Vulnerability
Summary
Specifies a vulnerability and its associated information.
Description
Specifies a vulnerability and its associated information.
Example
{
"type": "Vulnerability",
"spdxId": "urn:spdx.dev:vuln-1",
"summary": "Use of a Broken or Risky Cryptographic Algorithm",
"description": "The package `elliptic` before version 6.5.4 are vulnerable to ..."
"modifiedTime": "2021-03-08T16:06:43Z",
"publishedTime": "2021-03-08T16:02:50Z",
"externalIdentifier": [
{
"type": "ExternalIdentifier",
"externalIdentifierType": "cve",
"identifier": "CVE-2020-2849",
"identifierLocator": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498",
"https://www.cve.org/CVERecord?id=CVE-2020-28498"
],
"issuingAuthority": "urn:spdx.dev:agent-cve.org"
},
{
"type": "ExternalIdentifier",
"externalIdentifierType": "securityOther",
"identifier": "GHSA-r9p9-mrjm-926w",
"identifierLocator": "https://github.com/advisories/GHSA-r9p9-mrjm-926w"
},
{
"type": "ExternalIdentifier",
"externalIdentifierType": "securityOther",
"identifier": "SNYK-JS-ELLIPTIC-1064899",
"identifierLocator": "https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"
}
],
"externalRef": [
{
"type": "ExternalRef",
"externalRefType": "securityAdvisory",
"locator": "https://nvd.nist.gov/vuln/detail/CVE-2020-28498"
},
{
"type": "ExternalRef",
"externalRefType": "securityAdvisory",
"locator": "https://ubuntu.com/security/CVE-2020-28498"
},
{
"type": "ExternalRef",
"externalRefType": "securityOther",
"locator": "https://github.com/indutny/elliptic/pull/244/commits"
},
{
"type": "ExternalRef",
"externalRefType": "securityOther",
"locator": "https://github.com/christianlundkvist/blog/2020_05_26_secp256k1_twist_attacks.md"
}
]
},
{
"type": "Relationship",
"spdxId": "urn:spdx.dev:vulnRelationship-1",
"relationshipType": "hasAssociatedVulnerability",
"from": "urn:npm-elliptic-6.5.2",
"to": ["urn:spdx.dev:vuln-1"],
"startTime": "2021-03-08T16:06:50Z"
},
{
"type": "Relationship",
"spdxId": "urn:spdx.dev:vulnAgentRel-1",
"relationshipType": "publishedBy",
"from": "urn:spdx.dev:vuln-1",
"to": ["urn:spdx.dev:agent-snyk"],
"startTime": "2021-03-08T16:06:50Z"
}
Metadata
https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability
| Name | Vulnerability |
| Instantiability | Concrete |
| SubclassOf | /Core/Artifact |
Class hierarchy
/Core/Element
/Core/Artifact
/Security/Vulnerability
Properties
| Property | Type | minCount | maxCount |
|---|---|---|---|
| modifiedTime | /Core/DateTime | 0 | 1 |
| publishedTime | /Core/DateTime | 0 | 1 |
| withdrawnTime | /Core/DateTime | 0 | 1 |
All properties
| Property | Type | minCount | maxCount |
|---|---|---|---|
| builtTime | DateTime | 0 | 1 |
| comment | xsd:string | 0 | 1 |
| creationInfo | CreationInfo | 1 | 1 |
| description | xsd:string | 0 | 1 |
| extension | Extension | 0 | * |
| externalIdentifier | ExternalIdentifier | 0 | * |
| externalRef | ExternalRef | 0 | * |
| modifiedTime | DateTime | 0 | 1 |
| name | xsd:string | 0 | 1 |
| originatedBy | Agent | 0 | * |
| publishedTime | DateTime | 0 | 1 |
| releaseTime | DateTime | 0 | 1 |
| spdxId | xsd:anyURI | 1 | 1 |
| standardName | xsd:string | 0 | * |
| summary | xsd:string | 0 | 1 |
| suppliedBy | Agent | 0 | 1 |
| supportLevel | SupportType | 0 | * |
| validUntilTime | DateTime | 0 | 1 |
| verifiedUsing | IntegrityMethod | 0 | * |
| withdrawnTime | DateTime | 0 | 1 |