extends ../../views/render.pug block prepend content mixin slide(cve) .page.wht.shd.pad2.gap b.slideTitle if cve.source && cve.source.advisory = cve.source.advisory | = cve.CVE_data_meta.TITLE + ' (' + cve.CVE_data_meta.ID + ')' ul.bullets li b.term CVSS: span.text if cve.impact && cve.impact.cvss +CVSS(cve.impact.cvss) li b.term PR: span.text= cve.source.defect li b.term Affects: span.text= getProductAffected(cve) li b.term Problem: span.text +mpara(cve.description.description_data.slice(0,1)) if cmap && Object.keys(cmap).length > 0 && cmap.constructor === Object +mpara(cve.CNA_private.CVE_table_description) each x, id in cmap = id + " " li b.term Workaround: span.text +mpara(cve.work_around) li b.term Solution: span.text +mpara(cve.solution) block pageDef mixin page(cve) - var sourceText = {"INTERNAL":"This issue was found during internal product security testing or research.", "EXTERNAL":"This issue was discovered during an external security research.", "USER":"This issue was seen during production usage.", "UNKNOWN":""}; - var CDM = cve.CVE_data_meta; - var cveid = CDM.ID.match(/^CVE-[0-9-]+$/)? CDM.ID : 'CVE-yyyy-nnnn'; h2 if cve.source && cve.source.advisory = cve.source.advisory | = CDM.TITLE + ' (' + cveid + ')' h4 PRODUCT AFFECTED: p= getProductAffected(cve) h4 PROBLEM: if cve.impact for r in cve.impact p= "Severity: " + r.other +mpara(cve.description.description_data) +mpara(cve.configuration) +mpara(cve.exploit) if cve.source if sourceText[cve.source.discovery] p=sourceText[cve.source.discovery] if CDM.AKA p This issue is also known as = CDM.AKA |. if cmap && Object.keys(cmap).length > 0 && cmap.constructor === Object +mpara(cve.CNA_private.CVE_table_description) table.striped tr.rowHead th CVE th CVSS th Summary each x, id in cmap tr td=id td if cmap[id] && cmap[id].impact +CVSS(cmap[id].impact.cvss) td if cmap[id] && cmap[id].summary =cmap[id].summary else p This issue has been assigned a(href="https://www.cve.org/CVERecord?id="+cveid target="_blank")=cveid |. if cve.solution && cve.solution.length > 0 h4 SOLUTION: +mpara(cve.solution) if cve.source.defect && cve.source.defect.length > 0 p This issue is being tracked as +linklist(cve.source.defect, defectURL) |. if cve.work_around && cve.work_around.length > 0 h4 WORKAROUND: +mpara(cve.work_around) h4 MODIFICATION HISTORY: p ul li +renderDate(CDM.DATE_PUBLIC) | : Initial Publication. h4 RELATED LINKS: ul if CDM.ID li a(href="https://www.cve.org/CVERecord?id="+cveid target="_blank")=cveid + " at cve.org" each r in cve.references.reference_data li a(href=r.url)=r.url if cve.impact && cve.impact.cvss h4 CVSS SCORE: p +CVSS(cve.impact.cvss) if cve.impact.cvss.baseSeverity h4 RISK LEVEL: p=cve.impact.cvss.baseSeverity if cve.credit && cve.credit.length > 0 h4 ACKNOWLEDGEMENTS: ul each c in cve.credit li= c.value if cve.CNA_private && cve.CNA_private.internal_comments h4 INTERNAL COMMENTS: p +para(cve.CNA_private.internal_comments) mixin mitre(cve) h2 MITRE CVE entry preview #GeneratedTable table(cellpadding=0,cellspacing=0,border=0) tbody tr th(colspan=2) CVE-ID tr td(nowrap="nowrap") h2=cve.CVE_data_meta.ID td.ltgreybackground .larger a Learn more at National Vulnerability Database (NVD) .smaller • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings tr th(colspan=2) Description tr td(colspan=2) each d in cve.description.description_data =d.value = ' ' tr th(colspan=2) References tr td.note(colspan=2) b Note: a References | are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. tr td(colspan=2) ul each r in cve.references.reference_data li a(target="_blank",href=r.url)=r.url tr th(colspan=2) Assigning CNA tr td(colspan=2)=cve.CVE_data_meta.ASSIGNER | (MITRE uses CNA name instead of email address) tr th(colspan=2) Date Entry Created tr td b YYYYMMDD td.ltgreybackground Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.