extends ../../views/render.pug mixin spara(l, hypertext) if l each d in l if d.supportingMedia && d.supportingMedia.length > 0 && d.supportingMedia[0].type == 'text/html' p !{d.supportingMedia[0].value} else if d.value +para(d.value) block prepend content mixin slide(cve) .page.wht.shd.pad2.gap b.slidetitle if cve.source && cve.source.advisory = cve.source.advisory | = cve.cveMetadata.title + ' (' + cve.cveMetadata.cveId + ')' ul.bullets li b.term CVSS: //span.text if cna.metrics && cna.metrics && cna.metrics.length > 0 ol each x, i in cna.metrics - cvss = x.cvssV3_1 ? x.cvssV3_1 : x.cvssV3_0 ? x.cvssV3_0 : x.cvssV2_0 ? x.cvssV2_0 : null if cvss li =x.scenarios if cvss.baseSeverity =cvss.baseSeverity | +CVSS(cvss) li b.term PR: span.text= cve.source.defect li b.term Affects: //span.text= getProductAffected(cna) li b.term Problem Type: span.text +spara(cve.description.description_data.slice(0,1)) if cmap && Object.keys(cmap).length > 0 && cmap.constructor === Object +spara(cve.CNA_private.CVE_table_description) each x, id in cmap = id + " " li b.term Workaround: span.text +spara(cve.work_around) li b.term Solution: span.text +spara(cve.solution) mixin cvssList(cvssList) if cvssList - var nonSpec = ['baseScore', 'version', 'vectorString', 'baseSeverity', 'scenarios'] each cvss, i in cvssList details.popup summary.lbl.rnd.sec.CVSS(class= cvss.baseSeverity ? cvss.baseSeverity : 'gray') | CVSS · = cvss.baseSeverity | · =cvss.baseScore sub ⁄10 span(style="font-size:0px;opacity:0") | · =cvss.vectorString div.pop.wht.rnd.shd.pad.bor if cvss.scenarios each s, i in cvss.scenarios span Scoring scenario: = s.value each x, i in cvss if !nonSpec.includes(i) div =i | : b=x div if cvss.version >= "3" a.vgi-dial(href="https://cvss.js.org/#" + cvss.vectorString target="_blank") Open CVSS Calc else a.vgi-dial(href='https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector='+cvss.vectorString target="_blank") Open CVSS Calc mixin prodDetails(p) b.vgi-package=p[0] if p[2] span » =p[2] if p[1] i on | span.vgi-stack=p[1] if p[3] br if p[3].collectionURL a.vgi-package(href=p[3].collectionURL) package repo if p[3].repo a.vgi-ext(href=p[3].repo) source repo if p[3].programFiles each f, i in p[3].programFiles span.vgi-text= f if p[3].programRoutines each f, i in p[3].programRoutines span.vgi-edit= f.name if p[4] br span.vgi-impact Default status is =p[4] mixin statusTable(st) table.striped colgroup col col.affectedCol thead tr th Product th Affected if st.show.unaffected th Unaffected if st.show.unknown th Unknown tbody each p, i in st.groups - var showProd = st.vals[i].length each x, j in st.vals[i] tr if showProd td(rowspan=showProd) +prodDetails(p) - showProd = false td +versionList(x.affected) if st.show.unaffected td +versionList(x.unaffected) if st.show.unknown td +versionList(x.unknown) mixin creditList(credits) for c in credits p=c.value mixin tagList(tags) if tags for t in tags b.tag.rnd.CVSS.MEDIUM=t | mixin timeList(c) ul each x, i in c.timeline li +renderDate(x.time) | - = x.value mixin refList(references) each r in references if r.url div - var u ; try { u = (new URL(r.url)) } catch(e){}; if u img(width=16,height=16,class="lbl",src="https://www.google.com/s2/favicons?sz=32&domain_url="+u.protocol + '//'+ encodeURIComponent(u.hostname)) a(href=r.url)=(r.name && (r.name != r.url)) ? u.hostname + " : " + r.name : u.hostname + u.pathname + u.search else =r.url if r.tags && r.tags.length > 0 | =r.tags.join(" ") mixin errors(con) if con.x_ValidationErrors each x in con.x_ValidationErrors p.sec.rnd.pad b.vgi-alert Validation Error : | span=x mixin warnings(con) if con.x_ConverterErrors each x, i in con.x_ConverterErrors p.sec.rnd.pad b.vgi-alert Conversion Warning : | b=x.error | span=x.message mixin container(con) h1#cvetitle - var cveShowId = con.cveId.match(/^CVE-[0-9-]+$/)? con.cveId : 'CVE-yyyy-nnnn'; if con.source && con.source.advisory = con.source.advisory | = cveShowId + ' ' + (con.title ? con.title : '') p if con.shortName || con.datePublic span Published if con.shortName | by b=con.shortName | if con.datePublic | on +renderDate(con.datePublic) if con.dateUpdated && con.dateUpdated != con.datePublic | (updated +renderDate(con.dateUpdated) |) if con.cvssList p +cvssList(con.cvssList) #description if con.state == 'REJECTED' b.tag.red REJECTED | · +tagList(con.tags) | +spara(con.descriptions) +spara(con.rejectedReasons) if con.configurations #configs h2 Required configuration for exposure: +spara(con.configurations) if con.problemTypes #problem h2 Problem: p for t in con.problemTypes if t.description for d in t.description =d.value br if t.descriptions for d in t.descriptions =d.description | if d.cweId a(href="https://cwe.mitre.org/data/definitions/"+d.cweId.substr(4) target="_blank") small=d.cweId br if con.impacts #impact h2 Impact: p for t in con.impacts if t.descriptions for d in t.descriptions =d.value | if t.capecId a(href="https://capec.mitre.org/data/definitions/"+t.capecId.substr(6) target="_blank") small=t.capecId br if con.exploits #exploits h2 Exploits: +spara(con.exploits) if con.pvstatus #status h2 Product Status: +statusTable(con.pvstatus) br(style="font-size:0;") if con.solutions #solution h2 Solution: +spara(con.solutions) if con.workarounds #workaround h2 Workaround: +spara(con.workarounds) if con.credits #credits.rnd.pad.sec.vgap h2 Credits: +creditList(con.credits) if con.timeline #timeline h2 Timeline: p +timeList(con) if con.references #references h2 References p +refList(con.references) if con.json pre=JSON.stringify(con.json,1,1) mixin para(t, hypertext) if t if hypertext p=t else each line in t.split(/\n/) if line if line.startsWith(' ') code=line br else p=line mixin mpara(l, hypertext) if l each d in l if d.value +para(d.value, hypertext) mixin aggpara(l) if l ul each k, v in l li b=k.join(', ') p +para(v) mixin spara(l, hypertext) if l each d in l if d.supportingMedia && d.supportingMedia.length > 0 && d.supportingMedia[0].type == 'text/html' p !{d.supportingMedia[0].value} else if d.value +para(d.value) mixin linklist(l, url) each v, i in l if(i < l.length-2) if(url) a(href=url+v)=v else = v | , else if(i == l.length - 1 && i > 0) | and if(url) a(href=url+v)=v else =v mixin CVSS(value) = value && value.baseScore >= 0 ? value.baseScore.toFixed(1) : 'n/a' | if value.version >= "3" | ( a(target="_blank" href="https://cvss.js.org/#" + value.vectorString)=value.vectorString | ) else a(href='https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector='+value.vectorString)=value.vectorString mixin renderDate(value) - var v = false; - if (value instanceof Date) { v = value;} else { - var timestamp = Date.parse(value); - v = isNaN(timestamp) ? false : new Date(timestamp) - } if v = v.toJSON().substr(0,10) mixin JSON(d, par, comma) - var k; if d instanceof Array details.arr(open) summary b=(par? par + ' : [' : '[') .in each s, i in d +JSON(s, undefined, i < d.length-1) b ] if comma i , else if d instanceof Object details.obj(open) summary b=(par? par + ' : {' : '{') .in - var keys = Object.keys(d) each k, i in keys if d.hasOwnProperty(k) +JSON(d[k], k, i < keys.length-1) b } if comma i , else if par div.i(class=(typeof d === 'number' ? 'n' : '')) b=par + ' : ' +showVal(d, comma) else div(class=(typeof d === 'number' ? 'n' : '')) +showVal(d, comma) mixin showVal(d, comma) if typeof d === 'string' i " =d i " else =d if comma i , mixin versionList(v) if v each x, i in v =x br mixin del_versionList(v) if v - var n = v.shift(); while n != undefined = n if v.length > 0 hr - n = v.shift(); block pageDef mixin page(d) style | .affectedCol {border: 4px solid #fa582d} | table.striped {border-spacing: 0; border: 1px solid #c1c1c1; border-collapse: collapse;} | table.striped th { text-align:center;background-color: #f0f0f0;}{} | table.striped td {padding:5px;border: 1px solid #aaa} div.pad - var cve = {}, con = {}; Object.assign(cve, d); var CDM = cve.cveMetadata; if (cve.containers) { Object.assign(con, cve.containers.cna) }; //var jsonClone = {}; //delete con.json; //con.json = jsonClone; //delete con.json.x_legacyV4Record; //con.x_ValidationErrors = cve.x_ValidationErrors; con.state = CDM.state; con.cveId = CDM.cveId; var PMD = cve.containers.cna.providerMetadata; con.dateUpdated = PMD.dateUpdated; con.shortName = PMD.shortName; var title = con.title; var sourceText = {"INTERNAL":"This issue was found during internal product security testing or research.", "EXTERNAL":"This issue was discovered during an external security research.", "USER":"This issue was seen during production usage.", "UNKNOWN":""}; var cveId = CDM.cveId.match("^CVE-[0-9-]+$") ? CDM.cveId : 'CVE-yyyy-nnnn'; con.cvssList = []; con.pvstatus = con.affected ? versionStatusTable5(con.affected) : null; if (con.metrics && con.metrics.length > 0) each x, i in con.metrics - var cvss = x.cvssV3_1 ? x.cvssV3_1 : x.cvssV3_0 ? x.cvssV3_0 : x.cvssV2_0 ? x.cvssV2_0 : null; if cvss - var cvssdup = {}; - Object.assign(cvssdup, cvss); - cvssdup.scenarios = x.scenarios; - con.cvssList.push(cvssdup); +container(con) mixin mitre(cve) h2 MITRE CVE entry preview - var cna = cve.containers.cna; #GeneratedTable table(cellpadding=0,cellspacing=0,border=0) tbody tr th(colspan=2) CVE-ID tr td(nowrap="nowrap") h2=cve.cveMetadata.cveId td.ltgreybackground .larger a Learn more at National Vulnerability Database (NVD) .smaller • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings tr th(colspan=2) Description tr td(colspan=2) each d in cna.descriptions =d.value = ' ' tr th(colspan=2) References tr td.note(colspan=2) b Note: a References | are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. tr td(colspan=2) ul each r in cna.references li a(target="_blank",href=r.url)=r.url tr th(colspan=2) Assigning CNA tr td(colspan=2)=cve.cveMetadata.assignerShortName tr th(colspan=2) Date Entry Created tr td b YYYYMMDD td.ltgreybackground Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.