x/vulndb: add support to severity and cvss metrics in json and report #50004
Description
Copied from golang/vulndb#7 (comment):
Hi,
thank you for this amazing project
It looks like severity and CVSS metrics are missing from JSON and report.
example:
module: github.com/gin-gonic/gin
versions:
- fixed: v1.6.0
description: |
The default [Formatter][LoggerConfig.Formatter] for the [Logger][] middleware
(included in the [Default][] engine) allows attackers to inject arbitrary log
entries by manipulating the request path.
published: '2021-04-14T12:00:00.000Z'
credit: "@thinkerou [email protected]"
symbols: - defaultLogFormatter
links:
pr: Add mitigation for log injection gin-gonic/gin#2237
commit: gin-gonic/gin@a71af9c
cve_metadata:
id: CVE-9999-0001
cwe: 'CWE-20: Improper Input Validation'
description: |
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
allows remote attackers to inject arbitary log lines.
cvss:
version: v2
score: '4.0'
vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
I have created PR with support for both the severity field on JSON and CVSS data on the report (if exist at that time)
please confirm its satisfied the needs for it and review my PR : 6#