", + "default": "finder", + "enum": [ + "finder", + "reporter", + "analyst", + "coordinator", + "remediation developer", + "remediation reviewer", + "remediation verifier", + "tool", + "sponsor", + "other" + ] + } + }, + "required": [ + "lang", + "value" + ] + } + }, + "source": { + "type": "object", + "description": "This is the source information (who discovered it, who researched it, etc.) and optionally a chain of CNA information (e.g. the originating CNA and subsequent parent CNAs who have processed it before it arrives at the MITRE root).\n Must contain: IF this is in the root level it MUST contain a CNA_chain entry, IF this source entry is NOT in the root (e.g. it is part of a vendor statement) then it must contain at least one type of data entry.", + "minProperties": 1 + }, + "language": { + "type": "string", + "description": "BCP 47 language code, language-region.", + "default": "en", + "pattern": "^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "englishLanguage": { + "type": "string", + "description": "BCP 47 language code, language-region, required to be English.", + "pattern": "^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$" + }, + "taxonomyMappings": { + "type": "array", + "description": "List of taxonomy items related to the vulnerability.", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "", + "required": [ + "taxonomyName", + "taxonomyRelations" + ], + "properties": { + "taxonomyName": { + "type": "string", + "description": "The name of the taxonomy.", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyVersion": { + "type": "string", + "description": "The version of taxonomy the identifiers come from.", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyRelations": { + "type": "array", + "description": "", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "description": "List of relationships to the taxonomy for the vulnerability. Relationships can be between the taxonomy and the CVE or two taxonomy items.", + "required": [ + "taxonomyId", + "relationshipName", + "relationshipValue" + ], + "properties": { + "taxonomyId": { + "type": "string", + "description": "Identifier of the item in the taxonomy. Used as the subject of the relationship.", + "minLength": 1, + "maxLength": 2000 + }, + "relationshipName": { + "type": "string", + "description": "A description of the relationship.", + "minLength": 1, + "maxLength": 128 + }, + "relationshipValue": { + "type": "string", + "description": "The target of the relationship. Can be the CVE ID or another taxonomy identifier.", + "minLength": 1, + "maxLength": 2000 + } + } + } + } + } + } + }, + "tagExtension": { + "type": "string", + "minLength": 2, + "maxLength": 128, + "pattern": "^x_.*$" + }, + "cnaTags": { + "type": "array", + "description": "Tags provided by a CNA describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", + "type": "string", + "description": "exclusively-hosted-service: All known software and/or hardware affected by this CVE Record is known to exist only in the affected hosted service. If the vulnerability affects both hosted and on-prem software and/or hardware, then the tag should not be used.\n\nunsupported-when-assigned: Used by the assigning CNA to indicate that when a request for a CVE assignment was received, the product was already end-of-life (EOL) or a product or specific version was deemed not to be supported by the vendor. This tag should only be applied to a CVE Record when all affected products or version lines referenced in the CVE-Record are EOL.\n\ndisputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": [ + "unsupported-when-assigned", + "exclusively-hosted-service", + "disputed" + ] + } + ] + } + }, + "adpTags": { + "type": "array", + "description": "Tags provided by an ADP describing the CVE Record.", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", + "type": "string", + "description": "disputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": [ + "disputed" + ] + } + ] + } + } + }, + + "title": "Published", + "description": "When a CNA populates the data associated with a CVE ID as a CVE Record, the state of the CVE Record is Published.", + "properties": { + "dataType": { + "$ref": "#/definitions/dataType" + }, + "dataVersion": { + "$ref": "#/definitions/dataVersion" + }, + "cveMetadata": { + "$ref": "#/definitions/cveMetadataPublished" + }, + "containers": { + "description": "A set of structures (called containers) used to store vulnerability information related to a specific CVE ID provided by a specific organization participating in the CVE program. Each container includes information provided by a different source.\n\nAt minimum, a 'cna' container containing the vulnerability information provided by the CNA who initially assigned the CVE ID must be included.\n\nThere can only be one 'cna' container, as there can only be one assigning CNA. However, there can be multiple 'adp' containers, allowing multiple organizations participating in the CVE program to add additional information related to the vulnerability. For the most part, the 'cna' and 'adp' containers contain the same properties. The main differences are the source of the information and the 'cna' container requires the CNA include certain fields, while the 'adp' container does not.", + "type": "object", + "properties": { + "cna": { + "$ref": "#/definitions/cnaPublishedContainer" + }, + "adp": { + "type": "array", + "items": { + "$ref": "#/definitions/adpContainer" + }, + "minItems": 1, + "uniqueItems": true + } + }, + "required": [ + "cna" + ], + "additionalProperties": false + } + }, + "required": [ + "dataType", + "dataVersion", + "cveMetadata", + "containers" + ], + "additionalProperties": false +} diff --git a/schema/support/CVE_4_to_5_converter/convert.log b/schema/support/CVE_4_to_5_converter/convert.log new file mode 100644 index 00000000000..1a15f94da7b --- /dev/null +++ b/schema/support/CVE_4_to_5_converter/convert.log @@ -0,0 +1,4096 @@ +START processing directory: /home/jwhitmore/Downloads/cvelist +/home/jwhitmore/Downloads/cvelist/2019/5xxx/CVE-2019-5797.json - CVE_data_meta no STATE - Required property missing from CVE +FINISHED processed directory /home/jwhitmore/Downloads/cvelist + +UP CONVERT JOB REPORT +1113 upconverter records failed to validate + +Shortname: min=2 -- max=29 +Title: max=359 + +JSON files that failed to convert: 1 of 238267 + +cvss errors encounters: 116 +these are counted in the failed to validate number +these are from cvss library exceptions, and indicate the provide vectorString +from the v4 record is not parsable even after stripping spaces and prefixing versions + +Extra keys encountered +PUBLISHED + x_advisoryEoL - used in 34 records. + x_affectedList - used in 44 records. + x_likelyAffectedList - used in 18 records. + workaround - used in 29 records. + cve_id - used in 4 records. + discoverer - used in 3 records. + +Users not found for conversion to UUID --- 0 + --- all users seen were convertable + + +User errors encountered (in multiple orgs) --- 10 +ccerekwicki@opera.com --- 2 +darunesh@redhat.com --- 2 +fleite@redhat.com --- 2 +gsuckevi@redhat.com --- 2 +mkaplan@redhat.com --- 2 +mrehak@redhat.com --- 2 +msiddiqu@redhat.com --- 2 +psampaio@redhat.com --- 2 +jsampson@vmware.com --- 2 +flavio.ceolin@intel.com --- 2 + + +Unsupported IMPACT version values found --- 0 + +IMPACT Scoring data remapped into 'other' --- 252 + + +----- DETAILED RESULTS ----- + +=== SECTION -- failed to convert errors === +JSON files that failed to convert (1): +/home/jwhitmore/Downloads/cvelist/2019/5xxx/CVE-2019-5797.json + -- /home/jwhitmore/Downloads/cvelist/2019/5xxx/CVE-2019-5797.json - CVE_data_meta no STATE - Required property missing from CVE -- + + +=== SECTION -- validation errors === +records with validation errors encountered: 1113 +{ 'CVE-2014-9691': [ '$.containers.cna.affected[0].product -- validator = ' + 'maxLength', + '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2014-9692': [ '$.containers.cna.affected[0].product -- validator = ' + 'maxLength', + '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2014-9693': [ '$.containers.cna.affected[0].product -- validator = ' + 'maxLength', + '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2014-9694': [ '$.containers.cna.affected[0].product -- validator = ' + 'maxLength', + '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2015-7559': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-0750': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-1000232': ['$.cveMetadata.dateReserved -- validator = pattern'], + 'CVE-2016-2121': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-2123': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-2125': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-2183': ['$.containers.cna.references -- validator = uniqueItems'], + 'CVE-2016-5402': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-6306': ['$.containers.cna.references -- validator = uniqueItems'], + 'CVE-2016-6328': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-6343': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7035': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7041': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7043': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7047': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7061': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7063': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2016-7064': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2016-7066': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7067': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7071': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7075': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7076': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7077': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-7078': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8608': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8609': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8611': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8613': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8614': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8615': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8616': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8617': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8618': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8619': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8620': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8621': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8622': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8623': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8624': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8625': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8626': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8627': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8628': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8631': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8634': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8635': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8637': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8639': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8641': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8647': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8648': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8651': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8653': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8654': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-8656': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9572': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9573': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9574': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9577': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9578': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9579': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9580': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9581': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9583': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9586': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9587': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength', + '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9590': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2016-9592': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength', + '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9593': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength', + '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9594': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength', + '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9595': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9597': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9599': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2016-9601': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2016-9602': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength', + '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9603': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2016-9604': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-10940': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10941': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10942': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10943': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10944': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10945': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10946': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10947': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10948': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10950': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10951': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10952': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10953': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10954': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10955': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10956': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10957': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10958': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-10959': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-12196': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2017-12741': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2017-14818': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14819': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14820': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14821': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14822': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14823': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14824': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14825': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14826': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14827': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14828': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14829': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14830': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14831': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14832': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14833': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14834': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14835': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14836': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-14837': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-15118': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-15119': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-15331': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-15332': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-15334': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-15335': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-15336': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-15337': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-15338': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-15339': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-15350': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-16571': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16572': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16573': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16574': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16575': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16576': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16577': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16578': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16579': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16580': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16581': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16582': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16583': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16584': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16585': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16586': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16587': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16588': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16589': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16590': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16591': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16592': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16593': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16594': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16595': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16596': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16597': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16598': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16599': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16600': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16601': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16602': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16603': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16604': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16605': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16606': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16607': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16608': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16609': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-16610': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17151': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17152': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17153': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17154': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17155': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17156': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17157': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17202': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17251': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17252': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17253': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17255': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17256': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17257': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17258': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17286': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17287': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17291': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17292': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17293': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17294': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17295': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17296': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17297': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17298': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17301': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-17406': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17407': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17408': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17409': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17410': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17411': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17412': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17414': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17415': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17416': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17417': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17418': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17419': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17420': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17421': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17422': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17423': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17424': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17425': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17652': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17653': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17654': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17655': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17656': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17657': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17658': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-17659': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2017-2591': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength', + '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-2592': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2017-2594': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2017-2601': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2017-2606': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2017-2611': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2017-2615': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-2620': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-2630': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-2633': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-2639': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-2653': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-2658': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-2692': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-2693': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-7464': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-7465': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-7518': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-7539': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2017-8147': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-8162': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2017-8163': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2018-0197': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0284': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0404': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0405': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0414': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0421': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0423': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0424': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0425': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0426': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0430': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0431': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0432': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0433': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0434': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0435': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0436': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0437': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0438': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0439': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0440': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0444': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0445': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0446': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0447': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0448': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0450': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0451': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0452': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0453': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0454': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0455': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0457': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0458': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0459': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0460': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0462': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0463': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0464': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0465': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0466': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0467': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0469': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0470': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0471': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0472': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0473': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0475': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0476': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0477': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0480': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0481': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0485': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-0688': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2018-0689': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2018-1047': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10473': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10474': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10475': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10476': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10477': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10478': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10479': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10480': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10481': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10482': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10483': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10484': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10485': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10486': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10487': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10488': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10489': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10490': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10491': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10492': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10493': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10494': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10495': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10496': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10497': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10498': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10499': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10500': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10501': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10502': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1063': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10631': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2018-1067': [ '$.containers.cna.metrics[0].cvssV2_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV2_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2018-1074': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2018-1079': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2018-1083': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1084': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2018-10887': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-10888': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1089': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2018-1100': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1109': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1112': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2018-1115': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2018-1130': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2018-1161': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-11614': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-11615': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-11616': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-11617': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-11618': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-11619': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1162': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-11620': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-11621': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-11622': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-11623': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1163': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1164': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1165': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1166': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1167': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1168': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1169': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1170': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1171': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1172': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1173': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1174': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1175': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1176': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1177': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1178': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1179': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1180': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-1183': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2018-12473': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-12538': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14241': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14242': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14243': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14244': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14245': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14246': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14247': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14248': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14249': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14250': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14251': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14252': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14253': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14254': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14255': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14256': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14257': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14258': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14259': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14260': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14261': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14262': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14263': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14264': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14265': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14266': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14267': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14268': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14269': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14270': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14271': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14272': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14273': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14274': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14275': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14276': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14277': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14278': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14279': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14280': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14281': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14282': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14283': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14284': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14285': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14286': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14287': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14288': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14289': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14290': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14291': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14292': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14293': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14294': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14296': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14297': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14298': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14299': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14301': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14302': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14303': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14304': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14305': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14306': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14307': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14308': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14309': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14310': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14311': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14312': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14313': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14314': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14315': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14316': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14317': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14318': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-14320': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-15368': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15369': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15370': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15371': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15372': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15373': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15374': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15375': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15376': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15377': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15378': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15379': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15382': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15383': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15386': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15387': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15389': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15390': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15391': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15392': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15396': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15397': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15398': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15399': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15400': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15401': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15403': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15404': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15405': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15406': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15407': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15408': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15409': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15410': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15411': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15412': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15413': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15414': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15415': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15416': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15417': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15418': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15419': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15420': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15421': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15422': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15423': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15424': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15425': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15426': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15427': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15428': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15429': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15430': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15431': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15432': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15433': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15434': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-15436': [ '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2018-17614': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17615': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17616': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17617': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17618': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17619': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17620': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17621': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17622': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17623': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17624': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-17706': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-18406': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2018-5387': ['$.containers.cna.title -- validator = maxLength'], + 'CVE-2018-7112': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2018-7907': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2018-8021': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2018-9935': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9936': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9937': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9938': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9939': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9940': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9941': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9942': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9943': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9944': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9945': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9946': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9947': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9948': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9949': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9950': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9951': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9952': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9953': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9954': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9955': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9956': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9957': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9958': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9959': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9960': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9961': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9962': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9963': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9964': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9965': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9967': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9968': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9969': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9970': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9971': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9972': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9973': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9974': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9975': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9976': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9977': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9978': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9979': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9980': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9981': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9982': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9983': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2018-9984': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2019-1003011': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2019-1003026': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2019-1003027': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2019-1003028': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2019-1003035': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2019-1003036': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2019-1003037': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2019-10095': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2019-10345': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2019-11509': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-11784': [ '$.containers.cna.credits[0].value -- validator = ' + 'minLength'], + 'CVE-2019-16519': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-16943': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2019-17357': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-17358': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-17390': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2019-17549': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-1757': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.exploits[0].value -- validator = ' + 'minLength'], + 'CVE-2019-1802': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2019-18226': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength', + '$.containers.cna.affected[0].versions[1].version -- ' + 'validator = maxLength', + '$.containers.cna.affected[0].versions[2].version -- ' + 'validator = maxLength'], + 'CVE-2019-18230': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2019-19093': ['$.containers.cna.solutions[0] -- validator = required'], + 'CVE-2019-19719': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-20409': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2019-20512': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-20513': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-20522': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-20523': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-20524': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-20525': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-20526': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-20527': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-20528': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-3879': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2019-5994': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2019-5995': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2019-5998': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2019-5999': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2019-6000': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2019-6001': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2019-6149': ['$.containers.cna -- validator = required'], + 'CVE-2019-6334': [ '$.containers.cna.affected[0].product -- validator = ' + 'maxLength'], + 'CVE-2019-8454': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2019-9867': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2019-9868': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2020-10268': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseSeverity ' + '-- validator = enum', + '$ -- validator = additionalProperties'], + 'CVE-2020-10281': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2020-10282': [ '$.containers.cna.affected[0].vendor -- validator = ' + 'minLength'], + 'CVE-2020-10697': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-10709': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-10762': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-10772': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-11119': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11126': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11134': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11136': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11137': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11138': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11139': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11140': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11143': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11144': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11145': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11146': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11147': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11148': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11149': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11150': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11151': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11152': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11159': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11160': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11161': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11163': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11165': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11166': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11167': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11170': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11171': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11177': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11178': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11179': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11180': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11182': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11183': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11185': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11188': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11189': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11190': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11191': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11192': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11194': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11195': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11197': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11198': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11199': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11200': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11203': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11204': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11208': [ '$.containers.cna.affected[0].product -- validator = ' + 'minLength'], + 'CVE-2020-11209': [ '$.containers.cna.affected[0].product -- validator = ' + 'minLength'], + 'CVE-2020-11212': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11213': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11214': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11215': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11216': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11217': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11218': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11220': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11221': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11222': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11223': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11225': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11226': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11227': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11228': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11230': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11231': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11234': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11235': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11236': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11237': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11238': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11239': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11240': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11241': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11243': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11245': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11246': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11247': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11250': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11251': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11252': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11253': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11254': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11255': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11260': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11261': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11262': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11264': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11267': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11269': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11270': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11271': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11272': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11273': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11274': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11275': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11276': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11277': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11278': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11279': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11280': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11281': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11282': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11283': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11284': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11285': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11286': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11287': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11288': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11289': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11290': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11292': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11293': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11294': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11295': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11296': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11297': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11299': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11301': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11304': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11308': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-11309': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-14354': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-15180': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-24386': [ '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2020-24576': [ '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2020-25213': [ '$.containers.cna.metrics[1].other.content -- ' + 'validator = type'], + 'CVE-2020-25626': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-25651': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-25653': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-25664': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-25665': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-25667': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-25674': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-25693': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-25696': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-25705': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-25713': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-25716': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-26868': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2020-26869': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2020-27752': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-27756': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-27813': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-27818': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-27821': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-27823': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-27824': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-27825': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-27828': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-27844': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-27847': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-28917': [ '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2020-28991': [ '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2020-3138': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2020-35493': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-35497': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-36161': [ '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2020-36332': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-3664': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-3685': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-3686': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-3687': [ '$.containers.cna.affected[0].product -- validator = ' + 'minLength'], + 'CVE-2020-3691': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2020-5421': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-6311': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-6323': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2020-6363': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2020-7330': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-7335': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2020-7878': [ '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required'], + 'CVE-2020-7883': [ '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required'], + 'CVE-2020-8733': ['$.containers.cna.references -- validator = uniqueItems'], + 'CVE-2020-8899': [ '$.containers.cna.metrics[0].cvssV2_0.baseScore -- ' + 'validator = type', + '$ -- validator = additionalProperties'], + 'CVE-2020-8935': ['$.containers.cna.solutions[0] -- validator = required'], + 'CVE-2021-1455': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString -- ' + 'validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.exploits[0].value -- validator = ' + 'minLength'], + 'CVE-2021-1886': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1888': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1889': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1890': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1891': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1903': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1904': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1905': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1906': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1909': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1910': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1914': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1915': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1916': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1919': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1920': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1924': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1925': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1927': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1931': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1935': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1936': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1937': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1938': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1941': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1943': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1945': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1948': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1949': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1953': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1954': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1955': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1959': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1960': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1961': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1964': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1965': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1971': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1972': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1973': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1974': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1975': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1976': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1977': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1979': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-1980': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-20181': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-20193': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-20206': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-20221': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-20228': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-20235': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-20236': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-20239': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-20240': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-20247': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-20699': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-20716': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-20868': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-20869': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-20870': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-20871': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-20872': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-21045': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-21084': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-21474': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2021-21832': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2021-23879': ['$.containers.cna.title -- validator = maxLength'], + 'CVE-2021-25522': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = minLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-25649': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-25652': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-25741': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-25913': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2021-25967': ['$.containers.cna.solutions[0] -- validator = required'], + 'CVE-2021-27196': ['$.containers.cna.solutions[1] -- validator = required'], + 'CVE-2021-27577': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-27578': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-27790': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2021-28687': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28688': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28689': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28690': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28691': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28692': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28693': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28694': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28695': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28696': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28697': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28698': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28699': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28700': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28701': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28703': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28704': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28705': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28706': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28707': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28708': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28709': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28710': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28711': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28712': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28713': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28714': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-28715': ['$.containers.cna.credits[0].value -- validator = type'], + 'CVE-2021-30129': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-30254': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30255': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30259': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30260': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30264': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30266': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30268': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30270': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30271': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30272': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30274': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30275': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30278': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30282': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30284': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30288': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30295': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30302': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30303': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30312': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30313': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30319': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30335': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30337': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30348': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30351': [ '$.containers.cna.affected[0].versions[0].version -- ' + 'validator = maxLength'], + 'CVE-2021-30606': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30607': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30608': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30609': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30610': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30611': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30612': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30613': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30614': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30615': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30616': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30617': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30618': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30619': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30620': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30621': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30622': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30623': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30624': [ '$.containers.cna.problemTypes[0].descriptions[0].description ' + '-- validator = minLength'], + 'CVE-2021-30639': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-30640': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-3185': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-32027': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-32565': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-32566': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-32567': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-32609': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-32993': ['$.containers.cna.solutions[0] -- validator = required'], + 'CVE-2021-33017': ['$.containers.cna.solutions[0] -- validator = required'], + 'CVE-2021-33037': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-33191': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-33192': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-33596': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2021-33688': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2021-3420': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-3450': ['$.containers.cna.references -- validator = uniqueItems'], + 'CVE-2021-3477': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-34798': [ '$.containers.cna.timeline[0].time -- validator = ' + 'pattern'], + 'CVE-2021-3482': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-3487': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-3502': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-3520': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-35238': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2021-3528': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-3545': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-35474': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-35517': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-35533': [ '$.containers.cna.workarounds[0] -- validator = ' + 'required'], + 'CVE-2021-3565': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-3573': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-3583': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-35936': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-35940': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-3598': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-36004': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-3605': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-36063': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-36090': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-3612': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-36160': [ '$.containers.cna.timeline[0].time -- validator = ' + 'pattern', + '$.containers.cna.timeline[1].time -- validator = ' + 'pattern'], + 'CVE-2021-36161': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-36162': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-36163': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-3636': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-36372': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-36373': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-36374': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-3673': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = maxLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-37147': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-37148': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-37149': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-37579': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-37580': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-38161': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-38178': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-38179': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-38180': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-38181': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-38182': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-38183': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-38540': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-39231': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-39232': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-39233': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-39234': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-39235': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-39236': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-39275': [ '$.containers.cna.timeline[0].time -- validator = ' + 'pattern'], + 'CVE-2021-39613': [ '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2021-39614': [ '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2021-39615': [ '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2021-39862': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-39865': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-40146': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-4024': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2021-40438': [ '$.containers.cna.timeline[0].time -- validator = ' + 'pattern'], + 'CVE-2021-40495': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-40496': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-40497': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-40498': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-40499': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-40500': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-40501': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-40502': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-40503': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-40504': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-40525': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-40690': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-40700': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-40701': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-40702': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-40703': [ '$.cveMetadata.datePublished -- validator = pattern', + '$.containers.cna.datePublic -- validator = pattern'], + 'CVE-2021-4104': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-41303': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-41524': [ '$.containers.cna.timeline[0].time -- validator = ' + 'pattern', + '$.containers.cna.timeline[1].time -- validator = ' + 'pattern'], + 'CVE-2021-41561': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-41585': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-41616': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-41773': [ '$.containers.cna.timeline[0].time -- validator = ' + 'pattern'], + 'CVE-2021-41972': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-42009': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-42061': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42062': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42063': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42064': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42066': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42067': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42068': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42069': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42070': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42250': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-42340': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-42373': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42374': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42375': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42376': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42377': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42378': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42379': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42380': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42381': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42382': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42383': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42384': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42385': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42386': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-42392': [ '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-43045': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-43082': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-43083': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-43548': ['$.containers.cna.solutions[0] -- validator = required'], + 'CVE-2021-43550': ['$.containers.cna.solutions[0] -- validator = required'], + 'CVE-2021-43552': ['$.containers.cna.solutions[0] -- validator = required'], + 'CVE-2021-44140': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-44224': [ '$.containers.cna.timeline[0].time -- validator = ' + 'pattern'], + 'CVE-2021-44228': [ '$.containers.cna.references -- validator = ' + 'uniqueItems'], + 'CVE-2021-44231': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-44232': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-44233': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-44234': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-44235': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2021-45230': [ '$.containers.cna.metrics[0].other.content -- ' + 'validator = minProperties'], + 'CVE-2021-45895': [ '$.containers.cna.metrics[0].cvssV3_1.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$.containers.cna.metrics[0].cvssV3_1 -- validator = ' + 'required', + '$ -- validator = additionalProperties'], + 'CVE-2022-0166': [ '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = minLength', + '$.containers.cna.problemTypes[0].descriptions[0].cweId ' + '-- validator = pattern'], + 'CVE-2022-22529': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2022-22530': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required'], + 'CVE-2022-22531': [ '$.containers.cna.metrics[0].cvssV3_0.vectorString ' + '-- validator = pattern', + '$.containers.cna.metrics[0].cvssV3_0.baseScore -- ' + 'validator = type', + '$.containers.cna.metrics[0].cvssV3_0 -- validator = ' + 'required']} + + + + +=== SECTION -- user errors === +Detailed users not found for conversion to UUID, and resassign to the default(secretariat) +all users seen were convertable + +Done diff --git a/schema/support/CVE_4_to_5_converter/cve4to5up.py b/schema/support/CVE_4_to_5_converter/cve4to5up.py new file mode 100644 index 00000000000..a088aaf411d --- /dev/null +++ b/schema/support/CVE_4_to_5_converter/cve4to5up.py @@ -0,0 +1,1892 @@ +import collections.abc +import datetime +import getopt +import json +import jsonschema +import os.path +import pprint +import requests +import settings +import sys +import time +import traceback +import urllib.parse +import csv +import re +from cvss import CVSS2, CVSS3 +from dateutil.parser import parse as dateParse +from langcodes import Language +from progress.spinner import Spinner +from numbers import Number +from requests.utils import requote_uri + +JSONValidator = None +JSONValidatorPublished = None + +v5SchemaPath = settings.v5schemafile +v5SchemaPath_published = settings.v5schemafile_published + +BASE_HEADERS = { + 'CVE-API-KEY': settings.AWG_USER_KEY, + 'CVE-API-ORG': settings.AWG_USER_CNA_NAME, + 'CVE-API-USER': settings.AWG_USER_NAME +} + +keys_used = {} +extra_keys = {} +defaulted_users = {} +all_users = {} +all_orgs = {} +user_errors = {} +states_processed = [] +scoring_other = {} +invalid_impact_versions = [] +requester_map = {} +reference_tag_map = {} +cveHistory = {} +ValidationFailures = {} +cvssErrorList = [] +minShortName = 100 +maxShortName = 0 +maxTitle = 0 +v5MaxTitleLength = 256 # update to pull from schema file +maxV5VersionLength = 1024 # update to pull from schema file +maxV5ProductLength = 2048 # update to pull from schema file +historyDateTimeFormat = '%Y-%m-%d %H:%M:%S.%f' +IDRWaitTime = 0.00 +IDRCollection = {} # cve-id arrays indexed by id + +def main(argv): + inputfile = '' + inputdir = '' + outputpath = '' + + + if "-test" in argv: + print("Testing Connection to CVE Services") + print( str(testCVEServicesConnection()) ) + + getRequesterMap() + global requester_map + print(json.dumps(requester_map, indent=2)) + sys.exit(0) + + try: + opts, args = getopt.getopt(argv, "hi:o:d:", ["ifile=","opath=","idir="]) + except getopt.GetopError: + print ('USAGE python cve4to5up.py -i |-d -o ') + sys.exit(2) + + for opt, arg in opts: + if opt == '-h': + sys.exit() + elif opt in ("-i", "--ifile"): + inputfile = arg + elif opt in ("-d", "--idir"): + inputdir = arg + elif opt in ("-o", "--opath"): + outputpath = arg + + # Load CVE Record change history timestamps + print("Loading History Dates - Start") + sTime = time.perf_counter() + global cveHistory + try: + with open("cve_record_dates.json") as CVEH: + for ch in json.load(CVEH): + if not ch["cve_identifier"] in cveHistory: + cveHistory[ch["cve_identifier"]] = [] + cveHistory[ch["cve_identifier"]].append(ch) + except Exception as ex: + print( str(ex)) + print("Failed to load CVE Record History Dates") + exit(1) + + hTime = time.perf_counter() - sTime + print("Loading History Dates - Finished in: " + '{0:2f}'.format(hTime)) + + if inputfile and outputpath: + CVE_Convert(inputfile, outputpath) + elif inputdir and outputpath: + # loop all *.JSON in input directory + print('START processing directory: ', inputdir) + spinner = Spinner('Converting ') + problemfiles = {} + CVECount = 0 + spinnerCount = 250 + previousTime = time.perf_counter() + startTime = previousTime + for subdir, dirs, files in os.walk(inputdir): + for f in files: + filepath = subdir + os.sep + f + opath = '' + if filepath.lower().endswith(".json"): + cStart = time.perf_counter() + # strip input path from subdir + dtree = subdir + if dtree.startswith(inputdir): + dtree = dtree.replace( inputdir, '') + opath = outputpath + dtree + try: + CVE_Convert(filepath, opath) + except: + problemfiles[filepath] = "" + str(sys.exc_info()[0]) + " -- " + str(sys.exc_info()[1]) + " -- " + cDuration = time.perf_counter() - cStart + # print("Convert time for " + inputfile + " took " + '{0:.4f}'.format(cDuration)) + + CVECount += 1 + # if CVECount % 100 == 0: spinner.next() + if CVECount % 10 == 0: + newTime = time.perf_counter() + setTime = newTime - previousTime + print("Processed " + str(spinnerCount) + " in " + '{0:.2f}'.format(setTime) + " : total processed = " + str(CVECount)) + previousTime = newTime + spinner.next() + + convertingTime = time.perf_counter() - startTime + print('FINISHED processing directory', inputdir) + print('Processin time was: ' + str(convertingTime) + ' seconds') + print('Time waited for IDR info: ' + str(IDRWaitTime)) + print('') + print('UP CONVERT JOB REPORT') + print(str(len(ValidationFailures)) + " upconverter records failed to validate") + + print('') + print("Shortname: min="+str(minShortName)+" -- max="+str(maxShortName)) + print("Title: max="+str(maxTitle)) + print('') + + + if problemfiles: + print("JSON files that failed to convert: " + str(len(problemfiles)) + " of " + str(CVECount)) + else: + print(str(CVECount) + " JSON files converted.") + print('') + + print('cvss errors encounters: ' + str(len(cvssErrorList))) + print('these are counted in the failed to validate number') + print('these are from cvss library exceptions, and indicate the provide vectorString') + print('from the v4 record is not parsable even after stripping spaces and prefixing versions') + print('') + + if extra_keys: + for e in extra_keys: + print("Extra keys encountered") + print( e ) + for ek in extra_keys[e]: + print(" ", ek, " - used in", len(extra_keys[e][ek]), " records.") + + print('') + print('Users not found for conversion to UUID --- ' + str(len(defaulted_users))) + if ( len(defaulted_users) < 1 ): + print(' --- all users seen were convertable') + else: + + defaulted_record_count = 0 + for du in defaulted_users: + print(du + " --- " + str(len(defaulted_users[du]))) + defaulted_record_count += len(defaulted_users[du]) + print("total records re-assigned to default = " + str(defaulted_record_count)) + print('') + + print('') + print('User errors encountered (in multiple orgs) --- ' + str(len(user_errors))) + if ( len(user_errors) < 1 ): + print('No user errors encountered') + else: + for ue in user_errors: + print(ue + " --- " + str(len(user_errors[ue])+1)) + print('') + + ''' + print('') + print('Saw v4 STATEs') + for s in states_processed: + print(s) + print('') + ''' + + print('') + print("Unsupported IMPACT version values found --- " + str(len(invalid_impact_versions))) + for iiv in invalid_impact_versions: + print(" --- "+iiv+" : "+invalid_impact_versions[iiv]["count"]) + print('') + if scoring_other: + print("IMPACT Scoring data remapped into 'other' --- " +str(len(scoring_other))) + print('') + + print('') + print('----- DETAILED RESULTS -----') + + print('') + if problemfiles: + print('=== SECTION -- failed to convert errors ===') + print("JSON files that failed to convert (" + str(len(problemfiles)) + "): ") + for fname in problemfiles: + print(fname) + print(" ", problemfiles[fname]) + else: + print("No JSON files failed to produce to a new file.") + + + if extra_keys and False: + print('') + print('') + print('=== SECTION -- extra keys ===') + print("Detailed Extra keys encountered") + for e in extra_keys: + print( e ) + pp = pprint.PrettyPrinter(indent=4) + pp.pprint(extra_keys[e]) + + if scoring_other and False: + print('') + print('') + print('=== SECTION -- other scoring values ===') + print("Scoring data remapped into 'other' --- " +str(len(scoring_other))) + for e in scoring_other: + print( e ) + pp = pprint.PrettyPrinter(indent=4) + pp.pprint(scoring_other[e]) + print('') + print('') + print('') + + if len(cvssErrorList) > 0 and False: + print('') + print('') + print('=== SECTION -- cvss errors ===') + print('cvss errors encountered: ' + str(len(cvssErrorList))) + pp = pprint.PrettyPrinter(indent=4) + pp.pprint(cvssErrorList) + print('') + print('') + + + + if len(ValidationFailures) > 0: + print('') + print('') + print('=== SECTION -- validation errors ===') + print('records with validation errors encountered: ' + str(len(ValidationFailures))) + pp = pprint.PrettyPrinter(indent=4) + pp.pprint(ValidationFailures) + print('') + print('') + + print('') + print('') + print('=== SECTION -- user errors ===') + print('Detailed users not found for conversion to UUID, and resassign to the default(secretariat)') + if ( len(defaulted_users) < 1 ): + print('all users seen were convertable') + else: + for du in defaulted_users: + print(du) + idList = "" + idList = ", ".join([str(did) for did in defaulted_users[du]]) + print(idList) + print("-----") + # for did in defaulted_users[du]: + # print (" --- " + did) + print('') + + print('Done') + else: + print('incorrect input parameters') + print('USAGE python cve4to5up.py -i |-d -o ') + + sys.exit(0) + +def convert_VA(vd): + if not "version_affected" in vd and "affected" in vd: + vd["version_affected"] = vd["affected"] + if "version_affected" in vd and re.match("[!?<>=]",vd["version_affected"]): + va = vd["version_affected"] + vstatus = "affected" + if "!" in va: + vstatus = "unaffected" + va = va.replace("!", "") + elif "?" in va: + vstatus = "unknown" + va = va.replace("?", "") + if len(va) == 0: + va = "=" + return ([vstatus, va]) + else: + return (["affected", "="]) + +def eq_version(vd, status): + ver = vd["version_name"] + ' ' + vd["version_value"] + if vd["version_value"].startswith(vd["version_name"]): + ver = vd["version_value"] + return({ + "version": ver, + "status": status + }) + +def l_version(vd, status): + return({ + "version": vd["version_name"], + "status": status, + "lessThan": vd["version_value"], + "versionType": "custom" + }) + +def le_version(vd, status): + return({ + "version": vd["version_name"], + "status": status, + "lessThanOrEqual": vd["version_value"], + "versionType": "custom" + }) + +def negate(status): + if status == 'affected': + return "unaffected" + elif status == "unaffected": + return "affected" + else: + return status + +def nonEmpty(v): + if 'version' in v and v["version"] == "": + v["version"] = "unspecified" + return v + +def redux_CVSS(c, initvector): + tm = ['exploitCodeMaturity', 'exploitability', 'remediationLevel', 'reportConfidence', 'temporalScore', 'temporalSeverity'] + em = ["collateralDamagePotential", "targetDistribution", "confidentialityRequirement", "integrityRequirement", "availabilityRequirement", "environmentalScore", + "modifiedAttackVector","modifiedAttackComplexity","modifiedPrivilegesRequired","modifiedUserInteraction","modifiedScope", + "modifiedConfidentialityImpact","modifiedIntegrityImpact","modifiedAvailabilityImpact","environmentalSeverity"] + if(not re.search('/(E|RL|PC|RC):[A-Z]', initvector)): + for m in tm: + if m in c: + del c[m] + if(not re.search('/(CDP|TD|M[A-Z]{1,2}|[CIA]R):', initvector)): + for m in em: + if m in c: + del c[m] + return c + +def IBM_score(cvss): + vec = "CVSS:3.0" + del cvss["BM"]["SCORE"] + for a in ["BM", "TM"]: + if a in cvss: + for k in cvss[a]: + vec = vec + "/" + k + ":" + cvss[a][k] + return vec + +def CVE_Convert(inputfile, outputpath): + # print("input - ", inputfile, " :: output - ", outputpath) + global keys_used + global extra_keys + global states_processed + # global all_users + global all_orgs + global scoring_other + global invalid_impact_versions + global requester_map + global reference_tag_map + global minShortName + global maxShortName + global maxTitle + global v5MaxTitleLength + global maxV5VersionLength + global maxV5ProductLength + + if len(requester_map) < 1: + getRequesterMap() + + if len(reference_tag_map) < 1: + getReferenceTagMap() + + + with open(inputfile) as json_file: + writeout = False + data = json.load(json_file) + jout = {} + # keys_used["data_format"] = {} + jout["dataType"] = "CVE_RECORD" + # keys_used["data_type"] = {} + jout["dataVersion"] = "5.0" + # keys_used["data_version"] = {} + + converter_errors = {} + + # up convert meta + o_meta = {} + try: + if "CVE_data_meta" in data and "STATE" in data["CVE_data_meta"]: + i_meta = data["CVE_data_meta"] + if i_meta["STATE"] not in keys_used: keys_used[i_meta["STATE"]] = {} + keys_used[i_meta["STATE"]]["CVE_data_meta"] = {} + + + if "STATE" in i_meta: + if i_meta["STATE"] == 'RESERVED': + o_meta['state'] = 'RESERVED' + elif i_meta["STATE"] == 'PUBLIC': + o_meta['state'] = 'PUBLISHED' + elif i_meta["STATE"] == 'REJECT': + o_meta['state'] = 'REJECTED' + else: + o_meta['state'] = i_meta["STATE"] + if o_meta["state"] not in states_processed: states_processed.append(o_meta["state"]) + + if "ID" in i_meta: + o_meta["cveId"] = i_meta["ID"] + + recordHistory = [] + if o_meta["cveId"] in cveHistory: + recordHisotry = cveHistory[o_meta["cveId"]].copy() + + o_meta["assignerOrgId"] = "Not found" + o_meta["assignerShortName"] = "Not found" + if i_meta["STATE"] != 'RESERVED': + pTime = time.perf_counter() + + recData = getIDRInfo( o_meta["cveId"] ) + + setTime = time.perf_counter() - pTime + # print("getIDRInfo took:" + str(setTime)) + global IDRWaitTime + IDRWaitTime = IDRWaitTime + setTime + + if recData and "owning_cna" in recData: + org_uuid = recData["owning_cna"] + org_short_name = getOrgShortName(org_uuid) + # org_short_name = recData["owning_cna"] + # org_uuid = getOrgUUID(org_short_name) + + o_meta["assignerOrgId"] = org_uuid + if org_short_name: + o_meta["assignerShortName"] = org_short_name + else: + print("Record with data issue: " + o_meta["cveId"]) + raise Exception("ERROR - no CNA for record ID - " + o_meta["cveId"]) + + if "DATE_PUBLIC" in i_meta and i_meta["DATE_PUBLIC"] != "": + o_meta["datePublished"] = i_meta["DATE_PUBLIC"] + try: + if not isinstance(o_meta["datePublished"], datetime.datetime): + o_meta["datePublished"] = str(datetime.datetime.combine(dateParse(o_meta["datePublished"]).date(), datetime.datetime.min.time()).isoformat()) + + keys_used["PUBLIC"]["DATE_PUBLIC"] = {} + except Exception as err: + del o_meta["datePublished"] + converter_errors["DATE_PUBLIC"] = {} + converter_errors["DATE_PUBLIC"]["error"] = "v4 DATE_PUBLIC is invalid" + converter_errors["DATE_PUBLIC"]["message"] = str(err) + pass + elif o_meta["state"] == "PUBLISHED": + o_meta["datePublished"] = str(getDatePublished(o_meta["cveId"], recordHistory)) + + if "datePublished" in o_meta and o_meta["datePublished"] == "": + del o_meta["datePublished"] + elif "datePublished" in o_meta: + try: + dt = dateParse(o_meta["datePublished"]) + except: + del o_meta["datePublished"] + + if "DATE_REQUESTED" in i_meta and i_meta["DATE_REQUESTED"] != "": + try: + o_meta["dateReserved"] = i_meta["DATE_REQUESTED"] + if not isinstance(o_meta["dateReserved"], datetime.datetime): + o_meta["dateReserved"] = str(datetime.datetime.combine(dateParse(o_meta["dateReserved"]).date(), datetime.datetime.min.time()).isoformat()) + keys_used["PUBLIC"]["DATE_REQUESTED"] = {} + except Exception as err: + converter_errors["DATE_REQUESTED"] = {} + converter_errors["DATE_REQUESTED"]["error"] = "v4 DATE_REQUESTED is invalid" + converter_errors["DATE_REQUESTED"]["message"] = str(err) + else: + o_meta["dateReserved"] = str(getReservedDate(o_meta["cveId"], recordHistory)) + if not isinstance(o_meta["dateReserved"], datetime.datetime): + o_meta["dateReserved"] = str(datetime.datetime.combine(dateParse(o_meta["dateReserved"]).date(), datetime.datetime.min.time()).isoformat()) + + else: + raise MissingRequiredPropertyValue(inputfile, "CVE_data_meta no STATE") + except Exception as e: + print( inputfile + " :: " + str(e) ) + print( traceback.format_exc() ) + if type(e) is not MissingRequiredPropertyValue: + raise MissingRequiredPropertyValue(inputfile, "CVE_data_meta structure error") + else: + raise e + + ludate = getLastUpdated(o_meta["cveId"], recordHistory) + if ludate: + o_meta["dateUpdated"] = str(ludate) + else: + o_meta["dateUpdated"] = str(datetime.datetime.combine(datetime.date.today(), datetime.datetime.min.time()).isoformat()) + + jout["cveMetadata"] = o_meta + + # public up convert + if o_meta["state"].upper() == "PUBLISHED": + o_cna = {} + if "TITLE" in i_meta and i_meta["TITLE"] != "": + o_cna["title"] = i_meta["TITLE"] + maxTitle = max(maxTitle, len(o_cna["title"])) + if len(o_cna["title"]) > v5MaxTitleLength: + o_cna["title"] = (o_cna["title"][:(v5MaxTitleLength - 5)] + " ...") + converter_errors["TITLE"] = {"error": "TITLE too long. Truncating in v5 record.", "message": "Truncated!"} + + keys_used["PUBLIC"]["TITLE"] = {} + + if "DATE_PUBLIC" in i_meta: + o_cna["datePublic"] = i_meta["DATE_PUBLIC"] + try: + if not isinstance(o_cna["datePublic"], datetime.datetime): + o_cna["datePublic"] = str(datetime.datetime.combine(dateParse(o_cna["datePublic"]).date(), datetime.datetime.min.time()).isoformat()) + keys_used["PUBLIC"]["DATE_PUBLIC"] = {} + except Exception as err: + del o_cna["datePublic"] + pass + + if "datePublic" in o_cna and o_cna["datePublic"] == "": + del o_cna["datePublic"] + elif "datePublic" in o_cna: + try: + dt = dateParse(o_cna["datePublic"]) + except: + print("removing datePublic") + del o_cna["datePublic"] + + + if "DATE_ASSIGNED" in i_meta: + try: + o_cna["dateAssigned"] = i_meta["DATE_ASSIGNED"] + if not isinstance(o_cna["dateAssigned"], datetime.datetime): + o_cna["dateAssigned"] = str(datetime.datetime.combine(dateParse(o_cna["dateAssigned"]).date(), datetime.datetime.min.time()).isoformat()) + + keys_used["PUBLIC"]["DATE_ASSIGNED"] = {} + except Exception as err: + converter_errors["DATE_ASSIGNED"] = {} + converter_errors["DATE_ASSIGNED"]["error"] = "v4 DATE_ASSIGNED is invalid" + converter_errors["DATE_ASSIGNED"]["message"] = str(err) + + # get org info + o_cna["providerMetadata"] = {} + o_cna["providerMetadata"]["orgId"] = o_meta["assignerOrgId"] + o_cna["providerMetadata"]["shortName"] = o_meta["assignerShortName"] + try: + o_cna["providerMetadata"]["dateUpdated"] = o_meta["dateUpdated"] + if not isinstance(o_cna["providerMetadata"]["dateUpdated"], datetime.datetime): + o_cna["providerMetadata"]["dateUpdated"] = str(datetime.datetime.combine(dateParse(o_cna["providerMetadata"]["dateUpdated"]).date(), datetime.datetime.min.time()).isoformat()) + except: + o_cna["providerMetadata"]["dateUpdated"] = str(datetime.datetime.combine(dateParse(datetime.now(), datetime.datetime.min.time()).isoformat())) + + + if "description" in data and "description_data" in data["description"]: + keys_used["PUBLIC"]["description"] = "" + o_cna["descriptions"] = [] + for i_desc in data["description"]["description_data"]: + o_desc = {} + if "lang" in i_desc: + o_desc["lang"] = lang_code_2_from_3(i_desc["lang"]) + + newDesc = i_desc["value"] + + # find and convert description tags - DISPUTED, UNSUPPORTED WHEN ASSIGNED + if i_desc["value"].casefold().startswith("** disputed"): + if "tags" not in o_cna: + o_cna["tags"] = [] + if "disputed" not in o_cna["tags"]: + o_cna["tags"].append("disputed") + newDesc = newDesc[14:-1].strip() + + + if i_desc["value"].casefold().startswith("** unsupported when assigned"): + tagval = "unsupported-when-assigned" + if "tags" not in o_cna: + o_cna["tags"] = [] + if tagval not in o_cna["tags"]: + o_cna["tags"].append(tagval) + newDesc = newDesc[31:-1].strip() + + if "value" in i_desc: o_desc["value"] = newDesc + o_cna["descriptions"].append(o_desc) + + + + if "affects" in data: + keys_used["PUBLIC"]["affects"] = "" + o_cna["affected"] = {} + i_affects = data["affects"] + o_affected = [] + #vendors + if "vendor" in i_affects: + for i_vd in i_affects["vendor"]["vendor_data"]: + if "product" in i_vd and "product_data" in i_vd["product"]: + for vd_pd in i_vd["product"]["product_data"]: + if "version" in vd_pd and "version_data" in vd_pd["version"]: + v_agg_hash = {} + v_agg_list = {} + product_name = vd_pd["product_name"] + for pd_vd in vd_pd["version"]["version_data"]: + if not "version_value" in pd_vd: + # throw invalid version_data, must have version_value value + raise MissingRequiredPropertyValue(o_meta["cveId"], "AFFECT.vendor.product missing a version_value for ("+i_vd["vendor_name"]+" - "+vd_pd["product_name"]+")") + platform = "" + if "platform" in pd_vd: + platform = pd_vd["platform"] + if not platform in v_agg_hash: + v_agg_hash[platform] = {} + v_agg_list[platform] = [] + vn_hash = v_agg_hash[platform] + v_list = v_agg_list[platform] + if "version_name" in pd_vd: # vulnogram generated + vn = pd_vd["version_name"] + if product_name.casefold() is not vn.casefold(): + [vstatus, va] = convert_VA(pd_vd) + if va == '=': + v_list.append(nonEmpty(eq_version(pd_vd, vstatus))) + elif vn in vn_hash: + if va == '<': + vstatus = negate(vstatus) + if va == '<=': + vstatus = negate(vstatus) + pd_vd["version_value"] = pd_vd["version_value"] + ' +1' + else: + if not "changes" in vn_hash[vn]: + vn_hash[vn]["changes"] = [] + chg = { + "at": pd_vd["version_value"], + "status": vstatus + } + if chg not in vn_hash[vn]["changes"]: + vn_hash[vn]["changes"].append(chg) + elif va == '<': + vn_hash[vn] = nonEmpty(l_version(pd_vd, vstatus)) + elif va == '<=': + vn_hash[vn] = nonEmpty(le_version(pd_vd, vstatus)) + else: + vn_hash[vn] = { + "version": pd_vd["version_value"], + "status": vstatus, + "lessThan": pd_vd["version_name"] + '*', + "versionType": "custom" + } + # end if product_name is not version_name + else: + [vstatus, va] = convert_VA(pd_vd) + version_value = pd_vd["version_value"] + if version_value: + version_value = version_value.strip() + + if not version_value or len(version_value) < 1: + version_value = "undefined" + + if va == '=': + v_list.append(nonEmpty({ + "version": pd_vd["version_value"], + "status": vstatus + })) + elif va == '<': + v_list.append(nonEmpty({ + "version": 'unspecified', + "lessThan": version_value, + "status": vstatus, + "versionType": "custom" + })) + elif va == '<=': + v_list.append(nonEmpty({ + "version": 'unspecified', + "lessThanOrEqual": version_value, + "status": vstatus, + "versionType": "custom" + })) + elif va == '>': + v_list.append(nonEmpty({ + "version": "next of " + pd_vd["version_value"], + "status": vstatus, + "lessThan": "unspecified", + "versionType": "custom" + })) + elif va == '>=': + v_list.append(nonEmpty({ + "version": pd_vd["version_value"], + "status": vstatus, + "lessThan": "unspecified", + "versionType": "custom" + })) + else: + v_list.append(nonEmpty({ + "version": pd_vd["version_value"], + "status": "affected", + })) + + # check for blank version and defailt to "unspecified" + #if len(version_item["version"]) < 1: + # version_item["version"] = "unspecified" + # end if version_name in pd_vd + + for platform in v_agg_hash: + # build affected item here: + affected_item = {} + affected_item["vendor"] = i_vd["vendor_name"] + affected_item["product"] = vd_pd["product_name"] + affected_item["versions"] = [] + if platform != "": + affected_item["platforms"] = [platform] + if len(v_agg_list[platform]) > 0: + affected_item["versions"].extend(v_agg_list[platform]) + if v_agg_hash[platform]: + affected_item["versions"].extend(v_agg_hash[platform].values()) + + #remove duplicates + y = [] + for x in affected_item["versions"]: + if not x in y: + y.append(x) + if len(y) > 0: + affected_item["versions"] = y + else: + del affected_item["versions"] + + # defaultStatus is new, default to 'unknown' if versions is empty + if not "versions" in affected_item: + affected_item['defaultStatus'] = "unknown" + + # end for loop of version_data + o_affected.append(affected_item) + + # clean affect before adding + # - truncate long fields + # - populate missing required fields + for o in o_affected: + if "vendor" not in o or not o["vendor"]: + o["vendor"] = "unspecified" + + if "product" not in o or not o["product"]: + o["product"] = "unspecified" + + for vo in o["versions"]: + if len(vo["version"]) > maxV5VersionLength: + vo["version"] = (vo["version"][:(maxV5VersionLength-16)] + " ...[truncated*]") + converter_errors["version_name"] = {"error": "version_name too long. Use array of versions to record more than one version.", "message": "Truncated!"} + + if len(o["product"]) > maxV5ProductLength: + o["product"] = (o["product"][:(maxV5ProductLength-16)] + " ...[truncated*]") + converter_errors["product_name"] = {"error": "product_name too long. Use array of products to recond more than one product.", "message": "Truncated!"} + + o_cna["affected"] = o_affected + # done with affected up convert + + if "references" in data and "reference_data" in data["references"]: + keys_used["PUBLIC"]["references"] = "" + o_cna["references"] = [] + for i_ref in data["references"]["reference_data"]: + if "refsource" in i_ref and i_ref["refsource"] == "url": + # drop references of resource type == 'url' + pass + else: + o_ref = {} + #ignore name if empty or if same as URL + if "name" in i_ref and i_ref["name"] != "" and i_ref["name"] != i_ref["url"] : o_ref["name"] = i_ref["name"] + if "refsource" in i_ref: + if "tags" not in o_ref: + o_ref["tags"] = [] + + # convert to new reference tags + v5Tag_values = getV5ReferenceTagValue(i_ref["refsource"]) + if v5Tag_values: + for v5Tag in v5Tag_values: + if v5Tag not in o_ref["tags"]: + o_ref["tags"].append(v5Tag) + + # preserve legacy tag value + refSourceTag = "x_refsource_"+i_ref["refsource"] + if refSourceTag not in o_ref["tags"]: + o_ref["tags"].append(refSourceTag) + + if "url" in i_ref: o_ref["url"] = i_ref["url"] + + # decode then encode URL, to clear issue with AJV URL validations + o_ref["url"] = reEncodeUrl(o_ref["url"]) + + # check to ensure unique reference before adding + if (o_ref not in o_cna["references"] + and o_ref["url"]): + o_cna["references"].append(o_ref) + # end if resource != 'url' + # end of reference up convert + + if "credit" in data: # may be a list, or a string + keys_used["PUBLIC"]["credit"] = "" + if isinstance(data["credit"], list): + for i_credit in data["credit"]: + if isinstance(i_credit, dict): + o_credit = {} + if "lang" in i_credit and "value" in i_credit: + o_credit["lang"] = lang_code_2_from_3(i_credit["lang"]) + else: + o_credit["lang"] = "en" + + if "value" in i_credit: + if "credits" not in o_cna: + o_cna["credits"] = [] + o_credit["value"] = i_credit["value"] + o_cna["credits"].append(o_credit) + elif isinstance(i_credit, list): + for citem in i_credit: + o_credit = {} + o_credit["lang"] = "en" + if "credits" not in o_cna: + o_cna["credits"] = [] + o_credit["value"] = citem + o_cna["credits"].append(o_credit) + else: + o_credit = {} + o_credit["lang"] = "en" + o_credit["value"] = i_credit + if "credits" not in o_cna: + o_cna["credits"] = [] + o_cna["credits"].append(o_credit) + + else: + # convert value content to string + o_cna["credits"] = [] + o_credit = {} + o_credit["lang"] = "en" + o_credit["value"] = str(data["credit"]) + o_cna["credits"].append(o_credit) + # end of credit up convert + + if "impact" in data and data["impact"] and not(data["impact"] is None): # impact is an unofficial community added property under CVE 4.0 that maps to metrics array in CVE 5 + keys_used["PUBLIC"]["impact"] = "" + try: + o_cna["metrics"] = [] + for i_impact in data["impact"]: + o_impact = {} + + iver = "other" + iobj = {} + if isinstance(data["impact"], collections.abc.Mapping): # if impact is a JSON object + # check key value, try to match on recognized versions + if i_impact == "cvss" and "version" in data["impact"][i_impact]: + if data["impact"][i_impact]["version"] == "3.1": + iver = "cvssV3_1" + elif data["impact"][i_impact]["version"] == "3.0": + iver = "cvssV3_0" + elif data["impact"][i_impact]["version"] == "2.0": + iver = "cvssV2_0" + else: + pass + iobj = data["impact"][i_impact] + elif i_impact == "cvssv3": + iver = "cvssV3_0" + iobj = data["impact"][i_impact] + elif i_impact == "cvss" and isinstance(data["impact"][i_impact], list): + for tc in data["impact"][i_impact]: # array of arrays + if ( isinstance(tc, list) ): # list in list + for ic in tc: # inner array + lver = "other" + iver = "skip" #skip the external o_impact because we found an array instead of a object + if "version" in ic: + if ic["version"] == "3.1": + lver = "cvssV3_1" + elif ic["version"] == "3.0": + lver = "cvssV3_0" + elif ic["version"] == "2.0": + lver = "cvssV2_0" + else: + bv = i_impact + "-" +ic[version] + if bv not in invalid_impact_versions: + invalid_impact_versions[bv] = {} + invalid_impact_versions[bv]["count"] = 0 + invalid_impact_versions[bv]["count"] += 1 + pass + else: + # print("didn't find version") + # print(ic) + raise MissingRequiredPropertyValue(i_meta["ID"], "IMPACT.version from cvss[[{}]]" ) + + if lver == "other": + o_impact[lver] = {} + o_impact[lver]["type"] = "unknown" + o_impact[lver]["content"] = ic + else: + o_impact[lver] = ic.copy() + elif (isinstance(tc, collections.abc.Mapping)): # array of objects + lver = "other" + iver = "skip" #skip the external o_impact because we found an array instead of a object + if "version" in tc: + if tc["version"] == "3.1": + lver = "cvssV3_1" + elif tc["version"] == "3.0": + lver = "cvssV3_0" + elif tc["version"] == "2.0": + lver = "cvssV2_0" + else: + bv = i_impact + "-" +tc[version] + if bv not in invalid_impact_versions: + invalid_impact_versions[bv] = {} + invalid_impact_versions[bv]["count"] = 0 + invalid_impact_versions[bv]["count"] += 1 + pass + else: + # print("didn't find version") + # print(tc) + raise MissingRequiredPropertyValue(i_meta["ID"], "IMPACT.version from cvss[{}]" ) + + if lver == "other": + o_impact[lver] = {} + o_impact[lver]["type"] = "unknown" + o_impact[lver]["content"] = tc + else: + o_impact[lver] = tc.copy() + else: + raise UnexpectedPropertyValue( i_meta["ID"], "Impact - cvss structure not recognized") + + else: # impact not an object, or property name not recognized + pass + + if iver == "other": + # ensure content is an object + o_impact[iver] = buildImpactOther(i_impact, data["impact"][i_impact]) + + elif iver == "skip": + pass + else: + o_impact[iver] = data["impact"][i_impact].copy() + else: # impact was not a JSON object, just copy the content and mark type as unknown + c_i_impact = clean_empty(i_impact) + if c_i_impact: + o_impact[iver] = buildImpactOther(i_impact, c_i_impact) + + + # record if a scoring element landed in "other" + # just upconversion tracking log + if o_impact and i_impact != "other": + # print("have impact") + if "other" in o_impact: + # print("have converted other impact:" + str(i_impact)) + # print(json.dumps(o_impact, indent=2)) + if "content" in o_impact["other"]: + if i_meta["ID"] not in scoring_other: + scoring_other[i_meta["ID"]] = [] + scoring_other[i_meta["ID"]].append(o_impact["other"]["content"]) + + # repair cvss data conversion + # if any property is missing replace with generated object + try: + if "cvssV3_1" in o_impact and "vectorString" in o_impact["cvssV3_1"]: + vStrMatch = re.search('(([A-Z]+:[A-Z310.]+/?)+)', o_impact["cvssV3_1"]["vectorString"], re.IGNORECASE) + if vStrMatch: + try: + vStr = vStrMatch.group(1) + if not vStr.startswith("CVSS:3."): + vStr = "CVSS:3.1/"+vStr + c = CVSS3(vStr) + o_impact["cvssV3_1"] = redux_CVSS(c.as_json(), vStr) + # fix mismatched CVSS versions + if o_impact["cvssV3_1"]["version"] == "3.0": + o_impact["cvssV3_0"] = o_impact["cvssV3_1"] + del o_impact["cvssV3_1"] + except Exception as err: + del o_impact["cvssV3_1"] + converter_errors["cvssV3_1"] = {} + converter_errors["cvssV3_1"]["error"] = "CVSSV3_1 data from v4 record is invalid" + converter_errors["cvssV3_1"]["message"] = str(err) + + + if "cvssV3_0" in o_impact: + if "BM" in o_impact["cvssV3_0"]: + o_impact["cvssV3_0"]["vectorString"] = IBM_score(o_impact["cvssV3_0"]) + if "vectorString" in o_impact["cvssV3_0"]: + vStrMatch = re.search('(([A-Z]+:[A-Z310.]+/?)+)', o_impact["cvssV3_0"]["vectorString"], re.IGNORECASE) + if vStrMatch: + try: + vStr = vStrMatch.group(1) + if not vStr.startswith("CVSS:3."): + vStr = "CVSS:3.0/"+vStr + c = CVSS3(vStr) + o_impact["cvssV3_0"] = redux_CVSS(c.as_json(), vStr) + #fix mismatched CVSS versions + if o_impact["cvssV3_0"]["version"] == "3.1": + o_impact["cvssV3_1"] = o_impact["cvssV3_0"] + del o_impact["cvssV3_0"] + except Exception as err: + del o_impact["cvssV3_0"] + # print("error cvssV3_0") + # print(err) + converter_errors["cvssV3_0"] = {} + converter_errors["cvssV3_0"]["error"] = "CVSSV3_0 data from v4 record is invalid" + converter_errors["cvssV3_0"]["message"] = str(err) + pass + + if "cvssV2_0" in o_impact and "vectorString" in o_impact["cvssV2_0"]: + vStr = re.search('(([A-Z]+:[A-Z0123.]+/?)+)', o_impact["cvssV2_0"]["vectorString"], re.IGNORECASE) + if vStr: + try: + c = CVSS2(vStr.group(1)) + o_impact["cvssV2_0"] = redux_CVSS(c.as_json(), vStr.group(1)) + except Exception as err: + del o_impact["cvssV2_0"] + converter_errors["cvssV2_0"] = {} + converter_errors["cvssV2_0"]["error"] = "CVSSV2_0 data from v4 record is invalid" + converter_errors["cvssV2_0"]["message"] = str(err) + + # delete garbage cvss entries from impact, + # check and purge once after all source formats are converted + vers = ["cvssV3_1", "cvssV3_0", "cvssV2_0"] + for cVer in vers: + deleteMe = False + if cVer in o_impact: + # delete garbage cvss scores + if ("vectorString" not in o_impact[cVer] + or not o_impact[cVer]["vectorString"] + or not re.findall('[0-9]+', o_impact[cVer]['vectorString']) ): + deleteMe = True + + if ("baseScore" not in o_impact[cVer] + or not o_impact[cVer]["baseScore"]): + deleteMe = True + + if deleteMe: + del o_impact[cVer] + else: + if ( o_impact[cVer] + and "baseScore" in o_impact[cVer] + and not isinstance(o_impact[cVer]["baseScore"], Number) ): + o_impact[cVer]["baseScore"] = float(o_impact[cVer]["baseScore"]) + + except Exception as err: + print("error") + print(err) + traceback.print_exc() + converter_errors["impact_cvss"] = {} + converter_errors["impact_cvss"]["error"] = "CVSS data from v4 record is invalid" + converter_errors["impact_cvss"]["message"] = str(err) + pass + + # only add if not empty + if o_impact: + o_cna["metrics"].append(o_impact) + # end for impact + except Exception as e: + raise UnexpectedPropertyValue(i_meta["ID"], "IMPACT", str(e)) + + # if metrics is empty, remove it now, to avoid later cleanup + if not o_cna["metrics"]: + del o_cna["metrics"] + # end of impact up convert + + if "problemtype" in data and "problemtype_data" in data["problemtype"]: + keys_used["PUBLIC"]["problemtype"] = "" + o_cna["problemTypes"] = [] + i_pds = data["problemtype"]["problemtype_data"] + for i_pd in i_pds: + o_pt_desc = [] + if "description" in i_pd: + for i_desc in i_pd["description"]: + o_pd = {} + o_pd["type"] = "text" + for dk in i_desc: + if dk == "lang": + o_pd["lang"] = lang_code_2_from_3(i_desc[dk]) + elif dk == "value": + o_pd["description"] = i_desc[dk] + # If description mentions CWEs pick the first as the CWE ID + cwes = re.findall(r'\bCWE-[1-9]\d*\b', i_desc[dk], flags=re.IGNORECASE) + if len(cwes) > 0: + o_pd["type"] = "CWE" + o_pd["cweId"] = cwes[0].upper() + else: + o_pd[dk] = i_desc[dk] + if "lang" not in o_pd or not o_pd["lang"]: + o_pd["lang"] = "en" + if ("description" in o_pd + and o_pd["description"] != ""): + o_pt_desc.append(o_pd) + if "CWE-ID" in i_pd: + # extract all id by regex pattern, copy + ids = re.findall(r'^CWE-[1-9][0-9]+$', i_pd["CWE-ID"]) + for c in ids: + o_pd = {} + o_pd["description"] = i_pd["CWE-ID"] + o_pd["lang"] = "eng" + o_pd["type"] = "CWE" + o_pd["cweId"] = c + o_pt_desc.append(o_pd) + + o_pt_descs = {} + if len(o_pt_desc)>0 and hasVal(o_pt_desc): + o_pt_descs["descriptions"] = o_pt_desc + o_cna["problemTypes"].append( o_pt_descs) + # end of problem_type up convert + + if "generator" in data: #community field + keys_used["PUBLIC"]["generator"] = "" + try: + o_cna["x_generator"] = data["generator"] + except: + raise UnexpectedPropertyValue(o_meta["cveId"], "generator", "JSON not convertable") + # end of generator up convert + + if "source" in data: #community field + keys_used["PUBLIC"]["source"] = "" + try: + o_cna["source"] = data["source"] + except: + raise UnexpectedPropertyValue(o_meta["cveId"], "source", "JSON not convertable") + # end of source up convert + + if "configuration" in data: + keys_used["PUBLIC"]["configuration"] = "" + try: + if isinstance(data["configuration"], list): + o_cna["configurations"] = data["configuration"] + else: + o_cna["configurations"] = [] + o_cna["configurations"].append(data["configuration"]) + o_cna["configurations"] = convertLangInArray(o_cna["configurations"]) # language code conversion + if len(o_cna["configurations"]) < 1: + del o_cna["configurations"] + except: + raise UnexpectedPropertyValue(o_meta["cveId"], "configuration", "JSON not convertable") + # end of configuration up convert + + if "work_around" in data: + keys_used["PUBLIC"]["work_around"] = "" + try: + if isinstance(data["work_around"], list): + o_cna["workarounds"] = data["work_around"] + else: + o_cna["workarounds"] = [] + o_cna["workarounds"].append(data["work_around"]) + + o_cna["workarounds"] = convertLangInArray(o_cna["workarounds"]) # language code conversion + if len(o_cna["workarounds"]) < 1: + del o_cna["workarounds"] + except: + raise UnexpectedPropertyValue(o_meta["cveId"], "work_around", "JSON not convertable") + # end of work_around up convert + + if "workaround" in data: + keys_used["PUBLIC"]["workaround"] = "" + try: + if isinstance(data["workaround"], list): + o_cna["workarounds"] = data["workaround"] + else: + o_cna["workarounds"] = [] + o_cna["workarounds"].append(data["workaround"]) + + o_cna["workarounds"] = convertLangInArray(o_cna["workarounds"]) # language code conversion + if len(o_cna["workarounds"]) < 1: + del o_cna["workarounds"] + except: + raise UnexpectedPropertyValue(o_meta["cveId"], "work_around", "JSON not convertable") + # end of work_around up convert + + if "exploit" in data: + keys_used["PUBLIC"]["exploit"] = "" + try: + if isinstance(data["exploit"], list): + o_cna["exploits"] = data["exploit"] + else: + o_cna["exploits"] = [] + o_cna["exploits"].append(data["exploit"]) + o_cna["exploits"] = convertLangInArray(o_cna["exploits"]) # language code conversion + if len(o_cna["exploits"]) < 1: + del o_cna["exploits"] + except: + raise UnexpectedPropertyValue(o_meta["cveId"], "exploit", "JSON not convertable") + # end of exploit up convert + + if "timeline" in data: + # v4 time is supposed to be an array of object with time, lang, value properties + keys_used["PUBLIC"]["timeline"] = "" + try: + if isinstance(data["timeline"], list): + o_cna["timeline"] = data["timeline"] + else: + o_cna["timeline"] = [] + o_cna["timeline"].append(data["timeline"]) + o_cna["timeline"] = convertLangInArray(o_cna["timeline"]) # language code conversion + if len(o_cna["timeline"]) < 1: + del o_cna["timeline"] + except: + raise UnexpectedPropertyValue(o_meta["cveId"], "timeline", "JSON not convertable") + + # clean up, remove missing value, convert to datetime for time + if "timeline" in o_cna: + for t in o_cna["timeline"]: + if ("value" not in t or not t["value"] + or "time" not in t or not t["time"]): + o_cna["timeline"].remove(t) + else: + # ensure a lang is present default to en + if "lang" not in t: + t["lang"] = "en" + # ensure time is in datetime format + if not isinstance(t["time"], datetime.datetime): + t["time"] = str(datetime.datetime.combine(dateParse(t["time"]).date(), datetime.datetime.min.time()).isoformat()) + # end of timeline up convert + + if "solution" in data: + keys_used["PUBLIC"]["solution"] = "" + try: + if isinstance(data["solution"], list): + o_cna["solutions"] = data["solution"] + else: + o_cna["solutions"] = [] + o_cna["solutions"].append(data["solution"]) + o_cna["solutions"] = convertLangInArray(o_cna["solutions"]) # language code conversion + if len(o_cna["solutions"]) < 1: + del o_cna["solutions"] + except: + raise UnexpectedPropertyValue(o_meta["cveId"], "source", "JSON not convertable") + + # purge incomplete entries from solutions, and set lang if missing + if "solutions" in o_cna: + for s in o_cna["solutions"]: + if ("value" not in s + or not s["value"]): + o_cna["solutions"].remove(s) + else: + if "lang" not in s: + s["lang"] = "en" + # end of solution up convert + + # add extra / non-standard content to CNA container to avoid data loss. + for i_key in data: + if o_meta["state"] in keys_used and i_key not in keys_used[o_meta["state"]]: + # skip old root fields not converted + if i_key not in ["data_format", "data_type", "data_version"]: + o_key = i_key + if not o_key.startswith("x_"): + o_key = "x_" + o_key + o_cna[o_key] = data[i_key] + + # drop empty propteries + if not "affected" in o_cna: + o_cna["affected"] = [{"vendor": "unspecified", "product": "unspecified", "defaultStatus": "unknown"}] + converter_errors["affects"] = {"error": "Missing affected product. Using unspecified instead.", "message": "Marking it unspecified!"} + o_cna = clean_empty(o_cna) + + # insert source record + o_cna["x_legacyV4Record"] = data + + jout["containers"] = {} + jout["containers"]["cna"] = o_cna + writeout = True + + elif o_meta["state"].upper() == "RESERVED": + writeout = False + + elif o_meta["state"].upper() == "REJECTED": + o_cna = {} + o_cna["providerMetadata"] = {} + o_cna["providerMetadata"]["orgId"] = o_meta["assignerOrgId"] + o_cna["providerMetadata"]["shortName"] = o_meta["assignerShortName"] + try: + o_cna["providerMetadata"]["dateUpdated"] = o_meta["dateUpdated"] + if not isinstance(o_cna["providerMetadata"]["dateUpdated"], datetime.datetime): + o_cna["providerMetadata"]["dateUpdated"] = str(datetime.datetime.combine(dateParse(o_cna["providerMetadata"]["dateUpdated"]).date(), datetime.datetime.min.time()).isoformat()) + except: + o_cna["providerMetadata"]["dateUpdated"] = str(datetime.datetime.combine(dateParse(datetime.now(), datetime.datetime.min.time()).isoformat())) + + # o_meta['dateRejected'] = o_meta["dateUpdated"] + o_meta['dateRejected'] = str(getRejectedDate(o_meta["cveId"], recordHistory)) + + if not isinstance(o_meta["dateRejected"], datetime.datetime): + o_meta["dateRejected"] = str(datetime.datetime.combine(dateParse(o_meta["dateRejected"]).date(), datetime.datetime.min.time()).isoformat()) + + if "description" in data and "description_data" in data["description"]: + keys_used["REJECT"]["description"] = "" + o_cna["rejectedReasons"] = [] + for i_desc in data["description"]["description_data"]: + o_desc = {} + if "lang" in i_desc: + o_desc["lang"] = lang_code_2_from_3(i_desc["lang"]) + if "value" in i_desc: + o_desc["value"] = i_desc["value"] + + # find and convert description tags - DISPUTED, UNSUPPORTED WHEN ASSIGNED + if o_desc["value"].casefold().startswith("** disputed"): + if "tags" not in o_cna: + o_cna["tags"] = [] + if "disputed" not in o_cna["tags"]: + o_cna["tags"].append("disputed") + o_desc["value"] = o_desc["value"][14:-1].strip() + + if o_desc["value"].casefold().startswith("** unsupported when assigned"): + tagval = "unsupported-when-assigned" + if "tags" not in o_cna: + o_cna["tags"] = [] + if tagval not in o_cna["tags"]: + o_cna["tags"].append(tagval) + o_desc["value"] = o_desc["value"][31:-1].strip() + + if o_desc["value"].casefold().startswith("** reject"): + o_desc["value"] = o_desc["value"][13:-1].strip() + + o_cna["rejectedReasons"].append(o_desc) + + + # if replaced by present + if "REPLACED_BY" in i_meta: + rep_ids = i_meta["REPLACED_BY"].split(',') + for ri in rep_ids: + if not "replacedBy" in o_meta: o_meta["replacedBy"] = [] + o_meta["resplacedBy"].append(ri) + + # drop empty propteries + o_cna = clean_empty(o_cna) + + jout["containers"] = {} + jout["containers"]["cna"] = o_cna + writeout = True + pass + else: + writeout = False + raise UnexpectedPropertyValue("STATE", o_meta["state"]) + + # if there were converter errors, add them to the result now + # this will force a validation error + if len(converter_errors) > 0: + jout["containers"]["cna"]["x_ConverterErrors"] = converter_errors + if "impact_cvss" in converter_errors: + global cvssErrorList + cvssErrorList.append({o_meta["cveId"]:converter_errors["impact_cvss"]}) + + + if writeout: + #attempt JSON validation + global JSONValidator + global JSONValidatorPublished + global ValidationFailures + + if not JSONValidator: + # print("v5schemaPath = " + v5SchemaPath) + global v5SchemaPath + JSONValidator = jsonschema.Draft7Validator(json.load(open(v5SchemaPath))) + if not JSONValidatorPublished: + global v5SchemaPath_published + JSONValidatorPublished = jsonschema.Draft7Validator(json.load(open(v5SchemaPath_published))) + + valErrors = None + if jout["cveMetadata"]["state"] == "PUBLISHED": + valErrors = JSONValidatorPublished.iter_errors(jout) + elif jout["cveMetadata"]["state"] == "REJECTED": + valErrors = JSONValidator.iter_errors(jout) + elif jout["cveMetadata"]["state"] == "RESERVED": + # print(jout["cveMetadata"]["cveId"] + " state = " + jout["cveMetadata"]["state"]) + # valErrors = JSONValidator.iter_errors(jout) + pass + else: + print(jout["cveMetadata"]["cveId"] + " state = " + jout["cveMetadata"]["state"]) + valErrors = JSONValidator.iter_errors(jout) + + if valErrors: + errors = [] + for error in valErrors: + errors.append( str(error.json_path) + " -- validator = "+ str(error.validator)) + + if len(errors) > 0: + jout["containers"]["cna"]["x_ValidationErrors"] = errors + # ValidationFailures.append( jout["cveMetadata"]["cveId"] ) + ValidationFailures[jout["cveMetadata"]["cveId"]] = jout["containers"]["cna"]["x_ValidationErrors"] + + # write result to file of CVE ID + fname = os.path.join( outputpath, jout["cveMetadata"]["cveId"] + ".json") + os.makedirs(outputpath, exist_ok=True) + jout_file = open(fname, "w") + jout_file.write( json.dumps(jout, sort_keys=True, indent=4) ) + jout_file.close + + for i_key in data: + if (i_key in keys_used[i_meta["STATE"]] or + i_key in ['data_type', 'data_version', 'data_format'] + or i_meta["STATE"] == "RESERVED"): + #root key was converted + pass + else: + #found a key that was not explicitly converted + #these CVEs should be reviewed for validity. + if o_meta["state"] not in extra_keys: extra_keys[o_meta["state"]] = {} + if i_key not in extra_keys[o_meta["state"]]: extra_keys[o_meta["state"]][i_key] = [] + if o_meta["cveId"] not in extra_keys[o_meta["state"]][i_key]: extra_keys[o_meta["state"]][i_key].append(o_meta["cveId"]) + + +class UnexpectedPropertyValue(Exception): + def __init__(self, cveid, propertyname, message="unexpected value in property"): + self.propertyname = propertyname + self.cveid = cveid + self.message = message + super().__init__(self.message) + def __str__(self): + return self.cveid + " - " + self.propertyname + " - " + self.message + +class MissingRequiredPropertyValue(Exception): + def __init__(self, cveid, propertyname, message="Required property missing from CVE"): + self.propertyname = propertyname + self.cveid = cveid + self.message = message + super().__init__(self.message) + def __str__(self): + return self.cveid + " - " + self.propertyname + " - " + self.message + + +def getOrgUUID( short_name ): + global all_orgs + + if not all_orgs or len(all_orgs) < 1: getOrgData() + + # try/except block to catch integrity error in case the org doesn't exist + uuid = None + try: + for org in all_orgs: + # print( json.dumps(all_orgs, indent=2)) + orgShortName = all_orgs[org]["short_name"] + if orgShortName == short_name: + uuid = all_orgs[org]["UUID"] + break + except: + pass + return uuid + + +def getOrgShortName( org_uuid ): + global all_orgs + + if not all_orgs or len(all_orgs) < 1: getOrgData() + + # try/except block to catch integrity error in case the org doesn't exist + orgsn = None + if org_uuid in all_orgs: + if "short_name" in all_orgs[org_uuid]: + orgsn = all_orgs[org_uuid]["short_name"] + return orgsn + + +def getAllUsers(): + global all_orgs + global all_users + global user_errors + + if not all_orgs or len(all_orgs) < 1: getOrgData() + + # try/except block to catch integrity error in case the org doesn't exist + try: + for org in all_orgs: + # print( json.dumps(all_orgs, indent=2)) + orgShortName = all_orgs[org]["short_name"] + USERS_URL = settings.AWG_IDR_SERVICE_URL + '/org/' + orgShortName + '/users' + users_params = {} + # Attempt to get org from RSUS + users_result = call_idr_service('get', BASE_HEADERS, USERS_URL, users_params) + data = json.loads(users_result) + for u in data["users"]: + # add org short_name to user object + u["org_short_name"] = orgShortName + # only keep first org match, else record as error + if u["username"] in all_users: + if u["username"] not in user_errors: + user_errors[u["username"]] = [] + user_errors[u["username"]].append("User in multiple orgs with: "+orgShortName) + else: + all_users[u["username"]] = u + + # add default user + d_user = {} + d_user["username"] = settings.AWG_USER_NAME + d_user["org_short_name"] = settings.AWG_ORG_SHORT_NAME + d_user["org_UUID"] = settings.AWG_USER_ORG_UUID + d_user["UUID"] = settings.AWG_USER_UUID + all_users["DEFAULT"] = d_user + + except Exception as e: + print(str(e)) + raise e + return True + + + +def getIDRInfo(cveId, delay=300, retry=0): + global IDRCollection + data = None + if not IDRCollection: + try: + with open("cve_ids.json") as cveids: + lines = cveids.readlines() + lines = [line.rstrip() for line in lines] + for line in lines: + jline = json.loads(line) + IDRCollection[ jline["cve_id"] ] = jline + except Exception as e: + print("bulk IDR ERROR: "+str(e)) + + if cveId in IDRCollection: + # if IDR data present from bulkgrab use it + data = IDRCollection[cveId] + else: + print("Services export miss on " + cveId) + # if IDR data is not in buldgrab, get and add it. + IDR_URL = settings.AWG_IDR_SERVICE_URL + '/cve-id/' + cveId + idr_params = {} + data = None + + # try/except block to catch integrity error in case the org doesn't exist + try: + # Attempt to get org from RSUS + idr_result = call_idr_service('get', BASE_HEADERS, IDR_URL, idr_params) + if idr_result and idr_result.startswith("{"): + data = json.loads(idr_result) + if not data["cve_id"] in IDRCollection: + IDRCollection[data["cve_id"]] = [] + IDRCollection[data["cve_id"]].append(data) + + else: + if retry < 14: + print("delaying for: "+ str(delay) + " -- on -- " + cveId) + time.sleep(delay) + data = getIDRInfo(cveId, delay, retry+1) + else: + print("Record Timeout Issue - URL - " + IDR_URL) + # print(str(idr_result)) + except Exception as e: + if retry < 14: + # if delay > 179: + print( str(e)) + print("Exception delay for: " + str(delay)) + print(" --- " + IDR_URL) + time.sleep(delay) + data = getIDRInfo(cveId, delay, retry+1) + else: + # print(str(idr_result)) + print("Exception Failed -- get IDR info -- URL - " + IDR_URL) + print(str(e)) + raise e + # end if else + return data + + +def getRecordMetaData(recordId): + ORG_URL = settings.AWG_IDR_SERVICE_URL + '/cve-id/' + str(recordId) + org_params = {} + + # try/except block to catch integrity error in case the ID doesn't exist + try: + # Attempt to get org from RSUS + record_result = call_idr_service('get', BASE_HEADERS, ORG_URL, org_params) + data = json.loads(record_result) + if "owning_cna" in data: + return data + else: + raise Exception(str(recordId) + " did not find an owning_cna.") + except Exception as e: + print(str(e)) + raise e + return None + + +def getOrgData(): + global all_orgs + + ORG_URL = settings.AWG_IDR_SERVICE_URL + '/org' + org_params = {} + + # try/except block to catch integrity error in case the org doesn't exist + try: + # Attempt to get org from RSUS + org_result = call_idr_service('get', BASE_HEADERS, ORG_URL, org_params) + data = json.loads(org_result) + for org in data["organizations"]: + all_orgs[org["UUID"]] = org + # all_orgs[orgId] = data + except Exception as e: + print(str(e)) + raise e + return True + +def getRequesterMap(): + global requester_map + + if len(requester_map) < 1 : + with open('user_map.csv', newline='') as csvfile: + req_reader = csv.reader(csvfile, delimiter=',') + for row in req_reader: + requester_map[row[0]] = row + + return True + + +def getReferenceTagMap(): + global reference_tag_map + + if len(reference_tag_map) < 1 : + with open("ref_tag_map.json") as ref_tag_file: + reference_tag_map = json.load(ref_tag_file) + return True + + +def getV5ReferenceTagValue(v4Tag): + global reference_tag_map + v5Tags = None + v4Test = v4Tag.casefold() + refhit = False + for tagMap in reference_tag_map["referenceMaps"]: + if v4Test == tagMap["v4"].casefold(): + v5Tags = tagMap["v5"] + refhit = True + break + if not refhit: + # print("Missed Ref Tag: " + v4Tag) + pass + + return v5Tags + + +def call_idr_service(action, req_header, IDR_URL, params=None, content=None): + """ + :param action: GET, POST, ... + :param req_header: JSON object formated for IDR service endpoint + :param IDR_URL: string value of URL for IDR Service endpoint + :param params: querystring paramater dictionary + :param content: call body + :return: response received from IDR + + :raises: Integrity Error, includes list of errors encountered, CPS may be + out of sync with IDR at this point, need to trigger or wait for sync + """ + IDR_Timeout = settings.AWG_SERVICE_TIMEOUT + IDR_Response_Received = False + if action: + try: + if action.lower() == 'post': + IDR_Response = requests.post( + IDR_URL, + params=params, + headers=req_header, + json=content, + timeout=IDR_Timeout, + cert=None) + elif action.lower() == 'put': + IDR_Response = requests.put( + IDR_URL, + params=params, + headers=req_header, + json=content, + timeout=IDR_Timeout, + cert=None) + elif action.lower() == 'get': + IDR_Response = requests.get( + IDR_URL, + params=params, + headers=req_header, + json=content, + timeout=IDR_Timeout, + cert=None) + else: + raise Exception("HTTP action not expected.") + + IDR_Response_Received = True + except requests.exceptions.ConnectTimeout: + IDR_Error = f"Connection timeout to: {IDR_URL}" + except requests.exceptions.Timeout: + IDR_Error = "Request timeout from IDR request." + except requests.exceptions.ReadTimeout: + IDR_Error = "Request timeout, no data from IDR request." + except requests.exceptions.HTTPError: + IDR_Error = "IDR HTTPError occurred." + except requests.exceptions.ConnectionError: + IDR_Error = "IDR ConnectionError occurred." + except requests.exceptions.RequestException: + IDR_Error = "IDR Request error occurred." + + if not IDR_Response_Received: + raise Exception(f'IDR service access failure: {IDR_Error}') + else: # we received a response + IDR_Status_Code = IDR_Response.status_code + IDR_Body = IDR_Response.content.decode('utf-8') + # status codes for success 200, 206 + # 200 = fully successful + # 206 = partial success, example reserved 6 IDs out of 10 requested + if IDR_Status_Code == 200 or IDR_Status_Code == 206: # was our request OK? + return IDR_Body + else: + err_msg = json.loads(IDR_Body) + raise Exception("IDR Error: " + err_msg['message']) + +def lang_code_3_from_2(lang_code): + """ + :param: 2 letter language code to convert + :return: 3 letter language code + :raises: + + """ + if lang_code: + return Language.get(lang_code).to_alpha3() + else: + raise Exception("No language code provided") + + +def lang_code_2_from_3(lang_code): + """ + convert to BCP-47 standard + :param: 3 letter language code to convert + :return: 2 letter language code + :raises: + + """ + if lang_code: + return Language.get(lang_code).language + else: + raise Exception("No language code provided") + +def convertLangInArray(sArray): + na = [] + for aval in sArray: + if "lang" in aval: + # sArray[aval]["lang"] = lang_code_2_from_3(aval["lang"]) + aval["lang"] = lang_code_2_from_3(aval["lang"]) + na.append(aval) + # end if "lang" + # end if aval + return na + + +def testCVEServicesConnection(): + result = True + if IDR_Health_Check() != 200: + result = False + + return result + + +def IDR_Health_Check(): + # if healthy expect 200 for a response + IDR_Timeout = settings.AWG_SERVICE_TIMEOUT + IDR_URL = settings.AWG_IDR_SERVICE_URL + settings.AWG_IDR_ENDPOINT_HEALTHCHECK + IDR_Response = None + try: + IDR_Response = requests.get( + IDR_URL, + # NOTE: these are requests.post optional arguments + timeout=IDR_Timeout) + except Exception as e: + print(f'IDR health check failed: {e}') + pass + + if IDR_Response: + print (str(IDR_Response.status_code)) + return IDR_Response.status_code + else: # requests failed, raise exception + print(f'cps/shared/utils.py/IDR_Health_Check(): {IDR_Response}') + # TODO: we aren't raising an exception here, and, we shouldn't return + # a random integer? + return 404 + +def hasVal(v): + return (v != "" and v != {"lang":"en","value":""} + and v != {"lang":"en"} and v != [] and v!= {} and v!= [{"lang": "en", "value": ""}] + and v!= [{"lang": "en"}]) + +def clean_empty(d): + if isinstance(d, dict): + return { + k: v + for k, v in ((k, clean_empty(v)) for k, v in d.items()) + if hasVal(v) + } + if isinstance(d, list): + x = [v for v in map(clean_empty, d) if hasVal(v)] + return d + +def reEncodeUrl(inRef): + # use requote_uri to quote most chars, then urllib.parse.quote to encode any remaining unsafe chars + return urllib.parse.quote(requote_uri(inRef), safe=':/=&?#%+') + # outRef = urllib.parse.quote(outRef) + +def buildImpactOther(key_str, content): + o_impact = {} + o_impact["type"] = "unknown" + if isinstance(content, dict): + o_impact["content"] = content.copy() + elif isinstance(content, list): + o_impact["content"] = content.copy() + else: + # wrap value in object + o_impact["content"] = {key_str:content} + return o_impact + + +def getRejectedDate(cveId, recordHistory): + # newTime = time.perf_counter() + + global historyDateTimeFormat + firstRejected = datetime.datetime.combine(datetime.date.today(), datetime.datetime.min.time()) + lastUpdated = firstRejected + sawRejectedDate = False + + for h in recordHistory: + hdt = datetime.datetime.strptime(h["history_date"],historyDateTimeFormat) + if h["HType"] == "Rejected": + firstRejected = min(datetime.datetime.strptime(hdt,historyDateTimeFormat), firstRejected) + sawRejectedDate = True + if h["HType"] == "Modified": + lastUpdated = min(datetime.datetime.strptime(hdt,historyDateTimeFormat), lastUpdated) + if not sawRejectedDate: + firstRejected = lastUpdated + + # setTime = time.perf_counter() - newTime + # print("getRejectedDate took:" + '{0:2f}'.format(setTime)) + return firstRejected + + +def getLastUpdated(cveId, recordHistory): + # newTime = time.perf_counter() + + global historyDateTimeFormat + + lastUpdated = datetime.datetime.min + if recordHistory: + for h in recordHistory: + if h["HType"] == "Modified" or h["HType"] == "Rejected": + lastUpdated = max(datetime.datetime.strptime(h["history_date"],historyDateTimeFormat), lastUpdated) + else: + lastUpdated = datetime.datetime.combine(datetime.date.today(), datetime.datetime.min.time()) + + # setTime = time.perf_counter() - newTime + # print("getLastUpdated took:" + '{0:2f}'.format(setTime)) + return lastUpdated + + +def getDatePublished(cveId, recordHistory): + # newTime = time.perf_counter() + + global historyDateTimeFormat + + pubDate = datetime.datetime.now() + for h in recordHistory: + if h["populated_date"] != "null": + pubDate = min(datetime.datetime.strptime(h["populated_date"],historyDateTimeFormat), pubDate) + + # setTime = time.perf_counter() - newTime + # print("getDatePublished took:" + '{0:2f}'.format(setTime)) + return pubDate + + +def getReservedDate(cveId, recordHistory): + # newTime = time.perf_counter() + + historyReservedDateFormat = '%Y-%m-%d' + + resDate = datetime.datetime.now() + for h in recordHistory: + if h["reserved_date"] != "null": + resDate = min(datetime.datetime.strptime(h["reserved_date"],historyReservedDateFormat), resDate) + + # setTime = time.perf_counter() - newTime + # print("getReservedDate took:" + '{0:2f}'.format(setTime)) + return resDate + + +if __name__ == "__main__": + main(sys.argv[1:]) diff --git a/schema/support/CVE_4_to_5_converter/cve_record_dates.json.example b/schema/support/CVE_4_to_5_converter/cve_record_dates.json.example new file mode 100644 index 00000000000..99ace805a7e --- /dev/null +++ b/schema/support/CVE_4_to_5_converter/cve_record_dates.json.example @@ -0,0 +1,42 @@ +[ + { + "cve_identifier" : "CVE-2010-0001", + "reserved_date" : "2010-06-07", + "disclosure_date" : null, + "populated_date" : "2010-08-08 05:00:00.000000", + "history_date" : "2010-12-17 00:00:00.000000", + "HType" : "Modified" + }, + { + "cve_identifier" : "CVE-1999-7001", + "reserved_date" : "1999-06-07", + "disclosure_date" : null, + "populated_date" : "2000-06-04 05:00:00.000000", + "history_date" : "2005-11-12 00:00:00.000000", + "HType" : "Modified" + }, + { + "cve_identifier" : "CVE-2001-2001", + "reserved_date" : "2001-06-07", + "disclosure_date" : null, + "populated_date" : "2002-02-04 05:00:00.000000", + "history_date" : "2007-12-17 00:00:00.000000", + "HType" : "Modified" + }, + { + "cve_identifier" : "CVE-2008-3001", + "reserved_date" : "2008-06-07", + "disclosure_date" : null, + "populated_date" : "2009-02-04 05:00:00.000000", + "history_date" : "2008-03-21 10:00:00.000000", + "HType" : "Modified" + }, + { + "cve_identifier" : "CVE-2003-6001", + "reserved_date" : "2003-06-07", + "disclosure_date" : null, + "populated_date" : "2004-02-04 05:00:00.000000", + "history_date" : "2003-07-28 00:00:00.000000", + "HType" : "Proposed" + } +] diff --git a/schema/support/CVE_4_to_5_converter/ref_tag_map.json b/schema/support/CVE_4_to_5_converter/ref_tag_map.json new file mode 100644 index 00000000000..173ef188e68 --- /dev/null +++ b/schema/support/CVE_4_to_5_converter/ref_tag_map.json @@ -0,0 +1,251 @@ +{ + "referenceMaps":[ + { + "v4":"AIXAPAR", + "v5":["vendor-advisory"] + },{ + "v4":"ALLAIRE", + "v5":["vendor-advisory"] + },{ + "v4":"APPLE", + "v5":["vendor-advisory"] + },{ + "v4":"ASCEND", + "v5":["vendor-advisory"] + },{ + "v4":"ATSTAKE", + "v5":["vendor-advisory"] + },{ + "v4":"AUSCERT", + "v5":["third-party-advisory"] + },{ + "v4":"BEA", + "v5":["vendor-advisory"] + },{ + "v4":"BID", + "v5":["vdb-entry"] + },{ + "v4":"BINDVIEW", + "v5":["vendor-advisory"] + },{ + "v4":"BUGTRAQ", + "v5":["mailing-list"] + },{ + "v4":"CALDERA", + "v5":["vendor-advisory"] + },{ + "v4":"CERT", + "v5":["third-party-advisory"] + },{ + "v4":"CERT-VN", + "v5":["third-party-advisory"] + },{ + "v4":"CHECKPOINT", + "v5":["vendor-advisory"] + },{ + "v4":"CIAC", + "v5":["third-party-advisory", "government-resource"] + },{ + "v4":"CISCO", + "v5":["vendor-advisory"] + },{ + "v4":"COMPAQ", + "v5":["vendor-advisory"] + },{ + "v4":"CONECTIVA", + "v5":["vendor-advisory"] + },{ + "v4":"DEBIAN", + "v5":["vendor-advisory"] + },{ + "v4":"EEYE", + "v5":["third-party-advisory"] + },{ + "v4":"EL8", + "v5":["vendor-advisory"] + },{ + "v4":"ENGARDE", + "v5":["vendor-advisory"] + },{ + "v4":"ERS", + "v5":["vendor-advisory"] + },{ + "v4":"EXPLOIT-DB", + "v5":["exploit"] + },{ + "v4":"FARMERVENEMA", + "v5":["technical-description"] + },{ + "v4":"FEDORA", + "v5":["vendor-advisory"] + },{ + "v4":"FREEBSD", + "v5":["vendor-advisory"] + },{ + "v4":"FRSIRT", + "v5":["third-party-advisory"] + },{ + "v4":"FULLDISC", + "v5":["mailing-list"] + },{ + "v4":"GENTOO", + "v5":["vendor-advisory"] + },{ + "v4":"HERT", + "v5":["vendor-advisory"] + },{ + "v4":"HP", + "v5":["vendor-advisory"] + },{ + "v4":"HPBUG", + "v5":["issue-tracking"] + },{ + "v4":"IBM", + "v5":["vendor-advisory"] + },{ + "v4":"IDEFENSE", + "v5":["third-party-advisory"] + },{ + "v4":"IMMUNIX", + "v5":["vendor-advisory"] + },{ + "v4":"INFOWAR", + "v5":["third-party-advisory"] + },{ + "v4":"ISS", + "v5":["third-party-advisory"] + },{ + "v4":"JVN", + "v5":["third-party-advisory"] + },{ + "v4":"JVNDB", + "v5":["third-party-advisory"] + },{ + "v4":"KSRT", + "v5":["vendor-advisory"] + },{ + "v4":"L0PHT", + "v5":["vendor-advisory"] + },{ + "v4":"MANDRAKE", + "v5":["vendor-advisory"] + },{ + "v4":"MANDRIVA", + "v5":["vendor-advisory"] + },{ + "v4":"MILW0RM", + "v5":["exploit"] + },{ + "v4":"MLIST", + "v5":["mailing-list"] + },{ + "v4":"MS", + "v5":["vendor-advisory"] + },{ + "v4":"MSKB", + "v5":["vendor-advisory"] + },{ + "v4":"NAI", + "v5":["vendor-advisory"] + },{ + "v4":"NETBSD", + "v5":["vendor-advisory"] + },{ + "v4":"NETECT", + "v5":["broken-link"] + },{ + "v4":"NTBUGTRAQ", + "v5":["mailing-list"] + },{ + "v4":"OPENBSD", + "v5":["vendor-advisory"] + },{ + "v4":"OPENPKG", + "v5":["vendor-advisory"] + },{ + "v4":"OSVDB", + "v5":["vdb-entry"] + },{ + "v4":"OVAL", + "v5":["vdb-entry", "signature"] + },{ + "v4":"REDHAT", + "v5":["vendor-advisory"] + },{ + "v4":"RSI", + "v5":["vendor-advisory"] + },{ + "v4":"SCO", + "v5":["vendor-advisory"] + },{ + "v4":"SECTRACK", + "v5":["vdb-entry"] + },{ + "v4":"SECUNIA", + "v5":["third-party-advisory"] + },{ + "v4":"SEKURE", + "v5":["vendor-advisory"] + },{ + "v4":"SF-INCIDENTS", + "v5":["mailing-list"] + },{ + "v4":"SGI", + "v5":["vendor-advisory"] + },{ + "v4":"SLACKWARE", + "v5":["vendor-advisory"] + },{ + "v4":"SNI", + "v5":["vendor-advisory"] + },{ + "v4":"SREASON", + "v5":["third-party-advisory"] + },{ + "v4":"SREASONRES", + "v5":["third-party-advisory"] + },{ + "v4":"SUN", + "v5":["vendor-advisory"] + },{ + "v4":"SUNALERT", + "v5":["vendor-advisory"] + },{ + "v4":"SUNBUG", + "v5":["issue-tracking"] + },{ + "v4":"SUSE", + "v5":["vendor-advisory"] + },{ + "v4":"TRUSTIX", + "v5":["vendor-advisory"] + },{ + "v4":"TURBO", + "v5":["vendor-advisory"] + },{ + "v4":"UBUNTU", + "v5":["vendor-advisory"] + },{ + "v4":"URL", + "v5":["related"] + },{ + "v4":"VIM", + "v5":["mailing-list"] + },{ + "v4":"VULN-DEV", + "v5":["mailing-list"] + },{ + "v4":"VULNWATCH", + "v5":["mailing-list"] + },{ + "v4":"VUPEN", + "v5":["vdb-entry"] + },{ + "v4":"WIN2KSEC", + "v5":["mailing-list"] + },{ + "v4":"XF", + "v5":["vdb-entry"] + } + ] +} diff --git a/schema/support/CVE_4_to_5_converter/settings_example.py b/schema/support/CVE_4_to_5_converter/settings_example.py new file mode 100644 index 00000000000..1e338cf7067 --- /dev/null +++ b/schema/support/CVE_4_to_5_converter/settings_example.py @@ -0,0 +1,14 @@ +# variables to access IDR services +# the CPS acts on behalf of the secretariat (is `mitre`) +# using the IDR requires cloning the `cve-services` repository, too +AWG_IDR_ENDPOINT_HEALTHCHECK="/health-check" +AWG_SERVICE_TIMEOUT = 30 + +AWG_IDR_SERVICE_URL="http://localhost:3000/api" +AWG_USER_CNA_NAME="cna_name" +AWG_USER_KEY="123456-1234567-1234567-1234567" # this is your secret key +AWG_USER_UUID = "" # the UUID for your user +AWG_USER_NAME="someone@somewhere.com" +AWG_USER_ORG_UUID = "" # the UUID for your organization +AWG_ORG_SHORT_NAME="" # the short name of your organization + diff --git a/schema/support/CVE_4_to_5_converter/user_map_example.csv b/schema/support/CVE_4_to_5_converter/user_map_example.csv new file mode 100644 index 00000000000..b5781b98fd0 --- /dev/null +++ b/schema/support/CVE_4_to_5_converter/user_map_example.csv @@ -0,0 +1,2 @@ +manual@hack.bob,fake,fake,cnaShortName,notacna + diff --git a/schema/support/Node_Validator/.gitignore b/schema/support/Node_Validator/.gitignore new file mode 100644 index 00000000000..12ac6472027 --- /dev/null +++ b/schema/support/Node_Validator/.gitignore @@ -0,0 +1,2 @@ +node_modules/ +.DS_Store \ No newline at end of file diff --git a/schema/support/Node_Validator/README.md b/schema/support/Node_Validator/README.md new file mode 100644 index 00000000000..2a71e8a8b00 --- /dev/null +++ b/schema/support/Node_Validator/README.md @@ -0,0 +1,68 @@ +# This is a json validator for the JSON schema v5.0 + +## Usage + +##### 1. Download and install [node.js](https://nodejs.org/en/download/) + +##### 2. Go to the node validator + +``` + cd cve_json_schema/v5.x_discuss/support/Node_Validator +``` + +##### 3. Run validator in CLI + +To validate one or more files +
+
+   $ node validate.js file-1.json file-2.json ... 
+   file-1.json is valid.
+   file-2.json is invalid!
+   Summary: Validation FAILED for 1 out of 2 files!.
+
+
+ +To validate a list of files in a file or on stdin: +
+   $ cat list.txt | node validate.js -e 
+
+   $ find directory1 -name '*.json' | node validate.js -e
+   directory1/file1.json is valid.
+   Summary: All files PASSED validation.
+
+ +To validate a single file via stdin: +``` + $ cat file.json | node validate.js +``` + +##### 4. Use validator in a NodeJS program + +``` +const validateCve = require('./dist/cve5validator.js') + +if (validateCve(cveJsonObject)) { + // cveJsonObject is valid +} else { + // cveJsonObject is invalid. Errors are in validateCve.errors +} + +``` + +##### 5. Generate a HTML report of validation + +``` + $ find directory1 -name '*.json' | node reportValidation.js > output.html +``` + +Example report https://chandanbn.github.io/notes/cve5-validation-errors-Jan26.html + +##### 6. Development: Build the standalone validator library dist/cve5validator.js compiled from bundled CVE JSON schema. + +``` + $ npm install + $ node build.js +``` + +This creates standalone validator module at ./dist/cve5validator.js based on the bundled CVE JSON schema. +When the schema is updated, a new validator module needs to be built using build.js. diff --git a/schema/support/Node_Validator/build.js b/schema/support/Node_Validator/build.js new file mode 100644 index 00000000000..09ab39b0cd4 --- /dev/null +++ b/schema/support/Node_Validator/build.js @@ -0,0 +1,28 @@ +const fs = require("fs") +const path = require("path") +const Ajv = require('ajv').default; +const standaloneCode = require("ajv/dist/standalone").default +const addFormats = require('ajv-formats').default; +const schema = require("../../docs/CVE_JSON_bundled.json") + +function reduceSchema(o) { + for(prop in o) { + if(typeof(o[prop])=='object') { + reduceSchema(o[prop]) + } else if (prop == "description" && typeof(o[prop])=='string') { + delete o[prop] + } else if (prop == "title" && typeof(o[prop])=='string') { + delete o[prop] + } + } + return o; +} +var rSchema = reduceSchema(schema); + +const ajv = new Ajv({code: {source: true, optimize: 10}}) +addFormats(ajv); +const validate = ajv.compile(rSchema) +let moduleCode = standaloneCode(ajv, validate) + +// Now you can write the module code to file +fs.writeFileSync(path.join(__dirname+'/dist', "cve5validator.js"), moduleCode) diff --git a/schema/support/Node_Validator/dist/cve5validator.js b/schema/support/Node_Validator/dist/cve5validator.js new file mode 100644 index 00000000000..6e0db22c3db --- /dev/null +++ b/schema/support/Node_Validator/dist/cve5validator.js @@ -0,0 +1 @@ +"use strict";module.exports = validate10;module.exports.default = validate10;const schema11 = {"$schema":"http://json-schema.org/draft-07/schema#","$id":"https://cveproject.github.io/cve-schema/schema/v5.0/docs/CVE_JSON_bundled.json","definitions":{"uriType":{"type":"string","format":"uri","minLength":1,"maxLength":2048},"uuidType":{"type":"string","pattern":"^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"},"reference":{"type":"object","required":["url"],"properties":{"url":{"$ref":"#/definitions/uriType"},"name":{"type":"string","maxLength":512,"minLength":1},"tags":{"type":"array","minItems":1,"uniqueItems":true,"items":{"oneOf":[{"$ref":"#/definitions/tagExtension"},{"$schema":"http://json-schema.org/draft-07/schema#","$id":"https://cve.mitre.org/cve/v5_00/tags/reference/","type":"string","enum":["broken-link","customer-entitlement","exploit","government-resource","issue-tracking","mailing-list","mitigation","not-applicable","patch","permissions-required","media-coverage","product","related","release-notes","signature","technical-description","third-party-advisory","vendor-advisory","vdb-entry"]}]}}},"additionalProperties":false},"cveId":{"type":"string","pattern":"^CVE-[0-9]{4}-[0-9]{4,19}$"},"orgId":{"$ref":"#/definitions/uuidType"},"userId":{"$ref":"#/definitions/uuidType"},"shortName":{"type":"string","minLength":2,"maxLength":32},"datestamp":{"type":"string","format":"date","pattern":"^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))$"},"timestamp":{"type":"string","format":"date-time","pattern":"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},"version":{"type":"string","minLength":1,"maxLength":1024},"status":{"type":"string","enum":["affected","unaffected","unknown"]},"product":{"type":"object","allOf":[{"anyOf":[{"required":["vendor","product"]},{"required":["collectionURL","packageName"]}]},{"anyOf":[{"required":["versions"]},{"required":["defaultStatus"]}]}],"properties":{"vendor":{"type":"string","minLength":1,"maxLength":512},"product":{"type":"string","minLength":1,"maxLength":2048},"collectionURL":{"$ref":"#/definitions/uriType","examples":["https://access.redhat.com/downloads/content/package-browser","https://addons.mozilla.org","https://addons.thunderbird.net","https://anaconda.org/anaconda/repo","https://app.vagrantup.com/boxes/search","https://apps.apple.com","https://archlinux.org/packages","https://atmospherejs.meteor.com","https://atom.io/packages","https://bitbucket.org","https://bower.io","https://brew.sh/","https://chocolatey.org/packages","https://chrome.google.com/webstore","https://clojars.org","https://cocoapods.org","https://code.dlang.org","https://conan.io/center","https://cpan.org/modules","https://cran.r-project.org","https://crates.io","https://ctan.org/pkg","https://drupal.org","https://exchange.adobe.com","https://forge.puppet.com/modules","https://github.com","https://gitlab.com/explore","https://golang.org/pkg","https://guix.gnu.org/packages","https://hackage.haskell.org","https://helm.sh","https://hub.docker.com","https://juliahub.com","https://lib.haxe.org","https://luarocks.org","https://marketplace.visualstudio.com","https://melpa.org","https://microsoft.com/en-us/store/apps","https://nimble.directory","https://nuget.org/packages","https://opam.ocaml.org/packages","https://openwrt.org/packages/index","https://package.elm-lang.org","https://packagecontrol.io","https://packages.debian.org","https://packages.gentoo.org","https://packagist.org","https://pear.php.net/packages.php","https://pecl.php.net","https://platformio.org/lib","https://play.google.com/store","https://plugins.gradle.org","https://projects.eclipse.org","https://pub.dev","https://pypi.python.org","https://registry.npmjs.org","https://registry.terraform.io","https://repo.hex.pm","https://repo.maven.apache.org/maven2","https://rubygems.org","https://search.nixos.org/packages","https://sourceforge.net","https://wordpress.org/plugins"]},"packageName":{"type":"string","minLength":1,"maxLength":2048},"cpes":{"type":"array","uniqueItems":true,"items":{"type":"string","pattern":"([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})","minLength":1,"maxLength":2048}},"modules":{"type":"array","uniqueItems":true,"items":{"type":"string","minLength":1,"maxLength":4096}},"programFiles":{"type":"array","uniqueItems":true,"items":{"type":"string","minLength":1,"maxLength":1024}},"programRoutines":{"type":"array","uniqueItems":true,"items":{"type":"object","required":["name"],"properties":{"name":{"type":"string","minLength":1,"maxLength":4096}},"additionalProperties":false}},"platforms":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"string","examples":["iOS","Android","Windows","macOS","x86","ARM","64 bit","Big Endian","iPad","Chromebook","Docker","Model T"],"maxLength":1024}},"repo":{"$ref":"#/definitions/uriType"},"defaultStatus":{"$ref":"#/definitions/status"},"versions":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","oneOf":[{"required":["version","status"],"maxProperties":2},{"required":["version","status","versionType"],"maxProperties":3},{"required":["version","status","versionType","lessThan"]},{"required":["version","status","versionType","lessThanOrEqual"]}],"properties":{"version":{"$ref":"#/definitions/version"},"status":{"$ref":"#/definitions/status"},"versionType":{"type":"string","minLength":1,"maxLength":128,"examples":["custom","git","maven","python","rpm","semver"]},"lessThan":{"$ref":"#/definitions/version"},"lessThanOrEqual":{"$ref":"#/definitions/version"},"changes":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","required":["at","status"],"additionalProperties":false,"properties":{"at":{"$ref":"#/definitions/version"},"status":{"$ref":"#/definitions/status"}}}}},"additionalProperties":false}}}},"dataType":{"type":"string","enum":["CVE_RECORD"]},"dataVersion":{"type":"string","pattern":"^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$","default":"5.1.0"},"cveMetadataPublished":{"type":"object","required":["cveId","assignerOrgId","state"],"properties":{"cveId":{"$ref":"#/definitions/cveId"},"assignerOrgId":{"$ref":"#/definitions/orgId"},"assignerShortName":{"$ref":"#/definitions/shortName"},"requesterUserId":{"$ref":"#/definitions/userId"},"dateUpdated":{"$ref":"#/definitions/timestamp"},"serial":{"type":"integer","minimum":1},"dateReserved":{"$ref":"#/definitions/timestamp"},"datePublished":{"$ref":"#/definitions/timestamp"},"state":{"type":"string","enum":["PUBLISHED"]}},"additionalProperties":false},"cveMetadataRejected":{"type":"object","required":["cveId","assignerOrgId","state"],"properties":{"cveId":{"$ref":"#/definitions/cveId"},"assignerOrgId":{"$ref":"#/definitions/orgId"},"assignerShortName":{"$ref":"#/definitions/shortName"},"serial":{"type":"integer","minimum":1},"dateUpdated":{"$ref":"#/definitions/timestamp"},"datePublished":{"$ref":"#/definitions/timestamp"},"dateRejected":{"$ref":"#/definitions/timestamp"},"state":{"type":"string","enum":["REJECTED"]},"dateReserved":{"$ref":"#/definitions/timestamp"}},"additionalProperties":false},"providerMetadata":{"type":"object","properties":{"orgId":{"$ref":"#/definitions/orgId"},"shortName":{"$ref":"#/definitions/shortName"},"dateUpdated":{"$ref":"#/definitions/timestamp"}},"required":["orgId"],"additionalProperties":false},"cnaPublishedContainer":{"type":"object","properties":{"providerMetadata":{"$ref":"#/definitions/providerMetadata"},"dateAssigned":{"$ref":"#/definitions/timestamp"},"datePublic":{"$ref":"#/definitions/timestamp"},"title":{"type":"string","minLength":1,"maxLength":256},"descriptions":{"$ref":"#/definitions/descriptions"},"affected":{"$ref":"#/definitions/affected"},"problemTypes":{"$ref":"#/definitions/problemTypes"},"references":{"$ref":"#/definitions/references"},"impacts":{"$ref":"#/definitions/impacts"},"metrics":{"$ref":"#/definitions/metrics"},"configurations":{"$ref":"#/definitions/configurations"},"workarounds":{"$ref":"#/definitions/workarounds"},"solutions":{"$ref":"#/definitions/solutions"},"exploits":{"$ref":"#/definitions/exploits"},"timeline":{"$ref":"#/definitions/timeline"},"credits":{"$ref":"#/definitions/credits"},"source":{"$ref":"#/definitions/source"},"tags":{"$ref":"#/definitions/cnaTags"},"taxonomyMappings":{"$ref":"#/definitions/taxonomyMappings"}},"required":["providerMetadata","descriptions","affected","references"],"patternProperties":{"^x_[^.]*$":{}},"$comment":"The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.","additionalProperties":false},"cnaRejectedContainer":{"type":"object","properties":{"providerMetadata":{"$ref":"#/definitions/providerMetadata"},"rejectedReasons":{"$ref":"#/definitions/descriptions"},"replacedBy":{"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/cveId"}}},"required":["providerMetadata","rejectedReasons"],"patternProperties":{"^x_[^.]*$":{}},"$comment":"The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.","additionalProperties":false},"adpContainer":{"type":"object","properties":{"providerMetadata":{"$ref":"#/definitions/providerMetadata"},"datePublic":{"$ref":"#/definitions/timestamp"},"title":{"type":"string","minLength":1,"maxLength":256},"descriptions":{"$ref":"#/definitions/descriptions"},"affected":{"$ref":"#/definitions/affected"},"problemTypes":{"$ref":"#/definitions/problemTypes"},"references":{"$ref":"#/definitions/references"},"impacts":{"$ref":"#/definitions/impacts"},"metrics":{"$ref":"#/definitions/metrics"},"configurations":{"$ref":"#/definitions/configurations"},"workarounds":{"$ref":"#/definitions/workarounds"},"solutions":{"$ref":"#/definitions/solutions"},"exploits":{"$ref":"#/definitions/exploits"},"timeline":{"$ref":"#/definitions/timeline"},"credits":{"$ref":"#/definitions/credits"},"source":{"$ref":"#/definitions/source"},"tags":{"$ref":"#/definitions/adpTags"},"taxonomyMappings":{"$ref":"#/definitions/taxonomyMappings"}},"required":["providerMetadata"],"minProperties":2,"patternProperties":{"^x_[^.]*$":{}},"$comment":"The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.","additionalProperties":false},"affected":{"type":"array","minItems":1,"items":{"$ref":"#/definitions/product"}},"description":{"type":"object","properties":{"lang":{"$ref":"#/definitions/language"},"value":{"type":"string","minLength":1,"maxLength":4096},"supportingMedia":{"type":"array","uniqueItems":true,"minItems":1,"items":{"type":"object","properties":{"type":{"type":"string","minLength":1,"maxLength":256,"examples":["text/markdown","text/html","image/png","image/svg","audio/mp3"]},"base64":{"type":"boolean","default":false},"value":{"type":"string","minLength":1,"maxLength":16384}},"required":["type","value"],"additionalProperties":false}}},"required":["lang","value"],"additionalProperties":false},"englishLanguageDescription":{"type":"object","properties":{"lang":{"$ref":"#/definitions/englishLanguage"}},"required":["lang"],"$comment":"Cannot use additionalProperties: false here, as this prevents the other properties used by /definitions/description."},"descriptions":{"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/description"},"contains":{"$ref":"#/definitions/englishLanguageDescription"}},"problemTypes":{"type":"array","items":{"type":"object","required":["descriptions"],"properties":{"descriptions":{"type":"array","items":{"type":"object","required":["lang","description"],"properties":{"lang":{"$ref":"#/definitions/language"},"description":{"type":"string","minLength":1,"maxLength":4096},"cweId":{"type":"string","minLength":5,"maxLength":9,"pattern":"^CWE-[1-9][0-9]*$"},"type":{"type":"string","minLength":1,"maxLength":128},"references":{"$ref":"#/definitions/references"}},"additionalProperties":false},"minItems":1,"uniqueItems":true}},"additionalProperties":false},"minItems":1,"uniqueItems":true},"references":{"type":"array","items":{"$ref":"#/definitions/reference"},"minItems":1,"maxItems":512,"uniqueItems":true},"impacts":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","required":["descriptions"],"properties":{"capecId":{"type":"string","minLength":7,"maxLength":11,"pattern":"^CAPEC-[1-9][0-9]{0,4}$"},"descriptions":{"$ref":"#/definitions/descriptions"}},"additionalProperties":false}},"metrics":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","anyOf":[{"required":["cvssV4_0"]},{"required":["cvssV3_1"]},{"required":["cvssV3_0"]},{"required":["cvssV2_0"]},{"required":["other"]}],"properties":{"format":{"type":"string","minLength":1,"maxLength":64},"scenarios":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","properties":{"lang":{"$ref":"#/definitions/language"},"value":{"type":"string","default":"GENERAL","minLength":1,"maxLength":4096}},"required":["lang","value"],"additionalProperties":false}},"cvssV4_0":{"$schema":"http://json-schema.org/draft-07/schema#","type":"object","definitions":{"attackVectorType":{"type":"string","enum":["NETWORK","ADJACENT","LOCAL","PHYSICAL"]},"modifiedAttackVectorType":{"type":"string","enum":["NETWORK","ADJACENT","LOCAL","PHYSICAL","NOT_DEFINED"],"default":"NOT_DEFINED"},"attackComplexityType":{"type":"string","enum":["HIGH","LOW"]},"modifiedAttackComplexityType":{"type":"string","enum":["HIGH","LOW","NOT_DEFINED"],"default":"NOT_DEFINED"},"attackRequirementsType":{"type":"string","enum":["NONE","PRESENT"]},"modifiedAttackRequirementsType":{"type":"string","enum":["NONE","PRESENT","NOT_DEFINED"],"default":"NOT_DEFINED"},"privilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE"]},"modifiedPrivilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE","NOT_DEFINED"],"default":"NOT_DEFINED"},"userInteractionType":{"type":"string","enum":["NONE","PASSIVE","ACTIVE"]},"modifiedUserInteractionType":{"type":"string","enum":["NONE","PASSIVE","ACTIVE","NOT_DEFINED"],"default":"NOT_DEFINED"},"vulnCiaType":{"type":"string","enum":["NONE","LOW","HIGH"]},"modifiedVulnCiaType":{"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"},"subCiaType":{"type":"string","enum":["NONE","LOW","HIGH"]},"modifiedSubCType":{"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"},"modifiedSubIaType":{"type":"string","enum":["NONE","LOW","HIGH","SAFETY","NOT_DEFINED"],"default":"NOT_DEFINED"},"exploitMaturityType":{"type":"string","enum":["UNREPORTED","PROOF_OF_CONCEPT","ATTACKED","NOT_DEFINED"],"default":"NOT_DEFINED"},"ciaRequirementType":{"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"},"safetyType":{"type":"string","enum":["NEGLIGIBLE","PRESENT","NOT_DEFINED"],"default":"NOT_DEFINED"},"automatableType":{"type":"string","enum":["NO","YES","NOT_DEFINED"],"default":"NOT_DEFINED"},"recoveryType":{"type":"string","enum":["AUTOMATIC","USER","IRRECOVERABLE","NOT_DEFINED"],"default":"NOT_DEFINED"},"valueDensityType":{"type":"string","enum":["DIFFUSE","CONCENTRATED","NOT_DEFINED"],"default":"NOT_DEFINED"},"vulnerabilityResponseEffortType":{"type":"string","enum":["LOW","MODERATE","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"},"providerUrgencyType":{"type":"string","enum":["CLEAR","GREEN","AMBER","RED","NOT_DEFINED"],"default":"NOT_DEFINED"},"scoreType":{"type":"number","minimum":0,"maximum":10,"multipleOf":0.1},"noneScoreType":{"type":"number","minimum":0,"maximum":0},"lowScoreType":{"type":"number","minimum":0.1,"maximum":3.9,"multipleOf":0.1},"mediumScoreType":{"type":"number","minimum":4,"maximum":6.9,"multipleOf":0.1},"highScoreType":{"type":"number","minimum":7,"maximum":8.9,"multipleOf":0.1},"criticalScoreType":{"type":"number","minimum":9,"maximum":10,"multipleOf":0.1},"severityType":{"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","CRITICAL"]},"noneSeverityType":{"const":"NONE"},"lowSeverityType":{"const":"LOW"},"mediumSeverityType":{"const":"MEDIUM"},"highSeverityType":{"const":"HIGH"},"criticalSeverityType":{"const":"CRITICAL"}},"properties":{"version":{"type":"string","enum":["4.0"]},"vectorString":{"type":"string","pattern":"^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$"},"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType"},"attackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType"},"attackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType"},"attackRequirements":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType"},"privilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType"},"userInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType"},"vulnConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType"},"vulnIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType"},"vulnAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType"},"subConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType"},"subIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType"},"subAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType"},"exploitMaturity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType"},"confidentialityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType"},"integrityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType"},"availabilityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType"},"modifiedAttackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType"},"modifiedAttackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType"},"modifiedAttackRequirements":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType"},"modifiedPrivilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType"},"modifiedUserInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType"},"modifiedVulnConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType"},"modifiedVulnIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType"},"modifiedVulnAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType"},"modifiedSubConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType"},"modifiedSubIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType"},"modifiedSubAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType"},"Safety":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType"},"Automatable":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType"},"Recovery":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType"},"valueDensity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType"},"vulnerabilityResponseEffort":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType"},"providerUrgency":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType"}},"allOf":[{"anyOf":[{"properties":{"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType"}}},{"properties":{"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType"}}},{"properties":{"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType"}}},{"properties":{"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType"}}},{"properties":{"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType"}}}]},{"anyOf":[{"properties":{"threatScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType"},"threatSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType"}}},{"properties":{"threatScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType"},"threatSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType"}}},{"properties":{"threatScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType"},"threatSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType"}}},{"properties":{"threatScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType"},"threatSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType"}}},{"properties":{"threatScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType"},"threatSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType"}}}]},{"anyOf":[{"properties":{"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType"}}},{"properties":{"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType"}}},{"properties":{"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType"}}},{"properties":{"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType"}}},{"properties":{"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType"}}}]}],"required":["version","vectorString","baseScore","baseSeverity"],"additionalProperties":false},"cvssV3_1":{"$schema":"http://json-schema.org/draft-07/schema#","type":"object","definitions":{"attackVectorType":{"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL"]},"modifiedAttackVectorType":{"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL","NOT_DEFINED"]},"attackComplexityType":{"type":"string","enum":["HIGH","LOW"]},"modifiedAttackComplexityType":{"type":"string","enum":["HIGH","LOW","NOT_DEFINED"]},"privilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE"]},"modifiedPrivilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE","NOT_DEFINED"]},"userInteractionType":{"type":"string","enum":["NONE","REQUIRED"]},"modifiedUserInteractionType":{"type":"string","enum":["NONE","REQUIRED","NOT_DEFINED"]},"scopeType":{"type":"string","enum":["UNCHANGED","CHANGED"]},"modifiedScopeType":{"type":"string","enum":["UNCHANGED","CHANGED","NOT_DEFINED"]},"ciaType":{"type":"string","enum":["NONE","LOW","HIGH"]},"modifiedCiaType":{"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"]},"exploitCodeMaturityType":{"type":"string","enum":["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED"]},"remediationLevelType":{"type":"string","enum":["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"]},"confidenceType":{"type":"string","enum":["UNKNOWN","REASONABLE","CONFIRMED","NOT_DEFINED"]},"ciaRequirementType":{"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"]},"scoreType":{"type":"number","minimum":0,"maximum":10},"severityType":{"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","CRITICAL"]}},"properties":{"version":{"type":"string","enum":["3.1"]},"vectorString":{"type":"string","pattern":"^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"},"attackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType"},"attackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType"},"privilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType"},"userInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType"},"scope":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType"},"confidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType"},"integrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType"},"availabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType"},"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType"},"exploitCodeMaturity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType"},"remediationLevel":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType"},"reportConfidence":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType"},"temporalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType"},"temporalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType"},"confidentialityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType"},"integrityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType"},"availabilityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType"},"modifiedAttackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType"},"modifiedAttackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType"},"modifiedPrivilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType"},"modifiedUserInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType"},"modifiedScope":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType"},"modifiedConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType"},"modifiedIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType"},"modifiedAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType"},"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType"}},"required":["version","vectorString","baseScore","baseSeverity"],"additionalProperties":false},"cvssV3_0":{"$schema":"http://json-schema.org/draft-04/schema#","type":"object","definitions":{"attackVectorType":{"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL"]},"modifiedAttackVectorType":{"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL","NOT_DEFINED"]},"attackComplexityType":{"type":"string","enum":["HIGH","LOW"]},"modifiedAttackComplexityType":{"type":"string","enum":["HIGH","LOW","NOT_DEFINED"]},"privilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE"]},"modifiedPrivilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE","NOT_DEFINED"]},"userInteractionType":{"type":"string","enum":["NONE","REQUIRED"]},"modifiedUserInteractionType":{"type":"string","enum":["NONE","REQUIRED","NOT_DEFINED"]},"scopeType":{"type":"string","enum":["UNCHANGED","CHANGED"]},"modifiedScopeType":{"type":"string","enum":["UNCHANGED","CHANGED","NOT_DEFINED"]},"ciaType":{"type":"string","enum":["NONE","LOW","HIGH"]},"modifiedCiaType":{"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"]},"exploitCodeMaturityType":{"type":"string","enum":["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED"]},"remediationLevelType":{"type":"string","enum":["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"]},"confidenceType":{"type":"string","enum":["UNKNOWN","REASONABLE","CONFIRMED","NOT_DEFINED"]},"ciaRequirementType":{"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"]},"scoreType":{"type":"number","minimum":0,"maximum":10},"severityType":{"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","CRITICAL"]}},"properties":{"version":{"type":"string","enum":["3.0"]},"vectorString":{"type":"string","pattern":"^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"},"attackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType"},"attackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType"},"privilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType"},"userInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType"},"scope":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType"},"confidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType"},"integrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType"},"availabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType"},"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType"},"exploitCodeMaturity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType"},"remediationLevel":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType"},"reportConfidence":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType"},"temporalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType"},"temporalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType"},"confidentialityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType"},"integrityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType"},"availabilityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType"},"modifiedAttackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType"},"modifiedAttackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType"},"modifiedPrivilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType"},"modifiedUserInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType"},"modifiedScope":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType"},"modifiedConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType"},"modifiedIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType"},"modifiedAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType"},"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType"}},"required":["version","vectorString","baseScore","baseSeverity"],"additionalProperties":false},"cvssV2_0":{"$schema":"http://json-schema.org/draft-04/schema#","type":"object","definitions":{"accessVectorType":{"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL"]},"accessComplexityType":{"type":"string","enum":["HIGH","MEDIUM","LOW"]},"authenticationType":{"type":"string","enum":["MULTIPLE","SINGLE","NONE"]},"ciaType":{"type":"string","enum":["NONE","PARTIAL","COMPLETE"]},"exploitabilityType":{"type":"string","enum":["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED"]},"remediationLevelType":{"type":"string","enum":["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"]},"reportConfidenceType":{"type":"string","enum":["UNCONFIRMED","UNCORROBORATED","CONFIRMED","NOT_DEFINED"]},"collateralDamagePotentialType":{"type":"string","enum":["NONE","LOW","LOW_MEDIUM","MEDIUM_HIGH","HIGH","NOT_DEFINED"]},"targetDistributionType":{"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","NOT_DEFINED"]},"ciaRequirementType":{"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"]},"scoreType":{"type":"number","minimum":0,"maximum":10}},"properties":{"version":{"type":"string","enum":["2.0"]},"vectorString":{"type":"string","pattern":"^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$"},"accessVector":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType"},"accessComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType"},"authentication":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType"},"confidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType"},"integrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType"},"availabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType"},"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType"},"exploitability":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType"},"remediationLevel":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType"},"reportConfidence":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType"},"temporalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType"},"collateralDamagePotential":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType"},"targetDistribution":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType"},"confidentialityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType"},"integrityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType"},"availabilityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType"},"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType"}},"required":["version","vectorString","baseScore"],"additionalProperties":false},"other":{"type":"object","required":["type","content"],"properties":{"type":{"type":"string","minLength":1,"maxLength":128},"content":{"type":"object","$comment":"additionalProperties are allowed here, since this construct supports arbitrary JSON.","minProperties":1}},"additionalProperties":false}},"additionalProperties":false}},"configurations":{"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/description"}},"workarounds":{"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/description"}},"solutions":{"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/description"}},"exploits":{"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/description"}},"timeline":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","required":["time","lang","value"],"properties":{"time":{"$ref":"#/definitions/timestamp"},"lang":{"$ref":"#/definitions/language"},"value":{"type":"string","minLength":1,"maxLength":4096}},"additionalProperties":false}},"credits":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","properties":{"lang":{"$ref":"#/definitions/language"},"value":{"type":"string","minLength":1,"maxLength":4096},"user":{"$ref":"#/definitions/uuidType"},"type":{"type":"string","default":"finder","enum":["finder","reporter","analyst","coordinator","remediation developer","remediation reviewer","remediation verifier","tool","sponsor","other"]}},"additionalProperties":false,"required":["lang","value"]}},"source":{"type":"object","minProperties":1},"language":{"type":"string","default":"en","pattern":"^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$"},"englishLanguage":{"type":"string","pattern":"^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$"},"taxonomyMappings":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","required":["taxonomyName","taxonomyRelations"],"properties":{"taxonomyName":{"type":"string","minLength":1,"maxLength":128},"taxonomyVersion":{"type":"string","minLength":1,"maxLength":128},"taxonomyRelations":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","required":["taxonomyId","relationshipName","relationshipValue"],"properties":{"taxonomyId":{"type":"string","minLength":1,"maxLength":2048},"relationshipName":{"type":"string","minLength":1,"maxLength":128},"relationshipValue":{"type":"string","minLength":1,"maxLength":2048}},"additionalProperties":false}}},"additionalProperties":false}},"tagExtension":{"type":"string","minLength":2,"maxLength":128,"pattern":"^x_.*$","$comment":"These values are not used as JSON property names, so there is not a need to work-around property naming limitations in some common implementations."},"cnaTags":{"type":"array","uniqueItems":true,"minItems":1,"items":{"oneOf":[{"$ref":"#/definitions/tagExtension"},{"$schema":"http://json-schema.org/draft-07/schema#","$id":"https://cve.mitre.org/cve/v5_00/tags/cna/","type":"string","enum":["unsupported-when-assigned","exclusively-hosted-service","disputed"]}]}},"adpTags":{"type":"array","uniqueItems":true,"minItems":1,"items":{"oneOf":[{"$ref":"#/definitions/tagExtension"},{"$schema":"http://json-schema.org/draft-07/schema#","$id":"https://cve.mitre.org/cve/v5_00/tags/adp/","type":"string","enum":["disputed"]}]}}},"oneOf":[{"type":"object","properties":{"dataType":{"$ref":"#/definitions/dataType"},"dataVersion":{"$ref":"#/definitions/dataVersion"},"cveMetadata":{"$ref":"#/definitions/cveMetadataPublished"},"containers":{"type":"object","properties":{"cna":{"$ref":"#/definitions/cnaPublishedContainer"},"adp":{"type":"array","items":{"$ref":"#/definitions/adpContainer"},"minItems":1,"uniqueItems":true}},"required":["cna"],"additionalProperties":false}},"required":["dataType","dataVersion","cveMetadata","containers"],"additionalProperties":false},{"type":"object","properties":{"dataType":{"$ref":"#/definitions/dataType"},"dataVersion":{"$ref":"#/definitions/dataVersion"},"cveMetadata":{"$ref":"#/definitions/cveMetadataRejected"},"containers":{"type":"object","properties":{"cna":{"$ref":"#/definitions/cnaRejectedContainer"}},"required":["cna"],"additionalProperties":false}},"required":["dataType","dataVersion","cveMetadata","containers"],"additionalProperties":false}]};const schema12 = {"type":"string","enum":["CVE_RECORD"]};const schema13 = {"type":"string","pattern":"^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$","default":"5.1.0"};const func0 = require("ajv/dist/runtime/equal").default;const pattern0 = new RegExp("^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$", "u");const schema14 = {"type":"object","required":["cveId","assignerOrgId","state"],"properties":{"cveId":{"$ref":"#/definitions/cveId"},"assignerOrgId":{"$ref":"#/definitions/orgId"},"assignerShortName":{"$ref":"#/definitions/shortName"},"requesterUserId":{"$ref":"#/definitions/userId"},"dateUpdated":{"$ref":"#/definitions/timestamp"},"serial":{"type":"integer","minimum":1},"dateReserved":{"$ref":"#/definitions/timestamp"},"datePublished":{"$ref":"#/definitions/timestamp"},"state":{"type":"string","enum":["PUBLISHED"]}},"additionalProperties":false};const schema15 = {"type":"string","pattern":"^CVE-[0-9]{4}-[0-9]{4,19}$"};const schema16 = {"type":"string","pattern":"^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"};const schema17 = {"type":"string","minLength":2,"maxLength":32};const schema19 = {"type":"string","format":"date-time","pattern":"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"};const func5 = Object.prototype.hasOwnProperty;const func6 = require("ajv/dist/runtime/ucs2length").default;const pattern1 = new RegExp("^CVE-[0-9]{4}-[0-9]{4,19}$", "u");const pattern2 = new RegExp("^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$", "u");const pattern4 = new RegExp("^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$", "u");const formats0 = require("ajv-formats/dist/formats").fullFormats["date-time"];function validate11(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if((((data.cveId === undefined) && (missing0 = "cveId")) || ((data.assignerOrgId === undefined) && (missing0 = "assignerOrgId"))) || ((data.state === undefined) && (missing0 = "state"))){validate11.errors = [{instancePath,schemaPath:"#/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"}];return false;}else {const _errs1 = errors;for(const key0 in data){if(!(func5.call(schema14.properties, key0))){validate11.errors = [{instancePath,schemaPath:"#/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key0},message:"must NOT have additional properties"}];return false;break;}}if(_errs1 === errors){if(data.cveId !== undefined){let data0 = data.cveId;const _errs2 = errors;const _errs3 = errors;if(errors === _errs3){if(typeof data0 === "string"){if(!pattern1.test(data0)){validate11.errors = [{instancePath:instancePath+"/cveId",schemaPath:"#/definitions/cveId/pattern",keyword:"pattern",params:{pattern: "^CVE-[0-9]{4}-[0-9]{4,19}$"},message:"must match pattern \""+"^CVE-[0-9]{4}-[0-9]{4,19}$"+"\""}];return false;}}else {validate11.errors = [{instancePath:instancePath+"/cveId",schemaPath:"#/definitions/cveId/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs2 === errors;}else {var valid0 = true;}if(valid0){if(data.assignerOrgId !== undefined){let data1 = data.assignerOrgId;const _errs5 = errors;const _errs6 = errors;if(errors === _errs6){if(typeof data1 === "string"){if(!pattern2.test(data1)){validate11.errors = [{instancePath:instancePath+"/assignerOrgId",schemaPath:"#/definitions/orgId/pattern",keyword:"pattern",params:{pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"},message:"must match pattern \""+"^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"+"\""}];return false;}}else {validate11.errors = [{instancePath:instancePath+"/assignerOrgId",schemaPath:"#/definitions/orgId/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs5 === errors;}else {var valid0 = true;}if(valid0){if(data.assignerShortName !== undefined){let data2 = data.assignerShortName;const _errs8 = errors;const _errs9 = errors;if(errors === _errs9){if(typeof data2 === "string"){if(func6(data2) > 32){validate11.errors = [{instancePath:instancePath+"/assignerShortName",schemaPath:"#/definitions/shortName/maxLength",keyword:"maxLength",params:{limit: 32},message:"must NOT have more than 32 characters"}];return false;}else {if(func6(data2) < 2){validate11.errors = [{instancePath:instancePath+"/assignerShortName",schemaPath:"#/definitions/shortName/minLength",keyword:"minLength",params:{limit: 2},message:"must NOT have fewer than 2 characters"}];return false;}}}else {validate11.errors = [{instancePath:instancePath+"/assignerShortName",schemaPath:"#/definitions/shortName/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs8 === errors;}else {var valid0 = true;}if(valid0){if(data.requesterUserId !== undefined){let data3 = data.requesterUserId;const _errs11 = errors;const _errs12 = errors;if(errors === _errs12){if(typeof data3 === "string"){if(!pattern2.test(data3)){validate11.errors = [{instancePath:instancePath+"/requesterUserId",schemaPath:"#/definitions/userId/pattern",keyword:"pattern",params:{pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"},message:"must match pattern \""+"^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"+"\""}];return false;}}else {validate11.errors = [{instancePath:instancePath+"/requesterUserId",schemaPath:"#/definitions/userId/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs11 === errors;}else {var valid0 = true;}if(valid0){if(data.dateUpdated !== undefined){let data4 = data.dateUpdated;const _errs14 = errors;const _errs15 = errors;if(errors === _errs15){if(errors === _errs15){if(typeof data4 === "string"){if(!pattern4.test(data4)){validate11.errors = [{instancePath:instancePath+"/dateUpdated",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data4))){validate11.errors = [{instancePath:instancePath+"/dateUpdated",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate11.errors = [{instancePath:instancePath+"/dateUpdated",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs14 === errors;}else {var valid0 = true;}if(valid0){if(data.serial !== undefined){let data5 = data.serial;const _errs17 = errors;if(!(((typeof data5 == "number") && (!(data5 % 1) && !isNaN(data5))) && (isFinite(data5)))){validate11.errors = [{instancePath:instancePath+"/serial",schemaPath:"#/properties/serial/type",keyword:"type",params:{type: "integer"},message:"must be integer"}];return false;}if(errors === _errs17){if((typeof data5 == "number") && (isFinite(data5))){if(data5 < 1 || isNaN(data5)){validate11.errors = [{instancePath:instancePath+"/serial",schemaPath:"#/properties/serial/minimum",keyword:"minimum",params:{comparison: ">=", limit: 1},message:"must be >= 1"}];return false;}}}var valid0 = _errs17 === errors;}else {var valid0 = true;}if(valid0){if(data.dateReserved !== undefined){let data6 = data.dateReserved;const _errs19 = errors;const _errs20 = errors;if(errors === _errs20){if(errors === _errs20){if(typeof data6 === "string"){if(!pattern4.test(data6)){validate11.errors = [{instancePath:instancePath+"/dateReserved",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data6))){validate11.errors = [{instancePath:instancePath+"/dateReserved",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate11.errors = [{instancePath:instancePath+"/dateReserved",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs19 === errors;}else {var valid0 = true;}if(valid0){if(data.datePublished !== undefined){let data7 = data.datePublished;const _errs22 = errors;const _errs23 = errors;if(errors === _errs23){if(errors === _errs23){if(typeof data7 === "string"){if(!pattern4.test(data7)){validate11.errors = [{instancePath:instancePath+"/datePublished",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data7))){validate11.errors = [{instancePath:instancePath+"/datePublished",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate11.errors = [{instancePath:instancePath+"/datePublished",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs22 === errors;}else {var valid0 = true;}if(valid0){if(data.state !== undefined){let data8 = data.state;const _errs25 = errors;if(typeof data8 !== "string"){validate11.errors = [{instancePath:instancePath+"/state",schemaPath:"#/properties/state/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(data8 === "PUBLISHED")){validate11.errors = [{instancePath:instancePath+"/state",schemaPath:"#/properties/state/enum",keyword:"enum",params:{allowedValues: schema14.properties.state.enum},message:"must be equal to one of the allowed values"}];return false;}var valid0 = _errs25 === errors;}else {var valid0 = true;}}}}}}}}}}}}else {validate11.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate11.errors = vErrors;return errors === 0;}const schema22 = {"type":"object","properties":{"providerMetadata":{"$ref":"#/definitions/providerMetadata"},"dateAssigned":{"$ref":"#/definitions/timestamp"},"datePublic":{"$ref":"#/definitions/timestamp"},"title":{"type":"string","minLength":1,"maxLength":256},"descriptions":{"$ref":"#/definitions/descriptions"},"affected":{"$ref":"#/definitions/affected"},"problemTypes":{"$ref":"#/definitions/problemTypes"},"references":{"$ref":"#/definitions/references"},"impacts":{"$ref":"#/definitions/impacts"},"metrics":{"$ref":"#/definitions/metrics"},"configurations":{"$ref":"#/definitions/configurations"},"workarounds":{"$ref":"#/definitions/workarounds"},"solutions":{"$ref":"#/definitions/solutions"},"exploits":{"$ref":"#/definitions/exploits"},"timeline":{"$ref":"#/definitions/timeline"},"credits":{"$ref":"#/definitions/credits"},"source":{"$ref":"#/definitions/source"},"tags":{"$ref":"#/definitions/cnaTags"},"taxonomyMappings":{"$ref":"#/definitions/taxonomyMappings"}},"required":["providerMetadata","descriptions","affected","references"],"patternProperties":{"^x_[^.]*$":{}},"$comment":"The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.","additionalProperties":false};const schema201 = {"type":"object","minProperties":1};const schema204 = {"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","required":["taxonomyName","taxonomyRelations"],"properties":{"taxonomyName":{"type":"string","minLength":1,"maxLength":128},"taxonomyVersion":{"type":"string","minLength":1,"maxLength":128},"taxonomyRelations":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","required":["taxonomyId","relationshipName","relationshipValue"],"properties":{"taxonomyId":{"type":"string","minLength":1,"maxLength":2048},"relationshipName":{"type":"string","minLength":1,"maxLength":128},"relationshipValue":{"type":"string","minLength":1,"maxLength":2048}},"additionalProperties":false}}},"additionalProperties":false}};const pattern7 = new RegExp("^x_[^.]*$", "u");const schema23 = {"type":"object","properties":{"orgId":{"$ref":"#/definitions/orgId"},"shortName":{"$ref":"#/definitions/shortName"},"dateUpdated":{"$ref":"#/definitions/timestamp"}},"required":["orgId"],"additionalProperties":false};function validate14(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if((data.orgId === undefined) && (missing0 = "orgId")){validate14.errors = [{instancePath,schemaPath:"#/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"}];return false;}else {const _errs1 = errors;for(const key0 in data){if(!(((key0 === "orgId") || (key0 === "shortName")) || (key0 === "dateUpdated"))){validate14.errors = [{instancePath,schemaPath:"#/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key0},message:"must NOT have additional properties"}];return false;break;}}if(_errs1 === errors){if(data.orgId !== undefined){let data0 = data.orgId;const _errs2 = errors;const _errs3 = errors;if(errors === _errs3){if(typeof data0 === "string"){if(!pattern2.test(data0)){validate14.errors = [{instancePath:instancePath+"/orgId",schemaPath:"#/definitions/orgId/pattern",keyword:"pattern",params:{pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"},message:"must match pattern \""+"^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"+"\""}];return false;}}else {validate14.errors = [{instancePath:instancePath+"/orgId",schemaPath:"#/definitions/orgId/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs2 === errors;}else {var valid0 = true;}if(valid0){if(data.shortName !== undefined){let data1 = data.shortName;const _errs5 = errors;const _errs6 = errors;if(errors === _errs6){if(typeof data1 === "string"){if(func6(data1) > 32){validate14.errors = [{instancePath:instancePath+"/shortName",schemaPath:"#/definitions/shortName/maxLength",keyword:"maxLength",params:{limit: 32},message:"must NOT have more than 32 characters"}];return false;}else {if(func6(data1) < 2){validate14.errors = [{instancePath:instancePath+"/shortName",schemaPath:"#/definitions/shortName/minLength",keyword:"minLength",params:{limit: 2},message:"must NOT have fewer than 2 characters"}];return false;}}}else {validate14.errors = [{instancePath:instancePath+"/shortName",schemaPath:"#/definitions/shortName/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs5 === errors;}else {var valid0 = true;}if(valid0){if(data.dateUpdated !== undefined){let data2 = data.dateUpdated;const _errs8 = errors;const _errs9 = errors;if(errors === _errs9){if(errors === _errs9){if(typeof data2 === "string"){if(!pattern4.test(data2)){validate14.errors = [{instancePath:instancePath+"/dateUpdated",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data2))){validate14.errors = [{instancePath:instancePath+"/dateUpdated",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate14.errors = [{instancePath:instancePath+"/dateUpdated",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs8 === errors;}else {var valid0 = true;}}}}}}else {validate14.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate14.errors = vErrors;return errors === 0;}const schema29 = {"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/description"},"contains":{"$ref":"#/definitions/englishLanguageDescription"}};const schema30 = {"type":"object","properties":{"lang":{"$ref":"#/definitions/language"},"value":{"type":"string","minLength":1,"maxLength":4096},"supportingMedia":{"type":"array","uniqueItems":true,"minItems":1,"items":{"type":"object","properties":{"type":{"type":"string","minLength":1,"maxLength":256,"examples":["text/markdown","text/html","image/png","image/svg","audio/mp3"]},"base64":{"type":"boolean","default":false},"value":{"type":"string","minLength":1,"maxLength":16384}},"required":["type","value"],"additionalProperties":false}}},"required":["lang","value"],"additionalProperties":false};const schema31 = {"type":"string","default":"en","pattern":"^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$"};const pattern12 = new RegExp("^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$", "u");function validate17(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if(((data.lang === undefined) && (missing0 = "lang")) || ((data.value === undefined) && (missing0 = "value"))){validate17.errors = [{instancePath,schemaPath:"#/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"}];return false;}else {const _errs1 = errors;for(const key0 in data){if(!(((key0 === "lang") || (key0 === "value")) || (key0 === "supportingMedia"))){validate17.errors = [{instancePath,schemaPath:"#/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key0},message:"must NOT have additional properties"}];return false;break;}}if(_errs1 === errors){if(data.lang !== undefined){let data0 = data.lang;const _errs2 = errors;const _errs3 = errors;if(errors === _errs3){if(typeof data0 === "string"){if(!pattern12.test(data0)){validate17.errors = [{instancePath:instancePath+"/lang",schemaPath:"#/definitions/language/pattern",keyword:"pattern",params:{pattern: "^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$"},message:"must match pattern \""+"^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$"+"\""}];return false;}}else {validate17.errors = [{instancePath:instancePath+"/lang",schemaPath:"#/definitions/language/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs2 === errors;}else {var valid0 = true;}if(valid0){if(data.value !== undefined){let data1 = data.value;const _errs5 = errors;if(errors === _errs5){if(typeof data1 === "string"){if(func6(data1) > 4096){validate17.errors = [{instancePath:instancePath+"/value",schemaPath:"#/properties/value/maxLength",keyword:"maxLength",params:{limit: 4096},message:"must NOT have more than 4096 characters"}];return false;}else {if(func6(data1) < 1){validate17.errors = [{instancePath:instancePath+"/value",schemaPath:"#/properties/value/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate17.errors = [{instancePath:instancePath+"/value",schemaPath:"#/properties/value/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs5 === errors;}else {var valid0 = true;}if(valid0){if(data.supportingMedia !== undefined){let data2 = data.supportingMedia;const _errs7 = errors;if(errors === _errs7){if(Array.isArray(data2)){if(data2.length < 1){validate17.errors = [{instancePath:instancePath+"/supportingMedia",schemaPath:"#/properties/supportingMedia/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid2 = true;const len0 = data2.length;for(let i0=0; i0 256){validate17.errors = [{instancePath:instancePath+"/supportingMedia/" + i0+"/type",schemaPath:"#/properties/supportingMedia/items/properties/type/maxLength",keyword:"maxLength",params:{limit: 256},message:"must NOT have more than 256 characters"}];return false;}else {if(func6(data4) < 1){validate17.errors = [{instancePath:instancePath+"/supportingMedia/" + i0+"/type",schemaPath:"#/properties/supportingMedia/items/properties/type/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate17.errors = [{instancePath:instancePath+"/supportingMedia/" + i0+"/type",schemaPath:"#/properties/supportingMedia/items/properties/type/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid3 = _errs12 === errors;}else {var valid3 = true;}if(valid3){if(data3.base64 !== undefined){const _errs14 = errors;if(typeof data3.base64 !== "boolean"){validate17.errors = [{instancePath:instancePath+"/supportingMedia/" + i0+"/base64",schemaPath:"#/properties/supportingMedia/items/properties/base64/type",keyword:"type",params:{type: "boolean"},message:"must be boolean"}];return false;}var valid3 = _errs14 === errors;}else {var valid3 = true;}if(valid3){if(data3.value !== undefined){let data6 = data3.value;const _errs16 = errors;if(errors === _errs16){if(typeof data6 === "string"){if(func6(data6) > 16384){validate17.errors = [{instancePath:instancePath+"/supportingMedia/" + i0+"/value",schemaPath:"#/properties/supportingMedia/items/properties/value/maxLength",keyword:"maxLength",params:{limit: 16384},message:"must NOT have more than 16384 characters"}];return false;}else {if(func6(data6) < 1){validate17.errors = [{instancePath:instancePath+"/supportingMedia/" + i0+"/value",schemaPath:"#/properties/supportingMedia/items/properties/value/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate17.errors = [{instancePath:instancePath+"/supportingMedia/" + i0+"/value",schemaPath:"#/properties/supportingMedia/items/properties/value/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid3 = _errs16 === errors;}else {var valid3 = true;}}}}}}else {validate17.errors = [{instancePath:instancePath+"/supportingMedia/" + i0,schemaPath:"#/properties/supportingMedia/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid2 = _errs9 === errors;if(!valid2){break;}}if(valid2){let i1 = data2.length;let j0;if(i1 > 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data2[i1], data2[j0])){validate17.errors = [{instancePath:instancePath+"/supportingMedia",schemaPath:"#/properties/supportingMedia/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate17.errors = [{instancePath:instancePath+"/supportingMedia",schemaPath:"#/properties/supportingMedia/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid0 = _errs7 === errors;}else {var valid0 = true;}}}}}}else {validate17.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate17.errors = vErrors;return errors === 0;}const schema32 = {"type":"object","properties":{"lang":{"$ref":"#/definitions/englishLanguage"}},"required":["lang"],"$comment":"Cannot use additionalProperties: false here, as this prevents the other properties used by /definitions/description."};const schema33 = {"type":"string","pattern":"^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$"};const pattern13 = new RegExp("^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$", "u");function validate19(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if((data.lang === undefined) && (missing0 = "lang")){validate19.errors = [{instancePath,schemaPath:"#/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"}];return false;}else {if(data.lang !== undefined){let data0 = data.lang;const _errs3 = errors;if(errors === _errs3){if(typeof data0 === "string"){if(!pattern13.test(data0)){validate19.errors = [{instancePath:instancePath+"/lang",schemaPath:"#/definitions/englishLanguage/pattern",keyword:"pattern",params:{pattern: "^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$"},message:"must match pattern \""+"^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$"+"\""}];return false;}}else {validate19.errors = [{instancePath:instancePath+"/lang",schemaPath:"#/definitions/englishLanguage/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}}}else {validate19.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate19.errors = vErrors;return errors === 0;}function validate16(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate16.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 1){outer0:for(;i2--;){for(j0 = i2; j0--;){if(func0(data[i2], data[j0])){validate16.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i2, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i2+" are identical)"}];return false;break outer0;}}}}}}}}else {validate16.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate16.errors = vErrors;return errors === 0;}const schema34 = {"type":"array","minItems":1,"items":{"$ref":"#/definitions/product"}};const schema35 = {"type":"object","allOf":[{"anyOf":[{"required":["vendor","product"]},{"required":["collectionURL","packageName"]}]},{"anyOf":[{"required":["versions"]},{"required":["defaultStatus"]}]}],"properties":{"vendor":{"type":"string","minLength":1,"maxLength":512},"product":{"type":"string","minLength":1,"maxLength":2048},"collectionURL":{"$ref":"#/definitions/uriType","examples":["https://access.redhat.com/downloads/content/package-browser","https://addons.mozilla.org","https://addons.thunderbird.net","https://anaconda.org/anaconda/repo","https://app.vagrantup.com/boxes/search","https://apps.apple.com","https://archlinux.org/packages","https://atmospherejs.meteor.com","https://atom.io/packages","https://bitbucket.org","https://bower.io","https://brew.sh/","https://chocolatey.org/packages","https://chrome.google.com/webstore","https://clojars.org","https://cocoapods.org","https://code.dlang.org","https://conan.io/center","https://cpan.org/modules","https://cran.r-project.org","https://crates.io","https://ctan.org/pkg","https://drupal.org","https://exchange.adobe.com","https://forge.puppet.com/modules","https://github.com","https://gitlab.com/explore","https://golang.org/pkg","https://guix.gnu.org/packages","https://hackage.haskell.org","https://helm.sh","https://hub.docker.com","https://juliahub.com","https://lib.haxe.org","https://luarocks.org","https://marketplace.visualstudio.com","https://melpa.org","https://microsoft.com/en-us/store/apps","https://nimble.directory","https://nuget.org/packages","https://opam.ocaml.org/packages","https://openwrt.org/packages/index","https://package.elm-lang.org","https://packagecontrol.io","https://packages.debian.org","https://packages.gentoo.org","https://packagist.org","https://pear.php.net/packages.php","https://pecl.php.net","https://platformio.org/lib","https://play.google.com/store","https://plugins.gradle.org","https://projects.eclipse.org","https://pub.dev","https://pypi.python.org","https://registry.npmjs.org","https://registry.terraform.io","https://repo.hex.pm","https://repo.maven.apache.org/maven2","https://rubygems.org","https://search.nixos.org/packages","https://sourceforge.net","https://wordpress.org/plugins"]},"packageName":{"type":"string","minLength":1,"maxLength":2048},"cpes":{"type":"array","uniqueItems":true,"items":{"type":"string","pattern":"([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})","minLength":1,"maxLength":2048}},"modules":{"type":"array","uniqueItems":true,"items":{"type":"string","minLength":1,"maxLength":4096}},"programFiles":{"type":"array","uniqueItems":true,"items":{"type":"string","minLength":1,"maxLength":1024}},"programRoutines":{"type":"array","uniqueItems":true,"items":{"type":"object","required":["name"],"properties":{"name":{"type":"string","minLength":1,"maxLength":4096}},"additionalProperties":false}},"platforms":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"string","examples":["iOS","Android","Windows","macOS","x86","ARM","64 bit","Big Endian","iPad","Chromebook","Docker","Model T"],"maxLength":1024}},"repo":{"$ref":"#/definitions/uriType"},"defaultStatus":{"$ref":"#/definitions/status"},"versions":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","oneOf":[{"required":["version","status"],"maxProperties":2},{"required":["version","status","versionType"],"maxProperties":3},{"required":["version","status","versionType","lessThan"]},{"required":["version","status","versionType","lessThanOrEqual"]}],"properties":{"version":{"$ref":"#/definitions/version"},"status":{"$ref":"#/definitions/status"},"versionType":{"type":"string","minLength":1,"maxLength":128,"examples":["custom","git","maven","python","rpm","semver"]},"lessThan":{"$ref":"#/definitions/version"},"lessThanOrEqual":{"$ref":"#/definitions/version"},"changes":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","required":["at","status"],"additionalProperties":false,"properties":{"at":{"$ref":"#/definitions/version"},"status":{"$ref":"#/definitions/status"}}}}},"additionalProperties":false}}}};const schema36 = {"type":"string","format":"uri","minLength":1,"maxLength":2048};const schema38 = {"type":"string","enum":["affected","unaffected","unknown"]};const schema39 = {"type":"string","minLength":1,"maxLength":1024};const formats12 = require("ajv-formats/dist/formats").fullFormats.uri;const pattern14 = new RegExp("([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})", "u");function validate23(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;const _errs1 = errors;const _errs2 = errors;let valid1 = false;const _errs3 = errors;if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if(((data.vendor === undefined) && (missing0 = "vendor")) || ((data.product === undefined) && (missing0 = "product"))){const err0 = {instancePath,schemaPath:"#/allOf/0/anyOf/0/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"};if(vErrors === null){vErrors = [err0];}else {vErrors.push(err0);}errors++;}}var _valid0 = _errs3 === errors;valid1 = valid1 || _valid0;if(!valid1){const _errs4 = errors;if(data && typeof data == "object" && !Array.isArray(data)){let missing1;if(((data.collectionURL === undefined) && (missing1 = "collectionURL")) || ((data.packageName === undefined) && (missing1 = "packageName"))){const err1 = {instancePath,schemaPath:"#/allOf/0/anyOf/1/required",keyword:"required",params:{missingProperty: missing1},message:"must have required property '"+missing1+"'"};if(vErrors === null){vErrors = [err1];}else {vErrors.push(err1);}errors++;}}var _valid0 = _errs4 === errors;valid1 = valid1 || _valid0;}if(!valid1){const err2 = {instancePath,schemaPath:"#/allOf/0/anyOf",keyword:"anyOf",params:{},message:"must match a schema in anyOf"};if(vErrors === null){vErrors = [err2];}else {vErrors.push(err2);}errors++;validate23.errors = vErrors;return false;}else {errors = _errs2;if(vErrors !== null){if(_errs2){vErrors.length = _errs2;}else {vErrors = null;}}}var valid0 = _errs1 === errors;if(valid0){const _errs5 = errors;const _errs6 = errors;let valid2 = false;const _errs7 = errors;if(data && typeof data == "object" && !Array.isArray(data)){let missing2;if((data.versions === undefined) && (missing2 = "versions")){const err3 = {instancePath,schemaPath:"#/allOf/1/anyOf/0/required",keyword:"required",params:{missingProperty: missing2},message:"must have required property '"+missing2+"'"};if(vErrors === null){vErrors = [err3];}else {vErrors.push(err3);}errors++;}}var _valid1 = _errs7 === errors;valid2 = valid2 || _valid1;if(!valid2){const _errs8 = errors;if(data && typeof data == "object" && !Array.isArray(data)){let missing3;if((data.defaultStatus === undefined) && (missing3 = "defaultStatus")){const err4 = {instancePath,schemaPath:"#/allOf/1/anyOf/1/required",keyword:"required",params:{missingProperty: missing3},message:"must have required property '"+missing3+"'"};if(vErrors === null){vErrors = [err4];}else {vErrors.push(err4);}errors++;}}var _valid1 = _errs8 === errors;valid2 = valid2 || _valid1;}if(!valid2){const err5 = {instancePath,schemaPath:"#/allOf/1/anyOf",keyword:"anyOf",params:{},message:"must match a schema in anyOf"};if(vErrors === null){vErrors = [err5];}else {vErrors.push(err5);}errors++;validate23.errors = vErrors;return false;}else {errors = _errs6;if(vErrors !== null){if(_errs6){vErrors.length = _errs6;}else {vErrors = null;}}}var valid0 = _errs5 === errors;}if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){if(data.vendor !== undefined){let data0 = data.vendor;const _errs9 = errors;if(errors === _errs9){if(typeof data0 === "string"){if(func6(data0) > 512){validate23.errors = [{instancePath:instancePath+"/vendor",schemaPath:"#/properties/vendor/maxLength",keyword:"maxLength",params:{limit: 512},message:"must NOT have more than 512 characters"}];return false;}else {if(func6(data0) < 1){validate23.errors = [{instancePath:instancePath+"/vendor",schemaPath:"#/properties/vendor/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/vendor",schemaPath:"#/properties/vendor/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid3 = _errs9 === errors;}else {var valid3 = true;}if(valid3){if(data.product !== undefined){let data1 = data.product;const _errs11 = errors;if(errors === _errs11){if(typeof data1 === "string"){if(func6(data1) > 2048){validate23.errors = [{instancePath:instancePath+"/product",schemaPath:"#/properties/product/maxLength",keyword:"maxLength",params:{limit: 2048},message:"must NOT have more than 2048 characters"}];return false;}else {if(func6(data1) < 1){validate23.errors = [{instancePath:instancePath+"/product",schemaPath:"#/properties/product/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/product",schemaPath:"#/properties/product/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid3 = _errs11 === errors;}else {var valid3 = true;}if(valid3){if(data.collectionURL !== undefined){let data2 = data.collectionURL;const _errs13 = errors;const _errs14 = errors;if(errors === _errs14){if(errors === _errs14){if(typeof data2 === "string"){if(func6(data2) > 2048){validate23.errors = [{instancePath:instancePath+"/collectionURL",schemaPath:"#/definitions/uriType/maxLength",keyword:"maxLength",params:{limit: 2048},message:"must NOT have more than 2048 characters"}];return false;}else {if(func6(data2) < 1){validate23.errors = [{instancePath:instancePath+"/collectionURL",schemaPath:"#/definitions/uriType/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}else {if(!(formats12(data2))){validate23.errors = [{instancePath:instancePath+"/collectionURL",schemaPath:"#/definitions/uriType/format",keyword:"format",params:{format: "uri"},message:"must match format \""+"uri"+"\""}];return false;}}}}else {validate23.errors = [{instancePath:instancePath+"/collectionURL",schemaPath:"#/definitions/uriType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid3 = _errs13 === errors;}else {var valid3 = true;}if(valid3){if(data.packageName !== undefined){let data3 = data.packageName;const _errs16 = errors;if(errors === _errs16){if(typeof data3 === "string"){if(func6(data3) > 2048){validate23.errors = [{instancePath:instancePath+"/packageName",schemaPath:"#/properties/packageName/maxLength",keyword:"maxLength",params:{limit: 2048},message:"must NOT have more than 2048 characters"}];return false;}else {if(func6(data3) < 1){validate23.errors = [{instancePath:instancePath+"/packageName",schemaPath:"#/properties/packageName/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/packageName",schemaPath:"#/properties/packageName/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid3 = _errs16 === errors;}else {var valid3 = true;}if(valid3){if(data.cpes !== undefined){let data4 = data.cpes;const _errs18 = errors;if(errors === _errs18){if(Array.isArray(data4)){var valid5 = true;const len0 = data4.length;for(let i0=0; i0 2048){validate23.errors = [{instancePath:instancePath+"/cpes/" + i0,schemaPath:"#/properties/cpes/items/maxLength",keyword:"maxLength",params:{limit: 2048},message:"must NOT have more than 2048 characters"}];return false;}else {if(func6(data5) < 1){validate23.errors = [{instancePath:instancePath+"/cpes/" + i0,schemaPath:"#/properties/cpes/items/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}else {if(!pattern14.test(data5)){validate23.errors = [{instancePath:instancePath+"/cpes/" + i0,schemaPath:"#/properties/cpes/items/pattern",keyword:"pattern",params:{pattern: "([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})"},message:"must match pattern \""+"([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})"+"\""}];return false;}}}}else {validate23.errors = [{instancePath:instancePath+"/cpes/" + i0,schemaPath:"#/properties/cpes/items/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid5 = _errs20 === errors;if(!valid5){break;}}if(valid5){let i1 = data4.length;let j0;if(i1 > 1){const indices0 = {};for(;i1--;){let item0 = data4[i1];if(typeof item0 !== "string"){continue;}if(typeof indices0[item0] == "number"){j0 = indices0[item0];validate23.errors = [{instancePath:instancePath+"/cpes",schemaPath:"#/properties/cpes/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break;}indices0[item0] = i1;}}}}else {validate23.errors = [{instancePath:instancePath+"/cpes",schemaPath:"#/properties/cpes/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid3 = _errs18 === errors;}else {var valid3 = true;}if(valid3){if(data.modules !== undefined){let data6 = data.modules;const _errs22 = errors;if(errors === _errs22){if(Array.isArray(data6)){var valid7 = true;const len1 = data6.length;for(let i2=0; i2 4096){validate23.errors = [{instancePath:instancePath+"/modules/" + i2,schemaPath:"#/properties/modules/items/maxLength",keyword:"maxLength",params:{limit: 4096},message:"must NOT have more than 4096 characters"}];return false;}else {if(func6(data7) < 1){validate23.errors = [{instancePath:instancePath+"/modules/" + i2,schemaPath:"#/properties/modules/items/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/modules/" + i2,schemaPath:"#/properties/modules/items/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid7 = _errs24 === errors;if(!valid7){break;}}if(valid7){let i3 = data6.length;let j1;if(i3 > 1){const indices1 = {};for(;i3--;){let item1 = data6[i3];if(typeof item1 !== "string"){continue;}if(typeof indices1[item1] == "number"){j1 = indices1[item1];validate23.errors = [{instancePath:instancePath+"/modules",schemaPath:"#/properties/modules/uniqueItems",keyword:"uniqueItems",params:{i: i3, j: j1},message:"must NOT have duplicate items (items ## "+j1+" and "+i3+" are identical)"}];return false;break;}indices1[item1] = i3;}}}}else {validate23.errors = [{instancePath:instancePath+"/modules",schemaPath:"#/properties/modules/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid3 = _errs22 === errors;}else {var valid3 = true;}if(valid3){if(data.programFiles !== undefined){let data8 = data.programFiles;const _errs26 = errors;if(errors === _errs26){if(Array.isArray(data8)){var valid9 = true;const len2 = data8.length;for(let i4=0; i4 1024){validate23.errors = [{instancePath:instancePath+"/programFiles/" + i4,schemaPath:"#/properties/programFiles/items/maxLength",keyword:"maxLength",params:{limit: 1024},message:"must NOT have more than 1024 characters"}];return false;}else {if(func6(data9) < 1){validate23.errors = [{instancePath:instancePath+"/programFiles/" + i4,schemaPath:"#/properties/programFiles/items/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/programFiles/" + i4,schemaPath:"#/properties/programFiles/items/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid9 = _errs28 === errors;if(!valid9){break;}}if(valid9){let i5 = data8.length;let j2;if(i5 > 1){const indices2 = {};for(;i5--;){let item2 = data8[i5];if(typeof item2 !== "string"){continue;}if(typeof indices2[item2] == "number"){j2 = indices2[item2];validate23.errors = [{instancePath:instancePath+"/programFiles",schemaPath:"#/properties/programFiles/uniqueItems",keyword:"uniqueItems",params:{i: i5, j: j2},message:"must NOT have duplicate items (items ## "+j2+" and "+i5+" are identical)"}];return false;break;}indices2[item2] = i5;}}}}else {validate23.errors = [{instancePath:instancePath+"/programFiles",schemaPath:"#/properties/programFiles/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid3 = _errs26 === errors;}else {var valid3 = true;}if(valid3){if(data.programRoutines !== undefined){let data10 = data.programRoutines;const _errs30 = errors;if(errors === _errs30){if(Array.isArray(data10)){var valid11 = true;const len3 = data10.length;for(let i6=0; i6 4096){validate23.errors = [{instancePath:instancePath+"/programRoutines/" + i6+"/name",schemaPath:"#/properties/programRoutines/items/properties/name/maxLength",keyword:"maxLength",params:{limit: 4096},message:"must NOT have more than 4096 characters"}];return false;}else {if(func6(data12) < 1){validate23.errors = [{instancePath:instancePath+"/programRoutines/" + i6+"/name",schemaPath:"#/properties/programRoutines/items/properties/name/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/programRoutines/" + i6+"/name",schemaPath:"#/properties/programRoutines/items/properties/name/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}}}}else {validate23.errors = [{instancePath:instancePath+"/programRoutines/" + i6,schemaPath:"#/properties/programRoutines/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid11 = _errs32 === errors;if(!valid11){break;}}if(valid11){let i7 = data10.length;let j3;if(i7 > 1){outer0:for(;i7--;){for(j3 = i7; j3--;){if(func0(data10[i7], data10[j3])){validate23.errors = [{instancePath:instancePath+"/programRoutines",schemaPath:"#/properties/programRoutines/uniqueItems",keyword:"uniqueItems",params:{i: i7, j: j3},message:"must NOT have duplicate items (items ## "+j3+" and "+i7+" are identical)"}];return false;break outer0;}}}}}}else {validate23.errors = [{instancePath:instancePath+"/programRoutines",schemaPath:"#/properties/programRoutines/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid3 = _errs30 === errors;}else {var valid3 = true;}if(valid3){if(data.platforms !== undefined){let data13 = data.platforms;const _errs37 = errors;if(errors === _errs37){if(Array.isArray(data13)){if(data13.length < 1){validate23.errors = [{instancePath:instancePath+"/platforms",schemaPath:"#/properties/platforms/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid14 = true;const len4 = data13.length;for(let i8=0; i8 1024){validate23.errors = [{instancePath:instancePath+"/platforms/" + i8,schemaPath:"#/properties/platforms/items/maxLength",keyword:"maxLength",params:{limit: 1024},message:"must NOT have more than 1024 characters"}];return false;}}else {validate23.errors = [{instancePath:instancePath+"/platforms/" + i8,schemaPath:"#/properties/platforms/items/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid14 = _errs39 === errors;if(!valid14){break;}}if(valid14){let i9 = data13.length;let j4;if(i9 > 1){const indices3 = {};for(;i9--;){let item3 = data13[i9];if(typeof item3 !== "string"){continue;}if(typeof indices3[item3] == "number"){j4 = indices3[item3];validate23.errors = [{instancePath:instancePath+"/platforms",schemaPath:"#/properties/platforms/uniqueItems",keyword:"uniqueItems",params:{i: i9, j: j4},message:"must NOT have duplicate items (items ## "+j4+" and "+i9+" are identical)"}];return false;break;}indices3[item3] = i9;}}}}}else {validate23.errors = [{instancePath:instancePath+"/platforms",schemaPath:"#/properties/platforms/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid3 = _errs37 === errors;}else {var valid3 = true;}if(valid3){if(data.repo !== undefined){let data15 = data.repo;const _errs41 = errors;const _errs42 = errors;if(errors === _errs42){if(errors === _errs42){if(typeof data15 === "string"){if(func6(data15) > 2048){validate23.errors = [{instancePath:instancePath+"/repo",schemaPath:"#/definitions/uriType/maxLength",keyword:"maxLength",params:{limit: 2048},message:"must NOT have more than 2048 characters"}];return false;}else {if(func6(data15) < 1){validate23.errors = [{instancePath:instancePath+"/repo",schemaPath:"#/definitions/uriType/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}else {if(!(formats12(data15))){validate23.errors = [{instancePath:instancePath+"/repo",schemaPath:"#/definitions/uriType/format",keyword:"format",params:{format: "uri"},message:"must match format \""+"uri"+"\""}];return false;}}}}else {validate23.errors = [{instancePath:instancePath+"/repo",schemaPath:"#/definitions/uriType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid3 = _errs41 === errors;}else {var valid3 = true;}if(valid3){if(data.defaultStatus !== undefined){let data16 = data.defaultStatus;const _errs44 = errors;if(typeof data16 !== "string"){validate23.errors = [{instancePath:instancePath+"/defaultStatus",schemaPath:"#/definitions/status/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data16 === "affected") || (data16 === "unaffected")) || (data16 === "unknown"))){validate23.errors = [{instancePath:instancePath+"/defaultStatus",schemaPath:"#/definitions/status/enum",keyword:"enum",params:{allowedValues: schema38.enum},message:"must be equal to one of the allowed values"}];return false;}var valid3 = _errs44 === errors;}else {var valid3 = true;}if(valid3){if(data.versions !== undefined){let data17 = data.versions;const _errs47 = errors;if(errors === _errs47){if(Array.isArray(data17)){if(data17.length < 1){validate23.errors = [{instancePath:instancePath+"/versions",schemaPath:"#/properties/versions/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid18 = true;const len5 = data17.length;for(let i10=0; i10 2){const err6 = {instancePath:instancePath+"/versions/" + i10,schemaPath:"#/properties/versions/items/oneOf/0/maxProperties",keyword:"maxProperties",params:{limit: 2},message:"must NOT have more than 2 items"};if(vErrors === null){vErrors = [err6];}else {vErrors.push(err6);}errors++;}else {let missing5;if(((data18.version === undefined) && (missing5 = "version")) || ((data18.status === undefined) && (missing5 = "status"))){const err7 = {instancePath:instancePath+"/versions/" + i10,schemaPath:"#/properties/versions/items/oneOf/0/required",keyword:"required",params:{missingProperty: missing5},message:"must have required property '"+missing5+"'"};if(vErrors === null){vErrors = [err7];}else {vErrors.push(err7);}errors++;}}}var _valid2 = _errs52 === errors;if(_valid2){valid19 = true;passing0 = 0;}const _errs53 = errors;if(data18 && typeof data18 == "object" && !Array.isArray(data18)){if(Object.keys(data18).length > 3){const err8 = {instancePath:instancePath+"/versions/" + i10,schemaPath:"#/properties/versions/items/oneOf/1/maxProperties",keyword:"maxProperties",params:{limit: 3},message:"must NOT have more than 3 items"};if(vErrors === null){vErrors = [err8];}else {vErrors.push(err8);}errors++;}else {let missing6;if((((data18.version === undefined) && (missing6 = "version")) || ((data18.status === undefined) && (missing6 = "status"))) || ((data18.versionType === undefined) && (missing6 = "versionType"))){const err9 = {instancePath:instancePath+"/versions/" + i10,schemaPath:"#/properties/versions/items/oneOf/1/required",keyword:"required",params:{missingProperty: missing6},message:"must have required property '"+missing6+"'"};if(vErrors === null){vErrors = [err9];}else {vErrors.push(err9);}errors++;}}}var _valid2 = _errs53 === errors;if(_valid2 && valid19){valid19 = false;passing0 = [passing0, 1];}else {if(_valid2){valid19 = true;passing0 = 1;}const _errs54 = errors;if(data18 && typeof data18 == "object" && !Array.isArray(data18)){let missing7;if(((((data18.version === undefined) && (missing7 = "version")) || ((data18.status === undefined) && (missing7 = "status"))) || ((data18.versionType === undefined) && (missing7 = "versionType"))) || ((data18.lessThan === undefined) && (missing7 = "lessThan"))){const err10 = {instancePath:instancePath+"/versions/" + i10,schemaPath:"#/properties/versions/items/oneOf/2/required",keyword:"required",params:{missingProperty: missing7},message:"must have required property '"+missing7+"'"};if(vErrors === null){vErrors = [err10];}else {vErrors.push(err10);}errors++;}}var _valid2 = _errs54 === errors;if(_valid2 && valid19){valid19 = false;passing0 = [passing0, 2];}else {if(_valid2){valid19 = true;passing0 = 2;}const _errs55 = errors;if(data18 && typeof data18 == "object" && !Array.isArray(data18)){let missing8;if(((((data18.version === undefined) && (missing8 = "version")) || ((data18.status === undefined) && (missing8 = "status"))) || ((data18.versionType === undefined) && (missing8 = "versionType"))) || ((data18.lessThanOrEqual === undefined) && (missing8 = "lessThanOrEqual"))){const err11 = {instancePath:instancePath+"/versions/" + i10,schemaPath:"#/properties/versions/items/oneOf/3/required",keyword:"required",params:{missingProperty: missing8},message:"must have required property '"+missing8+"'"};if(vErrors === null){vErrors = [err11];}else {vErrors.push(err11);}errors++;}}var _valid2 = _errs55 === errors;if(_valid2 && valid19){valid19 = false;passing0 = [passing0, 3];}else {if(_valid2){valid19 = true;passing0 = 3;}}}}if(!valid19){const err12 = {instancePath:instancePath+"/versions/" + i10,schemaPath:"#/properties/versions/items/oneOf",keyword:"oneOf",params:{passingSchemas: passing0},message:"must match exactly one schema in oneOf"};if(vErrors === null){vErrors = [err12];}else {vErrors.push(err12);}errors++;validate23.errors = vErrors;return false;}else {errors = _errs51;if(vErrors !== null){if(_errs51){vErrors.length = _errs51;}else {vErrors = null;}}}if(errors === _errs49){if(data18 && typeof data18 == "object" && !Array.isArray(data18)){const _errs56 = errors;for(const key1 in data18){if(!((((((key1 === "version") || (key1 === "status")) || (key1 === "versionType")) || (key1 === "lessThan")) || (key1 === "lessThanOrEqual")) || (key1 === "changes"))){validate23.errors = [{instancePath:instancePath+"/versions/" + i10,schemaPath:"#/properties/versions/items/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key1},message:"must NOT have additional properties"}];return false;break;}}if(_errs56 === errors){if(data18.version !== undefined){let data19 = data18.version;const _errs57 = errors;const _errs58 = errors;if(errors === _errs58){if(typeof data19 === "string"){if(func6(data19) > 1024){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/version",schemaPath:"#/definitions/version/maxLength",keyword:"maxLength",params:{limit: 1024},message:"must NOT have more than 1024 characters"}];return false;}else {if(func6(data19) < 1){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/version",schemaPath:"#/definitions/version/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/version",schemaPath:"#/definitions/version/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid20 = _errs57 === errors;}else {var valid20 = true;}if(valid20){if(data18.status !== undefined){let data20 = data18.status;const _errs60 = errors;if(typeof data20 !== "string"){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/status",schemaPath:"#/definitions/status/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data20 === "affected") || (data20 === "unaffected")) || (data20 === "unknown"))){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/status",schemaPath:"#/definitions/status/enum",keyword:"enum",params:{allowedValues: schema38.enum},message:"must be equal to one of the allowed values"}];return false;}var valid20 = _errs60 === errors;}else {var valid20 = true;}if(valid20){if(data18.versionType !== undefined){let data21 = data18.versionType;const _errs63 = errors;if(errors === _errs63){if(typeof data21 === "string"){if(func6(data21) > 128){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/versionType",schemaPath:"#/properties/versions/items/properties/versionType/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"}];return false;}else {if(func6(data21) < 1){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/versionType",schemaPath:"#/properties/versions/items/properties/versionType/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/versionType",schemaPath:"#/properties/versions/items/properties/versionType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid20 = _errs63 === errors;}else {var valid20 = true;}if(valid20){if(data18.lessThan !== undefined){let data22 = data18.lessThan;const _errs65 = errors;const _errs66 = errors;if(errors === _errs66){if(typeof data22 === "string"){if(func6(data22) > 1024){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/lessThan",schemaPath:"#/definitions/version/maxLength",keyword:"maxLength",params:{limit: 1024},message:"must NOT have more than 1024 characters"}];return false;}else {if(func6(data22) < 1){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/lessThan",schemaPath:"#/definitions/version/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/lessThan",schemaPath:"#/definitions/version/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid20 = _errs65 === errors;}else {var valid20 = true;}if(valid20){if(data18.lessThanOrEqual !== undefined){let data23 = data18.lessThanOrEqual;const _errs68 = errors;const _errs69 = errors;if(errors === _errs69){if(typeof data23 === "string"){if(func6(data23) > 1024){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/lessThanOrEqual",schemaPath:"#/definitions/version/maxLength",keyword:"maxLength",params:{limit: 1024},message:"must NOT have more than 1024 characters"}];return false;}else {if(func6(data23) < 1){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/lessThanOrEqual",schemaPath:"#/definitions/version/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/lessThanOrEqual",schemaPath:"#/definitions/version/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid20 = _errs68 === errors;}else {var valid20 = true;}if(valid20){if(data18.changes !== undefined){let data24 = data18.changes;const _errs71 = errors;if(errors === _errs71){if(Array.isArray(data24)){if(data24.length < 1){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/changes",schemaPath:"#/properties/versions/items/properties/changes/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid25 = true;const len6 = data24.length;for(let i11=0; i11 1024){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/changes/" + i11+"/at",schemaPath:"#/definitions/version/maxLength",keyword:"maxLength",params:{limit: 1024},message:"must NOT have more than 1024 characters"}];return false;}else {if(func6(data26) < 1){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/changes/" + i11+"/at",schemaPath:"#/definitions/version/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/changes/" + i11+"/at",schemaPath:"#/definitions/version/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid26 = _errs76 === errors;}else {var valid26 = true;}if(valid26){if(data25.status !== undefined){let data27 = data25.status;const _errs79 = errors;if(typeof data27 !== "string"){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/changes/" + i11+"/status",schemaPath:"#/definitions/status/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data27 === "affected") || (data27 === "unaffected")) || (data27 === "unknown"))){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/changes/" + i11+"/status",schemaPath:"#/definitions/status/enum",keyword:"enum",params:{allowedValues: schema38.enum},message:"must be equal to one of the allowed values"}];return false;}var valid26 = _errs79 === errors;}else {var valid26 = true;}}}}}else {validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/changes/" + i11,schemaPath:"#/properties/versions/items/properties/changes/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid25 = _errs73 === errors;if(!valid25){break;}}if(valid25){let i12 = data24.length;let j5;if(i12 > 1){outer1:for(;i12--;){for(j5 = i12; j5--;){if(func0(data24[i12], data24[j5])){validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/changes",schemaPath:"#/properties/versions/items/properties/changes/uniqueItems",keyword:"uniqueItems",params:{i: i12, j: j5},message:"must NOT have duplicate items (items ## "+j5+" and "+i12+" are identical)"}];return false;break outer1;}}}}}}}else {validate23.errors = [{instancePath:instancePath+"/versions/" + i10+"/changes",schemaPath:"#/properties/versions/items/properties/changes/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid20 = _errs71 === errors;}else {var valid20 = true;}}}}}}}}else {validate23.errors = [{instancePath:instancePath+"/versions/" + i10,schemaPath:"#/properties/versions/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid18 = _errs49 === errors;if(!valid18){break;}}if(valid18){let i13 = data17.length;let j6;if(i13 > 1){outer2:for(;i13--;){for(j6 = i13; j6--;){if(func0(data17[i13], data17[j6])){validate23.errors = [{instancePath:instancePath+"/versions",schemaPath:"#/properties/versions/uniqueItems",keyword:"uniqueItems",params:{i: i13, j: j6},message:"must NOT have duplicate items (items ## "+j6+" and "+i13+" are identical)"}];return false;break outer2;}}}}}}}else {validate23.errors = [{instancePath:instancePath+"/versions",schemaPath:"#/properties/versions/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid3 = _errs47 === errors;}else {var valid3 = true;}}}}}}}}}}}}}else {validate23.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate23.errors = vErrors;return errors === 0;}function validate22(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate22.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 2048){validate28.errors = [{instancePath:instancePath+"/url",schemaPath:"#/definitions/uriType/maxLength",keyword:"maxLength",params:{limit: 2048},message:"must NOT have more than 2048 characters"}];return false;}else {if(func6(data0) < 1){validate28.errors = [{instancePath:instancePath+"/url",schemaPath:"#/definitions/uriType/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}else {if(!(formats12(data0))){validate28.errors = [{instancePath:instancePath+"/url",schemaPath:"#/definitions/uriType/format",keyword:"format",params:{format: "uri"},message:"must match format \""+"uri"+"\""}];return false;}}}}else {validate28.errors = [{instancePath:instancePath+"/url",schemaPath:"#/definitions/uriType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs2 === errors;}else {var valid0 = true;}if(valid0){if(data.name !== undefined){let data1 = data.name;const _errs5 = errors;if(errors === _errs5){if(typeof data1 === "string"){if(func6(data1) > 512){validate28.errors = [{instancePath:instancePath+"/name",schemaPath:"#/properties/name/maxLength",keyword:"maxLength",params:{limit: 512},message:"must NOT have more than 512 characters"}];return false;}else {if(func6(data1) < 1){validate28.errors = [{instancePath:instancePath+"/name",schemaPath:"#/properties/name/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate28.errors = [{instancePath:instancePath+"/name",schemaPath:"#/properties/name/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs5 === errors;}else {var valid0 = true;}if(valid0){if(data.tags !== undefined){let data2 = data.tags;const _errs7 = errors;if(errors === _errs7){if(Array.isArray(data2)){if(data2.length < 1){validate28.errors = [{instancePath:instancePath+"/tags",schemaPath:"#/properties/tags/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid2 = true;const len0 = data2.length;for(let i0=0; i0 128){const err0 = {instancePath:instancePath+"/tags/" + i0,schemaPath:"#/definitions/tagExtension/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"};if(vErrors === null){vErrors = [err0];}else {vErrors.push(err0);}errors++;}else {if(func6(data3) < 2){const err1 = {instancePath:instancePath+"/tags/" + i0,schemaPath:"#/definitions/tagExtension/minLength",keyword:"minLength",params:{limit: 2},message:"must NOT have fewer than 2 characters"};if(vErrors === null){vErrors = [err1];}else {vErrors.push(err1);}errors++;}else {if(!pattern17.test(data3)){const err2 = {instancePath:instancePath+"/tags/" + i0,schemaPath:"#/definitions/tagExtension/pattern",keyword:"pattern",params:{pattern: "^x_.*$"},message:"must match pattern \""+"^x_.*$"+"\""};if(vErrors === null){vErrors = [err2];}else {vErrors.push(err2);}errors++;}}}}else {const err3 = {instancePath:instancePath+"/tags/" + i0,schemaPath:"#/definitions/tagExtension/type",keyword:"type",params:{type: "string"},message:"must be string"};if(vErrors === null){vErrors = [err3];}else {vErrors.push(err3);}errors++;}}var _valid0 = _errs11 === errors;if(_valid0){valid3 = true;passing0 = 0;}const _errs15 = errors;if(typeof data3 !== "string"){const err4 = {instancePath:instancePath+"/tags/" + i0,schemaPath:"#/properties/tags/items/oneOf/1/type",keyword:"type",params:{type: "string"},message:"must be string"};if(vErrors === null){vErrors = [err4];}else {vErrors.push(err4);}errors++;}if(!(((((((((((((((((((data3 === "broken-link") || (data3 === "customer-entitlement")) || (data3 === "exploit")) || (data3 === "government-resource")) || (data3 === "issue-tracking")) || (data3 === "mailing-list")) || (data3 === "mitigation")) || (data3 === "not-applicable")) || (data3 === "patch")) || (data3 === "permissions-required")) || (data3 === "media-coverage")) || (data3 === "product")) || (data3 === "related")) || (data3 === "release-notes")) || (data3 === "signature")) || (data3 === "technical-description")) || (data3 === "third-party-advisory")) || (data3 === "vendor-advisory")) || (data3 === "vdb-entry"))){const err5 = {instancePath:instancePath+"/tags/" + i0,schemaPath:"#/properties/tags/items/oneOf/1/enum",keyword:"enum",params:{allowedValues: schema48.properties.tags.items.oneOf[1].enum},message:"must be equal to one of the allowed values"};if(vErrors === null){vErrors = [err5];}else {vErrors.push(err5);}errors++;}var _valid0 = _errs15 === errors;if(_valid0 && valid3){valid3 = false;passing0 = [passing0, 1];}else {if(_valid0){valid3 = true;passing0 = 1;}}if(!valid3){const err6 = {instancePath:instancePath+"/tags/" + i0,schemaPath:"#/properties/tags/items/oneOf",keyword:"oneOf",params:{passingSchemas: passing0},message:"must match exactly one schema in oneOf"};if(vErrors === null){vErrors = [err6];}else {vErrors.push(err6);}errors++;validate28.errors = vErrors;return false;}else {errors = _errs10;if(vErrors !== null){if(_errs10){vErrors.length = _errs10;}else {vErrors = null;}}}var valid2 = _errs9 === errors;if(!valid2){break;}}if(valid2){let i1 = data2.length;let j0;if(i1 > 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data2[i1], data2[j0])){validate28.errors = [{instancePath:instancePath+"/tags",schemaPath:"#/properties/tags/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate28.errors = [{instancePath:instancePath+"/tags",schemaPath:"#/properties/tags/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid0 = _errs7 === errors;}else {var valid0 = true;}}}}}}else {validate28.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate28.errors = vErrors;return errors === 0;}function validate27(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length > 512){validate27.errors = [{instancePath,schemaPath:"#/maxItems",keyword:"maxItems",params:{limit: 512},message:"must NOT have more than 512 items"}];return false;}else {if(data.length < 1){validate27.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data[i1], data[j0])){validate27.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}}else {validate27.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate27.errors = vErrors;return errors === 0;}function validate26(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate26.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 4096){validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/description",schemaPath:"#/items/properties/descriptions/items/properties/description/maxLength",keyword:"maxLength",params:{limit: 4096},message:"must NOT have more than 4096 characters"}];return false;}else {if(func6(data4) < 1){validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/description",schemaPath:"#/items/properties/descriptions/items/properties/description/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/description",schemaPath:"#/items/properties/descriptions/items/properties/description/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid3 = _errs12 === errors;}else {var valid3 = true;}if(valid3){if(data2.cweId !== undefined){let data5 = data2.cweId;const _errs14 = errors;if(errors === _errs14){if(typeof data5 === "string"){if(func6(data5) > 9){validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/cweId",schemaPath:"#/items/properties/descriptions/items/properties/cweId/maxLength",keyword:"maxLength",params:{limit: 9},message:"must NOT have more than 9 characters"}];return false;}else {if(func6(data5) < 5){validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/cweId",schemaPath:"#/items/properties/descriptions/items/properties/cweId/minLength",keyword:"minLength",params:{limit: 5},message:"must NOT have fewer than 5 characters"}];return false;}else {if(!pattern16.test(data5)){validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/cweId",schemaPath:"#/items/properties/descriptions/items/properties/cweId/pattern",keyword:"pattern",params:{pattern: "^CWE-[1-9][0-9]*$"},message:"must match pattern \""+"^CWE-[1-9][0-9]*$"+"\""}];return false;}}}}else {validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/cweId",schemaPath:"#/items/properties/descriptions/items/properties/cweId/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid3 = _errs14 === errors;}else {var valid3 = true;}if(valid3){if(data2.type !== undefined){let data6 = data2.type;const _errs16 = errors;if(errors === _errs16){if(typeof data6 === "string"){if(func6(data6) > 128){validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/type",schemaPath:"#/items/properties/descriptions/items/properties/type/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"}];return false;}else {if(func6(data6) < 1){validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/type",schemaPath:"#/items/properties/descriptions/items/properties/type/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/type",schemaPath:"#/items/properties/descriptions/items/properties/type/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid3 = _errs16 === errors;}else {var valid3 = true;}if(valid3){if(data2.references !== undefined){const _errs18 = errors;if(!(validate27(data2.references, {instancePath:instancePath+"/" + i0+"/descriptions/" + i1+"/references",parentData:data2,parentDataProperty:"references",rootData}))){vErrors = vErrors === null ? validate27.errors : vErrors.concat(validate27.errors);errors = vErrors.length;}var valid3 = _errs18 === errors;}else {var valid3 = true;}}}}}}}}else {validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions/" + i1,schemaPath:"#/items/properties/descriptions/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid2 = _errs6 === errors;if(!valid2){break;}}if(valid2){let i2 = data1.length;let j0;if(i2 > 1){outer0:for(;i2--;){for(j0 = i2; j0--;){if(func0(data1[i2], data1[j0])){validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions",schemaPath:"#/items/properties/descriptions/uniqueItems",keyword:"uniqueItems",params:{i: i2, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i2+" are identical)"}];return false;break outer0;}}}}}}}else {validate26.errors = [{instancePath:instancePath+"/" + i0+"/descriptions",schemaPath:"#/items/properties/descriptions/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}}}}}else {validate26.errors = [{instancePath:instancePath+"/" + i0,schemaPath:"#/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid0 = _errs1 === errors;if(!valid0){break;}}if(valid0){let i3 = data.length;let j1;if(i3 > 1){outer1:for(;i3--;){for(j1 = i3; j1--;){if(func0(data[i3], data[j1])){validate26.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i3, j: j1},message:"must NOT have duplicate items (items ## "+j1+" and "+i3+" are identical)"}];return false;break outer1;}}}}}}}else {validate26.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate26.errors = vErrors;return errors === 0;}const schema51 = {"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","required":["descriptions"],"properties":{"capecId":{"type":"string","minLength":7,"maxLength":11,"pattern":"^CAPEC-[1-9][0-9]{0,4}$"},"descriptions":{"$ref":"#/definitions/descriptions"}},"additionalProperties":false}};const pattern18 = new RegExp("^CAPEC-[1-9][0-9]{0,4}$", "u");function validate33(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate33.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 11){validate33.errors = [{instancePath:instancePath+"/" + i0+"/capecId",schemaPath:"#/items/properties/capecId/maxLength",keyword:"maxLength",params:{limit: 11},message:"must NOT have more than 11 characters"}];return false;}else {if(func6(data1) < 7){validate33.errors = [{instancePath:instancePath+"/" + i0+"/capecId",schemaPath:"#/items/properties/capecId/minLength",keyword:"minLength",params:{limit: 7},message:"must NOT have fewer than 7 characters"}];return false;}else {if(!pattern18.test(data1)){validate33.errors = [{instancePath:instancePath+"/" + i0+"/capecId",schemaPath:"#/items/properties/capecId/pattern",keyword:"pattern",params:{pattern: "^CAPEC-[1-9][0-9]{0,4}$"},message:"must match pattern \""+"^CAPEC-[1-9][0-9]{0,4}$"+"\""}];return false;}}}}else {validate33.errors = [{instancePath:instancePath+"/" + i0+"/capecId",schemaPath:"#/items/properties/capecId/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid1 = _errs4 === errors;}else {var valid1 = true;}if(valid1){if(data0.descriptions !== undefined){const _errs6 = errors;if(!(validate16(data0.descriptions, {instancePath:instancePath+"/" + i0+"/descriptions",parentData:data0,parentDataProperty:"descriptions",rootData}))){vErrors = vErrors === null ? validate16.errors : vErrors.concat(validate16.errors);errors = vErrors.length;}var valid1 = _errs6 === errors;}else {var valid1 = true;}}}}}else {validate33.errors = [{instancePath:instancePath+"/" + i0,schemaPath:"#/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid0 = _errs1 === errors;if(!valid0){break;}}if(valid0){let i1 = data.length;let j0;if(i1 > 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data[i1], data[j0])){validate33.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate33.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate33.errors = vErrors;return errors === 0;}const schema52 = {"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","anyOf":[{"required":["cvssV4_0"]},{"required":["cvssV3_1"]},{"required":["cvssV3_0"]},{"required":["cvssV2_0"]},{"required":["other"]}],"properties":{"format":{"type":"string","minLength":1,"maxLength":64},"scenarios":{"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","properties":{"lang":{"$ref":"#/definitions/language"},"value":{"type":"string","default":"GENERAL","minLength":1,"maxLength":4096}},"required":["lang","value"],"additionalProperties":false}},"cvssV4_0":{"$schema":"http://json-schema.org/draft-07/schema#","type":"object","definitions":{"attackVectorType":{"type":"string","enum":["NETWORK","ADJACENT","LOCAL","PHYSICAL"]},"modifiedAttackVectorType":{"type":"string","enum":["NETWORK","ADJACENT","LOCAL","PHYSICAL","NOT_DEFINED"],"default":"NOT_DEFINED"},"attackComplexityType":{"type":"string","enum":["HIGH","LOW"]},"modifiedAttackComplexityType":{"type":"string","enum":["HIGH","LOW","NOT_DEFINED"],"default":"NOT_DEFINED"},"attackRequirementsType":{"type":"string","enum":["NONE","PRESENT"]},"modifiedAttackRequirementsType":{"type":"string","enum":["NONE","PRESENT","NOT_DEFINED"],"default":"NOT_DEFINED"},"privilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE"]},"modifiedPrivilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE","NOT_DEFINED"],"default":"NOT_DEFINED"},"userInteractionType":{"type":"string","enum":["NONE","PASSIVE","ACTIVE"]},"modifiedUserInteractionType":{"type":"string","enum":["NONE","PASSIVE","ACTIVE","NOT_DEFINED"],"default":"NOT_DEFINED"},"vulnCiaType":{"type":"string","enum":["NONE","LOW","HIGH"]},"modifiedVulnCiaType":{"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"},"subCiaType":{"type":"string","enum":["NONE","LOW","HIGH"]},"modifiedSubCType":{"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"},"modifiedSubIaType":{"type":"string","enum":["NONE","LOW","HIGH","SAFETY","NOT_DEFINED"],"default":"NOT_DEFINED"},"exploitMaturityType":{"type":"string","enum":["UNREPORTED","PROOF_OF_CONCEPT","ATTACKED","NOT_DEFINED"],"default":"NOT_DEFINED"},"ciaRequirementType":{"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"},"safetyType":{"type":"string","enum":["NEGLIGIBLE","PRESENT","NOT_DEFINED"],"default":"NOT_DEFINED"},"automatableType":{"type":"string","enum":["NO","YES","NOT_DEFINED"],"default":"NOT_DEFINED"},"recoveryType":{"type":"string","enum":["AUTOMATIC","USER","IRRECOVERABLE","NOT_DEFINED"],"default":"NOT_DEFINED"},"valueDensityType":{"type":"string","enum":["DIFFUSE","CONCENTRATED","NOT_DEFINED"],"default":"NOT_DEFINED"},"vulnerabilityResponseEffortType":{"type":"string","enum":["LOW","MODERATE","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"},"providerUrgencyType":{"type":"string","enum":["CLEAR","GREEN","AMBER","RED","NOT_DEFINED"],"default":"NOT_DEFINED"},"scoreType":{"type":"number","minimum":0,"maximum":10,"multipleOf":0.1},"noneScoreType":{"type":"number","minimum":0,"maximum":0},"lowScoreType":{"type":"number","minimum":0.1,"maximum":3.9,"multipleOf":0.1},"mediumScoreType":{"type":"number","minimum":4,"maximum":6.9,"multipleOf":0.1},"highScoreType":{"type":"number","minimum":7,"maximum":8.9,"multipleOf":0.1},"criticalScoreType":{"type":"number","minimum":9,"maximum":10,"multipleOf":0.1},"severityType":{"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","CRITICAL"]},"noneSeverityType":{"const":"NONE"},"lowSeverityType":{"const":"LOW"},"mediumSeverityType":{"const":"MEDIUM"},"highSeverityType":{"const":"HIGH"},"criticalSeverityType":{"const":"CRITICAL"}},"properties":{"version":{"type":"string","enum":["4.0"]},"vectorString":{"type":"string","pattern":"^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$"},"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType"},"attackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType"},"attackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType"},"attackRequirements":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType"},"privilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType"},"userInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType"},"vulnConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType"},"vulnIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType"},"vulnAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType"},"subConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType"},"subIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType"},"subAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType"},"exploitMaturity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType"},"confidentialityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType"},"integrityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType"},"availabilityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType"},"modifiedAttackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType"},"modifiedAttackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType"},"modifiedAttackRequirements":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType"},"modifiedPrivilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType"},"modifiedUserInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType"},"modifiedVulnConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType"},"modifiedVulnIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType"},"modifiedVulnAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType"},"modifiedSubConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType"},"modifiedSubIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType"},"modifiedSubAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType"},"Safety":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType"},"Automatable":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType"},"Recovery":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType"},"valueDensity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType"},"vulnerabilityResponseEffort":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType"},"providerUrgency":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType"}},"allOf":[{"anyOf":[{"properties":{"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType"}}},{"properties":{"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType"}}},{"properties":{"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType"}}},{"properties":{"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType"}}},{"properties":{"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType"}}}]},{"anyOf":[{"properties":{"threatScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType"},"threatSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType"}}},{"properties":{"threatScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType"},"threatSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType"}}},{"properties":{"threatScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType"},"threatSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType"}}},{"properties":{"threatScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType"},"threatSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType"}}},{"properties":{"threatScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType"},"threatSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType"}}}]},{"anyOf":[{"properties":{"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType"}}},{"properties":{"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType"}}},{"properties":{"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType"}}},{"properties":{"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType"}}},{"properties":{"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType"}}}]}],"required":["version","vectorString","baseScore","baseSeverity"],"additionalProperties":false},"cvssV3_1":{"$schema":"http://json-schema.org/draft-07/schema#","type":"object","definitions":{"attackVectorType":{"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL"]},"modifiedAttackVectorType":{"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL","NOT_DEFINED"]},"attackComplexityType":{"type":"string","enum":["HIGH","LOW"]},"modifiedAttackComplexityType":{"type":"string","enum":["HIGH","LOW","NOT_DEFINED"]},"privilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE"]},"modifiedPrivilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE","NOT_DEFINED"]},"userInteractionType":{"type":"string","enum":["NONE","REQUIRED"]},"modifiedUserInteractionType":{"type":"string","enum":["NONE","REQUIRED","NOT_DEFINED"]},"scopeType":{"type":"string","enum":["UNCHANGED","CHANGED"]},"modifiedScopeType":{"type":"string","enum":["UNCHANGED","CHANGED","NOT_DEFINED"]},"ciaType":{"type":"string","enum":["NONE","LOW","HIGH"]},"modifiedCiaType":{"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"]},"exploitCodeMaturityType":{"type":"string","enum":["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED"]},"remediationLevelType":{"type":"string","enum":["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"]},"confidenceType":{"type":"string","enum":["UNKNOWN","REASONABLE","CONFIRMED","NOT_DEFINED"]},"ciaRequirementType":{"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"]},"scoreType":{"type":"number","minimum":0,"maximum":10},"severityType":{"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","CRITICAL"]}},"properties":{"version":{"type":"string","enum":["3.1"]},"vectorString":{"type":"string","pattern":"^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"},"attackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType"},"attackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType"},"privilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType"},"userInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType"},"scope":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType"},"confidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType"},"integrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType"},"availabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType"},"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType"},"exploitCodeMaturity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType"},"remediationLevel":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType"},"reportConfidence":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType"},"temporalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType"},"temporalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType"},"confidentialityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType"},"integrityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType"},"availabilityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType"},"modifiedAttackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType"},"modifiedAttackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType"},"modifiedPrivilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType"},"modifiedUserInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType"},"modifiedScope":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType"},"modifiedConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType"},"modifiedIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType"},"modifiedAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType"},"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType"}},"required":["version","vectorString","baseScore","baseSeverity"],"additionalProperties":false},"cvssV3_0":{"$schema":"http://json-schema.org/draft-04/schema#","type":"object","definitions":{"attackVectorType":{"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL"]},"modifiedAttackVectorType":{"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL","NOT_DEFINED"]},"attackComplexityType":{"type":"string","enum":["HIGH","LOW"]},"modifiedAttackComplexityType":{"type":"string","enum":["HIGH","LOW","NOT_DEFINED"]},"privilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE"]},"modifiedPrivilegesRequiredType":{"type":"string","enum":["HIGH","LOW","NONE","NOT_DEFINED"]},"userInteractionType":{"type":"string","enum":["NONE","REQUIRED"]},"modifiedUserInteractionType":{"type":"string","enum":["NONE","REQUIRED","NOT_DEFINED"]},"scopeType":{"type":"string","enum":["UNCHANGED","CHANGED"]},"modifiedScopeType":{"type":"string","enum":["UNCHANGED","CHANGED","NOT_DEFINED"]},"ciaType":{"type":"string","enum":["NONE","LOW","HIGH"]},"modifiedCiaType":{"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"]},"exploitCodeMaturityType":{"type":"string","enum":["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED"]},"remediationLevelType":{"type":"string","enum":["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"]},"confidenceType":{"type":"string","enum":["UNKNOWN","REASONABLE","CONFIRMED","NOT_DEFINED"]},"ciaRequirementType":{"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"]},"scoreType":{"type":"number","minimum":0,"maximum":10},"severityType":{"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","CRITICAL"]}},"properties":{"version":{"type":"string","enum":["3.0"]},"vectorString":{"type":"string","pattern":"^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"},"attackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType"},"attackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType"},"privilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType"},"userInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType"},"scope":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType"},"confidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType"},"integrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType"},"availabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType"},"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType"},"baseSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType"},"exploitCodeMaturity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType"},"remediationLevel":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType"},"reportConfidence":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType"},"temporalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType"},"temporalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType"},"confidentialityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType"},"integrityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType"},"availabilityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType"},"modifiedAttackVector":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType"},"modifiedAttackComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType"},"modifiedPrivilegesRequired":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType"},"modifiedUserInteraction":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType"},"modifiedScope":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType"},"modifiedConfidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType"},"modifiedIntegrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType"},"modifiedAvailabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType"},"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType"},"environmentalSeverity":{"$ref":"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType"}},"required":["version","vectorString","baseScore","baseSeverity"],"additionalProperties":false},"cvssV2_0":{"$schema":"http://json-schema.org/draft-04/schema#","type":"object","definitions":{"accessVectorType":{"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL"]},"accessComplexityType":{"type":"string","enum":["HIGH","MEDIUM","LOW"]},"authenticationType":{"type":"string","enum":["MULTIPLE","SINGLE","NONE"]},"ciaType":{"type":"string","enum":["NONE","PARTIAL","COMPLETE"]},"exploitabilityType":{"type":"string","enum":["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED"]},"remediationLevelType":{"type":"string","enum":["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"]},"reportConfidenceType":{"type":"string","enum":["UNCONFIRMED","UNCORROBORATED","CONFIRMED","NOT_DEFINED"]},"collateralDamagePotentialType":{"type":"string","enum":["NONE","LOW","LOW_MEDIUM","MEDIUM_HIGH","HIGH","NOT_DEFINED"]},"targetDistributionType":{"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","NOT_DEFINED"]},"ciaRequirementType":{"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"]},"scoreType":{"type":"number","minimum":0,"maximum":10}},"properties":{"version":{"type":"string","enum":["2.0"]},"vectorString":{"type":"string","pattern":"^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$"},"accessVector":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType"},"accessComplexity":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType"},"authentication":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType"},"confidentialityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType"},"integrityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType"},"availabilityImpact":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType"},"baseScore":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType"},"exploitability":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType"},"remediationLevel":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType"},"reportConfidence":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType"},"temporalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType"},"collateralDamagePotential":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType"},"targetDistribution":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType"},"confidentialityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType"},"integrityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType"},"availabilityRequirement":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType"},"environmentalScore":{"$ref":"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType"}},"required":["version","vectorString","baseScore"],"additionalProperties":false},"other":{"type":"object","required":["type","content"],"properties":{"type":{"type":"string","minLength":1,"maxLength":128},"content":{"type":"object","$comment":"additionalProperties are allowed here, since this construct supports arbitrary JSON.","minProperties":1}},"additionalProperties":false}},"additionalProperties":false}};const schema54 = {"type":"number","minimum":0,"maximum":0};const schema55 = {"const":"NONE"};const schema56 = {"type":"number","minimum":0.1,"maximum":3.9,"multipleOf":0.1};const schema57 = {"const":"LOW"};const schema58 = {"type":"number","minimum":4,"maximum":6.9,"multipleOf":0.1};const schema59 = {"const":"MEDIUM"};const schema60 = {"type":"number","minimum":7,"maximum":8.9,"multipleOf":0.1};const schema61 = {"const":"HIGH"};const schema62 = {"type":"number","minimum":9,"maximum":10,"multipleOf":0.1};const schema63 = {"const":"CRITICAL"};const schema84 = {"type":"number","minimum":0,"maximum":10,"multipleOf":0.1};const schema85 = {"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","CRITICAL"]};const schema86 = {"type":"string","enum":["NETWORK","ADJACENT","LOCAL","PHYSICAL"]};const schema87 = {"type":"string","enum":["HIGH","LOW"]};const schema88 = {"type":"string","enum":["NONE","PRESENT"]};const schema89 = {"type":"string","enum":["HIGH","LOW","NONE"]};const schema90 = {"type":"string","enum":["NONE","PASSIVE","ACTIVE"]};const schema91 = {"type":"string","enum":["NONE","LOW","HIGH"]};const schema94 = {"type":"string","enum":["NONE","LOW","HIGH"]};const schema97 = {"type":"string","enum":["UNREPORTED","PROOF_OF_CONCEPT","ATTACKED","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema98 = {"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema101 = {"type":"string","enum":["NETWORK","ADJACENT","LOCAL","PHYSICAL","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema102 = {"type":"string","enum":["HIGH","LOW","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema103 = {"type":"string","enum":["NONE","PRESENT","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema104 = {"type":"string","enum":["HIGH","LOW","NONE","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema105 = {"type":"string","enum":["NONE","PASSIVE","ACTIVE","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema106 = {"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema109 = {"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema110 = {"type":"string","enum":["NONE","LOW","HIGH","SAFETY","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema112 = {"type":"string","enum":["NEGLIGIBLE","PRESENT","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema113 = {"type":"string","enum":["NO","YES","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema114 = {"type":"string","enum":["AUTOMATIC","USER","IRRECOVERABLE","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema115 = {"type":"string","enum":["DIFFUSE","CONCENTRATED","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema116 = {"type":"string","enum":["LOW","MODERATE","HIGH","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema117 = {"type":"string","enum":["CLEAR","GREEN","AMBER","RED","NOT_DEFINED"],"default":"NOT_DEFINED"};const schema118 = {"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL"]};const schema119 = {"type":"string","enum":["HIGH","LOW"]};const schema120 = {"type":"string","enum":["HIGH","LOW","NONE"]};const schema121 = {"type":"string","enum":["NONE","REQUIRED"]};const schema122 = {"type":"string","enum":["UNCHANGED","CHANGED"]};const schema123 = {"type":"string","enum":["NONE","LOW","HIGH"]};const schema126 = {"type":"number","minimum":0,"maximum":10};const schema127 = {"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","CRITICAL"]};const schema128 = {"type":"string","enum":["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED"]};const schema129 = {"type":"string","enum":["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"]};const schema130 = {"type":"string","enum":["UNKNOWN","REASONABLE","CONFIRMED","NOT_DEFINED"]};const schema133 = {"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"]};const schema136 = {"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL","NOT_DEFINED"]};const schema137 = {"type":"string","enum":["HIGH","LOW","NOT_DEFINED"]};const schema138 = {"type":"string","enum":["HIGH","LOW","NONE","NOT_DEFINED"]};const schema139 = {"type":"string","enum":["NONE","REQUIRED","NOT_DEFINED"]};const schema140 = {"type":"string","enum":["UNCHANGED","CHANGED","NOT_DEFINED"]};const schema141 = {"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"]};const schema146 = {"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL"]};const schema147 = {"type":"string","enum":["HIGH","LOW"]};const schema148 = {"type":"string","enum":["HIGH","LOW","NONE"]};const schema149 = {"type":"string","enum":["NONE","REQUIRED"]};const schema150 = {"type":"string","enum":["UNCHANGED","CHANGED"]};const schema151 = {"type":"string","enum":["NONE","LOW","HIGH"]};const schema154 = {"type":"number","minimum":0,"maximum":10};const schema155 = {"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","CRITICAL"]};const schema156 = {"type":"string","enum":["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED"]};const schema157 = {"type":"string","enum":["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"]};const schema158 = {"type":"string","enum":["UNKNOWN","REASONABLE","CONFIRMED","NOT_DEFINED"]};const schema161 = {"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"]};const schema164 = {"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL","NOT_DEFINED"]};const schema165 = {"type":"string","enum":["HIGH","LOW","NOT_DEFINED"]};const schema166 = {"type":"string","enum":["HIGH","LOW","NONE","NOT_DEFINED"]};const schema167 = {"type":"string","enum":["NONE","REQUIRED","NOT_DEFINED"]};const schema168 = {"type":"string","enum":["UNCHANGED","CHANGED","NOT_DEFINED"]};const schema169 = {"type":"string","enum":["NONE","LOW","HIGH","NOT_DEFINED"]};const schema174 = {"type":"string","enum":["NETWORK","ADJACENT_NETWORK","LOCAL"]};const schema175 = {"type":"string","enum":["HIGH","MEDIUM","LOW"]};const schema176 = {"type":"string","enum":["MULTIPLE","SINGLE","NONE"]};const schema177 = {"type":"string","enum":["NONE","PARTIAL","COMPLETE"]};const schema180 = {"type":"number","minimum":0,"maximum":10};const schema181 = {"type":"string","enum":["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED"]};const schema182 = {"type":"string","enum":["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"]};const schema183 = {"type":"string","enum":["UNCONFIRMED","UNCORROBORATED","CONFIRMED","NOT_DEFINED"]};const schema185 = {"type":"string","enum":["NONE","LOW","LOW_MEDIUM","MEDIUM_HIGH","HIGH","NOT_DEFINED"]};const schema186 = {"type":"string","enum":["NONE","LOW","MEDIUM","HIGH","NOT_DEFINED"]};const schema187 = {"type":"string","enum":["LOW","MEDIUM","HIGH","NOT_DEFINED"]};const pattern20 = new RegExp("^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$", "u");const pattern21 = new RegExp("^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$", "u");const pattern22 = new RegExp("^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$", "u");const pattern23 = new RegExp("^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$", "u");function validate36(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate36.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 64){validate36.errors = [{instancePath:instancePath+"/" + i0+"/format",schemaPath:"#/items/properties/format/maxLength",keyword:"maxLength",params:{limit: 64},message:"must NOT have more than 64 characters"}];return false;}else {if(func6(data1) < 1){validate36.errors = [{instancePath:instancePath+"/" + i0+"/format",schemaPath:"#/items/properties/format/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/format",schemaPath:"#/items/properties/format/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid2 = _errs10 === errors;}else {var valid2 = true;}if(valid2){if(data0.scenarios !== undefined){let data2 = data0.scenarios;const _errs12 = errors;if(errors === _errs12){if(Array.isArray(data2)){if(data2.length < 1){validate36.errors = [{instancePath:instancePath+"/" + i0+"/scenarios",schemaPath:"#/items/properties/scenarios/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid3 = true;const len1 = data2.length;for(let i1=0; i1 4096){validate36.errors = [{instancePath:instancePath+"/" + i0+"/scenarios/" + i1+"/value",schemaPath:"#/items/properties/scenarios/items/properties/value/maxLength",keyword:"maxLength",params:{limit: 4096},message:"must NOT have more than 4096 characters"}];return false;}else {if(func6(data5) < 1){validate36.errors = [{instancePath:instancePath+"/" + i0+"/scenarios/" + i1+"/value",schemaPath:"#/items/properties/scenarios/items/properties/value/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/scenarios/" + i1+"/value",schemaPath:"#/items/properties/scenarios/items/properties/value/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid4 = _errs20 === errors;}else {var valid4 = true;}}}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/scenarios/" + i1,schemaPath:"#/items/properties/scenarios/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid3 = _errs14 === errors;if(!valid3){break;}}if(valid3){let i2 = data2.length;let j0;if(i2 > 1){outer0:for(;i2--;){for(j0 = i2; j0--;){if(func0(data2[i2], data2[j0])){validate36.errors = [{instancePath:instancePath+"/" + i0+"/scenarios",schemaPath:"#/items/properties/scenarios/uniqueItems",keyword:"uniqueItems",params:{i: i2, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i2+" are identical)"}];return false;break outer0;}}}}}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/scenarios",schemaPath:"#/items/properties/scenarios/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid2 = _errs12 === errors;}else {var valid2 = true;}if(valid2){if(data0.cvssV4_0 !== undefined){let data6 = data0.cvssV4_0;const _errs22 = errors;const _errs24 = errors;const _errs25 = errors;let valid8 = false;const _errs26 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.baseScore !== undefined){let data7 = data6.baseScore;const _errs27 = errors;const _errs28 = errors;if(errors === _errs28){if((typeof data7 == "number") && (isFinite(data7))){if(data7 > 0 || isNaN(data7)){const err6 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 0},message:"must be <= 0"};if(vErrors === null){vErrors = [err6];}else {vErrors.push(err6);}errors++;}else {if(data7 < 0 || isNaN(data7)){const err7 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"};if(vErrors === null){vErrors = [err7];}else {vErrors.push(err7);}errors++;}}}else {const err8 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err8];}else {vErrors.push(err8);}errors++;}}var valid9 = _errs27 === errors;}else {var valid9 = true;}if(valid9){if(data6.baseSeverity !== undefined){const _errs30 = errors;if("NONE" !== data6.baseSeverity){const err9 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType/const",keyword:"const",params:{allowedValue: "NONE"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err9];}else {vErrors.push(err9);}errors++;}var valid9 = _errs30 === errors;}else {var valid9 = true;}}}var _valid1 = _errs26 === errors;valid8 = valid8 || _valid1;if(!valid8){const _errs32 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.baseScore !== undefined){let data9 = data6.baseScore;const _errs33 = errors;const _errs34 = errors;if(errors === _errs34){if((typeof data9 == "number") && (isFinite(data9))){if(data9 > 3.9 || isNaN(data9)){const err10 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 3.9},message:"must be <= 3.9"};if(vErrors === null){vErrors = [err10];}else {vErrors.push(err10);}errors++;}else {if(data9 < 0.1 || isNaN(data9)){const err11 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0.1},message:"must be >= 0.1"};if(vErrors === null){vErrors = [err11];}else {vErrors.push(err11);}errors++;}else {let res0;if((0.1 === 0 || (res0 = data9/0.1, res0 !== parseInt(res0)))){const err12 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err12];}else {vErrors.push(err12);}errors++;}}}}else {const err13 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err13];}else {vErrors.push(err13);}errors++;}}var valid12 = _errs33 === errors;}else {var valid12 = true;}if(valid12){if(data6.baseSeverity !== undefined){const _errs36 = errors;if("LOW" !== data6.baseSeverity){const err14 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType/const",keyword:"const",params:{allowedValue: "LOW"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err14];}else {vErrors.push(err14);}errors++;}var valid12 = _errs36 === errors;}else {var valid12 = true;}}}var _valid1 = _errs32 === errors;valid8 = valid8 || _valid1;if(!valid8){const _errs38 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.baseScore !== undefined){let data11 = data6.baseScore;const _errs39 = errors;const _errs40 = errors;if(errors === _errs40){if((typeof data11 == "number") && (isFinite(data11))){if(data11 > 6.9 || isNaN(data11)){const err15 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 6.9},message:"must be <= 6.9"};if(vErrors === null){vErrors = [err15];}else {vErrors.push(err15);}errors++;}else {if(data11 < 4 || isNaN(data11)){const err16 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 4},message:"must be >= 4"};if(vErrors === null){vErrors = [err16];}else {vErrors.push(err16);}errors++;}else {let res1;if((0.1 === 0 || (res1 = data11/0.1, res1 !== parseInt(res1)))){const err17 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err17];}else {vErrors.push(err17);}errors++;}}}}else {const err18 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err18];}else {vErrors.push(err18);}errors++;}}var valid15 = _errs39 === errors;}else {var valid15 = true;}if(valid15){if(data6.baseSeverity !== undefined){const _errs42 = errors;if("MEDIUM" !== data6.baseSeverity){const err19 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType/const",keyword:"const",params:{allowedValue: "MEDIUM"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err19];}else {vErrors.push(err19);}errors++;}var valid15 = _errs42 === errors;}else {var valid15 = true;}}}var _valid1 = _errs38 === errors;valid8 = valid8 || _valid1;if(!valid8){const _errs44 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.baseScore !== undefined){let data13 = data6.baseScore;const _errs45 = errors;const _errs46 = errors;if(errors === _errs46){if((typeof data13 == "number") && (isFinite(data13))){if(data13 > 8.9 || isNaN(data13)){const err20 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 8.9},message:"must be <= 8.9"};if(vErrors === null){vErrors = [err20];}else {vErrors.push(err20);}errors++;}else {if(data13 < 7 || isNaN(data13)){const err21 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 7},message:"must be >= 7"};if(vErrors === null){vErrors = [err21];}else {vErrors.push(err21);}errors++;}else {let res2;if((0.1 === 0 || (res2 = data13/0.1, res2 !== parseInt(res2)))){const err22 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err22];}else {vErrors.push(err22);}errors++;}}}}else {const err23 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err23];}else {vErrors.push(err23);}errors++;}}var valid18 = _errs45 === errors;}else {var valid18 = true;}if(valid18){if(data6.baseSeverity !== undefined){const _errs48 = errors;if("HIGH" !== data6.baseSeverity){const err24 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType/const",keyword:"const",params:{allowedValue: "HIGH"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err24];}else {vErrors.push(err24);}errors++;}var valid18 = _errs48 === errors;}else {var valid18 = true;}}}var _valid1 = _errs44 === errors;valid8 = valid8 || _valid1;if(!valid8){const _errs50 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.baseScore !== undefined){let data15 = data6.baseScore;const _errs51 = errors;const _errs52 = errors;if(errors === _errs52){if((typeof data15 == "number") && (isFinite(data15))){if(data15 > 10 || isNaN(data15)){const err25 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"};if(vErrors === null){vErrors = [err25];}else {vErrors.push(err25);}errors++;}else {if(data15 < 9 || isNaN(data15)){const err26 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 9},message:"must be >= 9"};if(vErrors === null){vErrors = [err26];}else {vErrors.push(err26);}errors++;}else {let res3;if((0.1 === 0 || (res3 = data15/0.1, res3 !== parseInt(res3)))){const err27 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err27];}else {vErrors.push(err27);}errors++;}}}}else {const err28 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err28];}else {vErrors.push(err28);}errors++;}}var valid21 = _errs51 === errors;}else {var valid21 = true;}if(valid21){if(data6.baseSeverity !== undefined){const _errs54 = errors;if("CRITICAL" !== data6.baseSeverity){const err29 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType/const",keyword:"const",params:{allowedValue: "CRITICAL"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err29];}else {vErrors.push(err29);}errors++;}var valid21 = _errs54 === errors;}else {var valid21 = true;}}}var _valid1 = _errs50 === errors;valid8 = valid8 || _valid1;}}}}if(!valid8){const err30 = {instancePath:instancePath+"/" + i0+"/cvssV4_0",schemaPath:"#/items/properties/cvssV4_0/allOf/0/anyOf",keyword:"anyOf",params:{},message:"must match a schema in anyOf"};if(vErrors === null){vErrors = [err30];}else {vErrors.push(err30);}errors++;validate36.errors = vErrors;return false;}else {errors = _errs25;if(vErrors !== null){if(_errs25){vErrors.length = _errs25;}else {vErrors = null;}}}var valid7 = _errs24 === errors;if(valid7){const _errs56 = errors;const _errs57 = errors;let valid24 = false;const _errs58 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.threatScore !== undefined){let data17 = data6.threatScore;const _errs59 = errors;const _errs60 = errors;if(errors === _errs60){if((typeof data17 == "number") && (isFinite(data17))){if(data17 > 0 || isNaN(data17)){const err31 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 0},message:"must be <= 0"};if(vErrors === null){vErrors = [err31];}else {vErrors.push(err31);}errors++;}else {if(data17 < 0 || isNaN(data17)){const err32 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"};if(vErrors === null){vErrors = [err32];}else {vErrors.push(err32);}errors++;}}}else {const err33 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err33];}else {vErrors.push(err33);}errors++;}}var valid25 = _errs59 === errors;}else {var valid25 = true;}if(valid25){if(data6.threatSeverity !== undefined){const _errs62 = errors;if("NONE" !== data6.threatSeverity){const err34 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType/const",keyword:"const",params:{allowedValue: "NONE"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err34];}else {vErrors.push(err34);}errors++;}var valid25 = _errs62 === errors;}else {var valid25 = true;}}}var _valid2 = _errs58 === errors;valid24 = valid24 || _valid2;if(!valid24){const _errs64 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.threatScore !== undefined){let data19 = data6.threatScore;const _errs65 = errors;const _errs66 = errors;if(errors === _errs66){if((typeof data19 == "number") && (isFinite(data19))){if(data19 > 3.9 || isNaN(data19)){const err35 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 3.9},message:"must be <= 3.9"};if(vErrors === null){vErrors = [err35];}else {vErrors.push(err35);}errors++;}else {if(data19 < 0.1 || isNaN(data19)){const err36 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0.1},message:"must be >= 0.1"};if(vErrors === null){vErrors = [err36];}else {vErrors.push(err36);}errors++;}else {let res4;if((0.1 === 0 || (res4 = data19/0.1, res4 !== parseInt(res4)))){const err37 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err37];}else {vErrors.push(err37);}errors++;}}}}else {const err38 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err38];}else {vErrors.push(err38);}errors++;}}var valid28 = _errs65 === errors;}else {var valid28 = true;}if(valid28){if(data6.threatSeverity !== undefined){const _errs68 = errors;if("LOW" !== data6.threatSeverity){const err39 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType/const",keyword:"const",params:{allowedValue: "LOW"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err39];}else {vErrors.push(err39);}errors++;}var valid28 = _errs68 === errors;}else {var valid28 = true;}}}var _valid2 = _errs64 === errors;valid24 = valid24 || _valid2;if(!valid24){const _errs70 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.threatScore !== undefined){let data21 = data6.threatScore;const _errs71 = errors;const _errs72 = errors;if(errors === _errs72){if((typeof data21 == "number") && (isFinite(data21))){if(data21 > 6.9 || isNaN(data21)){const err40 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 6.9},message:"must be <= 6.9"};if(vErrors === null){vErrors = [err40];}else {vErrors.push(err40);}errors++;}else {if(data21 < 4 || isNaN(data21)){const err41 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 4},message:"must be >= 4"};if(vErrors === null){vErrors = [err41];}else {vErrors.push(err41);}errors++;}else {let res5;if((0.1 === 0 || (res5 = data21/0.1, res5 !== parseInt(res5)))){const err42 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err42];}else {vErrors.push(err42);}errors++;}}}}else {const err43 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err43];}else {vErrors.push(err43);}errors++;}}var valid31 = _errs71 === errors;}else {var valid31 = true;}if(valid31){if(data6.threatSeverity !== undefined){const _errs74 = errors;if("MEDIUM" !== data6.threatSeverity){const err44 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType/const",keyword:"const",params:{allowedValue: "MEDIUM"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err44];}else {vErrors.push(err44);}errors++;}var valid31 = _errs74 === errors;}else {var valid31 = true;}}}var _valid2 = _errs70 === errors;valid24 = valid24 || _valid2;if(!valid24){const _errs76 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.threatScore !== undefined){let data23 = data6.threatScore;const _errs77 = errors;const _errs78 = errors;if(errors === _errs78){if((typeof data23 == "number") && (isFinite(data23))){if(data23 > 8.9 || isNaN(data23)){const err45 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 8.9},message:"must be <= 8.9"};if(vErrors === null){vErrors = [err45];}else {vErrors.push(err45);}errors++;}else {if(data23 < 7 || isNaN(data23)){const err46 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 7},message:"must be >= 7"};if(vErrors === null){vErrors = [err46];}else {vErrors.push(err46);}errors++;}else {let res6;if((0.1 === 0 || (res6 = data23/0.1, res6 !== parseInt(res6)))){const err47 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err47];}else {vErrors.push(err47);}errors++;}}}}else {const err48 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err48];}else {vErrors.push(err48);}errors++;}}var valid34 = _errs77 === errors;}else {var valid34 = true;}if(valid34){if(data6.threatSeverity !== undefined){const _errs80 = errors;if("HIGH" !== data6.threatSeverity){const err49 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType/const",keyword:"const",params:{allowedValue: "HIGH"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err49];}else {vErrors.push(err49);}errors++;}var valid34 = _errs80 === errors;}else {var valid34 = true;}}}var _valid2 = _errs76 === errors;valid24 = valid24 || _valid2;if(!valid24){const _errs82 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.threatScore !== undefined){let data25 = data6.threatScore;const _errs83 = errors;const _errs84 = errors;if(errors === _errs84){if((typeof data25 == "number") && (isFinite(data25))){if(data25 > 10 || isNaN(data25)){const err50 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"};if(vErrors === null){vErrors = [err50];}else {vErrors.push(err50);}errors++;}else {if(data25 < 9 || isNaN(data25)){const err51 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 9},message:"must be >= 9"};if(vErrors === null){vErrors = [err51];}else {vErrors.push(err51);}errors++;}else {let res7;if((0.1 === 0 || (res7 = data25/0.1, res7 !== parseInt(res7)))){const err52 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err52];}else {vErrors.push(err52);}errors++;}}}}else {const err53 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err53];}else {vErrors.push(err53);}errors++;}}var valid37 = _errs83 === errors;}else {var valid37 = true;}if(valid37){if(data6.threatSeverity !== undefined){const _errs86 = errors;if("CRITICAL" !== data6.threatSeverity){const err54 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/threatSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType/const",keyword:"const",params:{allowedValue: "CRITICAL"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err54];}else {vErrors.push(err54);}errors++;}var valid37 = _errs86 === errors;}else {var valid37 = true;}}}var _valid2 = _errs82 === errors;valid24 = valid24 || _valid2;}}}}if(!valid24){const err55 = {instancePath:instancePath+"/" + i0+"/cvssV4_0",schemaPath:"#/items/properties/cvssV4_0/allOf/1/anyOf",keyword:"anyOf",params:{},message:"must match a schema in anyOf"};if(vErrors === null){vErrors = [err55];}else {vErrors.push(err55);}errors++;validate36.errors = vErrors;return false;}else {errors = _errs57;if(vErrors !== null){if(_errs57){vErrors.length = _errs57;}else {vErrors = null;}}}var valid7 = _errs56 === errors;if(valid7){const _errs88 = errors;const _errs89 = errors;let valid40 = false;const _errs90 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.environmentalScore !== undefined){let data27 = data6.environmentalScore;const _errs91 = errors;const _errs92 = errors;if(errors === _errs92){if((typeof data27 == "number") && (isFinite(data27))){if(data27 > 0 || isNaN(data27)){const err56 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 0},message:"must be <= 0"};if(vErrors === null){vErrors = [err56];}else {vErrors.push(err56);}errors++;}else {if(data27 < 0 || isNaN(data27)){const err57 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"};if(vErrors === null){vErrors = [err57];}else {vErrors.push(err57);}errors++;}}}else {const err58 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err58];}else {vErrors.push(err58);}errors++;}}var valid41 = _errs91 === errors;}else {var valid41 = true;}if(valid41){if(data6.environmentalSeverity !== undefined){const _errs94 = errors;if("NONE" !== data6.environmentalSeverity){const err59 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType/const",keyword:"const",params:{allowedValue: "NONE"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err59];}else {vErrors.push(err59);}errors++;}var valid41 = _errs94 === errors;}else {var valid41 = true;}}}var _valid3 = _errs90 === errors;valid40 = valid40 || _valid3;if(!valid40){const _errs96 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.environmentalScore !== undefined){let data29 = data6.environmentalScore;const _errs97 = errors;const _errs98 = errors;if(errors === _errs98){if((typeof data29 == "number") && (isFinite(data29))){if(data29 > 3.9 || isNaN(data29)){const err60 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 3.9},message:"must be <= 3.9"};if(vErrors === null){vErrors = [err60];}else {vErrors.push(err60);}errors++;}else {if(data29 < 0.1 || isNaN(data29)){const err61 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0.1},message:"must be >= 0.1"};if(vErrors === null){vErrors = [err61];}else {vErrors.push(err61);}errors++;}else {let res8;if((0.1 === 0 || (res8 = data29/0.1, res8 !== parseInt(res8)))){const err62 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err62];}else {vErrors.push(err62);}errors++;}}}}else {const err63 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err63];}else {vErrors.push(err63);}errors++;}}var valid44 = _errs97 === errors;}else {var valid44 = true;}if(valid44){if(data6.environmentalSeverity !== undefined){const _errs100 = errors;if("LOW" !== data6.environmentalSeverity){const err64 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/lowSeverityType/const",keyword:"const",params:{allowedValue: "LOW"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err64];}else {vErrors.push(err64);}errors++;}var valid44 = _errs100 === errors;}else {var valid44 = true;}}}var _valid3 = _errs96 === errors;valid40 = valid40 || _valid3;if(!valid40){const _errs102 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.environmentalScore !== undefined){let data31 = data6.environmentalScore;const _errs103 = errors;const _errs104 = errors;if(errors === _errs104){if((typeof data31 == "number") && (isFinite(data31))){if(data31 > 6.9 || isNaN(data31)){const err65 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 6.9},message:"must be <= 6.9"};if(vErrors === null){vErrors = [err65];}else {vErrors.push(err65);}errors++;}else {if(data31 < 4 || isNaN(data31)){const err66 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 4},message:"must be >= 4"};if(vErrors === null){vErrors = [err66];}else {vErrors.push(err66);}errors++;}else {let res9;if((0.1 === 0 || (res9 = data31/0.1, res9 !== parseInt(res9)))){const err67 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err67];}else {vErrors.push(err67);}errors++;}}}}else {const err68 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err68];}else {vErrors.push(err68);}errors++;}}var valid47 = _errs103 === errors;}else {var valid47 = true;}if(valid47){if(data6.environmentalSeverity !== undefined){const _errs106 = errors;if("MEDIUM" !== data6.environmentalSeverity){const err69 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/mediumSeverityType/const",keyword:"const",params:{allowedValue: "MEDIUM"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err69];}else {vErrors.push(err69);}errors++;}var valid47 = _errs106 === errors;}else {var valid47 = true;}}}var _valid3 = _errs102 === errors;valid40 = valid40 || _valid3;if(!valid40){const _errs108 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.environmentalScore !== undefined){let data33 = data6.environmentalScore;const _errs109 = errors;const _errs110 = errors;if(errors === _errs110){if((typeof data33 == "number") && (isFinite(data33))){if(data33 > 8.9 || isNaN(data33)){const err70 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 8.9},message:"must be <= 8.9"};if(vErrors === null){vErrors = [err70];}else {vErrors.push(err70);}errors++;}else {if(data33 < 7 || isNaN(data33)){const err71 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 7},message:"must be >= 7"};if(vErrors === null){vErrors = [err71];}else {vErrors.push(err71);}errors++;}else {let res10;if((0.1 === 0 || (res10 = data33/0.1, res10 !== parseInt(res10)))){const err72 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err72];}else {vErrors.push(err72);}errors++;}}}}else {const err73 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err73];}else {vErrors.push(err73);}errors++;}}var valid50 = _errs109 === errors;}else {var valid50 = true;}if(valid50){if(data6.environmentalSeverity !== undefined){const _errs112 = errors;if("HIGH" !== data6.environmentalSeverity){const err74 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/highSeverityType/const",keyword:"const",params:{allowedValue: "HIGH"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err74];}else {vErrors.push(err74);}errors++;}var valid50 = _errs112 === errors;}else {var valid50 = true;}}}var _valid3 = _errs108 === errors;valid40 = valid40 || _valid3;if(!valid40){const _errs114 = errors;if(data6 && typeof data6 == "object" && !Array.isArray(data6)){if(data6.environmentalScore !== undefined){let data35 = data6.environmentalScore;const _errs115 = errors;const _errs116 = errors;if(errors === _errs116){if((typeof data35 == "number") && (isFinite(data35))){if(data35 > 10 || isNaN(data35)){const err75 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"};if(vErrors === null){vErrors = [err75];}else {vErrors.push(err75);}errors++;}else {if(data35 < 9 || isNaN(data35)){const err76 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 9},message:"must be >= 9"};if(vErrors === null){vErrors = [err76];}else {vErrors.push(err76);}errors++;}else {let res11;if((0.1 === 0 || (res11 = data35/0.1, res11 !== parseInt(res11)))){const err77 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"};if(vErrors === null){vErrors = [err77];}else {vErrors.push(err77);}errors++;}}}}else {const err78 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalScoreType/type",keyword:"type",params:{type: "number"},message:"must be number"};if(vErrors === null){vErrors = [err78];}else {vErrors.push(err78);}errors++;}}var valid53 = _errs115 === errors;}else {var valid53 = true;}if(valid53){if(data6.environmentalSeverity !== undefined){const _errs118 = errors;if("CRITICAL" !== data6.environmentalSeverity){const err79 = {instancePath:instancePath+"/" + i0+"/cvssV4_0/environmentalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/criticalSeverityType/const",keyword:"const",params:{allowedValue: "CRITICAL"},message:"must be equal to constant"};if(vErrors === null){vErrors = [err79];}else {vErrors.push(err79);}errors++;}var valid53 = _errs118 === errors;}else {var valid53 = true;}}}var _valid3 = _errs114 === errors;valid40 = valid40 || _valid3;}}}}if(!valid40){const err80 = {instancePath:instancePath+"/" + i0+"/cvssV4_0",schemaPath:"#/items/properties/cvssV4_0/allOf/2/anyOf",keyword:"anyOf",params:{},message:"must match a schema in anyOf"};if(vErrors === null){vErrors = [err80];}else {vErrors.push(err80);}errors++;validate36.errors = vErrors;return false;}else {errors = _errs89;if(vErrors !== null){if(_errs89){vErrors.length = _errs89;}else {vErrors = null;}}}var valid7 = _errs88 === errors;}}if(errors === _errs22){if(data6 && typeof data6 == "object" && !Array.isArray(data6)){let missing6;if(((((data6.version === undefined) && (missing6 = "version")) || ((data6.vectorString === undefined) && (missing6 = "vectorString"))) || ((data6.baseScore === undefined) && (missing6 = "baseScore"))) || ((data6.baseSeverity === undefined) && (missing6 = "baseSeverity"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0",schemaPath:"#/items/properties/cvssV4_0/required",keyword:"required",params:{missingProperty: missing6},message:"must have required property '"+missing6+"'"}];return false;}else {const _errs120 = errors;for(const key2 in data6){if(!(func5.call(schema52.items.properties.cvssV4_0.properties, key2))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0",schemaPath:"#/items/properties/cvssV4_0/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key2},message:"must NOT have additional properties"}];return false;break;}}if(_errs120 === errors){if(data6.version !== undefined){let data37 = data6.version;const _errs121 = errors;if(typeof data37 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/version",schemaPath:"#/items/properties/cvssV4_0/properties/version/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(data37 === "4.0")){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/version",schemaPath:"#/items/properties/cvssV4_0/properties/version/enum",keyword:"enum",params:{allowedValues: schema52.items.properties.cvssV4_0.properties.version.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs121 === errors;}else {var valid56 = true;}if(valid56){if(data6.vectorString !== undefined){let data38 = data6.vectorString;const _errs123 = errors;if(errors === _errs123){if(typeof data38 === "string"){if(!pattern20.test(data38)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/vectorString",schemaPath:"#/items/properties/cvssV4_0/properties/vectorString/pattern",keyword:"pattern",params:{pattern: "^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$"},message:"must match pattern \""+"^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$"+"\""}];return false;}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/vectorString",schemaPath:"#/items/properties/cvssV4_0/properties/vectorString/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid56 = _errs123 === errors;}else {var valid56 = true;}if(valid56){if(data6.baseScore !== undefined){let data39 = data6.baseScore;const _errs125 = errors;const _errs126 = errors;if(errors === _errs126){if((typeof data39 == "number") && (isFinite(data39))){if(data39 > 10 || isNaN(data39)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"}];return false;}else {if(data39 < 0 || isNaN(data39)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"}];return false;}else {let res12;if((0.1 === 0 || (res12 = data39/0.1, res12 !== parseInt(res12)))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType/multipleOf",keyword:"multipleOf",params:{multipleOf: 0.1},message:"must be multiple of 0.1"}];return false;}}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType/type",keyword:"type",params:{type: "number"},message:"must be number"}];return false;}}var valid56 = _errs125 === errors;}else {var valid56 = true;}if(valid56){if(data6.baseSeverity !== undefined){let data40 = data6.baseSeverity;const _errs128 = errors;if(typeof data40 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data40 === "NONE") || (data40 === "LOW")) || (data40 === "MEDIUM")) || (data40 === "HIGH")) || (data40 === "CRITICAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType/enum",keyword:"enum",params:{allowedValues: schema85.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs128 === errors;}else {var valid56 = true;}if(valid56){if(data6.attackVector !== undefined){let data41 = data6.attackVector;const _errs131 = errors;if(typeof data41 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/attackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data41 === "NETWORK") || (data41 === "ADJACENT")) || (data41 === "LOCAL")) || (data41 === "PHYSICAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/attackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType/enum",keyword:"enum",params:{allowedValues: schema86.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs131 === errors;}else {var valid56 = true;}if(valid56){if(data6.attackComplexity !== undefined){let data42 = data6.attackComplexity;const _errs134 = errors;if(typeof data42 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/attackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((data42 === "HIGH") || (data42 === "LOW"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/attackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType/enum",keyword:"enum",params:{allowedValues: schema87.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs134 === errors;}else {var valid56 = true;}if(valid56){if(data6.attackRequirements !== undefined){let data43 = data6.attackRequirements;const _errs137 = errors;if(typeof data43 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/attackRequirements",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((data43 === "NONE") || (data43 === "PRESENT"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/attackRequirements",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType/enum",keyword:"enum",params:{allowedValues: schema88.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs137 === errors;}else {var valid56 = true;}if(valid56){if(data6.privilegesRequired !== undefined){let data44 = data6.privilegesRequired;const _errs140 = errors;if(typeof data44 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/privilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data44 === "HIGH") || (data44 === "LOW")) || (data44 === "NONE"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/privilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType/enum",keyword:"enum",params:{allowedValues: schema89.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs140 === errors;}else {var valid56 = true;}if(valid56){if(data6.userInteraction !== undefined){let data45 = data6.userInteraction;const _errs143 = errors;if(typeof data45 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/userInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data45 === "NONE") || (data45 === "PASSIVE")) || (data45 === "ACTIVE"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/userInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType/enum",keyword:"enum",params:{allowedValues: schema90.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs143 === errors;}else {var valid56 = true;}if(valid56){if(data6.vulnConfidentialityImpact !== undefined){let data46 = data6.vulnConfidentialityImpact;const _errs146 = errors;if(typeof data46 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/vulnConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data46 === "NONE") || (data46 === "LOW")) || (data46 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/vulnConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType/enum",keyword:"enum",params:{allowedValues: schema91.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs146 === errors;}else {var valid56 = true;}if(valid56){if(data6.vulnIntegrityImpact !== undefined){let data47 = data6.vulnIntegrityImpact;const _errs149 = errors;if(typeof data47 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/vulnIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data47 === "NONE") || (data47 === "LOW")) || (data47 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/vulnIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType/enum",keyword:"enum",params:{allowedValues: schema91.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs149 === errors;}else {var valid56 = true;}if(valid56){if(data6.vulnAvailabilityImpact !== undefined){let data48 = data6.vulnAvailabilityImpact;const _errs152 = errors;if(typeof data48 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/vulnAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data48 === "NONE") || (data48 === "LOW")) || (data48 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/vulnAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType/enum",keyword:"enum",params:{allowedValues: schema91.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs152 === errors;}else {var valid56 = true;}if(valid56){if(data6.subConfidentialityImpact !== undefined){let data49 = data6.subConfidentialityImpact;const _errs155 = errors;if(typeof data49 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/subConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data49 === "NONE") || (data49 === "LOW")) || (data49 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/subConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType/enum",keyword:"enum",params:{allowedValues: schema94.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs155 === errors;}else {var valid56 = true;}if(valid56){if(data6.subIntegrityImpact !== undefined){let data50 = data6.subIntegrityImpact;const _errs158 = errors;if(typeof data50 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/subIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data50 === "NONE") || (data50 === "LOW")) || (data50 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/subIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType/enum",keyword:"enum",params:{allowedValues: schema94.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs158 === errors;}else {var valid56 = true;}if(valid56){if(data6.subAvailabilityImpact !== undefined){let data51 = data6.subAvailabilityImpact;const _errs161 = errors;if(typeof data51 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/subAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data51 === "NONE") || (data51 === "LOW")) || (data51 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/subAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType/enum",keyword:"enum",params:{allowedValues: schema94.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs161 === errors;}else {var valid56 = true;}if(valid56){if(data6.exploitMaturity !== undefined){let data52 = data6.exploitMaturity;const _errs164 = errors;if(typeof data52 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/exploitMaturity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data52 === "UNREPORTED") || (data52 === "PROOF_OF_CONCEPT")) || (data52 === "ATTACKED")) || (data52 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/exploitMaturity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType/enum",keyword:"enum",params:{allowedValues: schema97.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs164 === errors;}else {var valid56 = true;}if(valid56){if(data6.confidentialityRequirement !== undefined){let data53 = data6.confidentialityRequirement;const _errs167 = errors;if(typeof data53 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/confidentialityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data53 === "LOW") || (data53 === "MEDIUM")) || (data53 === "HIGH")) || (data53 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/confidentialityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema98.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs167 === errors;}else {var valid56 = true;}if(valid56){if(data6.integrityRequirement !== undefined){let data54 = data6.integrityRequirement;const _errs170 = errors;if(typeof data54 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/integrityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data54 === "LOW") || (data54 === "MEDIUM")) || (data54 === "HIGH")) || (data54 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/integrityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema98.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs170 === errors;}else {var valid56 = true;}if(valid56){if(data6.availabilityRequirement !== undefined){let data55 = data6.availabilityRequirement;const _errs173 = errors;if(typeof data55 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/availabilityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data55 === "LOW") || (data55 === "MEDIUM")) || (data55 === "HIGH")) || (data55 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/availabilityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema98.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs173 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedAttackVector !== undefined){let data56 = data6.modifiedAttackVector;const _errs176 = errors;if(typeof data56 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedAttackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data56 === "NETWORK") || (data56 === "ADJACENT")) || (data56 === "LOCAL")) || (data56 === "PHYSICAL")) || (data56 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedAttackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType/enum",keyword:"enum",params:{allowedValues: schema101.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs176 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedAttackComplexity !== undefined){let data57 = data6.modifiedAttackComplexity;const _errs179 = errors;if(typeof data57 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedAttackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data57 === "HIGH") || (data57 === "LOW")) || (data57 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedAttackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType/enum",keyword:"enum",params:{allowedValues: schema102.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs179 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedAttackRequirements !== undefined){let data58 = data6.modifiedAttackRequirements;const _errs182 = errors;if(typeof data58 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedAttackRequirements",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data58 === "NONE") || (data58 === "PRESENT")) || (data58 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedAttackRequirements",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType/enum",keyword:"enum",params:{allowedValues: schema103.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs182 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedPrivilegesRequired !== undefined){let data59 = data6.modifiedPrivilegesRequired;const _errs185 = errors;if(typeof data59 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedPrivilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data59 === "HIGH") || (data59 === "LOW")) || (data59 === "NONE")) || (data59 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedPrivilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType/enum",keyword:"enum",params:{allowedValues: schema104.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs185 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedUserInteraction !== undefined){let data60 = data6.modifiedUserInteraction;const _errs188 = errors;if(typeof data60 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedUserInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data60 === "NONE") || (data60 === "PASSIVE")) || (data60 === "ACTIVE")) || (data60 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedUserInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType/enum",keyword:"enum",params:{allowedValues: schema105.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs188 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedVulnConfidentialityImpact !== undefined){let data61 = data6.modifiedVulnConfidentialityImpact;const _errs191 = errors;if(typeof data61 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedVulnConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data61 === "NONE") || (data61 === "LOW")) || (data61 === "HIGH")) || (data61 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedVulnConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType/enum",keyword:"enum",params:{allowedValues: schema106.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs191 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedVulnIntegrityImpact !== undefined){let data62 = data6.modifiedVulnIntegrityImpact;const _errs194 = errors;if(typeof data62 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedVulnIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data62 === "NONE") || (data62 === "LOW")) || (data62 === "HIGH")) || (data62 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedVulnIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType/enum",keyword:"enum",params:{allowedValues: schema106.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs194 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedVulnAvailabilityImpact !== undefined){let data63 = data6.modifiedVulnAvailabilityImpact;const _errs197 = errors;if(typeof data63 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedVulnAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data63 === "NONE") || (data63 === "LOW")) || (data63 === "HIGH")) || (data63 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedVulnAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType/enum",keyword:"enum",params:{allowedValues: schema106.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs197 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedSubConfidentialityImpact !== undefined){let data64 = data6.modifiedSubConfidentialityImpact;const _errs200 = errors;if(typeof data64 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedSubConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data64 === "NONE") || (data64 === "LOW")) || (data64 === "HIGH")) || (data64 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedSubConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType/enum",keyword:"enum",params:{allowedValues: schema109.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs200 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedSubIntegrityImpact !== undefined){let data65 = data6.modifiedSubIntegrityImpact;const _errs203 = errors;if(typeof data65 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedSubIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data65 === "NONE") || (data65 === "LOW")) || (data65 === "HIGH")) || (data65 === "SAFETY")) || (data65 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedSubIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType/enum",keyword:"enum",params:{allowedValues: schema110.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs203 === errors;}else {var valid56 = true;}if(valid56){if(data6.modifiedSubAvailabilityImpact !== undefined){let data66 = data6.modifiedSubAvailabilityImpact;const _errs206 = errors;if(typeof data66 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedSubAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data66 === "NONE") || (data66 === "LOW")) || (data66 === "HIGH")) || (data66 === "SAFETY")) || (data66 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/modifiedSubAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType/enum",keyword:"enum",params:{allowedValues: schema110.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs206 === errors;}else {var valid56 = true;}if(valid56){if(data6.Safety !== undefined){let data67 = data6.Safety;const _errs209 = errors;if(typeof data67 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/Safety",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data67 === "NEGLIGIBLE") || (data67 === "PRESENT")) || (data67 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/Safety",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType/enum",keyword:"enum",params:{allowedValues: schema112.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs209 === errors;}else {var valid56 = true;}if(valid56){if(data6.Automatable !== undefined){let data68 = data6.Automatable;const _errs212 = errors;if(typeof data68 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/Automatable",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data68 === "NO") || (data68 === "YES")) || (data68 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/Automatable",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType/enum",keyword:"enum",params:{allowedValues: schema113.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs212 === errors;}else {var valid56 = true;}if(valid56){if(data6.Recovery !== undefined){let data69 = data6.Recovery;const _errs215 = errors;if(typeof data69 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/Recovery",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data69 === "AUTOMATIC") || (data69 === "USER")) || (data69 === "IRRECOVERABLE")) || (data69 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/Recovery",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType/enum",keyword:"enum",params:{allowedValues: schema114.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs215 === errors;}else {var valid56 = true;}if(valid56){if(data6.valueDensity !== undefined){let data70 = data6.valueDensity;const _errs218 = errors;if(typeof data70 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/valueDensity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data70 === "DIFFUSE") || (data70 === "CONCENTRATED")) || (data70 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/valueDensity",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType/enum",keyword:"enum",params:{allowedValues: schema115.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs218 === errors;}else {var valid56 = true;}if(valid56){if(data6.vulnerabilityResponseEffort !== undefined){let data71 = data6.vulnerabilityResponseEffort;const _errs221 = errors;if(typeof data71 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/vulnerabilityResponseEffort",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data71 === "LOW") || (data71 === "MODERATE")) || (data71 === "HIGH")) || (data71 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/vulnerabilityResponseEffort",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType/enum",keyword:"enum",params:{allowedValues: schema116.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs221 === errors;}else {var valid56 = true;}if(valid56){if(data6.providerUrgency !== undefined){let data72 = data6.providerUrgency;const _errs224 = errors;if(typeof data72 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/providerUrgency",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data72 === "CLEAR") || (data72 === "GREEN")) || (data72 === "AMBER")) || (data72 === "RED")) || (data72 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0/providerUrgency",schemaPath:"#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType/enum",keyword:"enum",params:{allowedValues: schema117.enum},message:"must be equal to one of the allowed values"}];return false;}var valid56 = _errs224 === errors;}else {var valid56 = true;}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV4_0",schemaPath:"#/items/properties/cvssV4_0/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid2 = _errs22 === errors;}else {var valid2 = true;}if(valid2){if(data0.cvssV3_1 !== undefined){let data73 = data0.cvssV3_1;const _errs227 = errors;if(errors === _errs227){if(data73 && typeof data73 == "object" && !Array.isArray(data73)){let missing7;if(((((data73.version === undefined) && (missing7 = "version")) || ((data73.vectorString === undefined) && (missing7 = "vectorString"))) || ((data73.baseScore === undefined) && (missing7 = "baseScore"))) || ((data73.baseSeverity === undefined) && (missing7 = "baseSeverity"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1",schemaPath:"#/items/properties/cvssV3_1/required",keyword:"required",params:{missingProperty: missing7},message:"must have required property '"+missing7+"'"}];return false;}else {const _errs229 = errors;for(const key3 in data73){if(!(func5.call(schema52.items.properties.cvssV3_1.properties, key3))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1",schemaPath:"#/items/properties/cvssV3_1/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key3},message:"must NOT have additional properties"}];return false;break;}}if(_errs229 === errors){if(data73.version !== undefined){let data74 = data73.version;const _errs230 = errors;if(typeof data74 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/version",schemaPath:"#/items/properties/cvssV3_1/properties/version/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(data74 === "3.1")){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/version",schemaPath:"#/items/properties/cvssV3_1/properties/version/enum",keyword:"enum",params:{allowedValues: schema52.items.properties.cvssV3_1.properties.version.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs230 === errors;}else {var valid91 = true;}if(valid91){if(data73.vectorString !== undefined){let data75 = data73.vectorString;const _errs232 = errors;if(errors === _errs232){if(typeof data75 === "string"){if(!pattern21.test(data75)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/vectorString",schemaPath:"#/items/properties/cvssV3_1/properties/vectorString/pattern",keyword:"pattern",params:{pattern: "^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"},message:"must match pattern \""+"^CVSS:3[.]1/((AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[NLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"+"\""}];return false;}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/vectorString",schemaPath:"#/items/properties/cvssV3_1/properties/vectorString/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid91 = _errs232 === errors;}else {var valid91 = true;}if(valid91){if(data73.attackVector !== undefined){let data76 = data73.attackVector;const _errs234 = errors;if(typeof data76 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/attackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data76 === "NETWORK") || (data76 === "ADJACENT_NETWORK")) || (data76 === "LOCAL")) || (data76 === "PHYSICAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/attackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType/enum",keyword:"enum",params:{allowedValues: schema118.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs234 === errors;}else {var valid91 = true;}if(valid91){if(data73.attackComplexity !== undefined){let data77 = data73.attackComplexity;const _errs237 = errors;if(typeof data77 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/attackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((data77 === "HIGH") || (data77 === "LOW"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/attackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType/enum",keyword:"enum",params:{allowedValues: schema119.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs237 === errors;}else {var valid91 = true;}if(valid91){if(data73.privilegesRequired !== undefined){let data78 = data73.privilegesRequired;const _errs240 = errors;if(typeof data78 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/privilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data78 === "HIGH") || (data78 === "LOW")) || (data78 === "NONE"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/privilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType/enum",keyword:"enum",params:{allowedValues: schema120.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs240 === errors;}else {var valid91 = true;}if(valid91){if(data73.userInteraction !== undefined){let data79 = data73.userInteraction;const _errs243 = errors;if(typeof data79 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/userInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((data79 === "NONE") || (data79 === "REQUIRED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/userInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType/enum",keyword:"enum",params:{allowedValues: schema121.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs243 === errors;}else {var valid91 = true;}if(valid91){if(data73.scope !== undefined){let data80 = data73.scope;const _errs246 = errors;if(typeof data80 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/scope",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((data80 === "UNCHANGED") || (data80 === "CHANGED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/scope",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType/enum",keyword:"enum",params:{allowedValues: schema122.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs246 === errors;}else {var valid91 = true;}if(valid91){if(data73.confidentialityImpact !== undefined){let data81 = data73.confidentialityImpact;const _errs249 = errors;if(typeof data81 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/confidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data81 === "NONE") || (data81 === "LOW")) || (data81 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/confidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType/enum",keyword:"enum",params:{allowedValues: schema123.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs249 === errors;}else {var valid91 = true;}if(valid91){if(data73.integrityImpact !== undefined){let data82 = data73.integrityImpact;const _errs252 = errors;if(typeof data82 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/integrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data82 === "NONE") || (data82 === "LOW")) || (data82 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/integrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType/enum",keyword:"enum",params:{allowedValues: schema123.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs252 === errors;}else {var valid91 = true;}if(valid91){if(data73.availabilityImpact !== undefined){let data83 = data73.availabilityImpact;const _errs255 = errors;if(typeof data83 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/availabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data83 === "NONE") || (data83 === "LOW")) || (data83 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/availabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType/enum",keyword:"enum",params:{allowedValues: schema123.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs255 === errors;}else {var valid91 = true;}if(valid91){if(data73.baseScore !== undefined){let data84 = data73.baseScore;const _errs258 = errors;const _errs259 = errors;if(errors === _errs259){if((typeof data84 == "number") && (isFinite(data84))){if(data84 > 10 || isNaN(data84)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"}];return false;}else {if(data84 < 0 || isNaN(data84)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType/type",keyword:"type",params:{type: "number"},message:"must be number"}];return false;}}var valid91 = _errs258 === errors;}else {var valid91 = true;}if(valid91){if(data73.baseSeverity !== undefined){let data85 = data73.baseSeverity;const _errs261 = errors;if(typeof data85 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data85 === "NONE") || (data85 === "LOW")) || (data85 === "MEDIUM")) || (data85 === "HIGH")) || (data85 === "CRITICAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType/enum",keyword:"enum",params:{allowedValues: schema127.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs261 === errors;}else {var valid91 = true;}if(valid91){if(data73.exploitCodeMaturity !== undefined){let data86 = data73.exploitCodeMaturity;const _errs264 = errors;if(typeof data86 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/exploitCodeMaturity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data86 === "UNPROVEN") || (data86 === "PROOF_OF_CONCEPT")) || (data86 === "FUNCTIONAL")) || (data86 === "HIGH")) || (data86 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/exploitCodeMaturity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType/enum",keyword:"enum",params:{allowedValues: schema128.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs264 === errors;}else {var valid91 = true;}if(valid91){if(data73.remediationLevel !== undefined){let data87 = data73.remediationLevel;const _errs267 = errors;if(typeof data87 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/remediationLevel",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data87 === "OFFICIAL_FIX") || (data87 === "TEMPORARY_FIX")) || (data87 === "WORKAROUND")) || (data87 === "UNAVAILABLE")) || (data87 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/remediationLevel",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType/enum",keyword:"enum",params:{allowedValues: schema129.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs267 === errors;}else {var valid91 = true;}if(valid91){if(data73.reportConfidence !== undefined){let data88 = data73.reportConfidence;const _errs270 = errors;if(typeof data88 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/reportConfidence",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data88 === "UNKNOWN") || (data88 === "REASONABLE")) || (data88 === "CONFIRMED")) || (data88 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/reportConfidence",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType/enum",keyword:"enum",params:{allowedValues: schema130.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs270 === errors;}else {var valid91 = true;}if(valid91){if(data73.temporalScore !== undefined){let data89 = data73.temporalScore;const _errs273 = errors;const _errs274 = errors;if(errors === _errs274){if((typeof data89 == "number") && (isFinite(data89))){if(data89 > 10 || isNaN(data89)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/temporalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"}];return false;}else {if(data89 < 0 || isNaN(data89)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/temporalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/temporalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType/type",keyword:"type",params:{type: "number"},message:"must be number"}];return false;}}var valid91 = _errs273 === errors;}else {var valid91 = true;}if(valid91){if(data73.temporalSeverity !== undefined){let data90 = data73.temporalSeverity;const _errs276 = errors;if(typeof data90 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/temporalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data90 === "NONE") || (data90 === "LOW")) || (data90 === "MEDIUM")) || (data90 === "HIGH")) || (data90 === "CRITICAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/temporalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType/enum",keyword:"enum",params:{allowedValues: schema127.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs276 === errors;}else {var valid91 = true;}if(valid91){if(data73.confidentialityRequirement !== undefined){let data91 = data73.confidentialityRequirement;const _errs279 = errors;if(typeof data91 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/confidentialityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data91 === "LOW") || (data91 === "MEDIUM")) || (data91 === "HIGH")) || (data91 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/confidentialityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema133.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs279 === errors;}else {var valid91 = true;}if(valid91){if(data73.integrityRequirement !== undefined){let data92 = data73.integrityRequirement;const _errs282 = errors;if(typeof data92 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/integrityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data92 === "LOW") || (data92 === "MEDIUM")) || (data92 === "HIGH")) || (data92 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/integrityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema133.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs282 === errors;}else {var valid91 = true;}if(valid91){if(data73.availabilityRequirement !== undefined){let data93 = data73.availabilityRequirement;const _errs285 = errors;if(typeof data93 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/availabilityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data93 === "LOW") || (data93 === "MEDIUM")) || (data93 === "HIGH")) || (data93 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/availabilityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema133.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs285 === errors;}else {var valid91 = true;}if(valid91){if(data73.modifiedAttackVector !== undefined){let data94 = data73.modifiedAttackVector;const _errs288 = errors;if(typeof data94 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedAttackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data94 === "NETWORK") || (data94 === "ADJACENT_NETWORK")) || (data94 === "LOCAL")) || (data94 === "PHYSICAL")) || (data94 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedAttackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType/enum",keyword:"enum",params:{allowedValues: schema136.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs288 === errors;}else {var valid91 = true;}if(valid91){if(data73.modifiedAttackComplexity !== undefined){let data95 = data73.modifiedAttackComplexity;const _errs291 = errors;if(typeof data95 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedAttackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data95 === "HIGH") || (data95 === "LOW")) || (data95 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedAttackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType/enum",keyword:"enum",params:{allowedValues: schema137.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs291 === errors;}else {var valid91 = true;}if(valid91){if(data73.modifiedPrivilegesRequired !== undefined){let data96 = data73.modifiedPrivilegesRequired;const _errs294 = errors;if(typeof data96 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedPrivilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data96 === "HIGH") || (data96 === "LOW")) || (data96 === "NONE")) || (data96 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedPrivilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType/enum",keyword:"enum",params:{allowedValues: schema138.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs294 === errors;}else {var valid91 = true;}if(valid91){if(data73.modifiedUserInteraction !== undefined){let data97 = data73.modifiedUserInteraction;const _errs297 = errors;if(typeof data97 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedUserInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data97 === "NONE") || (data97 === "REQUIRED")) || (data97 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedUserInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType/enum",keyword:"enum",params:{allowedValues: schema139.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs297 === errors;}else {var valid91 = true;}if(valid91){if(data73.modifiedScope !== undefined){let data98 = data73.modifiedScope;const _errs300 = errors;if(typeof data98 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedScope",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data98 === "UNCHANGED") || (data98 === "CHANGED")) || (data98 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedScope",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType/enum",keyword:"enum",params:{allowedValues: schema140.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs300 === errors;}else {var valid91 = true;}if(valid91){if(data73.modifiedConfidentialityImpact !== undefined){let data99 = data73.modifiedConfidentialityImpact;const _errs303 = errors;if(typeof data99 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data99 === "NONE") || (data99 === "LOW")) || (data99 === "HIGH")) || (data99 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType/enum",keyword:"enum",params:{allowedValues: schema141.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs303 === errors;}else {var valid91 = true;}if(valid91){if(data73.modifiedIntegrityImpact !== undefined){let data100 = data73.modifiedIntegrityImpact;const _errs306 = errors;if(typeof data100 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data100 === "NONE") || (data100 === "LOW")) || (data100 === "HIGH")) || (data100 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType/enum",keyword:"enum",params:{allowedValues: schema141.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs306 === errors;}else {var valid91 = true;}if(valid91){if(data73.modifiedAvailabilityImpact !== undefined){let data101 = data73.modifiedAvailabilityImpact;const _errs309 = errors;if(typeof data101 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data101 === "NONE") || (data101 === "LOW")) || (data101 === "HIGH")) || (data101 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/modifiedAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType/enum",keyword:"enum",params:{allowedValues: schema141.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs309 === errors;}else {var valid91 = true;}if(valid91){if(data73.environmentalScore !== undefined){let data102 = data73.environmentalScore;const _errs312 = errors;const _errs313 = errors;if(errors === _errs313){if((typeof data102 == "number") && (isFinite(data102))){if(data102 > 10 || isNaN(data102)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"}];return false;}else {if(data102 < 0 || isNaN(data102)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType/type",keyword:"type",params:{type: "number"},message:"must be number"}];return false;}}var valid91 = _errs312 === errors;}else {var valid91 = true;}if(valid91){if(data73.environmentalSeverity !== undefined){let data103 = data73.environmentalSeverity;const _errs315 = errors;if(typeof data103 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/environmentalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data103 === "NONE") || (data103 === "LOW")) || (data103 === "MEDIUM")) || (data103 === "HIGH")) || (data103 === "CRITICAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1/environmentalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType/enum",keyword:"enum",params:{allowedValues: schema127.enum},message:"must be equal to one of the allowed values"}];return false;}var valid91 = _errs315 === errors;}else {var valid91 = true;}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_1",schemaPath:"#/items/properties/cvssV3_1/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid2 = _errs227 === errors;}else {var valid2 = true;}if(valid2){if(data0.cvssV3_0 !== undefined){let data104 = data0.cvssV3_0;const _errs318 = errors;if(errors === _errs318){if(data104 && typeof data104 == "object" && !Array.isArray(data104)){let missing8;if(((((data104.version === undefined) && (missing8 = "version")) || ((data104.vectorString === undefined) && (missing8 = "vectorString"))) || ((data104.baseScore === undefined) && (missing8 = "baseScore"))) || ((data104.baseSeverity === undefined) && (missing8 = "baseSeverity"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0",schemaPath:"#/items/properties/cvssV3_0/required",keyword:"required",params:{missingProperty: missing8},message:"must have required property '"+missing8+"'"}];return false;}else {const _errs320 = errors;for(const key4 in data104){if(!(func5.call(schema52.items.properties.cvssV3_0.properties, key4))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0",schemaPath:"#/items/properties/cvssV3_0/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key4},message:"must NOT have additional properties"}];return false;break;}}if(_errs320 === errors){if(data104.version !== undefined){let data105 = data104.version;const _errs321 = errors;if(typeof data105 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/version",schemaPath:"#/items/properties/cvssV3_0/properties/version/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(data105 === "3.0")){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/version",schemaPath:"#/items/properties/cvssV3_0/properties/version/enum",keyword:"enum",params:{allowedValues: schema52.items.properties.cvssV3_0.properties.version.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs321 === errors;}else {var valid120 = true;}if(valid120){if(data104.vectorString !== undefined){let data106 = data104.vectorString;const _errs323 = errors;if(errors === _errs323){if(typeof data106 === "string"){if(!pattern22.test(data106)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/vectorString",schemaPath:"#/items/properties/cvssV3_0/properties/vectorString/pattern",keyword:"pattern",params:{pattern: "^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"},message:"must match pattern \""+"^CVSS:3[.]0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$"+"\""}];return false;}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/vectorString",schemaPath:"#/items/properties/cvssV3_0/properties/vectorString/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid120 = _errs323 === errors;}else {var valid120 = true;}if(valid120){if(data104.attackVector !== undefined){let data107 = data104.attackVector;const _errs325 = errors;if(typeof data107 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/attackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data107 === "NETWORK") || (data107 === "ADJACENT_NETWORK")) || (data107 === "LOCAL")) || (data107 === "PHYSICAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/attackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType/enum",keyword:"enum",params:{allowedValues: schema146.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs325 === errors;}else {var valid120 = true;}if(valid120){if(data104.attackComplexity !== undefined){let data108 = data104.attackComplexity;const _errs328 = errors;if(typeof data108 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/attackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((data108 === "HIGH") || (data108 === "LOW"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/attackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType/enum",keyword:"enum",params:{allowedValues: schema147.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs328 === errors;}else {var valid120 = true;}if(valid120){if(data104.privilegesRequired !== undefined){let data109 = data104.privilegesRequired;const _errs331 = errors;if(typeof data109 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/privilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data109 === "HIGH") || (data109 === "LOW")) || (data109 === "NONE"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/privilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType/enum",keyword:"enum",params:{allowedValues: schema148.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs331 === errors;}else {var valid120 = true;}if(valid120){if(data104.userInteraction !== undefined){let data110 = data104.userInteraction;const _errs334 = errors;if(typeof data110 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/userInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((data110 === "NONE") || (data110 === "REQUIRED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/userInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType/enum",keyword:"enum",params:{allowedValues: schema149.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs334 === errors;}else {var valid120 = true;}if(valid120){if(data104.scope !== undefined){let data111 = data104.scope;const _errs337 = errors;if(typeof data111 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/scope",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((data111 === "UNCHANGED") || (data111 === "CHANGED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/scope",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType/enum",keyword:"enum",params:{allowedValues: schema150.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs337 === errors;}else {var valid120 = true;}if(valid120){if(data104.confidentialityImpact !== undefined){let data112 = data104.confidentialityImpact;const _errs340 = errors;if(typeof data112 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/confidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data112 === "NONE") || (data112 === "LOW")) || (data112 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/confidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType/enum",keyword:"enum",params:{allowedValues: schema151.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs340 === errors;}else {var valid120 = true;}if(valid120){if(data104.integrityImpact !== undefined){let data113 = data104.integrityImpact;const _errs343 = errors;if(typeof data113 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/integrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data113 === "NONE") || (data113 === "LOW")) || (data113 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/integrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType/enum",keyword:"enum",params:{allowedValues: schema151.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs343 === errors;}else {var valid120 = true;}if(valid120){if(data104.availabilityImpact !== undefined){let data114 = data104.availabilityImpact;const _errs346 = errors;if(typeof data114 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/availabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data114 === "NONE") || (data114 === "LOW")) || (data114 === "HIGH"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/availabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType/enum",keyword:"enum",params:{allowedValues: schema151.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs346 === errors;}else {var valid120 = true;}if(valid120){if(data104.baseScore !== undefined){let data115 = data104.baseScore;const _errs349 = errors;const _errs350 = errors;if(errors === _errs350){if((typeof data115 == "number") && (isFinite(data115))){if(data115 > 10 || isNaN(data115)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"}];return false;}else {if(data115 < 0 || isNaN(data115)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType/type",keyword:"type",params:{type: "number"},message:"must be number"}];return false;}}var valid120 = _errs349 === errors;}else {var valid120 = true;}if(valid120){if(data104.baseSeverity !== undefined){let data116 = data104.baseSeverity;const _errs352 = errors;if(typeof data116 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data116 === "NONE") || (data116 === "LOW")) || (data116 === "MEDIUM")) || (data116 === "HIGH")) || (data116 === "CRITICAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/baseSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType/enum",keyword:"enum",params:{allowedValues: schema155.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs352 === errors;}else {var valid120 = true;}if(valid120){if(data104.exploitCodeMaturity !== undefined){let data117 = data104.exploitCodeMaturity;const _errs355 = errors;if(typeof data117 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/exploitCodeMaturity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data117 === "UNPROVEN") || (data117 === "PROOF_OF_CONCEPT")) || (data117 === "FUNCTIONAL")) || (data117 === "HIGH")) || (data117 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/exploitCodeMaturity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType/enum",keyword:"enum",params:{allowedValues: schema156.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs355 === errors;}else {var valid120 = true;}if(valid120){if(data104.remediationLevel !== undefined){let data118 = data104.remediationLevel;const _errs358 = errors;if(typeof data118 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/remediationLevel",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data118 === "OFFICIAL_FIX") || (data118 === "TEMPORARY_FIX")) || (data118 === "WORKAROUND")) || (data118 === "UNAVAILABLE")) || (data118 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/remediationLevel",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType/enum",keyword:"enum",params:{allowedValues: schema157.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs358 === errors;}else {var valid120 = true;}if(valid120){if(data104.reportConfidence !== undefined){let data119 = data104.reportConfidence;const _errs361 = errors;if(typeof data119 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/reportConfidence",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data119 === "UNKNOWN") || (data119 === "REASONABLE")) || (data119 === "CONFIRMED")) || (data119 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/reportConfidence",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType/enum",keyword:"enum",params:{allowedValues: schema158.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs361 === errors;}else {var valid120 = true;}if(valid120){if(data104.temporalScore !== undefined){let data120 = data104.temporalScore;const _errs364 = errors;const _errs365 = errors;if(errors === _errs365){if((typeof data120 == "number") && (isFinite(data120))){if(data120 > 10 || isNaN(data120)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/temporalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"}];return false;}else {if(data120 < 0 || isNaN(data120)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/temporalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/temporalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType/type",keyword:"type",params:{type: "number"},message:"must be number"}];return false;}}var valid120 = _errs364 === errors;}else {var valid120 = true;}if(valid120){if(data104.temporalSeverity !== undefined){let data121 = data104.temporalSeverity;const _errs367 = errors;if(typeof data121 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/temporalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data121 === "NONE") || (data121 === "LOW")) || (data121 === "MEDIUM")) || (data121 === "HIGH")) || (data121 === "CRITICAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/temporalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType/enum",keyword:"enum",params:{allowedValues: schema155.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs367 === errors;}else {var valid120 = true;}if(valid120){if(data104.confidentialityRequirement !== undefined){let data122 = data104.confidentialityRequirement;const _errs370 = errors;if(typeof data122 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/confidentialityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data122 === "LOW") || (data122 === "MEDIUM")) || (data122 === "HIGH")) || (data122 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/confidentialityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema161.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs370 === errors;}else {var valid120 = true;}if(valid120){if(data104.integrityRequirement !== undefined){let data123 = data104.integrityRequirement;const _errs373 = errors;if(typeof data123 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/integrityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data123 === "LOW") || (data123 === "MEDIUM")) || (data123 === "HIGH")) || (data123 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/integrityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema161.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs373 === errors;}else {var valid120 = true;}if(valid120){if(data104.availabilityRequirement !== undefined){let data124 = data104.availabilityRequirement;const _errs376 = errors;if(typeof data124 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/availabilityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data124 === "LOW") || (data124 === "MEDIUM")) || (data124 === "HIGH")) || (data124 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/availabilityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema161.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs376 === errors;}else {var valid120 = true;}if(valid120){if(data104.modifiedAttackVector !== undefined){let data125 = data104.modifiedAttackVector;const _errs379 = errors;if(typeof data125 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedAttackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data125 === "NETWORK") || (data125 === "ADJACENT_NETWORK")) || (data125 === "LOCAL")) || (data125 === "PHYSICAL")) || (data125 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedAttackVector",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType/enum",keyword:"enum",params:{allowedValues: schema164.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs379 === errors;}else {var valid120 = true;}if(valid120){if(data104.modifiedAttackComplexity !== undefined){let data126 = data104.modifiedAttackComplexity;const _errs382 = errors;if(typeof data126 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedAttackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data126 === "HIGH") || (data126 === "LOW")) || (data126 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedAttackComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType/enum",keyword:"enum",params:{allowedValues: schema165.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs382 === errors;}else {var valid120 = true;}if(valid120){if(data104.modifiedPrivilegesRequired !== undefined){let data127 = data104.modifiedPrivilegesRequired;const _errs385 = errors;if(typeof data127 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedPrivilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data127 === "HIGH") || (data127 === "LOW")) || (data127 === "NONE")) || (data127 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedPrivilegesRequired",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType/enum",keyword:"enum",params:{allowedValues: schema166.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs385 === errors;}else {var valid120 = true;}if(valid120){if(data104.modifiedUserInteraction !== undefined){let data128 = data104.modifiedUserInteraction;const _errs388 = errors;if(typeof data128 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedUserInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data128 === "NONE") || (data128 === "REQUIRED")) || (data128 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedUserInteraction",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType/enum",keyword:"enum",params:{allowedValues: schema167.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs388 === errors;}else {var valid120 = true;}if(valid120){if(data104.modifiedScope !== undefined){let data129 = data104.modifiedScope;const _errs391 = errors;if(typeof data129 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedScope",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data129 === "UNCHANGED") || (data129 === "CHANGED")) || (data129 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedScope",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType/enum",keyword:"enum",params:{allowedValues: schema168.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs391 === errors;}else {var valid120 = true;}if(valid120){if(data104.modifiedConfidentialityImpact !== undefined){let data130 = data104.modifiedConfidentialityImpact;const _errs394 = errors;if(typeof data130 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data130 === "NONE") || (data130 === "LOW")) || (data130 === "HIGH")) || (data130 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedConfidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType/enum",keyword:"enum",params:{allowedValues: schema169.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs394 === errors;}else {var valid120 = true;}if(valid120){if(data104.modifiedIntegrityImpact !== undefined){let data131 = data104.modifiedIntegrityImpact;const _errs397 = errors;if(typeof data131 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data131 === "NONE") || (data131 === "LOW")) || (data131 === "HIGH")) || (data131 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedIntegrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType/enum",keyword:"enum",params:{allowedValues: schema169.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs397 === errors;}else {var valid120 = true;}if(valid120){if(data104.modifiedAvailabilityImpact !== undefined){let data132 = data104.modifiedAvailabilityImpact;const _errs400 = errors;if(typeof data132 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data132 === "NONE") || (data132 === "LOW")) || (data132 === "HIGH")) || (data132 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/modifiedAvailabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType/enum",keyword:"enum",params:{allowedValues: schema169.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs400 === errors;}else {var valid120 = true;}if(valid120){if(data104.environmentalScore !== undefined){let data133 = data104.environmentalScore;const _errs403 = errors;const _errs404 = errors;if(errors === _errs404){if((typeof data133 == "number") && (isFinite(data133))){if(data133 > 10 || isNaN(data133)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"}];return false;}else {if(data133 < 0 || isNaN(data133)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType/type",keyword:"type",params:{type: "number"},message:"must be number"}];return false;}}var valid120 = _errs403 === errors;}else {var valid120 = true;}if(valid120){if(data104.environmentalSeverity !== undefined){let data134 = data104.environmentalSeverity;const _errs406 = errors;if(typeof data134 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/environmentalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data134 === "NONE") || (data134 === "LOW")) || (data134 === "MEDIUM")) || (data134 === "HIGH")) || (data134 === "CRITICAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0/environmentalSeverity",schemaPath:"#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType/enum",keyword:"enum",params:{allowedValues: schema155.enum},message:"must be equal to one of the allowed values"}];return false;}var valid120 = _errs406 === errors;}else {var valid120 = true;}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV3_0",schemaPath:"#/items/properties/cvssV3_0/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid2 = _errs318 === errors;}else {var valid2 = true;}if(valid2){if(data0.cvssV2_0 !== undefined){let data135 = data0.cvssV2_0;const _errs409 = errors;if(errors === _errs409){if(data135 && typeof data135 == "object" && !Array.isArray(data135)){let missing9;if((((data135.version === undefined) && (missing9 = "version")) || ((data135.vectorString === undefined) && (missing9 = "vectorString"))) || ((data135.baseScore === undefined) && (missing9 = "baseScore"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0",schemaPath:"#/items/properties/cvssV2_0/required",keyword:"required",params:{missingProperty: missing9},message:"must have required property '"+missing9+"'"}];return false;}else {const _errs411 = errors;for(const key5 in data135){if(!(func5.call(schema52.items.properties.cvssV2_0.properties, key5))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0",schemaPath:"#/items/properties/cvssV2_0/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key5},message:"must NOT have additional properties"}];return false;break;}}if(_errs411 === errors){if(data135.version !== undefined){let data136 = data135.version;const _errs412 = errors;if(typeof data136 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/version",schemaPath:"#/items/properties/cvssV2_0/properties/version/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(data136 === "2.0")){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/version",schemaPath:"#/items/properties/cvssV2_0/properties/version/enum",keyword:"enum",params:{allowedValues: schema52.items.properties.cvssV2_0.properties.version.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs412 === errors;}else {var valid149 = true;}if(valid149){if(data135.vectorString !== undefined){let data137 = data135.vectorString;const _errs414 = errors;if(errors === _errs414){if(typeof data137 === "string"){if(!pattern23.test(data137)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/vectorString",schemaPath:"#/items/properties/cvssV2_0/properties/vectorString/pattern",keyword:"pattern",params:{pattern: "^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$"},message:"must match pattern \""+"^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$"+"\""}];return false;}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/vectorString",schemaPath:"#/items/properties/cvssV2_0/properties/vectorString/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid149 = _errs414 === errors;}else {var valid149 = true;}if(valid149){if(data135.accessVector !== undefined){let data138 = data135.accessVector;const _errs416 = errors;if(typeof data138 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/accessVector",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data138 === "NETWORK") || (data138 === "ADJACENT_NETWORK")) || (data138 === "LOCAL"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/accessVector",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType/enum",keyword:"enum",params:{allowedValues: schema174.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs416 === errors;}else {var valid149 = true;}if(valid149){if(data135.accessComplexity !== undefined){let data139 = data135.accessComplexity;const _errs419 = errors;if(typeof data139 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/accessComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data139 === "HIGH") || (data139 === "MEDIUM")) || (data139 === "LOW"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/accessComplexity",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType/enum",keyword:"enum",params:{allowedValues: schema175.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs419 === errors;}else {var valid149 = true;}if(valid149){if(data135.authentication !== undefined){let data140 = data135.authentication;const _errs422 = errors;if(typeof data140 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/authentication",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data140 === "MULTIPLE") || (data140 === "SINGLE")) || (data140 === "NONE"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/authentication",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType/enum",keyword:"enum",params:{allowedValues: schema176.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs422 === errors;}else {var valid149 = true;}if(valid149){if(data135.confidentialityImpact !== undefined){let data141 = data135.confidentialityImpact;const _errs425 = errors;if(typeof data141 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/confidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data141 === "NONE") || (data141 === "PARTIAL")) || (data141 === "COMPLETE"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/confidentialityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType/enum",keyword:"enum",params:{allowedValues: schema177.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs425 === errors;}else {var valid149 = true;}if(valid149){if(data135.integrityImpact !== undefined){let data142 = data135.integrityImpact;const _errs428 = errors;if(typeof data142 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/integrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data142 === "NONE") || (data142 === "PARTIAL")) || (data142 === "COMPLETE"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/integrityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType/enum",keyword:"enum",params:{allowedValues: schema177.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs428 === errors;}else {var valid149 = true;}if(valid149){if(data135.availabilityImpact !== undefined){let data143 = data135.availabilityImpact;const _errs431 = errors;if(typeof data143 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/availabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((data143 === "NONE") || (data143 === "PARTIAL")) || (data143 === "COMPLETE"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/availabilityImpact",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType/enum",keyword:"enum",params:{allowedValues: schema177.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs431 === errors;}else {var valid149 = true;}if(valid149){if(data135.baseScore !== undefined){let data144 = data135.baseScore;const _errs434 = errors;const _errs435 = errors;if(errors === _errs435){if((typeof data144 == "number") && (isFinite(data144))){if(data144 > 10 || isNaN(data144)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"}];return false;}else {if(data144 < 0 || isNaN(data144)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/baseScore",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType/type",keyword:"type",params:{type: "number"},message:"must be number"}];return false;}}var valid149 = _errs434 === errors;}else {var valid149 = true;}if(valid149){if(data135.exploitability !== undefined){let data145 = data135.exploitability;const _errs437 = errors;if(typeof data145 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/exploitability",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data145 === "UNPROVEN") || (data145 === "PROOF_OF_CONCEPT")) || (data145 === "FUNCTIONAL")) || (data145 === "HIGH")) || (data145 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/exploitability",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType/enum",keyword:"enum",params:{allowedValues: schema181.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs437 === errors;}else {var valid149 = true;}if(valid149){if(data135.remediationLevel !== undefined){let data146 = data135.remediationLevel;const _errs440 = errors;if(typeof data146 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/remediationLevel",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data146 === "OFFICIAL_FIX") || (data146 === "TEMPORARY_FIX")) || (data146 === "WORKAROUND")) || (data146 === "UNAVAILABLE")) || (data146 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/remediationLevel",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType/enum",keyword:"enum",params:{allowedValues: schema182.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs440 === errors;}else {var valid149 = true;}if(valid149){if(data135.reportConfidence !== undefined){let data147 = data135.reportConfidence;const _errs443 = errors;if(typeof data147 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/reportConfidence",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data147 === "UNCONFIRMED") || (data147 === "UNCORROBORATED")) || (data147 === "CONFIRMED")) || (data147 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/reportConfidence",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType/enum",keyword:"enum",params:{allowedValues: schema183.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs443 === errors;}else {var valid149 = true;}if(valid149){if(data135.temporalScore !== undefined){let data148 = data135.temporalScore;const _errs446 = errors;const _errs447 = errors;if(errors === _errs447){if((typeof data148 == "number") && (isFinite(data148))){if(data148 > 10 || isNaN(data148)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/temporalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"}];return false;}else {if(data148 < 0 || isNaN(data148)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/temporalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/temporalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType/type",keyword:"type",params:{type: "number"},message:"must be number"}];return false;}}var valid149 = _errs446 === errors;}else {var valid149 = true;}if(valid149){if(data135.collateralDamagePotential !== undefined){let data149 = data135.collateralDamagePotential;const _errs449 = errors;if(typeof data149 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/collateralDamagePotential",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((((data149 === "NONE") || (data149 === "LOW")) || (data149 === "LOW_MEDIUM")) || (data149 === "MEDIUM_HIGH")) || (data149 === "HIGH")) || (data149 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/collateralDamagePotential",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType/enum",keyword:"enum",params:{allowedValues: schema185.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs449 === errors;}else {var valid149 = true;}if(valid149){if(data135.targetDistribution !== undefined){let data150 = data135.targetDistribution;const _errs452 = errors;if(typeof data150 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/targetDistribution",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(((((data150 === "NONE") || (data150 === "LOW")) || (data150 === "MEDIUM")) || (data150 === "HIGH")) || (data150 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/targetDistribution",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType/enum",keyword:"enum",params:{allowedValues: schema186.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs452 === errors;}else {var valid149 = true;}if(valid149){if(data135.confidentialityRequirement !== undefined){let data151 = data135.confidentialityRequirement;const _errs455 = errors;if(typeof data151 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/confidentialityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data151 === "LOW") || (data151 === "MEDIUM")) || (data151 === "HIGH")) || (data151 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/confidentialityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema187.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs455 === errors;}else {var valid149 = true;}if(valid149){if(data135.integrityRequirement !== undefined){let data152 = data135.integrityRequirement;const _errs458 = errors;if(typeof data152 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/integrityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data152 === "LOW") || (data152 === "MEDIUM")) || (data152 === "HIGH")) || (data152 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/integrityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema187.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs458 === errors;}else {var valid149 = true;}if(valid149){if(data135.availabilityRequirement !== undefined){let data153 = data135.availabilityRequirement;const _errs461 = errors;if(typeof data153 !== "string"){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/availabilityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((data153 === "LOW") || (data153 === "MEDIUM")) || (data153 === "HIGH")) || (data153 === "NOT_DEFINED"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/availabilityRequirement",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType/enum",keyword:"enum",params:{allowedValues: schema187.enum},message:"must be equal to one of the allowed values"}];return false;}var valid149 = _errs461 === errors;}else {var valid149 = true;}if(valid149){if(data135.environmentalScore !== undefined){let data154 = data135.environmentalScore;const _errs464 = errors;const _errs465 = errors;if(errors === _errs465){if((typeof data154 == "number") && (isFinite(data154))){if(data154 > 10 || isNaN(data154)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType/maximum",keyword:"maximum",params:{comparison: "<=", limit: 10},message:"must be <= 10"}];return false;}else {if(data154 < 0 || isNaN(data154)){validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType/minimum",keyword:"minimum",params:{comparison: ">=", limit: 0},message:"must be >= 0"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0/environmentalScore",schemaPath:"#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType/type",keyword:"type",params:{type: "number"},message:"must be number"}];return false;}}var valid149 = _errs464 === errors;}else {var valid149 = true;}}}}}}}}}}}}}}}}}}}}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/cvssV2_0",schemaPath:"#/items/properties/cvssV2_0/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid2 = _errs409 === errors;}else {var valid2 = true;}if(valid2){if(data0.other !== undefined){let data155 = data0.other;const _errs467 = errors;if(errors === _errs467){if(data155 && typeof data155 == "object" && !Array.isArray(data155)){let missing10;if(((data155.type === undefined) && (missing10 = "type")) || ((data155.content === undefined) && (missing10 = "content"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/other",schemaPath:"#/items/properties/other/required",keyword:"required",params:{missingProperty: missing10},message:"must have required property '"+missing10+"'"}];return false;}else {const _errs469 = errors;for(const key6 in data155){if(!((key6 === "type") || (key6 === "content"))){validate36.errors = [{instancePath:instancePath+"/" + i0+"/other",schemaPath:"#/items/properties/other/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key6},message:"must NOT have additional properties"}];return false;break;}}if(_errs469 === errors){if(data155.type !== undefined){let data156 = data155.type;const _errs470 = errors;if(errors === _errs470){if(typeof data156 === "string"){if(func6(data156) > 128){validate36.errors = [{instancePath:instancePath+"/" + i0+"/other/type",schemaPath:"#/items/properties/other/properties/type/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"}];return false;}else {if(func6(data156) < 1){validate36.errors = [{instancePath:instancePath+"/" + i0+"/other/type",schemaPath:"#/items/properties/other/properties/type/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/other/type",schemaPath:"#/items/properties/other/properties/type/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid167 = _errs470 === errors;}else {var valid167 = true;}if(valid167){if(data155.content !== undefined){let data157 = data155.content;const _errs472 = errors;if(errors === _errs472){if(data157 && typeof data157 == "object" && !Array.isArray(data157)){if(Object.keys(data157).length < 1){validate36.errors = [{instancePath:instancePath+"/" + i0+"/other/content",schemaPath:"#/items/properties/other/properties/content/minProperties",keyword:"minProperties",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/other/content",schemaPath:"#/items/properties/other/properties/content/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid167 = _errs472 === errors;}else {var valid167 = true;}}}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0+"/other",schemaPath:"#/items/properties/other/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid2 = _errs467 === errors;}else {var valid2 = true;}}}}}}}}}else {validate36.errors = [{instancePath:instancePath+"/" + i0,schemaPath:"#/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid0 = _errs1 === errors;if(!valid0){break;}}if(valid0){let i3 = data.length;let j1;if(i3 > 1){outer1:for(;i3--;){for(j1 = i3; j1--;){if(func0(data[i3], data[j1])){validate36.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i3, j: j1},message:"must NOT have duplicate items (items ## "+j1+" and "+i3+" are identical)"}];return false;break outer1;}}}}}}}else {validate36.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate36.errors = vErrors;return errors === 0;}const schema191 = {"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/description"}};function validate38(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate38.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data[i1], data[j0])){validate38.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate38.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate38.errors = vErrors;return errors === 0;}const schema192 = {"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/description"}};function validate41(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate41.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data[i1], data[j0])){validate41.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate41.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate41.errors = vErrors;return errors === 0;}const schema193 = {"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/description"}};function validate44(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate44.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data[i1], data[j0])){validate44.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate44.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate44.errors = vErrors;return errors === 0;}const schema194 = {"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/description"}};function validate47(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate47.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data[i1], data[j0])){validate47.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate47.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate47.errors = vErrors;return errors === 0;}const schema195 = {"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","required":["time","lang","value"],"properties":{"time":{"$ref":"#/definitions/timestamp"},"lang":{"$ref":"#/definitions/language"},"value":{"type":"string","minLength":1,"maxLength":4096}},"additionalProperties":false}};function validate50(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate50.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 4096){validate50.errors = [{instancePath:instancePath+"/" + i0+"/value",schemaPath:"#/items/properties/value/maxLength",keyword:"maxLength",params:{limit: 4096},message:"must NOT have more than 4096 characters"}];return false;}else {if(func6(data3) < 1){validate50.errors = [{instancePath:instancePath+"/" + i0+"/value",schemaPath:"#/items/properties/value/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate50.errors = [{instancePath:instancePath+"/" + i0+"/value",schemaPath:"#/items/properties/value/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid1 = _errs10 === errors;}else {var valid1 = true;}}}}}}else {validate50.errors = [{instancePath:instancePath+"/" + i0,schemaPath:"#/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid0 = _errs1 === errors;if(!valid0){break;}}if(valid0){let i1 = data.length;let j0;if(i1 > 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data[i1], data[j0])){validate50.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate50.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate50.errors = vErrors;return errors === 0;}const schema198 = {"type":"array","minItems":1,"uniqueItems":true,"items":{"type":"object","properties":{"lang":{"$ref":"#/definitions/language"},"value":{"type":"string","minLength":1,"maxLength":4096},"user":{"$ref":"#/definitions/uuidType"},"type":{"type":"string","default":"finder","enum":["finder","reporter","analyst","coordinator","remediation developer","remediation reviewer","remediation verifier","tool","sponsor","other"]}},"additionalProperties":false,"required":["lang","value"]}};function validate52(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate52.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 4096){validate52.errors = [{instancePath:instancePath+"/" + i0+"/value",schemaPath:"#/items/properties/value/maxLength",keyword:"maxLength",params:{limit: 4096},message:"must NOT have more than 4096 characters"}];return false;}else {if(func6(data2) < 1){validate52.errors = [{instancePath:instancePath+"/" + i0+"/value",schemaPath:"#/items/properties/value/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate52.errors = [{instancePath:instancePath+"/" + i0+"/value",schemaPath:"#/items/properties/value/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid1 = _errs7 === errors;}else {var valid1 = true;}if(valid1){if(data0.user !== undefined){let data3 = data0.user;const _errs9 = errors;const _errs10 = errors;if(errors === _errs10){if(typeof data3 === "string"){if(!pattern2.test(data3)){validate52.errors = [{instancePath:instancePath+"/" + i0+"/user",schemaPath:"#/definitions/uuidType/pattern",keyword:"pattern",params:{pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"},message:"must match pattern \""+"^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"+"\""}];return false;}}else {validate52.errors = [{instancePath:instancePath+"/" + i0+"/user",schemaPath:"#/definitions/uuidType/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid1 = _errs9 === errors;}else {var valid1 = true;}if(valid1){if(data0.type !== undefined){let data4 = data0.type;const _errs12 = errors;if(typeof data4 !== "string"){validate52.errors = [{instancePath:instancePath+"/" + i0+"/type",schemaPath:"#/items/properties/type/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!((((((((((data4 === "finder") || (data4 === "reporter")) || (data4 === "analyst")) || (data4 === "coordinator")) || (data4 === "remediation developer")) || (data4 === "remediation reviewer")) || (data4 === "remediation verifier")) || (data4 === "tool")) || (data4 === "sponsor")) || (data4 === "other"))){validate52.errors = [{instancePath:instancePath+"/" + i0+"/type",schemaPath:"#/items/properties/type/enum",keyword:"enum",params:{allowedValues: schema198.items.properties.type.enum},message:"must be equal to one of the allowed values"}];return false;}var valid1 = _errs12 === errors;}else {var valid1 = true;}}}}}}}else {validate52.errors = [{instancePath:instancePath+"/" + i0,schemaPath:"#/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid0 = _errs1 === errors;if(!valid0){break;}}if(valid0){let i1 = data.length;let j0;if(i1 > 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data[i1], data[j0])){validate52.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate52.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate52.errors = vErrors;return errors === 0;}const schema202 = {"type":"array","uniqueItems":true,"minItems":1,"items":{"oneOf":[{"$ref":"#/definitions/tagExtension"},{"$schema":"http://json-schema.org/draft-07/schema#","$id":"https://cve.mitre.org/cve/v5_00/tags/cna/","type":"string","enum":["unsupported-when-assigned","exclusively-hosted-service","disputed"]}]}};function validate54(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate54.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 128){const err0 = {instancePath:instancePath+"/" + i0,schemaPath:"#/definitions/tagExtension/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"};if(vErrors === null){vErrors = [err0];}else {vErrors.push(err0);}errors++;}else {if(func6(data0) < 2){const err1 = {instancePath:instancePath+"/" + i0,schemaPath:"#/definitions/tagExtension/minLength",keyword:"minLength",params:{limit: 2},message:"must NOT have fewer than 2 characters"};if(vErrors === null){vErrors = [err1];}else {vErrors.push(err1);}errors++;}else {if(!pattern17.test(data0)){const err2 = {instancePath:instancePath+"/" + i0,schemaPath:"#/definitions/tagExtension/pattern",keyword:"pattern",params:{pattern: "^x_.*$"},message:"must match pattern \""+"^x_.*$"+"\""};if(vErrors === null){vErrors = [err2];}else {vErrors.push(err2);}errors++;}}}}else {const err3 = {instancePath:instancePath+"/" + i0,schemaPath:"#/definitions/tagExtension/type",keyword:"type",params:{type: "string"},message:"must be string"};if(vErrors === null){vErrors = [err3];}else {vErrors.push(err3);}errors++;}}var _valid0 = _errs3 === errors;if(_valid0){valid1 = true;passing0 = 0;}const _errs7 = errors;if(typeof data0 !== "string"){const err4 = {instancePath:instancePath+"/" + i0,schemaPath:"#/items/oneOf/1/type",keyword:"type",params:{type: "string"},message:"must be string"};if(vErrors === null){vErrors = [err4];}else {vErrors.push(err4);}errors++;}if(!(((data0 === "unsupported-when-assigned") || (data0 === "exclusively-hosted-service")) || (data0 === "disputed"))){const err5 = {instancePath:instancePath+"/" + i0,schemaPath:"#/items/oneOf/1/enum",keyword:"enum",params:{allowedValues: schema202.items.oneOf[1].enum},message:"must be equal to one of the allowed values"};if(vErrors === null){vErrors = [err5];}else {vErrors.push(err5);}errors++;}var _valid0 = _errs7 === errors;if(_valid0 && valid1){valid1 = false;passing0 = [passing0, 1];}else {if(_valid0){valid1 = true;passing0 = 1;}}if(!valid1){const err6 = {instancePath:instancePath+"/" + i0,schemaPath:"#/items/oneOf",keyword:"oneOf",params:{passingSchemas: passing0},message:"must match exactly one schema in oneOf"};if(vErrors === null){vErrors = [err6];}else {vErrors.push(err6);}errors++;validate54.errors = vErrors;return false;}else {errors = _errs2;if(vErrors !== null){if(_errs2){vErrors.length = _errs2;}else {vErrors = null;}}}var valid0 = _errs1 === errors;if(!valid0){break;}}if(valid0){let i1 = data.length;let j0;if(i1 > 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data[i1], data[j0])){validate54.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate54.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate54.errors = vErrors;return errors === 0;}function validate13(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if(((((data.providerMetadata === undefined) && (missing0 = "providerMetadata")) || ((data.descriptions === undefined) && (missing0 = "descriptions"))) || ((data.affected === undefined) && (missing0 = "affected"))) || ((data.references === undefined) && (missing0 = "references"))){validate13.errors = [{instancePath,schemaPath:"#/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"}];return false;}else {const _errs2 = errors;for(const key0 in data){if(!((func5.call(schema22.properties, key0)) || (pattern7.test(key0)))){validate13.errors = [{instancePath,schemaPath:"#/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key0},message:"must NOT have additional properties"}];return false;break;}}if(_errs2 === errors){if(data.providerMetadata !== undefined){const _errs3 = errors;if(!(validate14(data.providerMetadata, {instancePath:instancePath+"/providerMetadata",parentData:data,parentDataProperty:"providerMetadata",rootData}))){vErrors = vErrors === null ? validate14.errors : vErrors.concat(validate14.errors);errors = vErrors.length;}var valid0 = _errs3 === errors;}else {var valid0 = true;}if(valid0){if(data.dateAssigned !== undefined){let data1 = data.dateAssigned;const _errs4 = errors;const _errs5 = errors;if(errors === _errs5){if(errors === _errs5){if(typeof data1 === "string"){if(!pattern4.test(data1)){validate13.errors = [{instancePath:instancePath+"/dateAssigned",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data1))){validate13.errors = [{instancePath:instancePath+"/dateAssigned",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate13.errors = [{instancePath:instancePath+"/dateAssigned",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs4 === errors;}else {var valid0 = true;}if(valid0){if(data.datePublic !== undefined){let data2 = data.datePublic;const _errs7 = errors;const _errs8 = errors;if(errors === _errs8){if(errors === _errs8){if(typeof data2 === "string"){if(!pattern4.test(data2)){validate13.errors = [{instancePath:instancePath+"/datePublic",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data2))){validate13.errors = [{instancePath:instancePath+"/datePublic",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate13.errors = [{instancePath:instancePath+"/datePublic",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs7 === errors;}else {var valid0 = true;}if(valid0){if(data.title !== undefined){let data3 = data.title;const _errs10 = errors;if(errors === _errs10){if(typeof data3 === "string"){if(func6(data3) > 256){validate13.errors = [{instancePath:instancePath+"/title",schemaPath:"#/properties/title/maxLength",keyword:"maxLength",params:{limit: 256},message:"must NOT have more than 256 characters"}];return false;}else {if(func6(data3) < 1){validate13.errors = [{instancePath:instancePath+"/title",schemaPath:"#/properties/title/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate13.errors = [{instancePath:instancePath+"/title",schemaPath:"#/properties/title/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs10 === errors;}else {var valid0 = true;}if(valid0){if(data.descriptions !== undefined){const _errs12 = errors;if(!(validate16(data.descriptions, {instancePath:instancePath+"/descriptions",parentData:data,parentDataProperty:"descriptions",rootData}))){vErrors = vErrors === null ? validate16.errors : vErrors.concat(validate16.errors);errors = vErrors.length;}var valid0 = _errs12 === errors;}else {var valid0 = true;}if(valid0){if(data.affected !== undefined){const _errs13 = errors;if(!(validate22(data.affected, {instancePath:instancePath+"/affected",parentData:data,parentDataProperty:"affected",rootData}))){vErrors = vErrors === null ? validate22.errors : vErrors.concat(validate22.errors);errors = vErrors.length;}var valid0 = _errs13 === errors;}else {var valid0 = true;}if(valid0){if(data.problemTypes !== undefined){const _errs14 = errors;if(!(validate26(data.problemTypes, {instancePath:instancePath+"/problemTypes",parentData:data,parentDataProperty:"problemTypes",rootData}))){vErrors = vErrors === null ? validate26.errors : vErrors.concat(validate26.errors);errors = vErrors.length;}var valid0 = _errs14 === errors;}else {var valid0 = true;}if(valid0){if(data.references !== undefined){const _errs15 = errors;if(!(validate27(data.references, {instancePath:instancePath+"/references",parentData:data,parentDataProperty:"references",rootData}))){vErrors = vErrors === null ? validate27.errors : vErrors.concat(validate27.errors);errors = vErrors.length;}var valid0 = _errs15 === errors;}else {var valid0 = true;}if(valid0){if(data.impacts !== undefined){const _errs16 = errors;if(!(validate33(data.impacts, {instancePath:instancePath+"/impacts",parentData:data,parentDataProperty:"impacts",rootData}))){vErrors = vErrors === null ? validate33.errors : vErrors.concat(validate33.errors);errors = vErrors.length;}var valid0 = _errs16 === errors;}else {var valid0 = true;}if(valid0){if(data.metrics !== undefined){const _errs17 = errors;if(!(validate36(data.metrics, {instancePath:instancePath+"/metrics",parentData:data,parentDataProperty:"metrics",rootData}))){vErrors = vErrors === null ? validate36.errors : vErrors.concat(validate36.errors);errors = vErrors.length;}var valid0 = _errs17 === errors;}else {var valid0 = true;}if(valid0){if(data.configurations !== undefined){const _errs18 = errors;if(!(validate38(data.configurations, {instancePath:instancePath+"/configurations",parentData:data,parentDataProperty:"configurations",rootData}))){vErrors = vErrors === null ? validate38.errors : vErrors.concat(validate38.errors);errors = vErrors.length;}var valid0 = _errs18 === errors;}else {var valid0 = true;}if(valid0){if(data.workarounds !== undefined){const _errs19 = errors;if(!(validate41(data.workarounds, {instancePath:instancePath+"/workarounds",parentData:data,parentDataProperty:"workarounds",rootData}))){vErrors = vErrors === null ? validate41.errors : vErrors.concat(validate41.errors);errors = vErrors.length;}var valid0 = _errs19 === errors;}else {var valid0 = true;}if(valid0){if(data.solutions !== undefined){const _errs20 = errors;if(!(validate44(data.solutions, {instancePath:instancePath+"/solutions",parentData:data,parentDataProperty:"solutions",rootData}))){vErrors = vErrors === null ? validate44.errors : vErrors.concat(validate44.errors);errors = vErrors.length;}var valid0 = _errs20 === errors;}else {var valid0 = true;}if(valid0){if(data.exploits !== undefined){const _errs21 = errors;if(!(validate47(data.exploits, {instancePath:instancePath+"/exploits",parentData:data,parentDataProperty:"exploits",rootData}))){vErrors = vErrors === null ? validate47.errors : vErrors.concat(validate47.errors);errors = vErrors.length;}var valid0 = _errs21 === errors;}else {var valid0 = true;}if(valid0){if(data.timeline !== undefined){const _errs22 = errors;if(!(validate50(data.timeline, {instancePath:instancePath+"/timeline",parentData:data,parentDataProperty:"timeline",rootData}))){vErrors = vErrors === null ? validate50.errors : vErrors.concat(validate50.errors);errors = vErrors.length;}var valid0 = _errs22 === errors;}else {var valid0 = true;}if(valid0){if(data.credits !== undefined){const _errs23 = errors;if(!(validate52(data.credits, {instancePath:instancePath+"/credits",parentData:data,parentDataProperty:"credits",rootData}))){vErrors = vErrors === null ? validate52.errors : vErrors.concat(validate52.errors);errors = vErrors.length;}var valid0 = _errs23 === errors;}else {var valid0 = true;}if(valid0){if(data.source !== undefined){let data16 = data.source;const _errs24 = errors;const _errs25 = errors;if(errors === _errs25){if(data16 && typeof data16 == "object" && !Array.isArray(data16)){if(Object.keys(data16).length < 1){validate13.errors = [{instancePath:instancePath+"/source",schemaPath:"#/definitions/source/minProperties",keyword:"minProperties",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}}else {validate13.errors = [{instancePath:instancePath+"/source",schemaPath:"#/definitions/source/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid0 = _errs24 === errors;}else {var valid0 = true;}if(valid0){if(data.tags !== undefined){const _errs27 = errors;if(!(validate54(data.tags, {instancePath:instancePath+"/tags",parentData:data,parentDataProperty:"tags",rootData}))){vErrors = vErrors === null ? validate54.errors : vErrors.concat(validate54.errors);errors = vErrors.length;}var valid0 = _errs27 === errors;}else {var valid0 = true;}if(valid0){if(data.taxonomyMappings !== undefined){let data18 = data.taxonomyMappings;const _errs28 = errors;const _errs29 = errors;if(errors === _errs29){if(Array.isArray(data18)){if(data18.length < 1){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings",schemaPath:"#/definitions/taxonomyMappings/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid5 = true;const len0 = data18.length;for(let i0=0; i0 128){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyName/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"}];return false;}else {if(func6(data20) < 1){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyName/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyName/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid6 = _errs34 === errors;}else {var valid6 = true;}if(valid6){if(data19.taxonomyVersion !== undefined){let data21 = data19.taxonomyVersion;const _errs36 = errors;if(errors === _errs36){if(typeof data21 === "string"){if(func6(data21) > 128){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyVersion",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyVersion/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"}];return false;}else {if(func6(data21) < 1){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyVersion",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyVersion/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyVersion",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyVersion/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid6 = _errs36 === errors;}else {var valid6 = true;}if(valid6){if(data19.taxonomyRelations !== undefined){let data22 = data19.taxonomyRelations;const _errs38 = errors;if(errors === _errs38){if(Array.isArray(data22)){if(data22.length < 1){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid7 = true;const len1 = data22.length;for(let i1=0; i1 2048){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/taxonomyId",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/taxonomyId/maxLength",keyword:"maxLength",params:{limit: 2048},message:"must NOT have more than 2048 characters"}];return false;}else {if(func6(data24) < 1){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/taxonomyId",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/taxonomyId/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/taxonomyId",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/taxonomyId/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid8 = _errs43 === errors;}else {var valid8 = true;}if(valid8){if(data23.relationshipName !== undefined){let data25 = data23.relationshipName;const _errs45 = errors;if(errors === _errs45){if(typeof data25 === "string"){if(func6(data25) > 128){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipName/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"}];return false;}else {if(func6(data25) < 1){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipName/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipName/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid8 = _errs45 === errors;}else {var valid8 = true;}if(valid8){if(data23.relationshipValue !== undefined){let data26 = data23.relationshipValue;const _errs47 = errors;if(errors === _errs47){if(typeof data26 === "string"){if(func6(data26) > 2048){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipValue",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipValue/maxLength",keyword:"maxLength",params:{limit: 2048},message:"must NOT have more than 2048 characters"}];return false;}else {if(func6(data26) < 1){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipValue",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipValue/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipValue",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipValue/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid8 = _errs47 === errors;}else {var valid8 = true;}}}}}}else {validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1,schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid7 = _errs40 === errors;if(!valid7){break;}}if(valid7){let i2 = data22.length;let j0;if(i2 > 1){outer0:for(;i2--;){for(j0 = i2; j0--;){if(func0(data22[i2], data22[j0])){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/uniqueItems",keyword:"uniqueItems",params:{i: i2, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i2+" are identical)"}];return false;break outer0;}}}}}}}else {validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid6 = _errs38 === errors;}else {var valid6 = true;}}}}}}else {validate13.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0,schemaPath:"#/definitions/taxonomyMappings/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid5 = _errs31 === errors;if(!valid5){break;}}if(valid5){let i3 = data18.length;let j1;if(i3 > 1){outer1:for(;i3--;){for(j1 = i3; j1--;){if(func0(data18[i3], data18[j1])){validate13.errors = [{instancePath:instancePath+"/taxonomyMappings",schemaPath:"#/definitions/taxonomyMappings/uniqueItems",keyword:"uniqueItems",params:{i: i3, j: j1},message:"must NOT have duplicate items (items ## "+j1+" and "+i3+" are identical)"}];return false;break outer1;}}}}}}}else {validate13.errors = [{instancePath:instancePath+"/taxonomyMappings",schemaPath:"#/definitions/taxonomyMappings/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid0 = _errs28 === errors;}else {var valid0 = true;}}}}}}}}}}}}}}}}}}}}}}else {validate13.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate13.errors = vErrors;return errors === 0;}const schema205 = {"type":"object","properties":{"providerMetadata":{"$ref":"#/definitions/providerMetadata"},"datePublic":{"$ref":"#/definitions/timestamp"},"title":{"type":"string","minLength":1,"maxLength":256},"descriptions":{"$ref":"#/definitions/descriptions"},"affected":{"$ref":"#/definitions/affected"},"problemTypes":{"$ref":"#/definitions/problemTypes"},"references":{"$ref":"#/definitions/references"},"impacts":{"$ref":"#/definitions/impacts"},"metrics":{"$ref":"#/definitions/metrics"},"configurations":{"$ref":"#/definitions/configurations"},"workarounds":{"$ref":"#/definitions/workarounds"},"solutions":{"$ref":"#/definitions/solutions"},"exploits":{"$ref":"#/definitions/exploits"},"timeline":{"$ref":"#/definitions/timeline"},"credits":{"$ref":"#/definitions/credits"},"source":{"$ref":"#/definitions/source"},"tags":{"$ref":"#/definitions/adpTags"},"taxonomyMappings":{"$ref":"#/definitions/taxonomyMappings"}},"required":["providerMetadata"],"minProperties":2,"patternProperties":{"^x_[^.]*$":{}},"$comment":"The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.","additionalProperties":false};const schema208 = {"type":"array","uniqueItems":true,"minItems":1,"items":{"oneOf":[{"$ref":"#/definitions/tagExtension"},{"$schema":"http://json-schema.org/draft-07/schema#","$id":"https://cve.mitre.org/cve/v5_00/tags/adp/","type":"string","enum":["disputed"]}]}};function validate71(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(Array.isArray(data)){if(data.length < 1){validate71.errors = [{instancePath,schemaPath:"#/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid0 = true;const len0 = data.length;for(let i0=0; i0 128){const err0 = {instancePath:instancePath+"/" + i0,schemaPath:"#/definitions/tagExtension/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"};if(vErrors === null){vErrors = [err0];}else {vErrors.push(err0);}errors++;}else {if(func6(data0) < 2){const err1 = {instancePath:instancePath+"/" + i0,schemaPath:"#/definitions/tagExtension/minLength",keyword:"minLength",params:{limit: 2},message:"must NOT have fewer than 2 characters"};if(vErrors === null){vErrors = [err1];}else {vErrors.push(err1);}errors++;}else {if(!pattern17.test(data0)){const err2 = {instancePath:instancePath+"/" + i0,schemaPath:"#/definitions/tagExtension/pattern",keyword:"pattern",params:{pattern: "^x_.*$"},message:"must match pattern \""+"^x_.*$"+"\""};if(vErrors === null){vErrors = [err2];}else {vErrors.push(err2);}errors++;}}}}else {const err3 = {instancePath:instancePath+"/" + i0,schemaPath:"#/definitions/tagExtension/type",keyword:"type",params:{type: "string"},message:"must be string"};if(vErrors === null){vErrors = [err3];}else {vErrors.push(err3);}errors++;}}var _valid0 = _errs3 === errors;if(_valid0){valid1 = true;passing0 = 0;}const _errs7 = errors;if(typeof data0 !== "string"){const err4 = {instancePath:instancePath+"/" + i0,schemaPath:"#/items/oneOf/1/type",keyword:"type",params:{type: "string"},message:"must be string"};if(vErrors === null){vErrors = [err4];}else {vErrors.push(err4);}errors++;}if(!(data0 === "disputed")){const err5 = {instancePath:instancePath+"/" + i0,schemaPath:"#/items/oneOf/1/enum",keyword:"enum",params:{allowedValues: schema208.items.oneOf[1].enum},message:"must be equal to one of the allowed values"};if(vErrors === null){vErrors = [err5];}else {vErrors.push(err5);}errors++;}var _valid0 = _errs7 === errors;if(_valid0 && valid1){valid1 = false;passing0 = [passing0, 1];}else {if(_valid0){valid1 = true;passing0 = 1;}}if(!valid1){const err6 = {instancePath:instancePath+"/" + i0,schemaPath:"#/items/oneOf",keyword:"oneOf",params:{passingSchemas: passing0},message:"must match exactly one schema in oneOf"};if(vErrors === null){vErrors = [err6];}else {vErrors.push(err6);}errors++;validate71.errors = vErrors;return false;}else {errors = _errs2;if(vErrors !== null){if(_errs2){vErrors.length = _errs2;}else {vErrors = null;}}}var valid0 = _errs1 === errors;if(!valid0){break;}}if(valid0){let i1 = data.length;let j0;if(i1 > 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data[i1], data[j0])){validate71.errors = [{instancePath,schemaPath:"#/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate71.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}validate71.errors = vErrors;return errors === 0;}function validate57(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){if(Object.keys(data).length < 2){validate57.errors = [{instancePath,schemaPath:"#/minProperties",keyword:"minProperties",params:{limit: 2},message:"must NOT have fewer than 2 items"}];return false;}else {let missing0;if((data.providerMetadata === undefined) && (missing0 = "providerMetadata")){validate57.errors = [{instancePath,schemaPath:"#/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"}];return false;}else {const _errs2 = errors;for(const key0 in data){if(!((func5.call(schema205.properties, key0)) || (pattern7.test(key0)))){validate57.errors = [{instancePath,schemaPath:"#/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key0},message:"must NOT have additional properties"}];return false;break;}}if(_errs2 === errors){if(data.providerMetadata !== undefined){const _errs3 = errors;if(!(validate14(data.providerMetadata, {instancePath:instancePath+"/providerMetadata",parentData:data,parentDataProperty:"providerMetadata",rootData}))){vErrors = vErrors === null ? validate14.errors : vErrors.concat(validate14.errors);errors = vErrors.length;}var valid0 = _errs3 === errors;}else {var valid0 = true;}if(valid0){if(data.datePublic !== undefined){let data1 = data.datePublic;const _errs4 = errors;const _errs5 = errors;if(errors === _errs5){if(errors === _errs5){if(typeof data1 === "string"){if(!pattern4.test(data1)){validate57.errors = [{instancePath:instancePath+"/datePublic",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data1))){validate57.errors = [{instancePath:instancePath+"/datePublic",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate57.errors = [{instancePath:instancePath+"/datePublic",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs4 === errors;}else {var valid0 = true;}if(valid0){if(data.title !== undefined){let data2 = data.title;const _errs7 = errors;if(errors === _errs7){if(typeof data2 === "string"){if(func6(data2) > 256){validate57.errors = [{instancePath:instancePath+"/title",schemaPath:"#/properties/title/maxLength",keyword:"maxLength",params:{limit: 256},message:"must NOT have more than 256 characters"}];return false;}else {if(func6(data2) < 1){validate57.errors = [{instancePath:instancePath+"/title",schemaPath:"#/properties/title/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate57.errors = [{instancePath:instancePath+"/title",schemaPath:"#/properties/title/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs7 === errors;}else {var valid0 = true;}if(valid0){if(data.descriptions !== undefined){const _errs9 = errors;if(!(validate16(data.descriptions, {instancePath:instancePath+"/descriptions",parentData:data,parentDataProperty:"descriptions",rootData}))){vErrors = vErrors === null ? validate16.errors : vErrors.concat(validate16.errors);errors = vErrors.length;}var valid0 = _errs9 === errors;}else {var valid0 = true;}if(valid0){if(data.affected !== undefined){const _errs10 = errors;if(!(validate22(data.affected, {instancePath:instancePath+"/affected",parentData:data,parentDataProperty:"affected",rootData}))){vErrors = vErrors === null ? validate22.errors : vErrors.concat(validate22.errors);errors = vErrors.length;}var valid0 = _errs10 === errors;}else {var valid0 = true;}if(valid0){if(data.problemTypes !== undefined){const _errs11 = errors;if(!(validate26(data.problemTypes, {instancePath:instancePath+"/problemTypes",parentData:data,parentDataProperty:"problemTypes",rootData}))){vErrors = vErrors === null ? validate26.errors : vErrors.concat(validate26.errors);errors = vErrors.length;}var valid0 = _errs11 === errors;}else {var valid0 = true;}if(valid0){if(data.references !== undefined){const _errs12 = errors;if(!(validate27(data.references, {instancePath:instancePath+"/references",parentData:data,parentDataProperty:"references",rootData}))){vErrors = vErrors === null ? validate27.errors : vErrors.concat(validate27.errors);errors = vErrors.length;}var valid0 = _errs12 === errors;}else {var valid0 = true;}if(valid0){if(data.impacts !== undefined){const _errs13 = errors;if(!(validate33(data.impacts, {instancePath:instancePath+"/impacts",parentData:data,parentDataProperty:"impacts",rootData}))){vErrors = vErrors === null ? validate33.errors : vErrors.concat(validate33.errors);errors = vErrors.length;}var valid0 = _errs13 === errors;}else {var valid0 = true;}if(valid0){if(data.metrics !== undefined){const _errs14 = errors;if(!(validate36(data.metrics, {instancePath:instancePath+"/metrics",parentData:data,parentDataProperty:"metrics",rootData}))){vErrors = vErrors === null ? validate36.errors : vErrors.concat(validate36.errors);errors = vErrors.length;}var valid0 = _errs14 === errors;}else {var valid0 = true;}if(valid0){if(data.configurations !== undefined){const _errs15 = errors;if(!(validate38(data.configurations, {instancePath:instancePath+"/configurations",parentData:data,parentDataProperty:"configurations",rootData}))){vErrors = vErrors === null ? validate38.errors : vErrors.concat(validate38.errors);errors = vErrors.length;}var valid0 = _errs15 === errors;}else {var valid0 = true;}if(valid0){if(data.workarounds !== undefined){const _errs16 = errors;if(!(validate41(data.workarounds, {instancePath:instancePath+"/workarounds",parentData:data,parentDataProperty:"workarounds",rootData}))){vErrors = vErrors === null ? validate41.errors : vErrors.concat(validate41.errors);errors = vErrors.length;}var valid0 = _errs16 === errors;}else {var valid0 = true;}if(valid0){if(data.solutions !== undefined){const _errs17 = errors;if(!(validate44(data.solutions, {instancePath:instancePath+"/solutions",parentData:data,parentDataProperty:"solutions",rootData}))){vErrors = vErrors === null ? validate44.errors : vErrors.concat(validate44.errors);errors = vErrors.length;}var valid0 = _errs17 === errors;}else {var valid0 = true;}if(valid0){if(data.exploits !== undefined){const _errs18 = errors;if(!(validate47(data.exploits, {instancePath:instancePath+"/exploits",parentData:data,parentDataProperty:"exploits",rootData}))){vErrors = vErrors === null ? validate47.errors : vErrors.concat(validate47.errors);errors = vErrors.length;}var valid0 = _errs18 === errors;}else {var valid0 = true;}if(valid0){if(data.timeline !== undefined){const _errs19 = errors;if(!(validate50(data.timeline, {instancePath:instancePath+"/timeline",parentData:data,parentDataProperty:"timeline",rootData}))){vErrors = vErrors === null ? validate50.errors : vErrors.concat(validate50.errors);errors = vErrors.length;}var valid0 = _errs19 === errors;}else {var valid0 = true;}if(valid0){if(data.credits !== undefined){const _errs20 = errors;if(!(validate52(data.credits, {instancePath:instancePath+"/credits",parentData:data,parentDataProperty:"credits",rootData}))){vErrors = vErrors === null ? validate52.errors : vErrors.concat(validate52.errors);errors = vErrors.length;}var valid0 = _errs20 === errors;}else {var valid0 = true;}if(valid0){if(data.source !== undefined){let data15 = data.source;const _errs21 = errors;const _errs22 = errors;if(errors === _errs22){if(data15 && typeof data15 == "object" && !Array.isArray(data15)){if(Object.keys(data15).length < 1){validate57.errors = [{instancePath:instancePath+"/source",schemaPath:"#/definitions/source/minProperties",keyword:"minProperties",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}}else {validate57.errors = [{instancePath:instancePath+"/source",schemaPath:"#/definitions/source/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid0 = _errs21 === errors;}else {var valid0 = true;}if(valid0){if(data.tags !== undefined){const _errs24 = errors;if(!(validate71(data.tags, {instancePath:instancePath+"/tags",parentData:data,parentDataProperty:"tags",rootData}))){vErrors = vErrors === null ? validate71.errors : vErrors.concat(validate71.errors);errors = vErrors.length;}var valid0 = _errs24 === errors;}else {var valid0 = true;}if(valid0){if(data.taxonomyMappings !== undefined){let data17 = data.taxonomyMappings;const _errs25 = errors;const _errs26 = errors;if(errors === _errs26){if(Array.isArray(data17)){if(data17.length < 1){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings",schemaPath:"#/definitions/taxonomyMappings/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid4 = true;const len0 = data17.length;for(let i0=0; i0 128){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyName/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"}];return false;}else {if(func6(data19) < 1){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyName/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyName/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid5 = _errs31 === errors;}else {var valid5 = true;}if(valid5){if(data18.taxonomyVersion !== undefined){let data20 = data18.taxonomyVersion;const _errs33 = errors;if(errors === _errs33){if(typeof data20 === "string"){if(func6(data20) > 128){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyVersion",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyVersion/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"}];return false;}else {if(func6(data20) < 1){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyVersion",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyVersion/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyVersion",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyVersion/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid5 = _errs33 === errors;}else {var valid5 = true;}if(valid5){if(data18.taxonomyRelations !== undefined){let data21 = data18.taxonomyRelations;const _errs35 = errors;if(errors === _errs35){if(Array.isArray(data21)){if(data21.length < 1){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid6 = true;const len1 = data21.length;for(let i1=0; i1 2048){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/taxonomyId",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/taxonomyId/maxLength",keyword:"maxLength",params:{limit: 2048},message:"must NOT have more than 2048 characters"}];return false;}else {if(func6(data23) < 1){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/taxonomyId",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/taxonomyId/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/taxonomyId",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/taxonomyId/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid7 = _errs40 === errors;}else {var valid7 = true;}if(valid7){if(data22.relationshipName !== undefined){let data24 = data22.relationshipName;const _errs42 = errors;if(errors === _errs42){if(typeof data24 === "string"){if(func6(data24) > 128){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipName/maxLength",keyword:"maxLength",params:{limit: 128},message:"must NOT have more than 128 characters"}];return false;}else {if(func6(data24) < 1){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipName/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipName",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipName/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid7 = _errs42 === errors;}else {var valid7 = true;}if(valid7){if(data22.relationshipValue !== undefined){let data25 = data22.relationshipValue;const _errs44 = errors;if(errors === _errs44){if(typeof data25 === "string"){if(func6(data25) > 2048){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipValue",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipValue/maxLength",keyword:"maxLength",params:{limit: 2048},message:"must NOT have more than 2048 characters"}];return false;}else {if(func6(data25) < 1){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipValue",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipValue/minLength",keyword:"minLength",params:{limit: 1},message:"must NOT have fewer than 1 characters"}];return false;}}}else {validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1+"/relationshipValue",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/properties/relationshipValue/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid7 = _errs44 === errors;}else {var valid7 = true;}}}}}}else {validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations/" + i1,schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid6 = _errs37 === errors;if(!valid6){break;}}if(valid6){let i2 = data21.length;let j0;if(i2 > 1){outer0:for(;i2--;){for(j0 = i2; j0--;){if(func0(data21[i2], data21[j0])){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/uniqueItems",keyword:"uniqueItems",params:{i: i2, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i2+" are identical)"}];return false;break outer0;}}}}}}}else {validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0+"/taxonomyRelations",schemaPath:"#/definitions/taxonomyMappings/items/properties/taxonomyRelations/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid5 = _errs35 === errors;}else {var valid5 = true;}}}}}}else {validate57.errors = [{instancePath:instancePath+"/taxonomyMappings/" + i0,schemaPath:"#/definitions/taxonomyMappings/items/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}var valid4 = _errs28 === errors;if(!valid4){break;}}if(valid4){let i3 = data17.length;let j1;if(i3 > 1){outer1:for(;i3--;){for(j1 = i3; j1--;){if(func0(data17[i3], data17[j1])){validate57.errors = [{instancePath:instancePath+"/taxonomyMappings",schemaPath:"#/definitions/taxonomyMappings/uniqueItems",keyword:"uniqueItems",params:{i: i3, j: j1},message:"must NOT have duplicate items (items ## "+j1+" and "+i3+" are identical)"}];return false;break outer1;}}}}}}}else {validate57.errors = [{instancePath:instancePath+"/taxonomyMappings",schemaPath:"#/definitions/taxonomyMappings/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid0 = _errs25 === errors;}else {var valid0 = true;}}}}}}}}}}}}}}}}}}}}}}else {validate57.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate57.errors = vErrors;return errors === 0;}const schema213 = {"type":"object","required":["cveId","assignerOrgId","state"],"properties":{"cveId":{"$ref":"#/definitions/cveId"},"assignerOrgId":{"$ref":"#/definitions/orgId"},"assignerShortName":{"$ref":"#/definitions/shortName"},"serial":{"type":"integer","minimum":1},"dateUpdated":{"$ref":"#/definitions/timestamp"},"datePublished":{"$ref":"#/definitions/timestamp"},"dateRejected":{"$ref":"#/definitions/timestamp"},"state":{"type":"string","enum":["REJECTED"]},"dateReserved":{"$ref":"#/definitions/timestamp"}},"additionalProperties":false};function validate74(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if((((data.cveId === undefined) && (missing0 = "cveId")) || ((data.assignerOrgId === undefined) && (missing0 = "assignerOrgId"))) || ((data.state === undefined) && (missing0 = "state"))){validate74.errors = [{instancePath,schemaPath:"#/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"}];return false;}else {const _errs1 = errors;for(const key0 in data){if(!(func5.call(schema213.properties, key0))){validate74.errors = [{instancePath,schemaPath:"#/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key0},message:"must NOT have additional properties"}];return false;break;}}if(_errs1 === errors){if(data.cveId !== undefined){let data0 = data.cveId;const _errs2 = errors;const _errs3 = errors;if(errors === _errs3){if(typeof data0 === "string"){if(!pattern1.test(data0)){validate74.errors = [{instancePath:instancePath+"/cveId",schemaPath:"#/definitions/cveId/pattern",keyword:"pattern",params:{pattern: "^CVE-[0-9]{4}-[0-9]{4,19}$"},message:"must match pattern \""+"^CVE-[0-9]{4}-[0-9]{4,19}$"+"\""}];return false;}}else {validate74.errors = [{instancePath:instancePath+"/cveId",schemaPath:"#/definitions/cveId/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs2 === errors;}else {var valid0 = true;}if(valid0){if(data.assignerOrgId !== undefined){let data1 = data.assignerOrgId;const _errs5 = errors;const _errs6 = errors;if(errors === _errs6){if(typeof data1 === "string"){if(!pattern2.test(data1)){validate74.errors = [{instancePath:instancePath+"/assignerOrgId",schemaPath:"#/definitions/orgId/pattern",keyword:"pattern",params:{pattern: "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"},message:"must match pattern \""+"^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$"+"\""}];return false;}}else {validate74.errors = [{instancePath:instancePath+"/assignerOrgId",schemaPath:"#/definitions/orgId/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs5 === errors;}else {var valid0 = true;}if(valid0){if(data.assignerShortName !== undefined){let data2 = data.assignerShortName;const _errs8 = errors;const _errs9 = errors;if(errors === _errs9){if(typeof data2 === "string"){if(func6(data2) > 32){validate74.errors = [{instancePath:instancePath+"/assignerShortName",schemaPath:"#/definitions/shortName/maxLength",keyword:"maxLength",params:{limit: 32},message:"must NOT have more than 32 characters"}];return false;}else {if(func6(data2) < 2){validate74.errors = [{instancePath:instancePath+"/assignerShortName",schemaPath:"#/definitions/shortName/minLength",keyword:"minLength",params:{limit: 2},message:"must NOT have fewer than 2 characters"}];return false;}}}else {validate74.errors = [{instancePath:instancePath+"/assignerShortName",schemaPath:"#/definitions/shortName/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}var valid0 = _errs8 === errors;}else {var valid0 = true;}if(valid0){if(data.serial !== undefined){let data3 = data.serial;const _errs11 = errors;if(!(((typeof data3 == "number") && (!(data3 % 1) && !isNaN(data3))) && (isFinite(data3)))){validate74.errors = [{instancePath:instancePath+"/serial",schemaPath:"#/properties/serial/type",keyword:"type",params:{type: "integer"},message:"must be integer"}];return false;}if(errors === _errs11){if((typeof data3 == "number") && (isFinite(data3))){if(data3 < 1 || isNaN(data3)){validate74.errors = [{instancePath:instancePath+"/serial",schemaPath:"#/properties/serial/minimum",keyword:"minimum",params:{comparison: ">=", limit: 1},message:"must be >= 1"}];return false;}}}var valid0 = _errs11 === errors;}else {var valid0 = true;}if(valid0){if(data.dateUpdated !== undefined){let data4 = data.dateUpdated;const _errs13 = errors;const _errs14 = errors;if(errors === _errs14){if(errors === _errs14){if(typeof data4 === "string"){if(!pattern4.test(data4)){validate74.errors = [{instancePath:instancePath+"/dateUpdated",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data4))){validate74.errors = [{instancePath:instancePath+"/dateUpdated",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate74.errors = [{instancePath:instancePath+"/dateUpdated",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs13 === errors;}else {var valid0 = true;}if(valid0){if(data.datePublished !== undefined){let data5 = data.datePublished;const _errs16 = errors;const _errs17 = errors;if(errors === _errs17){if(errors === _errs17){if(typeof data5 === "string"){if(!pattern4.test(data5)){validate74.errors = [{instancePath:instancePath+"/datePublished",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data5))){validate74.errors = [{instancePath:instancePath+"/datePublished",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate74.errors = [{instancePath:instancePath+"/datePublished",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs16 === errors;}else {var valid0 = true;}if(valid0){if(data.dateRejected !== undefined){let data6 = data.dateRejected;const _errs19 = errors;const _errs20 = errors;if(errors === _errs20){if(errors === _errs20){if(typeof data6 === "string"){if(!pattern4.test(data6)){validate74.errors = [{instancePath:instancePath+"/dateRejected",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data6))){validate74.errors = [{instancePath:instancePath+"/dateRejected",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate74.errors = [{instancePath:instancePath+"/dateRejected",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs19 === errors;}else {var valid0 = true;}if(valid0){if(data.state !== undefined){let data7 = data.state;const _errs22 = errors;if(typeof data7 !== "string"){validate74.errors = [{instancePath:instancePath+"/state",schemaPath:"#/properties/state/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}if(!(data7 === "REJECTED")){validate74.errors = [{instancePath:instancePath+"/state",schemaPath:"#/properties/state/enum",keyword:"enum",params:{allowedValues: schema213.properties.state.enum},message:"must be equal to one of the allowed values"}];return false;}var valid0 = _errs22 === errors;}else {var valid0 = true;}if(valid0){if(data.dateReserved !== undefined){let data8 = data.dateReserved;const _errs24 = errors;const _errs25 = errors;if(errors === _errs25){if(errors === _errs25){if(typeof data8 === "string"){if(!pattern4.test(data8)){validate74.errors = [{instancePath:instancePath+"/dateReserved",schemaPath:"#/definitions/timestamp/pattern",keyword:"pattern",params:{pattern: "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"},message:"must match pattern \""+"^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"+"\""}];return false;}else {if(!(formats0.validate(data8))){validate74.errors = [{instancePath:instancePath+"/dateReserved",schemaPath:"#/definitions/timestamp/format",keyword:"format",params:{format: "date-time"},message:"must match format \""+"date-time"+"\""}];return false;}}}else {validate74.errors = [{instancePath:instancePath+"/dateReserved",schemaPath:"#/definitions/timestamp/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}}}var valid0 = _errs24 === errors;}else {var valid0 = true;}}}}}}}}}}}}else {validate74.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate74.errors = vErrors;return errors === 0;}const schema221 = {"type":"object","properties":{"providerMetadata":{"$ref":"#/definitions/providerMetadata"},"rejectedReasons":{"$ref":"#/definitions/descriptions"},"replacedBy":{"type":"array","minItems":1,"uniqueItems":true,"items":{"$ref":"#/definitions/cveId"}}},"required":["providerMetadata","rejectedReasons"],"patternProperties":{"^x_[^.]*$":{}},"$comment":"The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.","additionalProperties":false};function validate76(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if(((data.providerMetadata === undefined) && (missing0 = "providerMetadata")) || ((data.rejectedReasons === undefined) && (missing0 = "rejectedReasons"))){validate76.errors = [{instancePath,schemaPath:"#/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"}];return false;}else {const _errs2 = errors;for(const key0 in data){if(!((((key0 === "providerMetadata") || (key0 === "rejectedReasons")) || (key0 === "replacedBy")) || (pattern7.test(key0)))){validate76.errors = [{instancePath,schemaPath:"#/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key0},message:"must NOT have additional properties"}];return false;break;}}if(_errs2 === errors){if(data.providerMetadata !== undefined){const _errs3 = errors;if(!(validate14(data.providerMetadata, {instancePath:instancePath+"/providerMetadata",parentData:data,parentDataProperty:"providerMetadata",rootData}))){vErrors = vErrors === null ? validate14.errors : vErrors.concat(validate14.errors);errors = vErrors.length;}var valid0 = _errs3 === errors;}else {var valid0 = true;}if(valid0){if(data.rejectedReasons !== undefined){const _errs4 = errors;if(!(validate16(data.rejectedReasons, {instancePath:instancePath+"/rejectedReasons",parentData:data,parentDataProperty:"rejectedReasons",rootData}))){vErrors = vErrors === null ? validate16.errors : vErrors.concat(validate16.errors);errors = vErrors.length;}var valid0 = _errs4 === errors;}else {var valid0 = true;}if(valid0){if(data.replacedBy !== undefined){let data2 = data.replacedBy;const _errs5 = errors;if(errors === _errs5){if(Array.isArray(data2)){if(data2.length < 1){validate76.errors = [{instancePath:instancePath+"/replacedBy",schemaPath:"#/properties/replacedBy/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"}];return false;}else {var valid1 = true;const len0 = data2.length;for(let i0=0; i0 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data2[i1], data2[j0])){validate76.errors = [{instancePath:instancePath+"/replacedBy",schemaPath:"#/properties/replacedBy/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"}];return false;break outer0;}}}}}}}else {validate76.errors = [{instancePath:instancePath+"/replacedBy",schemaPath:"#/properties/replacedBy/type",keyword:"type",params:{type: "array"},message:"must be array"}];return false;}}var valid0 = _errs5 === errors;}else {var valid0 = true;}}}}}}else {validate76.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate76.errors = vErrors;return errors === 0;}function validate10(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){/*# sourceURL="https://cveproject.github.io/cve-schema/schema/v5.0/docs/CVE_JSON_bundled.json" */;let vErrors = null;let errors = 0;const _errs0 = errors;let valid0 = false;let passing0 = null;const _errs1 = errors;if(errors === _errs1){if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if(((((data.dataType === undefined) && (missing0 = "dataType")) || ((data.dataVersion === undefined) && (missing0 = "dataVersion"))) || ((data.cveMetadata === undefined) && (missing0 = "cveMetadata"))) || ((data.containers === undefined) && (missing0 = "containers"))){const err0 = {instancePath,schemaPath:"#/oneOf/0/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"};if(vErrors === null){vErrors = [err0];}else {vErrors.push(err0);}errors++;}else {const _errs3 = errors;for(const key0 in data){if(!((((key0 === "dataType") || (key0 === "dataVersion")) || (key0 === "cveMetadata")) || (key0 === "containers"))){const err1 = {instancePath,schemaPath:"#/oneOf/0/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key0},message:"must NOT have additional properties"};if(vErrors === null){vErrors = [err1];}else {vErrors.push(err1);}errors++;break;}}if(_errs3 === errors){if(data.dataType !== undefined){let data0 = data.dataType;const _errs4 = errors;if(typeof data0 !== "string"){const err2 = {instancePath:instancePath+"/dataType",schemaPath:"#/definitions/dataType/type",keyword:"type",params:{type: "string"},message:"must be string"};if(vErrors === null){vErrors = [err2];}else {vErrors.push(err2);}errors++;}if(!(data0 === "CVE_RECORD")){const err3 = {instancePath:instancePath+"/dataType",schemaPath:"#/definitions/dataType/enum",keyword:"enum",params:{allowedValues: schema12.enum},message:"must be equal to one of the allowed values"};if(vErrors === null){vErrors = [err3];}else {vErrors.push(err3);}errors++;}var valid1 = _errs4 === errors;}else {var valid1 = true;}if(valid1){if(data.dataVersion !== undefined){let data1 = data.dataVersion;const _errs7 = errors;const _errs8 = errors;if(errors === _errs8){if(typeof data1 === "string"){if(!pattern0.test(data1)){const err4 = {instancePath:instancePath+"/dataVersion",schemaPath:"#/definitions/dataVersion/pattern",keyword:"pattern",params:{pattern: "^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$"},message:"must match pattern \""+"^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$"+"\""};if(vErrors === null){vErrors = [err4];}else {vErrors.push(err4);}errors++;}}else {const err5 = {instancePath:instancePath+"/dataVersion",schemaPath:"#/definitions/dataVersion/type",keyword:"type",params:{type: "string"},message:"must be string"};if(vErrors === null){vErrors = [err5];}else {vErrors.push(err5);}errors++;}}var valid1 = _errs7 === errors;}else {var valid1 = true;}if(valid1){if(data.cveMetadata !== undefined){const _errs10 = errors;if(!(validate11(data.cveMetadata, {instancePath:instancePath+"/cveMetadata",parentData:data,parentDataProperty:"cveMetadata",rootData}))){vErrors = vErrors === null ? validate11.errors : vErrors.concat(validate11.errors);errors = vErrors.length;}var valid1 = _errs10 === errors;}else {var valid1 = true;}if(valid1){if(data.containers !== undefined){let data3 = data.containers;const _errs11 = errors;if(errors === _errs11){if(data3 && typeof data3 == "object" && !Array.isArray(data3)){let missing1;if((data3.cna === undefined) && (missing1 = "cna")){const err6 = {instancePath:instancePath+"/containers",schemaPath:"#/oneOf/0/properties/containers/required",keyword:"required",params:{missingProperty: missing1},message:"must have required property '"+missing1+"'"};if(vErrors === null){vErrors = [err6];}else {vErrors.push(err6);}errors++;}else {const _errs13 = errors;for(const key1 in data3){if(!((key1 === "cna") || (key1 === "adp"))){const err7 = {instancePath:instancePath+"/containers",schemaPath:"#/oneOf/0/properties/containers/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key1},message:"must NOT have additional properties"};if(vErrors === null){vErrors = [err7];}else {vErrors.push(err7);}errors++;break;}}if(_errs13 === errors){if(data3.cna !== undefined){const _errs14 = errors;if(!(validate13(data3.cna, {instancePath:instancePath+"/containers/cna",parentData:data3,parentDataProperty:"cna",rootData}))){vErrors = vErrors === null ? validate13.errors : vErrors.concat(validate13.errors);errors = vErrors.length;}var valid4 = _errs14 === errors;}else {var valid4 = true;}if(valid4){if(data3.adp !== undefined){let data5 = data3.adp;const _errs15 = errors;if(errors === _errs15){if(Array.isArray(data5)){if(data5.length < 1){const err8 = {instancePath:instancePath+"/containers/adp",schemaPath:"#/oneOf/0/properties/containers/properties/adp/minItems",keyword:"minItems",params:{limit: 1},message:"must NOT have fewer than 1 items"};if(vErrors === null){vErrors = [err8];}else {vErrors.push(err8);}errors++;}else {var valid5 = true;const len0 = data5.length;for(let i0=0; i0 1){outer0:for(;i1--;){for(j0 = i1; j0--;){if(func0(data5[i1], data5[j0])){const err9 = {instancePath:instancePath+"/containers/adp",schemaPath:"#/oneOf/0/properties/containers/properties/adp/uniqueItems",keyword:"uniqueItems",params:{i: i1, j: j0},message:"must NOT have duplicate items (items ## "+j0+" and "+i1+" are identical)"};if(vErrors === null){vErrors = [err9];}else {vErrors.push(err9);}errors++;break outer0;}}}}}}}else {const err10 = {instancePath:instancePath+"/containers/adp",schemaPath:"#/oneOf/0/properties/containers/properties/adp/type",keyword:"type",params:{type: "array"},message:"must be array"};if(vErrors === null){vErrors = [err10];}else {vErrors.push(err10);}errors++;}}var valid4 = _errs15 === errors;}else {var valid4 = true;}}}}}else {const err11 = {instancePath:instancePath+"/containers",schemaPath:"#/oneOf/0/properties/containers/type",keyword:"type",params:{type: "object"},message:"must be object"};if(vErrors === null){vErrors = [err11];}else {vErrors.push(err11);}errors++;}}var valid1 = _errs11 === errors;}else {var valid1 = true;}}}}}}}else {const err12 = {instancePath,schemaPath:"#/oneOf/0/type",keyword:"type",params:{type: "object"},message:"must be object"};if(vErrors === null){vErrors = [err12];}else {vErrors.push(err12);}errors++;}}var _valid0 = _errs1 === errors;if(_valid0){valid0 = true;passing0 = 0;}const _errs18 = errors;if(errors === _errs18){if(data && typeof data == "object" && !Array.isArray(data)){let missing2;if(((((data.dataType === undefined) && (missing2 = "dataType")) || ((data.dataVersion === undefined) && (missing2 = "dataVersion"))) || ((data.cveMetadata === undefined) && (missing2 = "cveMetadata"))) || ((data.containers === undefined) && (missing2 = "containers"))){const err13 = {instancePath,schemaPath:"#/oneOf/1/required",keyword:"required",params:{missingProperty: missing2},message:"must have required property '"+missing2+"'"};if(vErrors === null){vErrors = [err13];}else {vErrors.push(err13);}errors++;}else {const _errs20 = errors;for(const key2 in data){if(!((((key2 === "dataType") || (key2 === "dataVersion")) || (key2 === "cveMetadata")) || (key2 === "containers"))){const err14 = {instancePath,schemaPath:"#/oneOf/1/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key2},message:"must NOT have additional properties"};if(vErrors === null){vErrors = [err14];}else {vErrors.push(err14);}errors++;break;}}if(_errs20 === errors){if(data.dataType !== undefined){let data7 = data.dataType;const _errs21 = errors;if(typeof data7 !== "string"){const err15 = {instancePath:instancePath+"/dataType",schemaPath:"#/definitions/dataType/type",keyword:"type",params:{type: "string"},message:"must be string"};if(vErrors === null){vErrors = [err15];}else {vErrors.push(err15);}errors++;}if(!(data7 === "CVE_RECORD")){const err16 = {instancePath:instancePath+"/dataType",schemaPath:"#/definitions/dataType/enum",keyword:"enum",params:{allowedValues: schema12.enum},message:"must be equal to one of the allowed values"};if(vErrors === null){vErrors = [err16];}else {vErrors.push(err16);}errors++;}var valid7 = _errs21 === errors;}else {var valid7 = true;}if(valid7){if(data.dataVersion !== undefined){let data8 = data.dataVersion;const _errs24 = errors;const _errs25 = errors;if(errors === _errs25){if(typeof data8 === "string"){if(!pattern0.test(data8)){const err17 = {instancePath:instancePath+"/dataVersion",schemaPath:"#/definitions/dataVersion/pattern",keyword:"pattern",params:{pattern: "^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$"},message:"must match pattern \""+"^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$"+"\""};if(vErrors === null){vErrors = [err17];}else {vErrors.push(err17);}errors++;}}else {const err18 = {instancePath:instancePath+"/dataVersion",schemaPath:"#/definitions/dataVersion/type",keyword:"type",params:{type: "string"},message:"must be string"};if(vErrors === null){vErrors = [err18];}else {vErrors.push(err18);}errors++;}}var valid7 = _errs24 === errors;}else {var valid7 = true;}if(valid7){if(data.cveMetadata !== undefined){const _errs27 = errors;if(!(validate74(data.cveMetadata, {instancePath:instancePath+"/cveMetadata",parentData:data,parentDataProperty:"cveMetadata",rootData}))){vErrors = vErrors === null ? validate74.errors : vErrors.concat(validate74.errors);errors = vErrors.length;}var valid7 = _errs27 === errors;}else {var valid7 = true;}if(valid7){if(data.containers !== undefined){let data10 = data.containers;const _errs28 = errors;if(errors === _errs28){if(data10 && typeof data10 == "object" && !Array.isArray(data10)){let missing3;if((data10.cna === undefined) && (missing3 = "cna")){const err19 = {instancePath:instancePath+"/containers",schemaPath:"#/oneOf/1/properties/containers/required",keyword:"required",params:{missingProperty: missing3},message:"must have required property '"+missing3+"'"};if(vErrors === null){vErrors = [err19];}else {vErrors.push(err19);}errors++;}else {const _errs30 = errors;for(const key3 in data10){if(!(key3 === "cna")){const err20 = {instancePath:instancePath+"/containers",schemaPath:"#/oneOf/1/properties/containers/additionalProperties",keyword:"additionalProperties",params:{additionalProperty: key3},message:"must NOT have additional properties"};if(vErrors === null){vErrors = [err20];}else {vErrors.push(err20);}errors++;break;}}if(_errs30 === errors){if(data10.cna !== undefined){if(!(validate76(data10.cna, {instancePath:instancePath+"/containers/cna",parentData:data10,parentDataProperty:"cna",rootData}))){vErrors = vErrors === null ? validate76.errors : vErrors.concat(validate76.errors);errors = vErrors.length;}}}}}else {const err21 = {instancePath:instancePath+"/containers",schemaPath:"#/oneOf/1/properties/containers/type",keyword:"type",params:{type: "object"},message:"must be object"};if(vErrors === null){vErrors = [err21];}else {vErrors.push(err21);}errors++;}}var valid7 = _errs28 === errors;}else {var valid7 = true;}}}}}}}else {const err22 = {instancePath,schemaPath:"#/oneOf/1/type",keyword:"type",params:{type: "object"},message:"must be object"};if(vErrors === null){vErrors = [err22];}else {vErrors.push(err22);}errors++;}}var _valid0 = _errs18 === errors;if(_valid0 && valid0){valid0 = false;passing0 = [passing0, 1];}else {if(_valid0){valid0 = true;passing0 = 1;}}if(!valid0){const err23 = {instancePath,schemaPath:"#/oneOf",keyword:"oneOf",params:{passingSchemas: passing0},message:"must match exactly one schema in oneOf"};if(vErrors === null){vErrors = [err23];}else {vErrors.push(err23);}errors++;validate10.errors = vErrors;return false;}else {errors = _errs0;if(vErrors !== null){if(_errs0){vErrors.length = _errs0;}else {vErrors = null;}}}validate10.errors = vErrors;return errors === 0;} \ No newline at end of file diff --git a/schema/support/Node_Validator/package.json b/schema/support/Node_Validator/package.json new file mode 100644 index 00000000000..1a6a40d4ae9 --- /dev/null +++ b/schema/support/Node_Validator/package.json @@ -0,0 +1,16 @@ +{ + "name": "Node_Validator", + "version": "1.1.0", + "description": "", + "main": "validate.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "ISC", + "dependencies": { + "ajv": "^8.9.0", + "ajv-formats": "^2.1.1" + } +} diff --git a/schema/support/Node_Validator/reportValidation.js b/schema/support/Node_Validator/reportValidation.js new file mode 100644 index 00000000000..bce2417cda5 --- /dev/null +++ b/schema/support/Node_Validator/reportValidation.js @@ -0,0 +1,168 @@ +const fs = require('fs'); +const readline = require('readline'); +const docs= { +'/containers/cna/affected/product:maxLength': "Product name is too long! If you are listing multiple products, please use separate product objects.", +'/containers/cna/affected/product:minLength': "A product name is required.", +'/containers/cna/affected/versions/version:maxLength': "Version name is too long! If you are listing multiple versions, please encode as an array of version objects.", +'/containers/cna/metrics/cvssV3_0:required': "CVSS objects are incomplete. Please provide a valid vectorString at the minimum in your CVE-JSON v4 submission." + +} +/* +function cvePath(value) { + var realId = value.match(/(CVE-(\d{4})-(\d{1,12})(\d{3}))/); + if (realId) { + var id = realId[1]; + var year = realId[2]; + var bucket = realId[3]; + return (year + '/' + bucket + 'xxx/' + id + '.json') + } +} +*/ +const validateCve = require('./dist/cve5validator.js') +var errorStat = {}; +var warnStat = {}; +var errorCount = {}; +var yStat = {}; +var invalid = 0; +var warns = 0; +var total = 0; +var ignore = { '': 1, '/cveMetadata/state': 1, '/containers/cna/references/url': 0} +function validate(line) { + if (line) { + var parts = line.match(/(CVE-(\d+)-\d+)/); + var year = "unknown"; + var id = "unknown"; + if (parts) { + year = parts[2]; + id = parts[1]; + } + try { + if (!fs.lstatSync(line).isDirectory()) { + var cveFile = fs.readFileSync(line); + var cve = JSON.parse(cveFile); + var warnings = cve.containers?.cna.x_ConverterErrors; + //delete cve.x_ValidationErrors; + var assigner = "default"; + try { + assigner = cve.containers?.cna?.x_legacyV4Record?.CVE_data_meta?.ASSIGNER; + if(!assigner) { + assigner = cve.containers?.cna?.providerMetadata?.shortName; + } + } catch (e) { + console.error(e.message); + } + total++; + + if(warnings) { + warns++; + errorCount[assigner]++; + for (const key in warnings) { + var w = 'Warning: ' + warnings[key].error; + //console.log(key); + if(!errorStat[assigner]) { + errorStat[assigner] = {} + errorCount[assigner] = 0 + } + if(!errorStat[assigner][key]) { + errorStat[assigner][key] = []; + } + if(!errorStat[assigner][key][w]) { + errorStat[assigner][key][w] = []; + } + errorStat[assigner][key][w].push(id); + } + } + var valid = validateCve(cve); + if (!valid) { + var errseen = false; + validateCve.errors.forEach(err => { + var path = err.instancePath.replace(/\/\d+\/?/g, "/") + if (!ignore[path]) { + var e = 'Error: ' + err.keyword; + if (!errorStat[assigner]) { + errorStat[assigner] = {} + errorCount[assigner] = 0 + } + if (!errorStat[assigner][path]) { + errorStat[assigner][path] = {} + } + if (!errorStat[assigner][path][e]) { + errorStat[assigner][path][e] = [] + } + errorStat[assigner][path][e].push(id); + errseen = true; + } + }); + if (errseen) { + errorCount[assigner]++; + invalid++; + yStat[year] ? yStat[year]++ : (yStat[year] = 1); + } + } + } + } catch (e) { + console.error(e.message); + } + } +} +/* Example error + { + instancePath: '/cveMetadata/state', + schemaPath: '#/properties/state/enum', + keyword: 'enum', + params: { allowedValues: [Array] }, + message: 'must be equal to one of the allowed values' + }, + */ +var rl = readline.createInterface({ + input: process.stdin, + output: process.stdout, + terminal: false +}); + +function report() { + console.log(` + +

+ ${total} upconverted CVEs: ${warns} warnings and ${invalid} errors. +

+ `) + for (const y in yStat) { + console.log(`
  • year ${y} - ${yStat[y]}
  • `) + } + + Object.keys(errorStat).sort().forEach(x => { + var domain = x.substring(x.indexOf('@') + 1) + console.log(`

    ${domain} [link]

    `) + for (const k in errorStat[x]) { + var alist = errorStat[x][k]; + for (const a in alist) { + var ids = [...new Set(alist[a])]; + console.log(`
    [${ids.length} CVEs] ${a} - field ${k} [link]:`) + if(docs[x + ':' + k]) { + console.log(`

    `+docs[x + ':' + k]+'

    ') + } + console.log('
    ') + for (const c of ids.sort()) { + console.log(` ${c}`) + } + console.log('
    ') + } + } + }); +} + +rl.on('line', validate) +rl.on('close', report) \ No newline at end of file diff --git a/schema/support/Node_Validator/validate.js b/schema/support/Node_Validator/validate.js new file mode 100644 index 00000000000..52e6f5139f3 --- /dev/null +++ b/schema/support/Node_Validator/validate.js @@ -0,0 +1,77 @@ +const fs = require('fs'); +const readline = require('readline'); +const validateCve = require('./dist/cve5validator.js') +var invalid = 0; +var total = 0; +function validateFile(line) { + if (line) { + try { + if (!fs.lstatSync(line).isDirectory()) { + var cveFile = fs.readFileSync(line); + var cve = JSON.parse(cveFile); + total++; + var valid = validateCve(cve); + if (!valid) { + invalid++; + console.log(line + ' is invalid:'); + console.log(validateCve.errors); + } else { + console.log(line + ' is valid.'); + } + } + } catch (e) { + console.error(e.message); + } + } +} + +function report() { + if (invalid == 0) { + console.log(`Summary: All files PASSED validation.`) + } else { + console.log(`Summary: Validation FAILED for ${invalid} out of ${total} files!`) + } +} +var usage = ` +To validate one or more files + $ node validate.js [file-1.json] [file-2.json] ... + +To validate a list of files in a file or on stdin: + $ cat list.txt | node validate.js -e + $ find directory -name '*.json' | node validate.js -e + +To validate a single file via stdin: + $ cat file.json | node validate.js + +` +try { + if (process.argv.length >= 3) { + if (process.argv[2] && (process.argv[2].startsWith("-?") || process.argv[2].startsWith("-h"))) { + console.log(usage) + } else if (process.argv[2] && process.argv[2] == '-e') { + var rl = readline.createInterface({ + input: process.stdin, + output: process.stdout, + terminal: false + }); + rl.on('line', validateFile) + rl.on('close', report) + } else { + for (i = 2; i < process.argv.length; i++) { + validateFile(process.argv[i]); + } + report(); + } + } else { + var cve = fs.readFileSync(0, 'utf-8'); + var valid = validateCve(JSON.parse(cve)); + if (!valid) { + console.log('Input is invalid:'); + console.log(validateCve.errors); + } else + console.log('Input is valid.'); + } +} catch (e) { + console.log(e.message); + console.log(usage); +} \ No newline at end of file diff --git a/schema/support/Python3.x_Validator/D7Validator.py b/schema/support/Python3.x_Validator/D7Validator.py new file mode 100644 index 00000000000..d2be1aad7b1 --- /dev/null +++ b/schema/support/Python3.x_Validator/D7Validator.py @@ -0,0 +1,31 @@ +from jsonschema import * +import json +import sys + +jsource = None +jschema = None + +if len(sys.argv) == 3: + argv = sys.argv + jsource = json.load(open(argv[1])) #'cve502example.json' + jschema = json.load(open(argv[2])) #'cve502.schema' + + D7validator = Draft7Validator(jschema) + hasErrors = 0 + for error in sorted(D7validator.iter_errors(jsource), key=str): + hasErrors += 1 + print('Schema object with error: ', error.validator) + print('ERROR CONTEXT', error.context) + #print(error.message) + print('') + print('---------------------------------------------') + print('') + + if hasErrors > 0: + print('Found ', hasErrors, ' error(s)') + else: + print('Source was valid against schema') +else: + print('Usage: python D7Validator.py [json source file] [json schema file]') + + diff --git a/schema/support/Python3.x_Validator/cvss-v2.0.json b/schema/support/Python3.x_Validator/cvss-v2.0.json new file mode 100644 index 00000000000..efe9917af6c --- /dev/null +++ b/schema/support/Python3.x_Validator/cvss-v2.0.json @@ -0,0 +1,104 @@ +{ + "license": [ + "Copyright (c) 2017, FIRST.ORG, INC.", + "All rights reserved.", + "", + "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ", + "following conditions are met:", + "1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ", + " disclaimer.", + "2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ", + " following disclaimer in the documentation and/or other materials provided with the distribution.", + "3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ", + " products derived from this software without specific prior written permission.", + "", + "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", + "INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ", + "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ", + "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ", + "SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ", + "WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ", + "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." + ], + + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 2.0", + "id": "https://www.first.org/cvss/cvss-v2.0.json?20170531", + "type": "object", + "definitions": { + "accessVectorType": { + "type": "string", + "enum": [ "NETWORK", "ADJACENT_NETWORK", "LOCAL" ] + }, + "accessComplexityType": { + "type": "string", + "enum": [ "HIGH", "MEDIUM", "LOW" ] + }, + "authenticationType": { + "type": "string", + "enum": [ "MULTIPLE", "SINGLE", "NONE" ] + }, + "ciaType": { + "type": "string", + "enum": [ "NONE", "PARTIAL", "COMPLETE" ] + }, + "exploitabilityType": { + "type": "string", + "enum": [ "UNPROVEN", "PROOF_OF_CONCEPT", "FUNCTIONAL", "HIGH", "NOT_DEFINED" ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ "OFFICIAL_FIX", "TEMPORARY_FIX", "WORKAROUND", "UNAVAILABLE", "NOT_DEFINED" ] + }, + "reportConfidenceType": { + "type": "string", + "enum": [ "UNCONFIRMED", "UNCORROBORATED", "CONFIRMED", "NOT_DEFINED" ] + }, + "collateralDamagePotentialType": { + "type": "string", + "enum": [ "NONE", "LOW", "LOW_MEDIUM", "MEDIUM_HIGH", "HIGH", "NOT_DEFINED" ] + }, + "targetDistributionType": { + "type": "string", + "enum": [ "NONE", "LOW", "MEDIUM", "HIGH", "NOT_DEFINED" ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ "LOW", "MEDIUM", "HIGH", "NOT_DEFINED" ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ "2.0" ] + }, + "vectorString": { + "type": "string", + "pattern": "^((AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))/)*(AV:[NAL]|AC:[LMH]|Au:[MSN]|[CIA]:[NPC]|E:(U|POC|F|H|ND)|RL:(OF|TF|W|U|ND)|RC:(UC|UR|C|ND)|CDP:(N|L|LM|MH|H|ND)|TD:(N|L|M|H|ND)|[CIA]R:(L|M|H|ND))$" + }, + "accessVector": { "$ref": "#/definitions/accessVectorType" }, + "accessComplexity": { "$ref": "#/definitions/accessComplexityType" }, + "authentication": { "$ref": "#/definitions/authenticationType" }, + "confidentialityImpact": { "$ref": "#/definitions/ciaType" }, + "integrityImpact": { "$ref": "#/definitions/ciaType" }, + "availabilityImpact": { "$ref": "#/definitions/ciaType" }, + "baseScore": { "$ref": "#/definitions/scoreType" }, + "exploitability": { "$ref": "#/definitions/exploitabilityType" }, + "remediationLevel": { "$ref": "#/definitions/remediationLevelType" }, + "reportConfidence": { "$ref": "#/definitions/reportConfidenceType" }, + "temporalScore": { "$ref": "#/definitions/scoreType" }, + "collateralDamagePotential": { "$ref": "#/definitions/collateralDamagePotentialType" }, + "targetDistribution": { "$ref": "#/definitions/targetDistributionType" }, + "confidentialityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "integrityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "availabilityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "environmentalScore": { "$ref": "#/definitions/scoreType" } + }, + "required": [ "version", "vectorString", "baseScore" ] +} diff --git a/schema/support/Python3.x_Validator/cvss-v3.0.json b/schema/support/Python3.x_Validator/cvss-v3.0.json new file mode 100644 index 00000000000..ac14ac0012f --- /dev/null +++ b/schema/support/Python3.x_Validator/cvss-v3.0.json @@ -0,0 +1,143 @@ +{ + "license": [ + "Copyright (c) 2017, FIRST.ORG, INC.", + "All rights reserved.", + "", + "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ", + "following conditions are met:", + "1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ", + " disclaimer.", + "2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ", + " following disclaimer in the documentation and/or other materials provided with the distribution.", + "3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ", + " products derived from this software without specific prior written permission.", + "", + "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", + "INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ", + "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ", + "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ", + "SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ", + "WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ", + "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." + ], + + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.0", + "id": "https://www.first.org/cvss/cvss-v3.0.json?20170531", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ "NETWORK", "ADJACENT_NETWORK", "LOCAL", "PHYSICAL" ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ "NETWORK", "ADJACENT_NETWORK", "LOCAL", "PHYSICAL", "NOT_DEFINED" ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ "HIGH", "LOW" ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ "HIGH", "LOW", "NOT_DEFINED" ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ "HIGH", "LOW", "NONE" ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ "HIGH", "LOW", "NONE", "NOT_DEFINED" ] + }, + "userInteractionType": { + "type": "string", + "enum": [ "NONE", "REQUIRED" ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ "NONE", "REQUIRED", "NOT_DEFINED" ] + }, + "scopeType": { + "type": "string", + "enum": [ "UNCHANGED", "CHANGED" ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ "UNCHANGED", "CHANGED", "NOT_DEFINED" ] + }, + "ciaType": { + "type": "string", + "enum": [ "NONE", "LOW", "HIGH" ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ "NONE", "LOW", "HIGH", "NOT_DEFINED" ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ "UNPROVEN", "PROOF_OF_CONCEPT", "FUNCTIONAL", "HIGH", "NOT_DEFINED" ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ "OFFICIAL_FIX", "TEMPORARY_FIX", "WORKAROUND", "UNAVAILABLE", "NOT_DEFINED" ] + }, + "confidenceType": { + "type": "string", + "enum": [ "UNKNOWN", "REASONABLE", "CONFIRMED", "NOT_DEFINED" ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ "LOW", "MEDIUM", "HIGH", "NOT_DEFINED" ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + }, + "severityType": { + "type": "string", + "enum": [ "NONE", "LOW", "MEDIUM", "HIGH", "CRITICAL" ] + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ "3.0" ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3.0/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { "$ref": "#/definitions/attackVectorType" }, + "attackComplexity": { "$ref": "#/definitions/attackComplexityType" }, + "privilegesRequired": { "$ref": "#/definitions/privilegesRequiredType" }, + "userInteraction": { "$ref": "#/definitions/userInteractionType" }, + "scope": { "$ref": "#/definitions/scopeType" }, + "confidentialityImpact": { "$ref": "#/definitions/ciaType" }, + "integrityImpact": { "$ref": "#/definitions/ciaType" }, + "availabilityImpact": { "$ref": "#/definitions/ciaType" }, + "baseScore": { "$ref": "#/definitions/scoreType" }, + "baseSeverity": { "$ref": "#/definitions/severityType" }, + "exploitCodeMaturity": { "$ref": "#/definitions/exploitCodeMaturityType" }, + "remediationLevel": { "$ref": "#/definitions/remediationLevelType" }, + "reportConfidence": { "$ref": "#/definitions/confidenceType" }, + "temporalScore": { "$ref": "#/definitions/scoreType" }, + "temporalSeverity": { "$ref": "#/definitions/severityType" }, + "confidentialityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "integrityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "availabilityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "modifiedAttackVector": { "$ref": "#/definitions/modifiedAttackVectorType" }, + "modifiedAttackComplexity": { "$ref": "#/definitions/modifiedAttackComplexityType" }, + "modifiedPrivilegesRequired": { "$ref": "#/definitions/modifiedPrivilegesRequiredType" }, + "modifiedUserInteraction": { "$ref": "#/definitions/modifiedUserInteractionType" }, + "modifiedScope": { "$ref": "#/definitions/modifiedScopeType" }, + "modifiedConfidentialityImpact": { "$ref": "#/definitions/modifiedCiaType" }, + "modifiedIntegrityImpact": { "$ref": "#/definitions/modifiedCiaType" }, + "modifiedAvailabilityImpact": { "$ref": "#/definitions/modifiedCiaType" }, + "environmentalScore": { "$ref": "#/definitions/scoreType" }, + "environmentalSeverity": { "$ref": "#/definitions/severityType" } + }, + "required": [ "version", "vectorString", "baseScore", "baseSeverity" ] +} diff --git a/schema/support/Python3.x_Validator/cvss-v3.1.json b/schema/support/Python3.x_Validator/cvss-v3.1.json new file mode 100644 index 00000000000..32410fd4ec7 --- /dev/null +++ b/schema/support/Python3.x_Validator/cvss-v3.1.json @@ -0,0 +1,143 @@ +{ + "license": [ + "Copyright (c) 2019, FIRST.ORG, INC.", + "All rights reserved.", + "", + "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ", + "following conditions are met:", + "1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ", + " disclaimer.", + "2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ", + " following disclaimer in the documentation and/or other materials provided with the distribution.", + "3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ", + " products derived from this software without specific prior written permission.", + "", + "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", + "INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ", + "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ", + "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ", + "SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ", + "WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ", + "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." + ], + + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "JSON Schema for Common Vulnerability Scoring System version 3.1", + "id": "https://www.first.org/cvss/cvss-v3.1.json?20190610", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string", + "enum": [ "NETWORK", "ADJACENT_NETWORK", "LOCAL", "PHYSICAL" ] + }, + "modifiedAttackVectorType": { + "type": "string", + "enum": [ "NETWORK", "ADJACENT_NETWORK", "LOCAL", "PHYSICAL", "NOT_DEFINED" ] + }, + "attackComplexityType": { + "type": "string", + "enum": [ "HIGH", "LOW" ] + }, + "modifiedAttackComplexityType": { + "type": "string", + "enum": [ "HIGH", "LOW", "NOT_DEFINED" ] + }, + "privilegesRequiredType": { + "type": "string", + "enum": [ "HIGH", "LOW", "NONE" ] + }, + "modifiedPrivilegesRequiredType": { + "type": "string", + "enum": [ "HIGH", "LOW", "NONE", "NOT_DEFINED" ] + }, + "userInteractionType": { + "type": "string", + "enum": [ "NONE", "REQUIRED" ] + }, + "modifiedUserInteractionType": { + "type": "string", + "enum": [ "NONE", "REQUIRED", "NOT_DEFINED" ] + }, + "scopeType": { + "type": "string", + "enum": [ "UNCHANGED", "CHANGED" ] + }, + "modifiedScopeType": { + "type": "string", + "enum": [ "UNCHANGED", "CHANGED", "NOT_DEFINED" ] + }, + "ciaType": { + "type": "string", + "enum": [ "NONE", "LOW", "HIGH" ] + }, + "modifiedCiaType": { + "type": "string", + "enum": [ "NONE", "LOW", "HIGH", "NOT_DEFINED" ] + }, + "exploitCodeMaturityType": { + "type": "string", + "enum": [ "UNPROVEN", "PROOF_OF_CONCEPT", "FUNCTIONAL", "HIGH", "NOT_DEFINED" ] + }, + "remediationLevelType": { + "type": "string", + "enum": [ "OFFICIAL_FIX", "TEMPORARY_FIX", "WORKAROUND", "UNAVAILABLE", "NOT_DEFINED" ] + }, + "confidenceType": { + "type": "string", + "enum": [ "UNKNOWN", "REASONABLE", "CONFIRMED", "NOT_DEFINED" ] + }, + "ciaRequirementType": { + "type": "string", + "enum": [ "LOW", "MEDIUM", "HIGH", "NOT_DEFINED" ] + }, + "scoreType": { + "type": "number", + "minimum": 0, + "maximum": 10 + }, + "severityType": { + "type": "string", + "enum": [ "NONE", "LOW", "MEDIUM", "HIGH", "CRITICAL" ] + } + }, + "properties": { + "version": { + "description": "CVSS Version", + "type": "string", + "enum": [ "3.1" ] + }, + "vectorString": { + "type": "string", + "pattern": "^CVSS:3.1/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$" + }, + "attackVector": { "$ref": "#/definitions/attackVectorType" }, + "attackComplexity": { "$ref": "#/definitions/attackComplexityType" }, + "privilegesRequired": { "$ref": "#/definitions/privilegesRequiredType" }, + "userInteraction": { "$ref": "#/definitions/userInteractionType" }, + "scope": { "$ref": "#/definitions/scopeType" }, + "confidentialityImpact": { "$ref": "#/definitions/ciaType" }, + "integrityImpact": { "$ref": "#/definitions/ciaType" }, + "availabilityImpact": { "$ref": "#/definitions/ciaType" }, + "baseScore": { "$ref": "#/definitions/scoreType" }, + "baseSeverity": { "$ref": "#/definitions/severityType" }, + "exploitCodeMaturity": { "$ref": "#/definitions/exploitCodeMaturityType" }, + "remediationLevel": { "$ref": "#/definitions/remediationLevelType" }, + "reportConfidence": { "$ref": "#/definitions/confidenceType" }, + "temporalScore": { "$ref": "#/definitions/scoreType" }, + "temporalSeverity": { "$ref": "#/definitions/severityType" }, + "confidentialityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "integrityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "availabilityRequirement": { "$ref": "#/definitions/ciaRequirementType" }, + "modifiedAttackVector": { "$ref": "#/definitions/modifiedAttackVectorType" }, + "modifiedAttackComplexity": { "$ref": "#/definitions/modifiedAttackComplexityType" }, + "modifiedPrivilegesRequired": { "$ref": "#/definitions/modifiedPrivilegesRequiredType" }, + "modifiedUserInteraction": { "$ref": "#/definitions/modifiedUserInteractionType" }, + "modifiedScope": { "$ref": "#/definitions/modifiedScopeType" }, + "modifiedConfidentialityImpact": { "$ref": "#/definitions/modifiedCiaType" }, + "modifiedIntegrityImpact": { "$ref": "#/definitions/modifiedCiaType" }, + "modifiedAvailabilityImpact": { "$ref": "#/definitions/modifiedCiaType" }, + "environmentalScore": { "$ref": "#/definitions/scoreType" }, + "environmentalSeverity": { "$ref": "#/definitions/severityType" } + }, + "required": [ "version", "vectorString", "baseScore", "baseSeverity" ] +} diff --git a/schema/support/docs/css_override.css b/schema/support/docs/css_override.css new file mode 100644 index 00000000000..c277084a91e --- /dev/null +++ b/schema/support/docs/css_override.css @@ -0,0 +1,51 @@ + +.examples, .highlight.jumbotron, .card-header { + padding: 0rem !important; +} +.jumbotron { + margin-bottom: 0px !important; +} + +.badge { + font-size: 80% !important; + margin-bottom: 0px !important; +} +h2, h4, .h2, .h4 { + font-size: 100% !important; +} +.btn.btn-link { + font-size: 16px; +} +.property-name-button { + padding: 0px 5px; +} +.btn.btn-primary { + margin: 5px; +} + +p { + margin-bottom: 0px; +} + +.list-group-item { + padding: 3px 8px; +} + +.pl-5, .card-body { + padding-left: 0.5em !important; +} + +#root h1:before { + background: url("https://cve.mitre.org/images/cvelogobanner.png") no-repeat; + background-size: contain; + background-position-y: center; + width: 120px; + height: 30px; + display: inline-block; + content: ""; +} + +span.description ~ p { + display: inline-block; + margin-right: 3px; +} diff --git a/schema/support/docs/docs.sh b/schema/support/docs/docs.sh new file mode 100644 index 00000000000..58c2f40fbb2 --- /dev/null +++ b/schema/support/docs/docs.sh @@ -0,0 +1,8 @@ +#!/bin/bash +cd ../../ +sed 's/file\://g' CVE_JSON_5.1_schema.json > tmp.json | generate-schema-doc --minify tmp.json docs/index.html +perl -pi -e 's//>/g' docs/index.html +node support/schema2markmap/index.js tmp.json > 'docs/mindmap.html' +node support/schema2markmap/schema-bundle.js tmp.json './docs/' +rm tmp.json +cat support/docs/css_override.css >> docs/schema_doc.css diff --git a/schema/support/qualityReport/README.md b/schema/support/qualityReport/README.md new file mode 100644 index 00000000000..ae4be2bfa8f --- /dev/null +++ b/schema/support/qualityReport/README.md @@ -0,0 +1,8 @@ + +# CVE Quality Report Generator + +Eg., + +$ node report.js [path where CVE JSON records are kept] > report.html + +$ node report.js ~/Documents/GitHub/cvelistV5/cves > index.html diff --git a/schema/support/qualityReport/report.js b/schema/support/qualityReport/report.js new file mode 100644 index 00000000000..f86b03baadd --- /dev/null +++ b/schema/support/qualityReport/report.js @@ -0,0 +1,306 @@ +const fs = require('fs'); +const path = require('path'); +const validateCve = require('../Node_Validator/dist/cve5validator.js') +process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0; + +const ignore = { + '': 1, + '/cveMetadata/state': 1, + '/cveMetadata': 1, + '/dataVersion': 1, + '/containers/cna/references/url': 0 +} +var cnas = {}; +var cnaIndex = {}; +var errorStat = {}; +var warnStat = {}; +var errorCount = {}; +var yStat = {}; +var invalid = 0; +var warns = 0; +var total = 0; + +const start = ` +CVE Quality Report +` + +async function loadCNAs(data) { + for(c of data) { + try { + var em = c.contact[0].email[0].emailAddr; + var host= em.substr(em.indexOf('@')+1); + u = new URL('https://www.'+host); + c.i = u.href; + c.n = c.organizationName; + } catch(e) { + } + cnas[c.shortName]=c; + } + +} +async function getCNAs() { + //var data = require('./CNAsList.json'); + //loadCNAs(data); return; + const cnaList = 'https://raw.githubusercontent.com/CVEProject/cve-website/dev/src/assets/data/CNAsList.json' + const res = await fetch(cnaList); + if (res.ok) { + const data = await res.json(); + loadCNAs(data); + } +} + +function cveLink(id) { + return 'https://github.com/CVEProject/cvelistV5/tree/main/cves/' + cveRepoPath(id); +} + +function cveRepoPath(value) { +var realId = value.match(/(CVE-(\d{4})-(\d{1,12})(\d{3}))/); +if (realId) { + var id = realId[1]; + var year = realId[2]; + var bucket = realId[3]; + return (year + '/' + bucket + 'xxx/' + id + '.json') +} +} + +async function getReport(dir) { + const files = fs.readdirSync(dir, { withFileTypes: true }); + for (const file of files) { + if (file.isDirectory()) { + getReport(path.join(dir, file.name)); + } else { + if (file.name.match((/CVE-(\d{4})-(\d{1,12})(\d{3})/))) { + var cveFile = fs.readFileSync(path.join(dir, file.name)); + var cve = JSON.parse(cveFile); + var v = valididate(cve); + var q = qualityCheck(cve); + total++; + if(!v) { + invalid++; + } + if(!q) { + warns++; + } + } + } + } +} + +/* Example error + { + instancePath: '/cveMetadata/state', + schemaPath: '#/properties/state/enum', + keyword: 'enum', + params: { allowedValues: [Array] }, + message: 'must be equal to one of the allowed values' + }, +*/ + +function addError(cve, err) { + var id = cve.cveMetadata.cveId; + + var shortName = cve.cveMetadata?.assignerShortName || 'default'; + if(!cnaIndex[shortName]) { + cnaIndex[shortName] = []; + } + + //remove oneOf numbers + var path = err?.instancePath?.replace(/\/\d+\/?/g, "/"); + if (!ignore[path]) { + var prop = err.params?.additionalProperty || ''; + var e = `Problem: ${err.keyword} ${prop}! - ${err.message}`; + if (!errorStat[shortName]) { + errorStat[shortName] = {} + errorCount[shortName] = 0 + } + if (!errorStat[shortName][path]) { + errorStat[shortName][path] = {} + } + if (!errorStat[shortName][path][e]) { + errorStat[shortName][path][e] = [] + } + errorStat[shortName][path][e].push(id); + errseen = true; + } +} + +function valididate(cve) { + var valid = validateCve(cve); + errseen = false; + if (!valid) { + validateCve.errors.forEach(err=>{addError(cve, err)}); + } + return !errseen; +} + +function qualityCheck(cve) { + var warned = false; + var c = checkCVSS(cve); + if(c){ + addError(cve, c); + warned = true; + } +/* c = checkLinkRot(cve); + if(c) { + addError(cve, c); + warned = true; + }*/ + if(warned) { + return false; + } else { + return true; + } +} + +const four04List = [ + 'www.securityfocus.com', + 'osvdb.org', + 'online.securityfocus.com', + 'patches.sgi.com', + 'docs.info.apple.com', + 'h20000.www2.hp.com', + 'labs.idefense.com', + 'wiki.rpath.com', + 'source.codeaurora.org', + 'code.wireshark.org', + 'h20564.www2.hp.com', + 'www.linux-mandrake.com', + 'erpscan.io', + 'downloads.securityfocus.com', + 'www.atstake.com', + 'hermes.opensuse.org', + 'itrc.hp.com', + 'ftp.caldera.com', + 'packetstorm.linuxsecurity.com', + 'www1.itrc.hp.com' +] + +const four04 = {}; +for (const key of four04List) { + four04[key] = 1; +} + +function checkLinkRot(cve) { + if(cve.containers?.cna?.references) { + for(r of cve.containers?.cna?.references) { + try{ + var u = new URL(r.url); + if (four04[u.host] && !(r.tags && r.tags.includes('broken-link'))) { + return { + instancePath: '/containers/cna/references', + schemaPath: '#/properties/url', + keyword: 'Broken link to ' + u.host, + params: { }, + message: 'Reference points to defunct site. Replace or add a broken-link tag.' + } + } + } catch(e) { + console.log('Error parsing URL' + r.url) + } + } + } + return false; +} + +function checkCVSS(cve) { + if(cve.containers.cna?.metrics) { + for(m of cve.containers.cna?.metrics) { + var cvss = m.cvssV3_1 || m.cvssV3_0; + if(cvss) { + if ((cvss.baseSeverity == 'CRITICAL' && cvss.baseScore >= 9 && cvss.baseScore <= 10) + || (cvss.baseSeverity == 'HIGH' && cvss.baseScore >= 7 && cvss.baseScore < 9) + || (cvss.baseSeverity == 'MEDIUM' && cvss.baseScore >= 4 && cvss.baseScore < 7) + || (cvss.baseSeverity == 'LOW' && cvss.baseScore >= 0.1 && cvss.baseScore < 4) + || (cvss.baseSeverity == 'NONE' && cvss.baseScore == 0)) { + //console.log('valid CVSS '); + } else { + return { + instancePath: '/containers/cna/metrics', + schemaPath: '#/properties', // TODO? + keyword: 'Bad CVSS', + params: { }, + message: 'Mismatched CVSS score and level' + } + } + } + } + } + return false; +} + +async function checkAffected(cve) { + +} + + +run(process.argv[2]); + +async function run(dir) { + await getCNAs(); + await getReport(dir); + await printReport(); +} + + +const docs = { +'/containers/cna/affected/product:maxLength': "Product name is too long! If you are listing multiple products, please use separate product objects.", +'/containers/cna/affected/product:minLength': "A product name is required.", +'/containers/cna/affected/versions/version:maxLength': "Version name is too long! If you are listing multiple versions, please encode as an array of version objects.", +'/containers/cna/metrics/cvssV3_0:required': "CVSS objects are incomplete. Please provide a valid vectorString at the minimum in your CVE-JSON v4 submission." +} + + +function printReport() { + console.log(start + + `

    CVE Quality Workgroup Report

    ${total} CVE analyzed: Found ${invalid} schema errors, ${warns} quality issues

    `) + /*for (const y in yStat) { + console.log(`
  • year ${y} - ${yStat[y]}
  • `) + }*/ + + Object.keys(errorStat).sort().forEach(shortName => { + var i = cnas[shortName]?.i; + var name = cnas[shortName]?.n ? cnas[shortName]?.n : shortName; + console.log(`

    ${name} [link]

    `) + for (const k in errorStat[shortName]) { + var alist = errorStat[shortName][k]; + for (const a in alist) { + var ids = [...new Set(alist[a])]; + console.log(`
    [${ids.length} CVEs] ${a} - field ${k} [link]:`) + if(docs[shortName + ':' + k]) { + console.log(`

    `+docs[shortName + ':' + k]+'

    ') + } + console.log('
    ') + for (const c of ids.sort()) { + console.log(` ${c}`) + } + console.log('
    ') + } + } + }); + + console.log(''); +} +/* var index = start + '

    CVE Quality Workgroup Report: CVE Records Indexed by CNAs

    '; + for(x of Object.keys(cnaIndex).sort(new Intl.Collator('en',{numeric:true}).compare)) { + var i = cnas[x]?.i; + var name = cnas[x]?.n ? cnas[x]?.n : x; + index = index + `
    ${name}
    ${cnaIndex[x].length} records

    `; + //var report = start + `

    CVE Quality Workgroup Report: CVEs records belonging to ${name}

    `; + for (c in cnaIndex[x].sort(new Intl.Collator('en',{numeric:true}).compare)) { + index += ` ${cnaIndex[x][c]}` + } + //report = report + ''; + //fs.writeFileSync('./reports/'+x+'.html',report); + } + fs.writeFileSync('./reports/index.html',index + '
    '); +} + +rl.on('line', validate) +rl.on('close', report) + +*/ \ No newline at end of file diff --git a/schema/support/schema2markmap/index.js b/schema/support/schema2markmap/index.js new file mode 100644 index 00000000000..3703dc2d55b --- /dev/null +++ b/schema/support/schema2markmap/index.js @@ -0,0 +1,63 @@ +// Author: Chandan BN (c) 2021 +// (1) convert CVE JSON schema to a mindmap + +var ml = require('markmap-lib') +var Transformer = ml.Transformer; +var fillTemplate = ml.fillTemplate; +var sw = require('@cloudflare/json-schema-walker'); +var rp = require('json-schema-ref-parser'); +var fold = ['metrics', 'cvssV3_1', 'cvssV3_0', 'cvssV2_0', 'supportingMedia', + 'tags', 'impacts', 'configurations', 'workarounds', 'solutions', 'exploits', + 'timeline', 'credits', 'tags', 'taxonomyMappings', 'adp']; +var symbol = { object: '', array: '[]', string: '', boolean: '☯', number: '', integer: '', undefined: '' }; +const fs = require('fs'); +var markmap = require('markmap-view'); +const { Markmap, loadCSS, loadJS } = markmap; + +let forDeletion = ['properties', 'items', 'anyOf', 'allOf', 'oneOf']; + +var markdown = "# CVE JSON Record\n"; + +function postfunc(obj, path, parent, parentPath) { + if (path[1] && isNaN(path[1])) { + var depth = parentPath.filter(i => !forDeletion.includes(i)).length; + var reqStart = ""; + var reqEnd = ""; + + if (parent?.required?.includes(path[1])) { + reqStart = ""; + reqEnd = ""; + } + markdown += (" ".repeat(depth) + + "* " + reqStart + path[1] + reqEnd + + ' ' + (fold.includes(path[1]) ? '' : '') + + symbol[obj.type] + + (obj.examples ? 'e.g., `' + obj.examples[0] + '`' : '') + + (obj.enum ? '`' + obj.enum.join('` `') + '`' : '')) + + '\n'; + } +} + +async function schemaMindMap() { + var cveSchema = await rp.dereference(process.argv[2]); + markdown += "## Published \n"; + sw.schemaWalk(cveSchema.oneOf[0], postfunc, null); + + markdown += "## Rejected \n"; + sw.schemaWalk(cveSchema.oneOf[1], postfunc, null); + + const transformer = new Transformer(); + + // transform markdown + const { root, features } = transformer.transform(markdown); + + // get assets required by used features + var assets = transformer.getUsedAssets(features); + + // create mindmap html + var html = fillTemplate(root, assets); + html = html.replace('Markmap', 'CVE JSON v5 Mindmap'); + console.log(html); +} + +schemaMindMap(); diff --git a/schema/support/schema2markmap/package.json b/schema/support/schema2markmap/package.json new file mode 100644 index 00000000000..7e1c1eb3438 --- /dev/null +++ b/schema/support/schema2markmap/package.json @@ -0,0 +1,27 @@ +{ + "name": "schema2markmap", + "version": "1.0.0", + "description": "Convert CVE JSON schema to a Mardkdown document suitable for use with Markmap.js", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "repository": { + "type": "git", + "url": "https://github.com/CVEProject/cve-schema/tree/master/schema/v5.0/support" + }, + "keywords": [ + "JSON", + "Schema", + "Markdown", + "Markmap" + ], + "author": "Chandan B.N.", + "license": "CC0-1.0", + "dependencies": { + "@cloudflare/json-schema-walker": "^0.1.1", + "json-schema-ref-parser": "^9.0.9", + "markmap-lib": "^0.11.6", + "markmap-view": "^0.2.6" + } +} diff --git a/schema/support/schema2markmap/schema-bundle.js b/schema/support/schema2markmap/schema-bundle.js new file mode 100644 index 00000000000..7409ce807b3 --- /dev/null +++ b/schema/support/schema2markmap/schema-bundle.js @@ -0,0 +1,63 @@ +// Author: Chandan BN (c) 2021 +// (2) creates a bundled schema +const rp = require('json-schema-ref-parser'); +const fs = require('fs'); + +const dirName = process.argv[3]; + +if(!dirName) { + console.error('Please specify directory name'); + process.exit(1); +} + +async function schemaBundle() { + var cveSchemaBundle = await rp.bundle(process.argv[2]); + var metricProperties = cveSchemaBundle.definitions.metrics.items.properties; + delete metricProperties.cvssV4_0.$id; + delete metricProperties.cvssV3_1.id; + delete metricProperties.cvssV3_0.id; + delete metricProperties.cvssV2_0.id; + delete metricProperties.cvssV4_0.license; + delete metricProperties.cvssV3_1.license; + delete metricProperties.cvssV3_0.license; + delete metricProperties.cvssV2_0.license; + + + fs.writeFile(`${dirName}/CVE_Record_Format.json`, + JSON.stringify(cveSchemaBundle, null, 2), + err => { + if(err) + throw err; + else + console.log('CVE_Record_Format.json created'); + } + ); + + for(let t of ['cnaPublishedContainer', 'cnaRejectedContainer', 'adpContainer']) { + var subSchema = { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": `https://cveproject.github.io/cve-schema/schema/docs/CVE_Record_Format_bundled_${t}.json`, + "title": `CVE Record Format ${t} sub schema`, + "description": `CVE Record Format ${t} format`, + "definitions": cveSchemaBundle.definitions, + "properties": { + }, + "additionalProperties": false + } + subSchema.properties[t.replace(/Published|Rejected/,'')] = { + "$ref": `#/definitions/${t}` + } + + fs.writeFile(`${dirName}/CVE_Record_Format_bundled_${t}.json`, + JSON.stringify(subSchema, null, 2), + err => { + if(err) + throw err; + else + console.log(`CVE_Record_Format_bundled_${t}.json created`); + } + ); + } +} + +schemaBundle(); diff --git a/schema/support/tests/README.md b/schema/support/tests/README.md new file mode 100644 index 00000000000..0b66406df59 --- /dev/null +++ b/schema/support/tests/README.md @@ -0,0 +1,13 @@ +# All records in vald directory must validate: + +$ node ../Node_validator/validate.js valid/*.json + + ... + Summary: All files PASSED validation. + +# All records in invald directory must fail to validate: + +$ node ../Node_validator/validate.js invalid/*.json + + .... + Summary: Validation FAILED for 5 out of 5 files! diff --git a/schema/tags/adp-tags.json b/schema/tags/adp-tags.json new file mode 100644 index 00000000000..d16868a91bd --- /dev/null +++ b/schema/tags/adp-tags.json @@ -0,0 +1,7 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", + "type": "string", + "description": "disputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": ["disputed"] +} diff --git a/schema/tags/cna-tags.json b/schema/tags/cna-tags.json new file mode 100644 index 00000000000..35633c72ecb --- /dev/null +++ b/schema/tags/cna-tags.json @@ -0,0 +1,7 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", + "type": "string", + "description": "exclusively-hosted-service: All known software and/or hardware affected by this CVE Record is known to exist only in the affected hosted service. If the vulnerability affects both hosted and on-prem software and/or hardware, then the tag should not be used.\n\nunsupported-when-assigned: Used by the assigning CNA to indicate that when a request for a CVE assignment was received, the product was already end-of-life (EOL) or a product or specific version was deemed not to be supported by the vendor. This tag should only be applied to a CVE Record when all affected products or version lines referenced in the CVE-Record are EOL.\n\ndisputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.", + "enum": ["unsupported-when-assigned", "exclusively-hosted-service", "disputed"] +} diff --git a/schema/tags/reference-tags.json b/schema/tags/reference-tags.json new file mode 100644 index 00000000000..41a1aebe7af --- /dev/null +++ b/schema/tags/reference-tags.json @@ -0,0 +1,27 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", + "type": "string", + "description": "broken-link: The reference link is returning a 404 error, or the site is no longer online.\n\ncustomer-entitlement: Similar to Privileges Required, but specific to references that require non-public/paid access for customers of the particular vendor.\n\nexploit: Reference contains an in-depth/detailed description of steps to exploit a vulnerability OR the reference contains any legitimate Proof of Concept (PoC) code or exploit kit.\n\ngovernment-resource: All reference links that are from a government agency or organization should be given the Government Resource tag.\n\nissue-tracking: The reference is a post from a bug tracking tool such as MantisBT, Bugzilla, JIRA, Github Issues, etc...\n\nmailing-list: The reference is from a mailing list -- often specific to a product or vendor.\n\nmitigation: The reference contains information on steps to mitigate against the vulnerability in the event a patch can't be applied or is unavailable or for EOL product situations.\n\nnot-applicable: The reference link is not applicable to the vulnerability and was likely associated by MITRE accidentally (should be used sparingly).\n\npatch: The reference contains an update to the software that fixes the vulnerability.\n\npermissions-required: The reference link provided is blocked by a logon page. If credentials are required to see any information this tag must be applied.\n\nmedia-coverage: The reference is from a media outlet such as a newspaper, magazine, social media, or weblog. This tag is not intended to apply to any individual's personal social media account. It is strictly intended for public media entities.\n\nproduct: A reference appropriate for describing a product for the purpose of CPE or SWID.\n\nrelated: A reference that is for a related (but not the same) vulnerability.\n\nrelease-notes: The reference is in the format of a vendor or open source project's release notes or change log.\n\nsignature: The reference contains a method to detect or prevent the presence or exploitation of the vulnerability.\n\ntechnical-description: The reference contains in-depth technical information about a vulnerability and its exploitation process, typically in the form of a presentation or whitepaper.\n\nthird-party-advisory: Advisory is from an organization that is not the vulnerable product's vendor/publisher/maintainer.\n\nvendor-advisory: Advisory is from the vendor/publisher/maintainer of the product or the parent organization.\n\nvdb-entry: VDBs are loosely defined as sites that provide information about this vulnerability, such as advisories, with identifiers. Included VDBs are free to access, substantially public, and have broad scope and coverage (not limited to a single vendor or research organization). See: https://www.first.org/global/sigs/vrdx/vdb-catalog", + "enum": [ + "broken-link", + "customer-entitlement", + "exploit", + "government-resource", + "issue-tracking", + "mailing-list", + "mitigation", + "not-applicable", + "patch", + "permissions-required", + "media-coverage", + "product", + "related", + "release-notes", + "signature", + "technical-description", + "third-party-advisory", + "vendor-advisory", + "vdb-entry" + ] +} \ No newline at end of file diff --git a/schema/v5.0/support/Node_Validator/package-lock.json b/schema/v5.0/support/Node_Validator/package-lock.json deleted file mode 100644 index 459a775ca90..00000000000 --- a/schema/v5.0/support/Node_Validator/package-lock.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "name": "Node_Validator", - "version": "1.1.0", - "lockfileVersion": 1, - "requires": true, - "dependencies": { - "ajv": { - "version": "8.9.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.9.0.tgz", - "integrity": "sha512-qOKJyNj/h+OWx7s5DePL6Zu1KeM9jPZhwBqs+7DzP6bGOvqzVCSf0xueYmVuaC/oQ/VtS2zLMLHdQFbkka+XDQ==", - "requires": { - "fast-deep-equal": "^3.1.1", - "json-schema-traverse": "^1.0.0", - "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" - } - }, - "ajv-formats": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-2.1.1.tgz", - "integrity": "sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA==", - "requires": { - "ajv": "^8.0.0" - } - }, - "fast-deep-equal": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", - "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==" - }, - "json-schema-traverse": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" - }, - "punycode": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" - }, - "require-from-string": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", - "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==" - }, - "uri-js": { - "version": "4.4.1", - "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", - "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", - "requires": { - "punycode": "^2.1.0" - } - } - } -}