security-advisories icon indicating copy to clipboard operation
security-advisories copied to clipboard

Published 20 hours ago verified publisher icon haskell

add CVSS 4.0 support

Open frasertweedale opened this issue 1 year ago • 6 comments
trafficstars

Summary

CVSS 4.0 is here, and already supported by OSV. Add support for it in our cvss lib and hsec-tools.

frasertweedale avatar Mar 18 '24 02:03 frasertweedale

Hey! I'll take this one! :)

unorsk avatar Jun 09 '24 11:06 unorsk

@unorsk Thanks! I wrote the initial CVSS library, please let me know if you need any help.

TristanCacqueray avatar Jun 09 '24 12:06 TristanCacqueray

Started working on this. No wonder this hasn't been implemented yet 😅 The way they changed the scoring system isn't very straightforward... but it's fun :)

unorsk avatar Jun 14 '24 13:06 unorsk

It seems like you can find an JavaScript implementation in https://www.first.org/cvss/calculator/app.js?v=7 . Looks pretty onerous, good luck!

TristanCacqueray avatar Jun 14 '24 13:06 TristanCacqueray

It seems like you can find an JavaScript implementation in https://www.first.org/cvss/calculator/app.js?v=7 . Looks pretty onerous, good luck!

Yeah, thanks! It looks like it's just an embedded (and a bit outdated) version of this one

unorsk avatar Jun 14 '24 13:06 unorsk

Might be better to just read the spec: https://www.first.org/cvss/v4.0/specification-document and test the implementation using the official examples: https://www.first.org/cvss/v4.0/examples

frasertweedale avatar Jun 14 '24 13:06 frasertweedale