@@ -129,6 +129,7 @@ patched_versions:
129129* `description` \[String\] (required): One or more paragraphs describing the vulnerability. It may contain multiple paragraphs.
130130* `cvss_v2` \[Float\] (optional): The [CVSSv2] score for the vulnerability.
131131* `cvss_v3` \[Float\] (optional): The [CVSSv3] score for the vulnerability.
132+ * `cvss_v4` \[Float\] (optional): The [CVSSv4] score for the vulnerability.
132133* `unaffected_versions` \[Array\<String\>\] (optional): The version requirements for the
133134 unaffected versions of the Ruby library.
134135* `patched_versions` \[Array\<String\>\] (optional): The version requirements for the
@@ -149,6 +150,7 @@ patched_versions:
149150* `description` \[String\] (required): One or more paragraphs describing the vulnerability. It may contain multiple paragraphs.
150151* `cvss_v2` \[Float\] (optional): The [CVSSv2] score for the vulnerability.
151152* `cvss_v3` \[Float\] (optional): The [CVSSv3] score for the vulnerability.
153+ * `cvss_v4` \[Float\] (optional): The [CVSSv4] score for the vulnerability.
152154* `unaffected_versions` \[Array\<String\>\] (optional): The version requirements for the
153155 unaffected versions of the Ruby implementation.
154156* `patched_versions` \[Array\<String\>\] (optional): The version requirements for the
@@ -157,7 +159,8 @@ patched_versions:
157159* `notes` \[String\] (optional): Internal notes regarding the vulnerability's inclusion in this database.
158160
159161[CVSSv2] : https://www.first.org/cvss/v2/guide
160- [CVSSv3] : https://www.first.org/cvss/user-guide
162+ [CVSSv3] : https://www.first.org/cvss/v3.1/user-guide
163+ [CVSSv4] : https://www.first.org/cvss/v4.0/user-guide
161164
162165# ## Tests
163166
@@ -194,6 +197,7 @@ GH_API_TOKEN=<your GitHub API Token> bundle exec rake sync_github_advisories[gem
194197- The rake task will write yaml files for any missing advisories.
195198- Those files must be further edited.
196199 - Fill in `cvss_v3` field by following the CVE link and getting it from page
200+ - Fill in `cvss_v4` field by following the CVE link and getting it from page
197201 - Fill in `patched_versions` field, using the comments at the bottom of the file
198202 - Fill in `unaffected_versions`, optional, if there are unaffected_versions
199203 - delete the GitHub data at the bottom of the yaml file
@@ -216,6 +220,7 @@ developed by the Open Security Foundation (OSF) and its contributors.
216220[OSVDB] : https://en.wikipedia.org/wiki/Open_Source_Vulnerability_Database
217221[GHSA] : https://help.github.com/en/articles/about-maintainer-security-advisories
218222[CVSSv2] : https://www.first.org/cvss/v2/guide
219- [CVSSv3] : https://www.first.org/cvss/user-guide
223+ [CVSSv3] : https://www.first.org/cvss/v3.1/user-guide
224+ [CVSSv4] : https://www.first.org/cvss/v4.0/user-guide
220225[YAML] : http://www.yaml.org/
221226[CONTRIBUTORS.md] : https://github.com/rubysec/ruby-advisory-db/blob/master/CONTRIBUTORS.md
0 commit comments