On Tue, 2 May 2023, Daniel Stenberg via curl-library wrote:
Here's a little CVE as JSON update:
We now provide:
- All CVEs as a big JSON array with objects.
URL: https://curl.se/docs/vuln.json
- Every CVE as a single JSON. Just change .html to .json on the CVE URL:
Example URL: https://curl.se/docs/CVE-2022-35252.json
- Every release as a JSON array with the objects for the CVEs that particular
release is vulnerable to.
Example URL: https://curl.se/docs/vuln-7.88.1.json
The JSON objects now comply and verify fine against the Open Source
Vulnerability format JSON schema: https://ossf.github.io/osv-schema/
I have done the boring job of updating the most recent 85 something CVEs and
made sure that they specify exactly which git commit that introduced and that
fixed the vulnerabilities in a standard format - so now all JSON objects for
curl CVEs since 2017 also provide git range info for the introduced/fixed
commits.
Enjoy!
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
