Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images. - Added symbols.json detailing function entry and sink points in the WordPress code. - Included runtime traces for function calls in both reachable and unreachable scenarios. - Developed OpenVEX files indicating vulnerability status and justification for both cases. - Updated README for evaluator harness to guide integration with scanner output.
This commit is contained in:
master
@@ -1,205 +1,226 @@
|
||||
[
|
||||
{
|
||||
"advisoryKey": "cert-fr/AV-2024.001",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"identifier": "AV-2024.001",
|
||||
"platform": null,
|
||||
"provenance": [
|
||||
{
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/"
|
||||
}
|
||||
],
|
||||
"statuses": [],
|
||||
"type": "vendor",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": null,
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"certfr.summary": "Résumé de la première alerte.",
|
||||
"certfr.content": "AV-2024.001 Alerte CERT-FR AV-2024.001 L'exploitation active de la vulnérabilité est surveillée. Consultez les indications du fournisseur .",
|
||||
"certfr.reference.count": "1"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/"
|
||||
},
|
||||
"rangeExpression": null,
|
||||
"rangeKind": "vendor"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CERT-FR:AV-2024.001"
|
||||
],
|
||||
"cvssMetrics": [],
|
||||
"exploitKnown": false,
|
||||
"language": "fr",
|
||||
"modified": null,
|
||||
"provenance": [
|
||||
{
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/"
|
||||
}
|
||||
],
|
||||
"published": "2024-10-03T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "reference",
|
||||
"provenance": {
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/"
|
||||
},
|
||||
"sourceTag": null,
|
||||
"summary": null,
|
||||
"url": "https://vendor.example.com/patch"
|
||||
},
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/"
|
||||
},
|
||||
"sourceTag": "cert-fr",
|
||||
"summary": "Résumé de la première alerte.",
|
||||
"url": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": "Résumé de la première alerte.",
|
||||
"title": "AV-2024.001 - Première alerte"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "cert-fr/AV-2024.002",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"identifier": "AV-2024.002",
|
||||
"platform": null,
|
||||
"provenance": [
|
||||
{
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/"
|
||||
}
|
||||
],
|
||||
"statuses": [],
|
||||
"type": "vendor",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": null,
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"certfr.summary": "Résumé de la deuxième alerte.",
|
||||
"certfr.content": "AV-2024.002 Alerte CERT-FR AV-2024.002 Des correctifs sont disponibles pour plusieurs produits. Note de mise à jour Correctif",
|
||||
"certfr.reference.count": "2"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/"
|
||||
},
|
||||
"rangeExpression": null,
|
||||
"rangeKind": "vendor"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CERT-FR:AV-2024.002"
|
||||
],
|
||||
"cvssMetrics": [],
|
||||
"exploitKnown": false,
|
||||
"language": "fr",
|
||||
"modified": null,
|
||||
"provenance": [
|
||||
{
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/"
|
||||
}
|
||||
],
|
||||
"published": "2024-10-03T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "reference",
|
||||
"provenance": {
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/"
|
||||
},
|
||||
"sourceTag": null,
|
||||
"summary": null,
|
||||
"url": "https://support.example.com/kb/KB-1234"
|
||||
},
|
||||
{
|
||||
"kind": "reference",
|
||||
"provenance": {
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/"
|
||||
},
|
||||
"sourceTag": null,
|
||||
"summary": null,
|
||||
"url": "https://support.example.com/kb/KB-5678"
|
||||
},
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"fieldMask": [],
|
||||
"kind": "document",
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"source": "cert-fr",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/"
|
||||
},
|
||||
"sourceTag": "cert-fr",
|
||||
"summary": "Résumé de la deuxième alerte.",
|
||||
"url": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": "Résumé de la deuxième alerte.",
|
||||
"title": "AV-2024.002 - Deuxième alerte"
|
||||
}
|
||||
[
|
||||
{
|
||||
"advisoryKey": "cert-fr/AV-2024.001",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "vendor",
|
||||
"identifier": "AV-2024.001",
|
||||
"platform": null,
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": null,
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"certfr.summary": "Résumé de la première alerte.",
|
||||
"certfr.content": "AV-2024.001 Alerte CERT-FR AV-2024.001 L'exploitation active de la vulnérabilité est surveillée. Consultez les indications du fournisseur .",
|
||||
"certfr.reference.count": "1"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": null,
|
||||
"rangeKind": "vendor"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [],
|
||||
"statuses": [],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CERT-FR:AV-2024.001"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "fr",
|
||||
"modified": null,
|
||||
"provenance": [
|
||||
{
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2024-10-03T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "reference",
|
||||
"provenance": {
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": null,
|
||||
"summary": null,
|
||||
"url": "https://vendor.example.com/patch"
|
||||
},
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "cert-fr",
|
||||
"summary": "Résumé de la première alerte.",
|
||||
"url": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.001/"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": "Résumé de la première alerte.",
|
||||
"title": "AV-2024.001 - Première alerte"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "cert-fr/AV-2024.002",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "vendor",
|
||||
"identifier": "AV-2024.002",
|
||||
"platform": null,
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": null,
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"certfr.summary": "Résumé de la deuxième alerte.",
|
||||
"certfr.content": "AV-2024.002 Alerte CERT-FR AV-2024.002 Des correctifs sont disponibles pour plusieurs produits. Note de mise à jour Correctif",
|
||||
"certfr.reference.count": "2"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": null,
|
||||
"rangeKind": "vendor"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [],
|
||||
"statuses": [],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CERT-FR:AV-2024.002"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "fr",
|
||||
"modified": null,
|
||||
"provenance": [
|
||||
{
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2024-10-03T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "reference",
|
||||
"provenance": {
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": null,
|
||||
"summary": null,
|
||||
"url": "https://support.example.com/kb/KB-1234"
|
||||
},
|
||||
{
|
||||
"kind": "reference",
|
||||
"provenance": {
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": null,
|
||||
"summary": null,
|
||||
"url": "https://support.example.com/kb/KB-5678"
|
||||
},
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "cert-fr",
|
||||
"kind": "document",
|
||||
"value": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2024-10-03T00:01:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "cert-fr",
|
||||
"summary": "Résumé de la deuxième alerte.",
|
||||
"url": "https://www.cert.ssi.gouv.fr/alerte/AV-2024.002/"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": "Résumé de la deuxième alerte.",
|
||||
"title": "AV-2024.002 - Deuxième alerte"
|
||||
}
|
||||
]
|
||||
Reference in New Issue
Block a user