diff --git a/.vscode/settings.json b/.vscode/settings.json index d93513f..da0159a 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -5,15 +5,18 @@ "json.schemas": [ { "fileMatch": [ - "advisories/lbsa-*.csaf.json" + "advisories/*/lbsec-*.csaf.json" ], "url": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json" }, { "fileMatch": [ - "advisories/lbsa-*.osv.json" + "advisories/*/lbsec-*.osv.json" ], "url": "./vendors/osv-schema/validation/schema.json" } - ] + ], + "yaml.schemas": { + "./vendors/local-gemnasium/schema.json": "advisories/*/lbsec-*.gemnasium.yaml" + } } diff --git a/advisories/README.md b/advisories/README.md index 900d8a3..4f9016f 100644 --- a/advisories/README.md +++ b/advisories/README.md @@ -46,12 +46,8 @@ CSAF 2.0 document must also be reflected back in the CSAF 2.0 document itself. ## Vendors -This section depends on [Secvisogram](../vendors/README.md#submodules) for -validation, its ports of JSON Schemas from Draft-04 (No first-class AJV support) -to Draft-2019, and for a strict variant of CSAF 2.0 JSON Schema. There are plans -to utilise the other parts of the codebase for more thorough validation. - -It also depends on +This section depends on [Secvisogram](../vendors/README.md#submodules) for CSAF +2.0 validation and the [Open Source Vulnerability schema](../vendors/README.md#submodules) for JSON Schema-based OSV validation. @@ -64,5 +60,4 @@ are future plans to add integration: | ----------------------------------------------------------------------------------------------------- | ------- | | Generation of security advisories on [loopback.io website](https://loopback.io/doc/en/sec/index.html) | Planned | | Publishing as a CSAF Provider through csaf.data.loopback.io | Planned | -| Down-conversion and publication of CVRF 1.2 | Planned | | Sync with Gitlab Advisory Database | Planned | diff --git a/advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json b/advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json new file mode 100644 index 0000000..be02fff --- /dev/null +++ b/advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json @@ -0,0 +1,1028 @@ +{ + "document": { + "acknowledgments": [ + { + "names": ["Nelson Brandão"], + "urls": ["https://github.com/NelsonBrandao"] + } + ], + "category": "security_advisory", + "csaf_version": "2.0", + "distribution": { + "text": "Disclosure is not limited.\nSPDX-FileCopyrightText: LoopBack Contributors\nSPDX-License-Identifier: MIT", + "tlp": { + "label": "WHITE" + } + }, + "lang": "en", + "publisher": { + "category": "vendor", + "name": "LoopBack", + "namespace": "https://loopback.io" + }, + "references": [ + { + "category": "self", + "summary": "LBSEC-20180815-1: LoopBack Security Advisory 08-15-2018 - CSAF Version", + "url": "https://security.loopback.io/en/advisories/csaf/lbsa-20180815-1.csaf.json" + }, + { + "category": "self", + "summary": "LBSEC-20180815-1: LoopBack Security Advisory 08-15-2018 - HTML Version", + "url": "https://security.loopback.io/en/advisories/html/lbsa-20180815-1.html" + }, + { + "category": "self", + "summary": "LBSEC-20180815-1: LoopBack Security Advisory 08-15-2018 - OSV Version", + "url": "https://security.loopback.io/en/advisories/osv/lbsa-20180815-1.osv.json" + }, + { + "summary": "GitHub Security Advisory", + "url": "https://github.com/advisories/GHSA-hxwc-5vw9-2w4w" + }, + { + "summary": "Snyk Vulnerability", + "url": "https://security.snyk.io/vuln/SNYK-JS-LOOPBACKCONNECTORMONGODB-73555" + } + ], + "title": "LBSEC-20180815-1: LoopBack Security Advisory 11-30-2020", + "tracking": { + "current_release_date": "1970-01-01T00:00:00.000Z", + "id": "LBSEC-20180815-1", + "initial_release_date": "1970-01-01T00:00:00.000Z", + "revision_history": [ + { + "date": "1970-01-01T00:00:00.000Z", + "number": "0.1.0", + "summary": "Draft version." + } + ], + "status": "draft", + "version": "0.1.0" + } + }, + "product_tree": { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "category": "product_version", + "name": "1.0.0", + "product": { + "name": "loopback-connector-mongodb@1.0.0", + "product_id": "1", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.0.0" + } + } + }, + { + "category": "product_version", + "name": "1.1.0", + "product": { + "name": "loopback-connector-mongodb@1.1.0", + "product_id": "2", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.0" + } + } + }, + { + "category": "product_version", + "name": "1.1.3", + "product": { + "name": "loopback-connector-mongodb@1.1.3", + "product_id": "3", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.3" + } + } + }, + { + "category": "product_version", + "name": "1.1.4", + "product": { + "name": "loopback-connector-mongodb@1.1.4", + "product_id": "4", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.4" + } + } + }, + { + "category": "product_version", + "name": "1.1.5", + "product": { + "name": "loopback-connector-mongodb@1.1.5", + "product_id": "5", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.5:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.5" + } + } + }, + { + "category": "product_version", + "name": "1.1.6", + "product": { + "name": "loopback-connector-mongodb@1.1.6", + "product_id": "6", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.6:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.6" + } + } + }, + { + "category": "product_version", + "name": "1.1.7", + "product": { + "name": "loopback-connector-mongodb@1.1.7", + "product_id": "7", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.7:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.7" + } + } + }, + { + "category": "product_version", + "name": "1.1.8", + "product": { + "name": "loopback-connector-mongodb@1.1.8", + "product_id": "8", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.8:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.8" + } + } + }, + { + "category": "product_version", + "name": "1.2.0", + "product": { + "name": "loopback-connector-mongodb@1.2.0", + "product_id": "9", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.0" + } + } + }, + { + "category": "product_version", + "name": "1.2.1", + "product": { + "name": "loopback-connector-mongodb@1.2.1", + "product_id": "10", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.1" + } + } + }, + { + "category": "product_version", + "name": "1.2.2", + "product": { + "name": "loopback-connector-mongodb@1.2.2", + "product_id": "11", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.2" + } + } + }, + { + "category": "product_version", + "name": "1.2.3", + "product": { + "name": "loopback-connector-mongodb@1.2.3", + "product_id": "12", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.3" + } + } + }, + { + "category": "product_version", + "name": "1.2.4", + "product": { + "name": "loopback-connector-mongodb@1.2.4", + "product_id": "13", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.4" + } + } + }, + { + "category": "product_version", + "name": "1.2.5", + "product": { + "name": "loopback-connector-mongodb@1.2.5", + "product_id": "14", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.5:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.5" + } + } + }, + { + "category": "product_version", + "name": "1.2.6", + "product": { + "name": "loopback-connector-mongodb@1.2.6", + "product_id": "15", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.6:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.6" + } + } + }, + { + "category": "product_version", + "name": "1.3.0", + "product": { + "name": "loopback-connector-mongodb@1.3.0", + "product_id": "16", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.3.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.3.0" + } + } + }, + { + "category": "product_version", + "name": "1.4.0", + "product": { + "name": "loopback-connector-mongodb@1.4.0", + "product_id": "17", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.0" + } + } + }, + { + "category": "product_version", + "name": "1.4.1", + "product": { + "name": "loopback-connector-mongodb@1.4.1", + "product_id": "18", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.1" + } + } + }, + { + "category": "product_version", + "name": "1.4.2", + "product": { + "name": "loopback-connector-mongodb@1.4.2", + "product_id": "19", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.2" + } + } + }, + { + "category": "product_version", + "name": "1.4.3", + "product": { + "name": "loopback-connector-mongodb@1.4.3", + "product_id": "20", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.3" + } + } + }, + { + "category": "product_version", + "name": "1.4.4", + "product": { + "name": "loopback-connector-mongodb@1.4.4", + "product_id": "21", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.4" + } + } + }, + { + "category": "product_version", + "name": "1.4.5", + "product": { + "name": "loopback-connector-mongodb@1.4.5", + "product_id": "22", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.5:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.5" + } + } + }, + { + "category": "product_version", + "name": "1.5.0", + "product": { + "name": "loopback-connector-mongodb@1.5.0", + "product_id": "23", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.5.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.5.0" + } + } + }, + { + "category": "product_version", + "name": "1.6.0", + "product": { + "name": "loopback-connector-mongodb@1.6.0", + "product_id": "24", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.6.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.6.0" + } + } + }, + { + "category": "product_version", + "name": "1.7.0", + "product": { + "name": "loopback-connector-mongodb@1.7.0", + "product_id": "25", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.7.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.7.0" + } + } + }, + { + "category": "product_version", + "name": "1.8.0", + "product": { + "name": "loopback-connector-mongodb@1.8.0", + "product_id": "26", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.8.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.8.0" + } + } + }, + { + "category": "product_version", + "name": "1.9.0", + "product": { + "name": "loopback-connector-mongodb@1.9.0", + "product_id": "27", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.9.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.9.0" + } + } + }, + { + "category": "product_version", + "name": "1.9.1", + "product": { + "name": "loopback-connector-mongodb@1.9.1", + "product_id": "28", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.9.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.9.1" + } + } + }, + { + "category": "product_version", + "name": "1.9.2", + "product": { + "name": "loopback-connector-mongodb@1.9.2", + "product_id": "29", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.9.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.9.2" + } + } + }, + { + "category": "product_version", + "name": "1.10.0", + "product": { + "name": "loopback-connector-mongodb@1.10.0", + "product_id": "30", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.10.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.10.0" + } + } + }, + { + "category": "product_version", + "name": "1.10.1", + "product": { + "name": "loopback-connector-mongodb@1.10.1", + "product_id": "31", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.10.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.10.1" + } + } + }, + { + "category": "product_version", + "name": "1.11.0", + "product": { + "name": "loopback-connector-mongodb@1.11.0", + "product_id": "32", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.11.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.11.0" + } + } + }, + { + "category": "product_version", + "name": "1.11.1", + "product": { + "name": "loopback-connector-mongodb@1.11.1", + "product_id": "33", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.11.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.11.1" + } + } + }, + { + "category": "product_version", + "name": "1.11.2", + "product": { + "name": "loopback-connector-mongodb@1.11.2", + "product_id": "34", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.11.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.11.2" + } + } + }, + { + "category": "product_version", + "name": "1.11.3", + "product": { + "name": "loopback-connector-mongodb@1.11.3", + "product_id": "35", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.11.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.11.3" + } + } + }, + { + "category": "product_version", + "name": "1.12.0", + "product": { + "name": "loopback-connector-mongodb@1.12.0", + "product_id": "36", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.12.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.12.0" + } + } + }, + { + "category": "product_version", + "name": "1.13.0", + "product": { + "name": "loopback-connector-mongodb@1.13.0", + "product_id": "37", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.13.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.13.0" + } + } + }, + { + "category": "product_version", + "name": "1.13.1", + "product": { + "name": "loopback-connector-mongodb@1.13.1", + "product_id": "38", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.13.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.13.1" + } + } + }, + { + "category": "product_version", + "name": "1.13.2", + "product": { + "name": "loopback-connector-mongodb@1.13.2", + "product_id": "39", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.13.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.13.2" + } + } + }, + { + "category": "product_version", + "name": "1.13.3", + "product": { + "name": "loopback-connector-mongodb@1.13.3", + "product_id": "40", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.13.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.13.3" + } + } + }, + { + "category": "product_version", + "name": "1.14.0", + "product": { + "name": "loopback-connector-mongodb@1.14.0", + "product_id": "41", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.14.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.14.0" + } + } + }, + { + "category": "product_version", + "name": "1.15.0", + "product": { + "name": "loopback-connector-mongodb@1.15.0", + "product_id": "42", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.15.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.15.0" + } + } + }, + { + "category": "product_version", + "name": "1.15.1", + "product": { + "name": "loopback-connector-mongodb@1.15.1", + "product_id": "43", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.15.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.15.1" + } + } + }, + { + "category": "product_version", + "name": "1.15.2", + "product": { + "name": "loopback-connector-mongodb@1.15.2", + "product_id": "44", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.15.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.15.2" + } + } + }, + { + "category": "product_version", + "name": "1.17.0", + "product": { + "name": "loopback-connector-mongodb@1.17.0", + "product_id": "45", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.17.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.17.0" + } + } + }, + { + "category": "product_version", + "name": "1.18.0", + "product": { + "name": "loopback-connector-mongodb@1.18.0", + "product_id": "46", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.18.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.18.0" + } + } + }, + { + "category": "product_version", + "name": "1.18.1", + "product": { + "name": "loopback-connector-mongodb@1.18.1", + "product_id": "47", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.18.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.18.1" + } + } + }, + { + "category": "product_version", + "name": "3.0.0", + "product": { + "name": "loopback-connector-mongodb@3.0.0", + "product_id": "48", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.0.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.0.0" + } + } + }, + { + "category": "product_version", + "name": "3.0.1", + "product": { + "name": "loopback-connector-mongodb@3.0.1", + "product_id": "49", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.0.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.0.1" + } + } + }, + { + "category": "product_version", + "name": "3.1.0", + "product": { + "name": "loopback-connector-mongodb@3.1.0", + "product_id": "50", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.1.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.1.0" + } + } + }, + { + "category": "product_version", + "name": "3.2.0", + "product": { + "name": "loopback-connector-mongodb@3.2.0", + "product_id": "51", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.2.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.2.0" + } + } + }, + { + "category": "product_version", + "name": "3.2.1", + "product": { + "name": "loopback-connector-mongodb@3.2.1", + "product_id": "52", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.2.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.2.1" + } + } + }, + { + "category": "product_version", + "name": "3.3.0", + "product": { + "name": "loopback-connector-mongodb@3.3.0", + "product_id": "53", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.3.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.3.0" + } + } + }, + { + "category": "product_version", + "name": "3.3.1", + "product": { + "name": "loopback-connector-mongodb@3.3.1", + "product_id": "54", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.3.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.3.1" + } + } + }, + { + "category": "product_version", + "name": "3.4.0", + "product": { + "name": "loopback-connector-mongodb@3.4.0", + "product_id": "55", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.4.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.4.0" + } + } + }, + { + "category": "product_version", + "name": "3.4.1", + "product": { + "name": "loopback-connector-mongodb@3.4.1", + "product_id": "56", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.4.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.4.1" + } + } + }, + { + "category": "product_version", + "name": "3.4.2", + "product": { + "name": "loopback-connector-mongodb@3.4.2", + "product_id": "57", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.4.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.4.2" + } + } + }, + { + "category": "product_version", + "name": "3.4.3", + "product": { + "name": "loopback-connector-mongodb@3.4.3", + "product_id": "58", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.4.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.4.3" + } + } + }, + { + "category": "product_version", + "name": "3.4.4", + "product": { + "name": "loopback-connector-mongodb@3.4.4", + "product_id": "59", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.4.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.4.4" + } + } + }, + { + "category": "product_version", + "name": "3.5.0", + "product": { + "name": "loopback-connector-mongodb@3.5.0", + "product_id": "60", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.5.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.5.0" + } + } + }, + { + "category": "product_version", + "name": "3.6.0", + "product": { + "name": "loopback-connector-mongodb@3.6.0", + "product_id": "61", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.6.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.6.0" + } + } + } + ], + "category": "product_name", + "name": "loopback-connector-mongodb" + } + ], + "category": "product_family", + "name": "LoopBack Juggler" + } + ], + "category": "product_family", + "name": "LoopBack" + } + ], + "category": "vendor", + "name": "LoopBack" + } + ], + "product_groups": [ + { + "group_id": "1", + "product_ids": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "22", + "23", + "24", + "25", + "26", + "27", + "28", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "39", + "40", + "41", + "42", + "43", + "44", + "45", + "46", + "47", + "48", + "49", + "50", + "51", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60" + ], + "summary": "Affected products." + } + ] + }, + "vulnerabilities": [ + { + "cwe": { + "id": "CWE-89", + "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + }, + "notes": [ + { + "audience": "all", + "category": "description", + "text": "MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous `$where` property to be passed to the MongoDB Driver. The Driver allows the special `$where` property in a filter to execute JavaScript (client can pass in a malicious script) on the database Driver. This is an [intended feature of MongoDB](https://docs.mongodb.com/manual/core/server-side-javascript/) unless [disabled (instructions here)](https://docs.mongodb.com/manual/core/server-side-javascript/#disable-server-side-js).\n\nAn example malicious query:\n\n```\nGET /POST filter={\"where\": {\"$where\": \"function(){sleep(5000); return this.title.contains('Hello');}\"}}\n```\n\nThe above makes the database sleep for 5 seconds and then returns all \"Posts\" with the title containing the word `Hello`.\n\nThe connector now sanitizes all queries passed to the MongoDB Driver by default and deletes the `$where` and `mapReduce` properties. If you need to use these properties from within LoopBack programatically, you can disable the sanitization by passing in an `options` object with `disableSanitization` property set to `true`:\n\n```js\nPost.find(\n { where: { $where: \"function() { /*dangerous function here*/}\" } },\n { disableSanitization: true },\n (err, p) => {\n // code to handle results / error.\n }\n);\n```" + }, + { + "audience": "all", + "category": "summary", + "text": "`loopback-connector-mongodb` version 3.5.0 and below allows NoSQL Injections." + } + ], + "product_status": { + "first_affected": ["1"], + "known_affected": ["60"], + "last_affected": ["60"], + "fixed": ["61"], + "recommended": ["61"] + }, + "references": [ + { + "category": "self", + "summary": "GitHub Commit", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/commit/ee24cd08b8ccc32711264831c71b1da628df357b" + }, + { + "category": "self", + "summary": "GitHub Issue", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/issues/403" + }, + { + "category": "self", + "summary": "GitHub Pull Request", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/pull/452" + }, + { + "summary": "NPM", + "url": "https://www.npmjs.com/package/loopback-connector-mongodb" + } + ], + "remediations": [ + { + "category": "vendor_fix", + "date": "2018-08-15T15:42:26.938Z", + "details": "Upgrade to `loopback-connector-mongodb` 3.6.0 or later if your repository is using an outdated package.\n\nEnsure that your application's `package.json` has the following line:\n\n```js\n\"dependencies\": {\n ...\n \"loopback-connector-mongodb\": \"^3.6.0\",\n ...\n },\n```\n\nThen upgrade your project dependencies to use the latest version :\n\n```\n$ cd \n$ npm update\n```", + "group_ids": ["1"] + } + ], + "scores": [ + { + "cvss_v3": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availability": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentiality": "HIGH", + "integrity": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + }, + "products": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "22", + "23", + "24", + "25", + "26", + "27", + "28", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "39", + "40", + "41", + "42", + "43", + "44", + "45", + "46", + "47", + "48", + "49", + "50", + "51", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60" + ] + } + ] + } + ] +} diff --git a/advisories/lbsa-20201130.csaf.json.license b/advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json.license similarity index 100% rename from advisories/lbsa-20201130.csaf.json.license rename to advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json.license diff --git a/advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json b/advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json new file mode 100644 index 0000000..e209f7d --- /dev/null +++ b/advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json @@ -0,0 +1,167 @@ +{ + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "loopback-connector-mongodb", + "purl": "pkg:npm/loopback-connector-mongodb" + }, + "ranges": [ + { + "events": [ + { + "introduced": "" + }, + { + "fixed": "ee24cd08b8ccc32711264831c71b1da628df357b" + } + ], + "repo": "https://github.com/strongloop/loopback-connector-mongodb.git", + "type": "GIT" + }, + { + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.6.0" + } + ], + "type": "SEMVER" + } + ], + "versions": [ + "1.0.0", + "1.1.0", + "1.1.3", + "1.1.4", + "1.1.5", + "1.1.6", + "1.1.7", + "1.1.8", + "1.2.0", + "1.2.1", + "1.2.2", + "1.2.3", + "1.2.4", + "1.2.5", + "1.2.6", + "1.3.0", + "1.4.0", + "1.4.1", + "1.4.2", + "1.4.3", + "1.4.4", + "1.4.5", + "1.5.0", + "1.6.0", + "1.7.0", + "1.8.0", + "1.9.0", + "1.9.1", + "1.9.2", + "1.10.0", + "1.10.1", + "1.11.0", + "1.11.1", + "1.11.2", + "1.11.3", + "1.12.0", + "1.13.0", + "1.13.1", + "1.13.2", + "1.13.3", + "1.14.0", + "1.15.0", + "1.15.1", + "1.15.2", + "1.17.0", + "1.18.0", + "1.18.1", + "3.0.0", + "3.0.1", + "3.1.0", + "3.2.0", + "3.2.1", + "3.3.0", + "3.3.1", + "3.4.0", + "3.4.1", + "3.4.2", + "3.4.3", + "3.4.4", + "3.5.0" + ] + } + ], + "aliases": [ + "GHSA-hxwc-5vw9-2w4w", + "GHSA-m734-r4g6-34f9", + "GMS-2019-37", + "GMS-2020-360", + "SNYK-JS-LOOPBACKCONNECTORMONGODB-73555" + ], + "credits": [ + { + "name": "Nelson Brandão", + "urls": ["https://github.com/NelsonBrandao"] + } + ], + "database_specific": { + "CWE": "CWE-89" + }, + "details": "MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous `$where` property to be passed to the MongoDB Driver. The Driver allows the special `$where` property in a filter to execute JavaScript (client can pass in a malicious script) on the database Driver. This is an [intended feature of MongoDB](https://docs.mongodb.com/manual/core/server-side-javascript/) unless [disabled (instructions here)](https://docs.mongodb.com/manual/core/server-side-javascript/#disable-server-side-js).\n\nAn example malicious query:\n\n```\nGET /POST filter={\"where\": {\"$where\": \"function(){sleep(5000); return this.title.contains('Hello');}\"}}\n```\n\nThe above makes the database sleep for 5 seconds and then returns all \"Posts\" with the title containing the word `Hello`.\n\nThe connector now sanitizes all queries passed to the MongoDB Driver by default and deletes the `$where` and `mapReduce` properties. If you need to use these properties from within LoopBack programatically, you can disable the sanitization by passing in an `options` object with `disableSanitization` property set to `true`:\n\n```js\nPost.find(\n { where: { $where: \"function() { /*dangerous function here*/}\" } },\n { disableSanitization: true },\n (err, p) => {\n // code to handle results / error.\n }\n);\n```", + "id": "LBSEC-20180815-1", + "modified": "1970-01-01T00:00:00.000Z", + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hxwc-5vw9-2w4w" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/csaf/lbsa-20180815-1.csaf.json" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/html/lbsa-20180815-1.html" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/osv/lbsa-20180815-1.osv.json" + }, + { + "type": "ADVISORY", + "url": "https://security.snyk.io/vuln/SNYK-JS-LOOPBACKCONNECTORMONGODB-73555" + }, + { + "type": "PACKAGE", + "url": "https://loopback.io" + }, + { + "type": "PACKAGE", + "url": "https://www.npmjs.com/package/loopback-connector-mongodb" + }, + { + "type": "REPORT", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/issues/403" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/commit/ee24cd08b8ccc32711264831c71b1da628df357b" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/pull/452" + } + ], + "schema_version": "1.2.0", + "severity": [ + { + "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "type": "CVSS_V3" + } + ], + "summary": "`loopback-connector-mongodb` version 3.5.0 and below allows NoSQL Injections." +} diff --git a/advisories/lbsa-20201130.osv.json.license b/advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json.license similarity index 100% rename from advisories/lbsa-20201130.osv.json.license rename to advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json.license diff --git a/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json b/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json new file mode 100644 index 0000000..541b52c --- /dev/null +++ b/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json @@ -0,0 +1,2024 @@ +{ + "document": { + "acknowledgments": [ + { + "names": ["@gabjauf"], + "urls": ["https://github.com/gabjauf"] + } + ], + "category": "security_advisory", + "csaf_version": "2.0", + "distribution": { + "text": "Disclosure is not limited.\nSPDX-FileCopyrightText: LoopBack Contributors\nSPDX-License-Identifier: MIT", + "tlp": { + "label": "WHITE" + } + }, + "lang": "en", + "publisher": { + "category": "vendor", + "name": "LoopBack", + "namespace": "https://loopback.io" + }, + "references": [ + { + "category": "self", + "summary": "LBSEC-20190617-1: LoopBack Security Advisory 11-30-2020 - CSAF Version", + "url": "https://security.loopback.io/en/advisories/csaf/lbsa-20190617-1.csaf.json" + }, + { + "category": "self", + "summary": "LBSEC-20190617-1: LoopBack Security Advisory 11-30-2020 - HTML Version", + "url": "https://security.loopback.io/en/advisories/html/lbsa-20190617-1.html" + }, + { + "category": "self", + "summary": "LBSEC-20190617-1: LoopBack Security Advisory 11-30-2020 - OSV Version", + "url": "https://security.loopback.io/en/advisories/osv/lbsa-20190617-1.osv.json" + }, + { + "summary": "GitHub Security Advisory", + "url": "https://github.com/advisories/GHSA-724c-6vrf-99rq" + } + ], + "title": "LBSEC-20190617-1: LoopBack Security Advisory 11-30-2020", + "tracking": { + "current_release_date": "1970-01-01T00:00:00.000Z", + "id": "LBSEC-20190617-1", + "initial_release_date": "1970-01-01T00:00:00.000Z", + "revision_history": [ + { + "date": "1970-01-01T00:00:00.000Z", + "number": "0.1.0", + "summary": "Draft version." + } + ], + "status": "draft", + "version": "0.1.0" + } + }, + "product_tree": { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "category": "product_version", + "name": "2.0.0", + "product": { + "name": "loopback@2.0.0", + "product_id": "1", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.0.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.0.0" + } + } + }, + { + "category": "product_version", + "name": "2.0.1", + "product": { + "name": "loopback@2.0.1", + "product_id": "2", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.0.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.0.1" + } + } + }, + { + "category": "product_version", + "name": "2.0.2", + "product": { + "name": "loopback@2.0.2", + "product_id": "3", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.0.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.0.2" + } + } + }, + { + "category": "product_version", + "name": "2.1.0", + "product": { + "name": "loopback@2.1.0", + "product_id": "4", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.1.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.1.0" + } + } + }, + { + "category": "product_version", + "name": "2.1.1", + "product": { + "name": "loopback@2.1.1", + "product_id": "5", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.1.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.1.1" + } + } + }, + { + "category": "product_version", + "name": "2.1.2", + "product": { + "name": "loopback@2.1.2", + "product_id": "6", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.1.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.1.2" + } + } + }, + { + "category": "product_version", + "name": "2.1.3", + "product": { + "name": "loopback@2.1.3", + "product_id": "7", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.1.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.1.3" + } + } + }, + { + "category": "product_version", + "name": "2.1.4", + "product": { + "name": "loopback@2.1.4", + "product_id": "8", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.1.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.1.4" + } + } + }, + { + "category": "product_version", + "name": "2.2.0", + "product": { + "name": "loopback@2.2.0", + "product_id": "9", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.2.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.2.0" + } + } + }, + { + "category": "product_version", + "name": "2.3.0", + "product": { + "name": "loopback@2.3.0", + "product_id": "10", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.3.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.3.0" + } + } + }, + { + "category": "product_version", + "name": "2.3.1", + "product": { + "name": "loopback@2.3.1", + "product_id": "11", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.3.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.3.1" + } + } + }, + { + "category": "product_version", + "name": "2.4.0", + "product": { + "name": "loopback@2.4.0", + "product_id": "12", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.4.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.4.0" + } + } + }, + { + "category": "product_version", + "name": "2.4.1", + "product": { + "name": "loopback@2.4.1", + "product_id": "13", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.4.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.4.1" + } + } + }, + { + "category": "product_version", + "name": "2.5.0", + "product": { + "name": "loopback@2.5.0", + "product_id": "14", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.5.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.5.0" + } + } + }, + { + "category": "product_version", + "name": "2.6.0", + "product": { + "name": "loopback@2.6.0", + "product_id": "15", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.6.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.6.0" + } + } + }, + { + "category": "product_version", + "name": "2.7.0", + "product": { + "name": "loopback@2.7.0", + "product_id": "16", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.7.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.7.0" + } + } + }, + { + "category": "product_version", + "name": "2.8.0", + "product": { + "name": "loopback@2.8.0", + "product_id": "17", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.0" + } + } + }, + { + "category": "product_version", + "name": "2.8.1", + "product": { + "name": "loopback@2.8.1", + "product_id": "18", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.1" + } + } + }, + { + "category": "product_version", + "name": "2.8.2", + "product": { + "name": "loopback@2.8.2", + "product_id": "19", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.2" + } + } + }, + { + "category": "product_version", + "name": "2.8.3", + "product": { + "name": "loopback@2.8.3", + "product_id": "20", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.3" + } + } + }, + { + "category": "product_version", + "name": "2.8.4", + "product": { + "name": "loopback@2.8.4", + "product_id": "21", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.4" + } + } + }, + { + "category": "product_version", + "name": "2.8.5", + "product": { + "name": "loopback@2.8.5", + "product_id": "22", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.5:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.5" + } + } + }, + { + "category": "product_version", + "name": "2.8.6", + "product": { + "name": "loopback@2.8.6", + "product_id": "23", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.6:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.6" + } + } + }, + { + "category": "product_version", + "name": "2.8.7", + "product": { + "name": "loopback@2.8.7", + "product_id": "24", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.7:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.7" + } + } + }, + { + "category": "product_version", + "name": "2.8.8", + "product": { + "name": "loopback@2.8.8", + "product_id": "25", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.8:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.8" + } + } + }, + { + "category": "product_version", + "name": "2.9.0", + "product": { + "name": "loopback@2.9.0", + "product_id": "26", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.9.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.9.0" + } + } + }, + { + "category": "product_version", + "name": "2.10.0", + "product": { + "name": "loopback@2.10.0", + "product_id": "27", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.10.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.10.0" + } + } + }, + { + "category": "product_version", + "name": "2.10.1", + "product": { + "name": "loopback@2.10.1", + "product_id": "28", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.10.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.10.1" + } + } + }, + { + "category": "product_version", + "name": "2.10.2", + "product": { + "name": "loopback@2.10.2", + "product_id": "29", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.10.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.10.2" + } + } + }, + { + "category": "product_version", + "name": "2.11.0", + "product": { + "name": "loopback@2.11.0", + "product_id": "30", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.11.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.11.0" + } + } + }, + { + "category": "product_version", + "name": "2.12.0", + "product": { + "name": "loopback@2.12.0", + "product_id": "31", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.12.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.12.0" + } + } + }, + { + "category": "product_version", + "name": "2.12.1", + "product": { + "name": "loopback@2.12.1", + "product_id": "32", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.12.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.12.1" + } + } + }, + { + "category": "product_version", + "name": "2.13.0", + "product": { + "name": "loopback@2.13.0", + "product_id": "33", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.13.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.13.0" + } + } + }, + { + "category": "product_version", + "name": "2.14.0", + "product": { + "name": "loopback@2.14.0", + "product_id": "34", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.14.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.14.0" + } + } + }, + { + "category": "product_version", + "name": "2.15.0", + "product": { + "name": "loopback@2.15.0", + "product_id": "35", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.15.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.15.0" + } + } + }, + { + "category": "product_version", + "name": "2.16.0", + "product": { + "name": "loopback@2.16.0", + "product_id": "36", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.16.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.16.0" + } + } + }, + { + "category": "product_version", + "name": "2.16.1", + "product": { + "name": "loopback@2.16.1", + "product_id": "37", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.16.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.16.1" + } + } + }, + { + "category": "product_version", + "name": "2.16.3", + "product": { + "name": "loopback@2.16.3", + "product_id": "38", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.16.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.16.3" + } + } + }, + { + "category": "product_version", + "name": "2.17.0", + "product": { + "name": "loopback@2.17.0", + "product_id": "39", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.17.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.17.0" + } + } + }, + { + "category": "product_version", + "name": "2.17.1", + "product": { + "name": "loopback@2.17.1", + "product_id": "40", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.17.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.17.1" + } + } + }, + { + "category": "product_version", + "name": "2.17.2", + "product": { + "name": "loopback@2.17.2", + "product_id": "41", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.17.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.17.2" + } + } + }, + { + "category": "product_version", + "name": "2.17.3", + "product": { + "name": "loopback@2.17.3", + "product_id": "42", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.17.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.17.3" + } + } + }, + { + "category": "product_version", + "name": "2.18.0", + "product": { + "name": "loopback@2.18.0", + "product_id": "43", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.18.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.18.0" + } + } + }, + { + "category": "product_version", + "name": "2.19.0", + "product": { + "name": "loopback@2.19.0", + "product_id": "44", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.19.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.19.0" + } + } + }, + { + "category": "product_version", + "name": "2.19.1", + "product": { + "name": "loopback@2.19.1", + "product_id": "45", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.19.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.19.1" + } + } + }, + { + "category": "product_version", + "name": "2.20.0", + "product": { + "name": "loopback@2.20.0", + "product_id": "46", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.20.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.20.0" + } + } + }, + { + "category": "product_version", + "name": "2.21.0", + "product": { + "name": "loopback@2.21.0", + "product_id": "47", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.21.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.21.0" + } + } + }, + { + "category": "product_version", + "name": "2.22.0", + "product": { + "name": "loopback@2.22.0", + "product_id": "48", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.22.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.22.0" + } + } + }, + { + "category": "product_version", + "name": "2.22.1", + "product": { + "name": "loopback@2.22.1", + "product_id": "49", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.22.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.22.1" + } + } + }, + { + "category": "product_version", + "name": "2.22.2", + "product": { + "name": "loopback@2.22.2", + "product_id": "50", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.22.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.22.2" + } + } + }, + { + "category": "product_version", + "name": "2.23.0", + "product": { + "name": "loopback@2.23.0", + "product_id": "51", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.23.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.23.0" + } + } + }, + { + "category": "product_version", + "name": "2.25.0", + "product": { + "name": "loopback@2.25.0", + "product_id": "52", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.25.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.25.0" + } + } + }, + { + "category": "product_version", + "name": "2.26.0", + "product": { + "name": "loopback@2.26.0", + "product_id": "53", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.26.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.26.0" + } + } + }, + { + "category": "product_version", + "name": "2.26.1", + "product": { + "name": "loopback@2.26.1", + "product_id": "54", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.26.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.26.1" + } + } + }, + { + "category": "product_version", + "name": "2.26.2", + "product": { + "name": "loopback@2.26.2", + "product_id": "55", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.26.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.26.2" + } + } + }, + { + "category": "product_version", + "name": "2.27.0", + "product": { + "name": "loopback@2.27.0", + "product_id": "56", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.27.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.27.0" + } + } + }, + { + "category": "product_version", + "name": "2.28.0", + "product": { + "name": "loopback@2.28.0", + "product_id": "57", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.28.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.28.0" + } + } + }, + { + "category": "product_version", + "name": "2.29.0", + "product": { + "name": "loopback@2.29.0", + "product_id": "58", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.29.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.29.0" + } + } + }, + { + "category": "product_version", + "name": "2.29.1", + "product": { + "name": "loopback@2.29.1", + "product_id": "59", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.29.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.29.1" + } + } + }, + { + "category": "product_version", + "name": "2.30.0", + "product": { + "name": "loopback@2.30.0", + "product_id": "60", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.30.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.30.0" + } + } + }, + { + "category": "product_version", + "name": "2.31.0", + "product": { + "name": "loopback@2.31.0", + "product_id": "61", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.31.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.31.0" + } + } + }, + { + "category": "product_version", + "name": "2.32.0", + "product": { + "name": "loopback@2.32.0", + "product_id": "62", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.32.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.32.0" + } + } + }, + { + "category": "product_version", + "name": "2.33.0", + "product": { + "name": "loopback@2.33.0", + "product_id": "63", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.33.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.33.0" + } + } + }, + { + "category": "product_version", + "name": "2.34.0", + "product": { + "name": "loopback@2.34.0", + "product_id": "64", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.34.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.34.0" + } + } + }, + { + "category": "product_version", + "name": "2.34.1", + "product": { + "name": "loopback@2.34.1", + "product_id": "65", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.34.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.34.1" + } + } + }, + { + "category": "product_version", + "name": "2.35.0", + "product": { + "name": "loopback@2.35.0", + "product_id": "66", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.35.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.35.0" + } + } + }, + { + "category": "product_version", + "name": "2.36.0", + "product": { + "name": "loopback@2.36.0", + "product_id": "67", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.36.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.36.0" + } + } + }, + { + "category": "product_version", + "name": "2.36.2", + "product": { + "name": "loopback@2.36.2", + "product_id": "68", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.36.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.36.2" + } + } + }, + { + "category": "product_version", + "name": "2.37.0", + "product": { + "name": "loopback@2.37.0", + "product_id": "69", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.37.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.37.0" + } + } + }, + { + "category": "product_version", + "name": "2.37.1", + "product": { + "name": "loopback@2.37.1", + "product_id": "70", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.37.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.37.1" + } + } + }, + { + "category": "product_version", + "name": "2.38.0", + "product": { + "name": "loopback@2.38.0", + "product_id": "71", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.38.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.38.0" + } + } + }, + { + "category": "product_version", + "name": "2.38.1", + "product": { + "name": "loopback@2.38.1", + "product_id": "72", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.38.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.38.1" + } + } + }, + { + "category": "product_version", + "name": "2.38.2", + "product": { + "name": "loopback@2.38.2", + "product_id": "73", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.38.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.38.2" + } + } + }, + { + "category": "product_version", + "name": "2.38.3", + "product": { + "name": "loopback@2.38.3", + "product_id": "74", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.38.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.38.3" + } + } + }, + { + "category": "product_version", + "name": "2.39.0", + "product": { + "name": "loopback@2.39.0", + "product_id": "75", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.39.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.39.0" + } + } + }, + { + "category": "product_version", + "name": "2.39.1", + "product": { + "name": "loopback@2.39.1", + "product_id": "76", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.39.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.39.1" + } + } + }, + { + "category": "product_version", + "name": "2.39.2", + "product": { + "name": "loopback@2.39.2", + "product_id": "77", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.39.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.39.2" + } + } + }, + { + "category": "product_version", + "name": "2.40.0", + "product": { + "name": "loopback@2.40.0", + "product_id": "78", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.40.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.40.0" + } + } + }, + { + "category": "product_version", + "name": "2.41.0", + "product": { + "name": "loopback@2.41.0", + "product_id": "79", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.41.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.41.0" + } + } + }, + { + "category": "product_version", + "name": "2.41.1", + "product": { + "name": "loopback@2.41.1", + "product_id": "80", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.41.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.41.1" + } + } + }, + { + "category": "product_version", + "name": "2.41.2", + "product": { + "name": "loopback@2.41.2", + "product_id": "81", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.41.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.41.2" + } + } + }, + { + "category": "product_version", + "name": "2.42.0", + "product": { + "name": "loopback@2.42.0", + "product_id": "82", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.42.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.42.0" + } + } + } + ], + "category": "product_name", + "name": "loopback" + } + ], + "category": "product_family", + "name": "LoopBack 2" + }, + { + "branches": [ + { + "branches": [ + { + "category": "product_version", + "name": "3.0.0", + "product": { + "name": "loopback@3.0.0", + "product_id": "83", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.0.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.0.0" + } + } + }, + { + "category": "product_version", + "name": "3.1.0", + "product": { + "name": "loopback@3.1.0", + "product_id": "84", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.1.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.1.0" + } + } + }, + { + "category": "product_version", + "name": "3.1.1", + "product": { + "name": "loopback@3.1.1", + "product_id": "85", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.1.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.1.1" + } + } + }, + { + "category": "product_version", + "name": "3.2.0", + "product": { + "name": "loopback@3.2.0", + "product_id": "86", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.2.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.2.0" + } + } + }, + { + "category": "product_version", + "name": "3.2.1", + "product": { + "name": "loopback@3.2.1", + "product_id": "87", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.2.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.2.1" + } + } + }, + { + "category": "product_version", + "name": "3.3.0", + "product": { + "name": "loopback@3.3.0", + "product_id": "88", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.3.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.3.0" + } + } + }, + { + "category": "product_version", + "name": "3.4.0", + "product": { + "name": "loopback@3.4.0", + "product_id": "89", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.4.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.4.0" + } + } + }, + { + "category": "product_version", + "name": "3.5.0", + "product": { + "name": "loopback@3.5.0", + "product_id": "90", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.5.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.5.0" + } + } + }, + { + "category": "product_version", + "name": "3.6.0", + "product": { + "name": "loopback@3.6.0", + "product_id": "91", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.6.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.6.0" + } + } + }, + { + "category": "product_version", + "name": "3.7.0", + "product": { + "name": "loopback@3.7.0", + "product_id": "92", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.7.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.7.0" + } + } + }, + { + "category": "product_version", + "name": "3.8.0", + "product": { + "name": "loopback@3.8.0", + "product_id": "93", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.8.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.8.0" + } + } + }, + { + "category": "product_version", + "name": "3.9.0", + "product": { + "name": "loopback@3.9.0", + "product_id": "94", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.9.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.9.0" + } + } + }, + { + "category": "product_version", + "name": "3.10.0", + "product": { + "name": "loopback@3.10.0", + "product_id": "95", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.10.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.10.0" + } + } + }, + { + "category": "product_version", + "name": "3.10.1", + "product": { + "name": "loopback@3.10.1", + "product_id": "96", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.10.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.10.1" + } + } + }, + { + "category": "product_version", + "name": "3.11.0", + "product": { + "name": "loopback@3.11.0", + "product_id": "97", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.11.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.11.0" + } + } + }, + { + "category": "product_version", + "name": "3.11.1", + "product": { + "name": "loopback@3.11.1", + "product_id": "98", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.11.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.11.1" + } + } + }, + { + "category": "product_version", + "name": "3.12.0", + "product": { + "name": "loopback@3.12.0", + "product_id": "99", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.12.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.12.0" + } + } + }, + { + "category": "product_version", + "name": "3.13.0", + "product": { + "name": "loopback@3.13.0", + "product_id": "100", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.13.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.13.0" + } + } + }, + { + "category": "product_version", + "name": "3.14.0", + "product": { + "name": "loopback@3.14.0", + "product_id": "101", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.14.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.14.0" + } + } + }, + { + "category": "product_version", + "name": "3.15.0", + "product": { + "name": "loopback@3.15.0", + "product_id": "102", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.15.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.15.0" + } + } + }, + { + "category": "product_version", + "name": "3.16.0", + "product": { + "name": "loopback@3.16.0", + "product_id": "103", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.16.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.16.0" + } + } + }, + { + "category": "product_version", + "name": "3.16.1", + "product": { + "name": "loopback@3.16.1", + "product_id": "104", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.16.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.16.1" + } + } + }, + { + "category": "product_version", + "name": "3.16.2", + "product": { + "name": "loopback@3.16.2", + "product_id": "105", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.16.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.16.2" + } + } + }, + { + "category": "product_version", + "name": "3.17.0", + "product": { + "name": "loopback@3.17.0", + "product_id": "106", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.17.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.17.0" + } + } + }, + { + "category": "product_version", + "name": "3.17.1", + "product": { + "name": "loopback@3.17.1", + "product_id": "107", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.17.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.17.1" + } + } + }, + { + "category": "product_version", + "name": "3.18.0", + "product": { + "name": "loopback@3.18.0", + "product_id": "108", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.18.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.18.0" + } + } + }, + { + "category": "product_version", + "name": "3.18.1", + "product": { + "name": "loopback@3.18.1", + "product_id": "109", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.18.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.18.1" + } + } + }, + { + "category": "product_version", + "name": "3.18.2", + "product": { + "name": "loopback@3.18.2", + "product_id": "110", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.18.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.18.2" + } + } + }, + { + "category": "product_version", + "name": "3.18.3", + "product": { + "name": "loopback@3.18.3", + "product_id": "111", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.18.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.18.3" + } + } + }, + { + "category": "product_version", + "name": "3.19.0", + "product": { + "name": "loopback@3.19.0", + "product_id": "112", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.19.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.19.0" + } + } + }, + { + "category": "product_version", + "name": "3.19.1", + "product": { + "name": "loopback@3.19.1", + "product_id": "113", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.19.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.19.1" + } + } + }, + { + "category": "product_version", + "name": "3.19.2", + "product": { + "name": "loopback@3.19.2", + "product_id": "114", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.19.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.19.2" + } + } + }, + { + "category": "product_version", + "name": "3.19.3", + "product": { + "name": "loopback@3.19.3", + "product_id": "115", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.19.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.19.3" + } + } + }, + { + "category": "product_version", + "name": "3.20.0", + "product": { + "name": "loopback@3.20.0", + "product_id": "116", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.20.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.20.0" + } + } + }, + { + "category": "product_version", + "name": "3.21.0", + "product": { + "name": "loopback@3.21.0", + "product_id": "117", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.21.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.21.0" + } + } + }, + { + "category": "product_version", + "name": "3.22.0", + "product": { + "name": "loopback@3.22.0", + "product_id": "118", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.22.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.22.0" + } + } + }, + { + "category": "product_version", + "name": "3.22.1", + "product": { + "name": "loopback@3.22.1", + "product_id": "119", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.22.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.22.1" + } + } + }, + { + "category": "product_version", + "name": "3.22.2", + "product": { + "name": "loopback@3.22.2", + "product_id": "120", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.22.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.22.2" + } + } + }, + { + "category": "product_version", + "name": "3.22.3", + "product": { + "name": "loopback@3.22.3", + "product_id": "121", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.22.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.22.3" + } + } + }, + { + "category": "product_version", + "name": "3.23.0", + "product": { + "name": "loopback@3.23.0", + "product_id": "122", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.23.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.23.0" + } + } + }, + { + "category": "product_version", + "name": "3.23.1", + "product": { + "name": "loopback@3.23.1", + "product_id": "123", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.23.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.23.1" + } + } + }, + { + "category": "product_version", + "name": "3.23.2", + "product": { + "name": "loopback@3.23.2", + "product_id": "124", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.23.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.23.2" + } + } + }, + { + "category": "product_version", + "name": "3.24.0", + "product": { + "name": "loopback@3.24.0", + "product_id": "125", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.24.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.24.0" + } + } + }, + { + "category": "product_version", + "name": "3.24.1", + "product": { + "name": "loopback@3.24.1", + "product_id": "126", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.24.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.24.1" + } + } + }, + { + "category": "product_version", + "name": "3.24.2", + "product": { + "name": "loopback@3.24.2", + "product_id": "127", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.24.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.24.2" + } + } + }, + { + "category": "product_version", + "name": "3.25.0", + "product": { + "name": "loopback@3.25.0", + "product_id": "128", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.25.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.25.0" + } + } + }, + { + "category": "product_version", + "name": "3.25.1", + "product": { + "name": "loopback@3.25.1", + "product_id": "129", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.25.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.25.1" + } + } + }, + { + "category": "product_version", + "name": "3.26.0", + "product": { + "name": "loopback@3.26.0", + "product_id": "130", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.26.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.26.0" + } + } + } + ], + "category": "product_name", + "name": "loopback" + } + ], + "category": "product_family", + "name": "LoopBack 3" + } + ], + "category": "product_family", + "name": "LoopBack" + } + ], + "category": "vendor", + "name": "LoopBack" + } + ], + "product_groups": [ + { + "group_id": "1", + "product_ids": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "22", + "23", + "24", + "25", + "26", + "27", + "28", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "39", + "40", + "41", + "42", + "43", + "44", + "45", + "46", + "47", + "48", + "49", + "50", + "51", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60", + "61", + "62", + "63", + "64", + "65", + "66", + "67", + "68", + "69", + "70", + "71", + "72", + "73", + "74", + "75", + "76", + "77", + "78", + "79", + "80", + "81" + ], + "summary": "Affected LoopBack 2 products." + }, + { + "group_id": "2", + "product_ids": [ + "82", + "83", + "84", + "85", + "86", + "87", + "88", + "89", + "90", + "91", + "92", + "93", + "94", + "95", + "96", + "97", + "98", + "99", + "100", + "101", + "102", + "103", + "104", + "105", + "106", + "107", + "108", + "109", + "110", + "111", + "112", + "113", + "114", + "115", + "116", + "117", + "118", + "119", + "120", + "121", + "122", + "123", + "124", + "125", + "126", + "127", + "128", + "129" + ], + "summary": "Affected LoopBack 3 products." + } + ] + }, + "vulnerabilities": [ + { + "cwe": { + "id": "CWE-89", + "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + }, + "notes": [ + { + "audience": "all", + "category": "description", + "text": "The built-in `User` model's `login` method allows search criteria objects to be passed as values for its `email`, `username`, and `realm` parameters.\nUsing conditional properties like `neq` and `regexp`, an unspecific but valid username or email can be used for trying the weak password.\n\nFor example, if the hacker guesses there are some users in the system have a weak password 'x', this query:\n\n```js\nUser.login({username: {'regexp': '^ap'}, password: 'x'});\n```\n\nwill set the username to the first user whose username starts with `ap`, against whose account the password-guessing attack can be performed." + }, + { + "audience": "all", + "category": "summary", + "text": "`loopback@2.x` or `loopback@3.x` allows logging into a user account by trying weak passwords without knowing the exact username/email." + } + ], + "product_status": { + "first_affected": ["1", "83"], + "known_affected": ["81", "129"], + "last_affected": ["81", "129"], + "fixed": ["82", "130"], + "recommended": ["82", "130"] + }, + "references": [ + { + "category": "self", + "summary": "GitHub Commit: LoopBack 2.x", + "url": "https://github.com/strongloop/loopback/commit/2dd98a368b719e85644c7cd901694ac38393d808" + }, + { + "category": "self", + "summary": "GitHub Commit: LoopBack 3.x", + "url": "https://github.com/strongloop/loopback/commit/58a0e6c8e95c346442a055510bc14e36207e7d85" + }, + { + "category": "self", + "summary": "GitHub Issue", + "url": "https://github.com/strongloop/loopback/issues/4195" + }, + { + "category": "self", + "summary": "GitHub Pull Request: LoopBack 3.x", + "url": "https://github.com/strongloop/loopback/pull/4213" + }, + { + "category": "self", + "summary": "GitHub Pull Request: LoopBack 3.x", + "url": "https://github.com/strongloop/loopback/pull/4208" + }, + { + "summary": "NPM", + "url": "https://www.npmjs.com/package/loopback" + } + ], + "remediations": [ + { + "category": "vendor_fix", + "date": "2019-06-04T17:45:17.255Z", + "details": "Upgrade to `loopback@2.42.0` or later", + "group_ids": ["1"] + }, + { + "category": "vendor_fix", + "date": "2019-05-31T07:06:20.417Z", + "details": "Upgrade to `loopback@3.26.0` or later", + "group_ids": ["2"] + } + ], + "scores": [ + { + "cvss_v3": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availability": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentiality": "LOW", + "integrity": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "products": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "22", + "23", + "24", + "25", + "26", + "27", + "28", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "39", + "40", + "41", + "42", + "43", + "44", + "45", + "46", + "47", + "48", + "49", + "50", + "51", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60", + "61", + "62", + "63", + "64", + "65", + "66", + "67", + "68", + "69", + "70", + "71", + "72", + "73", + "74", + "75", + "76", + "77", + "78", + "79", + "80", + "81", + "82", + "83", + "84", + "85", + "86", + "87", + "88", + "89", + "90", + "91", + "92", + "93", + "94", + "95", + "96", + "97", + "98", + "99", + "100", + "101", + "102", + "103", + "104", + "105", + "106", + "107", + "108", + "109", + "110", + "111", + "112", + "113", + "114", + "115", + "116", + "117", + "118", + "119", + "120", + "121", + "122", + "123", + "124", + "125", + "126", + "127", + "128", + "129" + ] + } + ] + } + ] +} diff --git a/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json.license b/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json.license new file mode 100644 index 0000000..885aa91 --- /dev/null +++ b/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json.license @@ -0,0 +1,2 @@ +SPDX-FileCopyrightText: LoopBack Contributors +SPDX-License-Identifier: MIT diff --git a/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json b/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json new file mode 100644 index 0000000..9986666 --- /dev/null +++ b/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json @@ -0,0 +1,250 @@ +{ + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "loopback", + "purl": "pkg:npm/loopback" + }, + "ranges": [ + { + "events": [ + { + "introduced": "" + }, + { + "fixed": "58a0e6c8e95c346442a055510bc14e36207e7d85" + } + ], + "repo": "https://github.com/strongloop/loopback.git", + "type": "GIT" + }, + { + "events": [ + { + "introduced": "2.0.0" + }, + { + "fixed": "2.41.1" + } + ], + "type": "SEMVER" + }, + { + "events": [ + { + "introduced": "" + }, + { + "fixed": "2dd98a368b719e85644c7cd901694ac38393d808" + } + ], + "repo": "https://github.com/strongloop/loopback.git", + "type": "GIT" + }, + { + "events": [ + { + "introduced": "3.0.0" + }, + { + "fixed": "3.24.1" + } + ], + "type": "SEMVER" + } + ], + "versions": [ + "2.0.0", + "2.0.1", + "2.0.2", + "2.1.0", + "2.1.1", + "2.1.2", + "2.1.3", + "2.1.4", + "2.2.0", + "2.3.0", + "2.3.1", + "2.4.0", + "2.4.1", + "2.5.0", + "2.6.0", + "2.7.0", + "2.8.0", + "2.8.1", + "2.8.2", + "2.8.3", + "2.8.4", + "2.8.5", + "2.8.6", + "2.8.7", + "2.8.8", + "2.9.0", + "2.10.0", + "2.10.1", + "2.10.2", + "2.11.0", + "2.12.0", + "2.12.1", + "2.13.0", + "2.14.0", + "2.15.0", + "2.16.0", + "2.16.1", + "2.16.3", + "2.17.0", + "2.17.1", + "2.17.2", + "2.17.3", + "2.18.0", + "2.19.0", + "2.19.1", + "2.20.0", + "2.21.0", + "2.22.0", + "2.22.1", + "2.22.2", + "2.23.0", + "2.25.0", + "2.26.0", + "2.26.1", + "2.26.2", + "2.27.0", + "2.28.0", + "2.29.0", + "2.29.1", + "2.30.0", + "2.31.0", + "2.32.0", + "2.33.0", + "2.34.0", + "2.34.1", + "2.35.0", + "2.36.0", + "2.36.2", + "2.37.0", + "2.37.1", + "2.38.0", + "2.38.1", + "2.38.2", + "2.38.3", + "2.39.0", + "2.39.1", + "2.39.2", + "2.40.0", + "2.41.0", + "3.0.0", + "3.1.0", + "3.1.1", + "3.2.0", + "3.2.1", + "3.3.0", + "3.4.0", + "3.5.0", + "3.6.0", + "3.7.0", + "3.8.0", + "3.9.0", + "3.10.0", + "3.10.1", + "3.11.0", + "3.11.1", + "3.12.0", + "3.13.0", + "3.14.0", + "3.15.0", + "3.16.0", + "3.16.1", + "3.16.2", + "3.17.0", + "3.17.1", + "3.18.0", + "3.18.1", + "3.18.2", + "3.18.3", + "3.19.0", + "3.19.1", + "3.19.2", + "3.19.3", + "3.20.0", + "3.21.0", + "3.22.0", + "3.22.1", + "3.22.2", + "3.22.3", + "3.23.0", + "3.23.1", + "3.23.2", + "3.24.0" + ] + } + ], + "aliases": ["GHSA-724c-6vrf-99rq", "GMS-2020-358"], + "credits": [ + { + "name": "@gabjauf", + "urls": ["https://github.com/gabjauf"] + } + ], + "database_specific": { + "CWE": "CWE-89" + }, + "details": "The built-in `User` model's `login` method allows search criteria objects to be passed as values for its `email`, `username`, and `realm` parameters.\nUsing conditional properties like `neq` and `regexp`, an unspecific but valid username or email can be used for trying the weak password.\n\nFor example, if the hacker guesses there are some users in the system have a weak password 'x', this query:\n\n```js\nUser.login({username: {'regexp': '^ap'}, password: 'x'});\n```\n\nwill set the username to the first user whose username starts with `ap`, against whose account the password-guessing attack can be performed.", + "id": "LBSEC-20190617-1", + "modified": "1970-01-01T00:00:00.000Z", + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-724c-6vrf-99rq" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/csaf/lbsa-20190617-1.csaf.json" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/html/lbsa-20190617-1.html" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/osv/lbsa-20190617-1.osv.json" + }, + { + "type": "PACKAGE", + "url": "https://loopback.io" + }, + { + "type": "PACKAGE", + "url": "https://www.npmjs.com/package/loopback" + }, + { + "type": "REPORT", + "url": "https://github.com/strongloop/loopback/issues/4195" + }, + { + "type": "WEB", + "url": "https://github.com/strongloop/loopback/commit/2dd98a368b719e85644c7cd901694ac38393d808" + }, + { + "type": "WEB", + "url": "https://github.com/strongloop/loopback/commit/58a0e6c8e95c346442a055510bc14e36207e7d85" + }, + { + "type": "WEB", + "url": "https://github.com/strongloop/loopback/pull/4213" + }, + { + "type": "WEB", + "url": "https://github.com/strongloop/loopback/pull/4208" + } + ], + "schema_version": "1.2.0", + "severity": [ + { + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "type": "CVSS_V3" + } + ], + "summary": "`loopback@2.x` or `loopback@3.x` allows logging into a user account by trying weak passwords without knowing the exact username/email." +} diff --git a/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json.license b/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json.license new file mode 100644 index 0000000..885aa91 --- /dev/null +++ b/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json.license @@ -0,0 +1,2 @@ +SPDX-FileCopyrightText: LoopBack Contributors +SPDX-License-Identifier: MIT diff --git a/advisories/lbsa-20201130.csaf.json b/advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json similarity index 69% rename from advisories/lbsa-20201130.csaf.json rename to advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json index ea11fa5..98ef04a 100644 --- a/advisories/lbsa-20201130.csaf.json +++ b/advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json @@ -22,49 +22,39 @@ "references": [ { "category": "self", - "summary": "LoopBack Security Advisory 11-30-2020 CSAF document", + "summary": "LBSEC-20201130-1: LoopBack Security Advisory 11-30-2020 - CSAF document", "url": "https://loopback.io/doc/en/sec/lbsa-2020-11-30.csaf.json" }, { "category": "self", - "summary": "LoopBack Security Advisory 11-30-2020 HTML document", - "url": "https://loopback.io/doc/en/sec/Security-advisory-11-30-2020.html" + "summary": "LBSEC-20201130-1: LoopBack Security Advisory 11-30-2020 - Gemnasium DB Advisory document", + "url": "https://loopback.io/doc/en/sec/lbsa-2020-11-30.gemnasium.yaml" + }, + { + "category": "self", + "summary": "LBSEC-20201130-1: LoopBack Security Advisory 11-30-2020 - HTML document", + "url": "https://loopback.io/doc/en/sec/lbsa-2020-11-30.html" + }, + { + "category": "self", + "summary": "LBSEC-20201130-1: LoopBack Security Advisory 11-30-2020 - OSV document", + "url": "https://loopback.io/doc/en/sec/lbsa-2020-11-30.osv.json" } ], - "title": "LoopBack Security Advisory 11-30-2020", + "title": "LBSEC-20201130-1: LoopBack Security Advisory 11-30-2020", "tracking": { - "current_release_date": "2022-03-07T13:53:00.000Z", - "id": "LBSA-20201130", - "initial_release_date": "2022-01-18T00:00:00.000Z", + "current_release_date": "1970-01-01T00:00:00.000Z", + "id": "LBSEC-20201130-1", + "initial_release_date": "1970-01-01T00:00:00.000Z", "revision_history": [ { - "date": "2022-03-07T13:53:00.000Z", - "number": "2.1.0", - "summary": "Updated vendor; Updated references; Reorganised notes." - }, - { - "date": "2022-03-07T03:42:00.000Z", - "number": "2.0.0", - "summary": "Updated product tree, product status." - }, - { - "date": "2022-03-05T16:39:00.000Z", - "number": "1.1.0", - "summary": "Updated tracking ID; Added references." - }, - { - "date": "2022-03-05T00:00:00.000Z", - "number": "1.0.1", - "summary": "Fixed validation errors." - }, - { - "date": "2022-01-18T00:00:00.000Z", - "number": "1.0.0", - "summary": "Initial version." + "date": "1970-01-01T00:00:00.000Z", + "number": "0.1.0", + "summary": "Draft version." } ], - "status": "final", - "version": "2.1.0" + "status": "draft", + "version": "0.1.0" } }, "product_tree": { @@ -79,286 +69,10 @@ "branches": [ { "category": "product_version", - "name": "Version 4.0.0-alpha.4", + "name": "0.1.0", "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.4", + "name": "@loopback/rest@0.1.0", "product_id": "1", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.4:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.4" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.5", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.5", - "product_id": "2", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.5:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.5" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.6", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.6", - "product_id": "3", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.6:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.6" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.7", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.7", - "product_id": "4", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.7:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.7" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.8", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.8", - "product_id": "5", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.8:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.8" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.9", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.9", - "product_id": "6", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.9:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.9" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.10", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.10", - "product_id": "7", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.10:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.10" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.11", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.11", - "product_id": "8", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.11:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.11" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.12", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.12", - "product_id": "9", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.12:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.12" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.13", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.13", - "product_id": "10", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.13:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.13" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.14", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.14", - "product_id": "11", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.14:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.14" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.15", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.15", - "product_id": "12", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.15:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.15" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.16", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.16", - "product_id": "13", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.16:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.16" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.17", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.17", - "product_id": "14", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.17:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.17" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.18", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.18", - "product_id": "15", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.18:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.18" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.19", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.19", - "product_id": "16", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.19:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.19" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.20", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.20", - "product_id": "17", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.20:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.20" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.21", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.21", - "product_id": "18", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.21:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.21" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.22", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.22", - "product_id": "19", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.22:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.22" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.23", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.23", - "product_id": "20", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.23:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.23" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.24", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.24", - "product_id": "21", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.24:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.24" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.25", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.25", - "product_id": "22", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.25:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.25" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.26", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.26", - "product_id": "23", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.26:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.26" - } - } - }, - { - "category": "product_version", - "name": "Version 0.1.0", - "product": { - "name": "@loopback/rest - Version 0.1.0", - "product_id": "24", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.1.0" @@ -367,10 +81,10 @@ }, { "category": "product_version", - "name": "Version 0.1.1", + "name": "0.1.1", "product": { - "name": "@loopback/rest - Version 0.1.1", - "product_id": "25", + "name": "@loopback/rest@0.1.1", + "product_id": "2", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.1.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.1.1" @@ -379,10 +93,10 @@ }, { "category": "product_version", - "name": "Version 0.1.2", + "name": "0.1.2", "product": { - "name": "@loopback/rest - Version 0.1.2", - "product_id": "26", + "name": "@loopback/rest@0.1.2", + "product_id": "3", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.1.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.1.2" @@ -391,10 +105,10 @@ }, { "category": "product_version", - "name": "Version 0.2.0", + "name": "0.2.0", "product": { - "name": "@loopback/rest - Version 0.2.0", - "product_id": "27", + "name": "@loopback/rest@0.2.0", + "product_id": "4", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.2.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.2.0" @@ -403,10 +117,10 @@ }, { "category": "product_version", - "name": "Version 0.3.0", + "name": "0.3.0", "product": { - "name": "@loopback/rest - Version 0.3.0", - "product_id": "28", + "name": "@loopback/rest@0.3.0", + "product_id": "5", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.3.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.3.0" @@ -415,10 +129,10 @@ }, { "category": "product_version", - "name": "Version 0.3.1", + "name": "0.3.1", "product": { - "name": "@loopback/rest - Version 0.3.1", - "product_id": "29", + "name": "@loopback/rest@0.3.1", + "product_id": "6", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.3.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.3.1" @@ -427,10 +141,10 @@ }, { "category": "product_version", - "name": "Version 0.3.2", + "name": "0.3.2", "product": { - "name": "@loopback/rest - Version 0.3.2", - "product_id": "30", + "name": "@loopback/rest@0.3.2", + "product_id": "7", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.3.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.3.2" @@ -439,10 +153,10 @@ }, { "category": "product_version", - "name": "Version 0.3.3", + "name": "0.3.3", "product": { - "name": "@loopback/rest - Version 0.3.3", - "product_id": "31", + "name": "@loopback/rest@0.3.3", + "product_id": "8", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.3.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.3.3" @@ -451,10 +165,10 @@ }, { "category": "product_version", - "name": "Version 0.3.4", + "name": "0.3.4", "product": { - "name": "@loopback/rest - Version 0.3.4", - "product_id": "32", + "name": "@loopback/rest@0.3.4", + "product_id": "9", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.3.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.3.4" @@ -463,10 +177,10 @@ }, { "category": "product_version", - "name": "Version 0.4.0", + "name": "0.4.0", "product": { - "name": "@loopback/rest - Version 0.4.0", - "product_id": "33", + "name": "@loopback/rest@0.4.0", + "product_id": "10", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.4.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.4.0" @@ -475,10 +189,10 @@ }, { "category": "product_version", - "name": "Version 0.4.1", + "name": "0.4.1", "product": { - "name": "@loopback/rest - Version 0.4.1", - "product_id": "34", + "name": "@loopback/rest@0.4.1", + "product_id": "11", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.4.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.4.1" @@ -487,10 +201,10 @@ }, { "category": "product_version", - "name": "Version 0.5.0", + "name": "0.5.0", "product": { - "name": "@loopback/rest - Version 0.5.0", - "product_id": "35", + "name": "@loopback/rest@0.5.0", + "product_id": "12", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.5.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.5.0" @@ -499,10 +213,10 @@ }, { "category": "product_version", - "name": "Version 0.5.1", + "name": "0.5.1", "product": { - "name": "@loopback/rest - Version 0.5.1", - "product_id": "36", + "name": "@loopback/rest@0.5.1", + "product_id": "13", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.5.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.5.1" @@ -511,10 +225,10 @@ }, { "category": "product_version", - "name": "Version 0.5.2", + "name": "0.5.2", "product": { - "name": "@loopback/rest - Version 0.5.2", - "product_id": "37", + "name": "@loopback/rest@0.5.2", + "product_id": "14", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.5.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.5.2" @@ -523,10 +237,10 @@ }, { "category": "product_version", - "name": "Version 0.6.0", + "name": "0.6.0", "product": { - "name": "@loopback/rest - Version 0.6.0", - "product_id": "38", + "name": "@loopback/rest@0.6.0", + "product_id": "15", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.6.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.6.0" @@ -535,10 +249,10 @@ }, { "category": "product_version", - "name": "Version 0.6.1", + "name": "0.6.1", "product": { - "name": "@loopback/rest - Version 0.6.1", - "product_id": "39", + "name": "@loopback/rest@0.6.1", + "product_id": "16", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.6.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.6.1" @@ -547,10 +261,10 @@ }, { "category": "product_version", - "name": "Version 0.6.2", + "name": "0.6.2", "product": { - "name": "@loopback/rest - Version 0.6.2", - "product_id": "40", + "name": "@loopback/rest@0.6.2", + "product_id": "17", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.6.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.6.2" @@ -559,10 +273,10 @@ }, { "category": "product_version", - "name": "Version 0.6.3", + "name": "0.6.3", "product": { - "name": "@loopback/rest - Version 0.6.3", - "product_id": "41", + "name": "@loopback/rest@0.6.3", + "product_id": "18", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.6.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.6.3" @@ -571,10 +285,10 @@ }, { "category": "product_version", - "name": "Version 0.7.0", + "name": "0.7.0", "product": { - "name": "@loopback/rest - Version 0.7.0", - "product_id": "42", + "name": "@loopback/rest@0.7.0", + "product_id": "19", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.7.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.7.0" @@ -583,10 +297,10 @@ }, { "category": "product_version", - "name": "Version 0.8.0", + "name": "0.8.0", "product": { - "name": "@loopback/rest - Version 0.8.0", - "product_id": "43", + "name": "@loopback/rest@0.8.0", + "product_id": "20", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.8.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.8.0" @@ -595,10 +309,10 @@ }, { "category": "product_version", - "name": "Version 0.8.1", + "name": "0.8.1", "product": { - "name": "@loopback/rest - Version 0.8.1", - "product_id": "44", + "name": "@loopback/rest@0.8.1", + "product_id": "21", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.8.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.8.1" @@ -607,10 +321,10 @@ }, { "category": "product_version", - "name": "Version 0.9.0", + "name": "0.9.0", "product": { - "name": "@loopback/rest - Version 0.9.0", - "product_id": "45", + "name": "@loopback/rest@0.9.0", + "product_id": "22", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.9.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.9.0" @@ -619,10 +333,10 @@ }, { "category": "product_version", - "name": "Version 0.10.0", + "name": "0.10.0", "product": { - "name": "@loopback/rest - Version 0.10.0", - "product_id": "46", + "name": "@loopback/rest@0.10.0", + "product_id": "23", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.0" @@ -631,10 +345,10 @@ }, { "category": "product_version", - "name": "Version 0.10.1", + "name": "0.10.1", "product": { - "name": "@loopback/rest - Version 0.10.1", - "product_id": "47", + "name": "@loopback/rest@0.10.1", + "product_id": "24", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.1" @@ -643,10 +357,10 @@ }, { "category": "product_version", - "name": "Version 0.10.2", + "name": "0.10.2", "product": { - "name": "@loopback/rest - Version 0.10.2", - "product_id": "48", + "name": "@loopback/rest@0.10.2", + "product_id": "25", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.2" @@ -655,10 +369,10 @@ }, { "category": "product_version", - "name": "Version 0.10.3", + "name": "0.10.3", "product": { - "name": "@loopback/rest - Version 0.10.3", - "product_id": "49", + "name": "@loopback/rest@0.10.3", + "product_id": "26", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.3" @@ -667,10 +381,10 @@ }, { "category": "product_version", - "name": "Version 0.10.4", + "name": "0.10.4", "product": { - "name": "@loopback/rest - Version 0.10.4", - "product_id": "50", + "name": "@loopback/rest@0.10.4", + "product_id": "27", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.4" @@ -679,10 +393,10 @@ }, { "category": "product_version", - "name": "Version 0.10.5", + "name": "0.10.5", "product": { - "name": "@loopback/rest - Version 0.10.5", - "product_id": "51", + "name": "@loopback/rest@0.10.5", + "product_id": "28", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.5" @@ -691,10 +405,10 @@ }, { "category": "product_version", - "name": "Version 0.11.0", + "name": "0.11.0", "product": { - "name": "@loopback/rest - Version 0.11.0", - "product_id": "52", + "name": "@loopback/rest@0.11.0", + "product_id": "29", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.11.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.11.0" @@ -703,10 +417,10 @@ }, { "category": "product_version", - "name": "Version 0.11.1", + "name": "0.11.1", "product": { - "name": "@loopback/rest - Version 0.11.1", - "product_id": "53", + "name": "@loopback/rest@0.11.1", + "product_id": "30", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.11.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.11.1" @@ -715,10 +429,10 @@ }, { "category": "product_version", - "name": "Version 0.11.2", + "name": "0.11.2", "product": { - "name": "@loopback/rest - Version 0.11.2", - "product_id": "54", + "name": "@loopback/rest@0.11.2", + "product_id": "31", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.11.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.11.2" @@ -727,10 +441,10 @@ }, { "category": "product_version", - "name": "Version 0.11.3", + "name": "0.11.3", "product": { - "name": "@loopback/rest - Version 0.11.3", - "product_id": "55", + "name": "@loopback/rest@0.11.3", + "product_id": "32", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.11.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.11.3" @@ -739,10 +453,10 @@ }, { "category": "product_version", - "name": "Version 0.12.0", + "name": "0.12.0", "product": { - "name": "@loopback/rest - Version 0.12.0", - "product_id": "56", + "name": "@loopback/rest@0.12.0", + "product_id": "33", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.12.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.12.0" @@ -751,10 +465,10 @@ }, { "category": "product_version", - "name": "Version 0.14.0", + "name": "0.14.0", "product": { - "name": "@loopback/rest - Version 0.14.0", - "product_id": "57", + "name": "@loopback/rest@0.14.0", + "product_id": "34", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.14.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.14.0" @@ -763,10 +477,10 @@ }, { "category": "product_version", - "name": "Version 0.14.1", + "name": "0.14.1", "product": { - "name": "@loopback/rest - Version 0.14.1", - "product_id": "58", + "name": "@loopback/rest@0.14.1", + "product_id": "35", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.14.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.14.1" @@ -775,10 +489,10 @@ }, { "category": "product_version", - "name": "Version 0.15.0", + "name": "0.15.0", "product": { - "name": "@loopback/rest - Version 0.15.0", - "product_id": "59", + "name": "@loopback/rest@0.15.0", + "product_id": "36", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.15.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.15.0" @@ -787,10 +501,10 @@ }, { "category": "product_version", - "name": "Version 0.15.1", + "name": "0.15.1", "product": { - "name": "@loopback/rest - Version 0.15.1", - "product_id": "60", + "name": "@loopback/rest@0.15.1", + "product_id": "37", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.15.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.15.1" @@ -799,10 +513,10 @@ }, { "category": "product_version", - "name": "Version 0.16.0", + "name": "0.16.0", "product": { - "name": "@loopback/rest - Version 0.16.0", - "product_id": "61", + "name": "@loopback/rest@0.16.0", + "product_id": "38", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.16.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.16.0" @@ -811,10 +525,10 @@ }, { "category": "product_version", - "name": "Version 0.17.0", + "name": "0.17.0", "product": { - "name": "@loopback/rest - Version 0.17.0", - "product_id": "62", + "name": "@loopback/rest@0.17.0", + "product_id": "39", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.17.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.17.0" @@ -823,10 +537,10 @@ }, { "category": "product_version", - "name": "Version 0.17.1", + "name": "0.17.1", "product": { - "name": "@loopback/rest - Version 0.17.1", - "product_id": "63", + "name": "@loopback/rest@0.17.1", + "product_id": "40", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.17.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.17.1" @@ -835,10 +549,10 @@ }, { "category": "product_version", - "name": "Version 0.18.0", + "name": "0.18.0", "product": { - "name": "@loopback/rest - Version 0.18.0", - "product_id": "64", + "name": "@loopback/rest@0.18.0", + "product_id": "41", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.18.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.18.0" @@ -847,10 +561,10 @@ }, { "category": "product_version", - "name": "Version 0.19.0", + "name": "0.19.0", "product": { - "name": "@loopback/rest - Version 0.19.0", - "product_id": "65", + "name": "@loopback/rest@0.19.0", + "product_id": "42", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.0" @@ -859,10 +573,10 @@ }, { "category": "product_version", - "name": "Version 0.19.1", + "name": "0.19.1", "product": { - "name": "@loopback/rest - Version 0.19.1", - "product_id": "66", + "name": "@loopback/rest@0.19.1", + "product_id": "43", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.1" @@ -871,10 +585,10 @@ }, { "category": "product_version", - "name": "Version 0.19.2", + "name": "0.19.2", "product": { - "name": "@loopback/rest - Version 0.19.2", - "product_id": "67", + "name": "@loopback/rest@0.19.2", + "product_id": "44", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.2" @@ -883,10 +597,10 @@ }, { "category": "product_version", - "name": "Version 0.19.3", + "name": "0.19.3", "product": { - "name": "@loopback/rest - Version 0.19.3", - "product_id": "68", + "name": "@loopback/rest@0.19.3", + "product_id": "45", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.3" @@ -895,10 +609,10 @@ }, { "category": "product_version", - "name": "Version 0.19.4", + "name": "0.19.4", "product": { - "name": "@loopback/rest - Version 0.19.4", - "product_id": "69", + "name": "@loopback/rest@0.19.4", + "product_id": "46", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.4" @@ -907,10 +621,10 @@ }, { "category": "product_version", - "name": "Version 0.19.5", + "name": "0.19.5", "product": { - "name": "@loopback/rest - Version 0.19.5", - "product_id": "70", + "name": "@loopback/rest@0.19.5", + "product_id": "47", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.5" @@ -919,10 +633,10 @@ }, { "category": "product_version", - "name": "Version 0.19.6", + "name": "0.19.6", "product": { - "name": "@loopback/rest - Version 0.19.6", - "product_id": "71", + "name": "@loopback/rest@0.19.6", + "product_id": "48", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.6:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.6" @@ -931,10 +645,10 @@ }, { "category": "product_version", - "name": "Version 0.20.0", + "name": "0.20.0", "product": { - "name": "@loopback/rest - Version 0.20.0", - "product_id": "72", + "name": "@loopback/rest@0.20.0", + "product_id": "49", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.20.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.20.0" @@ -943,10 +657,10 @@ }, { "category": "product_version", - "name": "Version 0.21.0", + "name": "0.21.0", "product": { - "name": "@loopback/rest - Version 0.21.0", - "product_id": "73", + "name": "@loopback/rest@0.21.0", + "product_id": "50", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.21.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.21.0" @@ -955,10 +669,10 @@ }, { "category": "product_version", - "name": "Version 0.21.1", + "name": "0.21.1", "product": { - "name": "@loopback/rest - Version 0.21.1", - "product_id": "74", + "name": "@loopback/rest@0.21.1", + "product_id": "51", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.21.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.21.1" @@ -967,10 +681,10 @@ }, { "category": "product_version", - "name": "Version 0.22.0", + "name": "0.22.0", "product": { - "name": "@loopback/rest - Version 0.22.0", - "product_id": "75", + "name": "@loopback/rest@0.22.0", + "product_id": "52", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.22.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.22.0" @@ -979,10 +693,10 @@ }, { "category": "product_version", - "name": "Version 0.22.1", + "name": "0.22.1", "product": { - "name": "@loopback/rest - Version 0.22.1", - "product_id": "76", + "name": "@loopback/rest@0.22.1", + "product_id": "53", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.22.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.22.1" @@ -991,10 +705,10 @@ }, { "category": "product_version", - "name": "Version 0.22.2", + "name": "0.22.2", "product": { - "name": "@loopback/rest - Version 0.22.2", - "product_id": "77", + "name": "@loopback/rest@0.22.2", + "product_id": "54", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.22.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.22.2" @@ -1003,10 +717,10 @@ }, { "category": "product_version", - "name": "Version 0.23.0", + "name": "0.23.0", "product": { - "name": "@loopback/rest - Version 0.23.0", - "product_id": "78", + "name": "@loopback/rest@0.23.0", + "product_id": "55", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.23.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.23.0" @@ -1015,10 +729,10 @@ }, { "category": "product_version", - "name": "Version 0.24.0", + "name": "0.24.0", "product": { - "name": "@loopback/rest - Version 0.24.0", - "product_id": "79", + "name": "@loopback/rest@0.24.0", + "product_id": "56", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.24.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.24.0" @@ -1027,10 +741,10 @@ }, { "category": "product_version", - "name": "Version 0.25.0", + "name": "0.25.0", "product": { - "name": "@loopback/rest - Version 0.25.0", - "product_id": "80", + "name": "@loopback/rest@0.25.0", + "product_id": "57", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.0" @@ -1039,10 +753,10 @@ }, { "category": "product_version", - "name": "Version 0.25.1", + "name": "0.25.1", "product": { - "name": "@loopback/rest - Version 0.25.1", - "product_id": "81", + "name": "@loopback/rest@0.25.1", + "product_id": "58", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.1" @@ -1051,10 +765,10 @@ }, { "category": "product_version", - "name": "Version 0.25.2", + "name": "0.25.2", "product": { - "name": "@loopback/rest - Version 0.25.2", - "product_id": "82", + "name": "@loopback/rest@0.25.2", + "product_id": "59", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.2" @@ -1063,10 +777,10 @@ }, { "category": "product_version", - "name": "Version 0.25.3", + "name": "0.25.3", "product": { - "name": "@loopback/rest - Version 0.25.3", - "product_id": "83", + "name": "@loopback/rest@0.25.3", + "product_id": "60", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.3" @@ -1075,10 +789,10 @@ }, { "category": "product_version", - "name": "Version 0.25.4", + "name": "0.25.4", "product": { - "name": "@loopback/rest - Version 0.25.4", - "product_id": "84", + "name": "@loopback/rest@0.25.4", + "product_id": "61", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.4" @@ -1087,10 +801,10 @@ }, { "category": "product_version", - "name": "Version 0.25.5", + "name": "0.25.5", "product": { - "name": "@loopback/rest - Version 0.25.5", - "product_id": "85", + "name": "@loopback/rest@0.25.5", + "product_id": "62", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.5" @@ -1099,10 +813,10 @@ }, { "category": "product_version", - "name": "Version 0.26.0", + "name": "0.26.0", "product": { - "name": "@loopback/rest - Version 0.26.0", - "product_id": "86", + "name": "@loopback/rest@0.26.0", + "product_id": "63", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.26.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.26.0" @@ -1111,10 +825,10 @@ }, { "category": "product_version", - "name": "Version 0.26.1", + "name": "0.26.1", "product": { - "name": "@loopback/rest - Version 0.26.1", - "product_id": "87", + "name": "@loopback/rest@0.26.1", + "product_id": "64", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.26.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.26.1" @@ -1123,10 +837,10 @@ }, { "category": "product_version", - "name": "Version 1.0.0", + "name": "1.0.0", "product": { - "name": "@loopback/rest - Version 1.0.0", - "product_id": "88", + "name": "@loopback/rest@1.0.0", + "product_id": "65", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.0.0" @@ -1135,10 +849,10 @@ }, { "category": "product_version", - "name": "Version 1.0.1", + "name": "1.0.1", "product": { - "name": "@loopback/rest - Version 1.0.1", - "product_id": "89", + "name": "@loopback/rest@1.0.1", + "product_id": "66", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.0.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.0.1" @@ -1147,10 +861,10 @@ }, { "category": "product_version", - "name": "Version 1.1.0", + "name": "1.1.0", "product": { - "name": "@loopback/rest - Version 1.1.0", - "product_id": "90", + "name": "@loopback/rest@1.1.0", + "product_id": "67", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.1.0" @@ -1159,10 +873,10 @@ }, { "category": "product_version", - "name": "Version 1.2.0", + "name": "1.2.0", "product": { - "name": "@loopback/rest - Version 1.2.0", - "product_id": "91", + "name": "@loopback/rest@1.2.0", + "product_id": "68", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.2.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.2.0" @@ -1171,10 +885,10 @@ }, { "category": "product_version", - "name": "Version 1.3.0", + "name": "1.3.0", "product": { - "name": "@loopback/rest - Version 1.3.0", - "product_id": "92", + "name": "@loopback/rest@1.3.0", + "product_id": "69", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.3.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.3.0" @@ -1183,10 +897,10 @@ }, { "category": "product_version", - "name": "Version 1.3.1", + "name": "1.3.1", "product": { - "name": "@loopback/rest - Version 1.3.1", - "product_id": "93", + "name": "@loopback/rest@1.3.1", + "product_id": "70", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.3.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.3.1" @@ -1195,10 +909,10 @@ }, { "category": "product_version", - "name": "Version 1.4.0", + "name": "1.4.0", "product": { - "name": "@loopback/rest - Version 1.4.0", - "product_id": "94", + "name": "@loopback/rest@1.4.0", + "product_id": "71", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.4.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.4.0" @@ -1207,10 +921,10 @@ }, { "category": "product_version", - "name": "Version 1.5.0", + "name": "1.5.0", "product": { - "name": "@loopback/rest - Version 1.5.0", - "product_id": "95", + "name": "@loopback/rest@1.5.0", + "product_id": "72", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.0" @@ -1219,10 +933,10 @@ }, { "category": "product_version", - "name": "Version 1.5.1", + "name": "1.5.1", "product": { - "name": "@loopback/rest - Version 1.5.1", - "product_id": "96", + "name": "@loopback/rest@1.5.1", + "product_id": "73", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.1" @@ -1231,10 +945,10 @@ }, { "category": "product_version", - "name": "Version 1.5.2", + "name": "1.5.2", "product": { - "name": "@loopback/rest - Version 1.5.2", - "product_id": "97", + "name": "@loopback/rest@1.5.2", + "product_id": "74", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.2" @@ -1243,10 +957,10 @@ }, { "category": "product_version", - "name": "Version 1.5.3", + "name": "1.5.3", "product": { - "name": "@loopback/rest - Version 1.5.3", - "product_id": "98", + "name": "@loopback/rest@1.5.3", + "product_id": "75", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.3" @@ -1255,10 +969,10 @@ }, { "category": "product_version", - "name": "Version 1.5.4", + "name": "1.5.4", "product": { - "name": "@loopback/rest - Version 1.5.4", - "product_id": "99", + "name": "@loopback/rest@1.5.4", + "product_id": "76", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.4" @@ -1267,10 +981,10 @@ }, { "category": "product_version", - "name": "Version 1.5.5", + "name": "1.5.5", "product": { - "name": "@loopback/rest - Version 1.5.5", - "product_id": "100", + "name": "@loopback/rest@1.5.5", + "product_id": "77", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.5" @@ -1279,10 +993,10 @@ }, { "category": "product_version", - "name": "Version 1.6.0", + "name": "1.6.0", "product": { - "name": "@loopback/rest - Version 1.6.0", - "product_id": "101", + "name": "@loopback/rest@1.6.0", + "product_id": "78", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.6.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.6.0" @@ -1291,10 +1005,10 @@ }, { "category": "product_version", - "name": "Version 1.7.0", + "name": "1.7.0", "product": { - "name": "@loopback/rest - Version 1.7.0", - "product_id": "102", + "name": "@loopback/rest@1.7.0", + "product_id": "79", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.7.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.7.0" @@ -1303,10 +1017,10 @@ }, { "category": "product_version", - "name": "Version 1.8.0", + "name": "1.8.0", "product": { - "name": "@loopback/rest - Version 1.8.0", - "product_id": "103", + "name": "@loopback/rest@1.8.0", + "product_id": "80", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.8.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.8.0" @@ -1315,10 +1029,10 @@ }, { "category": "product_version", - "name": "Version 1.9.0", + "name": "1.9.0", "product": { - "name": "@loopback/rest - Version 1.9.0", - "product_id": "104", + "name": "@loopback/rest@1.9.0", + "product_id": "81", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.9.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.9.0" @@ -1327,10 +1041,10 @@ }, { "category": "product_version", - "name": "Version 1.9.1", + "name": "1.9.1", "product": { - "name": "@loopback/rest - Version 1.9.1", - "product_id": "105", + "name": "@loopback/rest@1.9.1", + "product_id": "82", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.9.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.9.1" @@ -1339,10 +1053,10 @@ }, { "category": "product_version", - "name": "Version 1.10.0", + "name": "1.10.0", "product": { - "name": "@loopback/rest - Version 1.10.0", - "product_id": "106", + "name": "@loopback/rest@1.10.0", + "product_id": "83", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.0" @@ -1351,10 +1065,10 @@ }, { "category": "product_version", - "name": "Version 1.10.1", + "name": "1.10.1", "product": { - "name": "@loopback/rest - Version 1.10.1", - "product_id": "107", + "name": "@loopback/rest@1.10.1", + "product_id": "84", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.1" @@ -1363,10 +1077,10 @@ }, { "category": "product_version", - "name": "Version 1.10.2", + "name": "1.10.2", "product": { - "name": "@loopback/rest - Version 1.10.2", - "product_id": "108", + "name": "@loopback/rest@1.10.2", + "product_id": "85", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.2" @@ -1375,10 +1089,10 @@ }, { "category": "product_version", - "name": "Version 1.10.3", + "name": "1.10.3", "product": { - "name": "@loopback/rest - Version 1.10.3", - "product_id": "109", + "name": "@loopback/rest@1.10.3", + "product_id": "86", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.3" @@ -1387,10 +1101,10 @@ }, { "category": "product_version", - "name": "Version 1.10.4", + "name": "1.10.4", "product": { - "name": "@loopback/rest - Version 1.10.4", - "product_id": "110", + "name": "@loopback/rest@1.10.4", + "product_id": "87", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.4" @@ -1399,10 +1113,10 @@ }, { "category": "product_version", - "name": "Version 1.10.5", + "name": "1.10.5", "product": { - "name": "@loopback/rest - Version 1.10.5", - "product_id": "111", + "name": "@loopback/rest@1.10.5", + "product_id": "88", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.5" @@ -1411,10 +1125,10 @@ }, { "category": "product_version", - "name": "Version 1.11.0", + "name": "1.11.0", "product": { - "name": "@loopback/rest - Version 1.11.0", - "product_id": "112", + "name": "@loopback/rest@1.11.0", + "product_id": "89", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.11.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.11.0" @@ -1423,10 +1137,10 @@ }, { "category": "product_version", - "name": "Version 1.11.1", + "name": "1.11.1", "product": { - "name": "@loopback/rest - Version 1.11.1", - "product_id": "113", + "name": "@loopback/rest@1.11.1", + "product_id": "90", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.11.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.11.1" @@ -1435,10 +1149,10 @@ }, { "category": "product_version", - "name": "Version 1.11.2", + "name": "1.11.2", "product": { - "name": "@loopback/rest - Version 1.11.2", - "product_id": "114", + "name": "@loopback/rest@1.11.2", + "product_id": "91", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.11.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.11.2" @@ -1447,10 +1161,10 @@ }, { "category": "product_version", - "name": "Version 1.12.0", + "name": "1.12.0", "product": { - "name": "@loopback/rest - Version 1.12.0", - "product_id": "115", + "name": "@loopback/rest@1.12.0", + "product_id": "92", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.12.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.12.0" @@ -1459,10 +1173,10 @@ }, { "category": "product_version", - "name": "Version 1.13.0", + "name": "1.13.0", "product": { - "name": "@loopback/rest - Version 1.13.0", - "product_id": "116", + "name": "@loopback/rest@1.13.0", + "product_id": "93", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.13.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.13.0" @@ -1471,10 +1185,10 @@ }, { "category": "product_version", - "name": "Version 1.13.1", + "name": "1.13.1", "product": { - "name": "@loopback/rest - Version 1.13.1", - "product_id": "117", + "name": "@loopback/rest@1.13.1", + "product_id": "94", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.13.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.13.1" @@ -1483,10 +1197,10 @@ }, { "category": "product_version", - "name": "Version 1.14.0", + "name": "1.14.0", "product": { - "name": "@loopback/rest - Version 1.14.0", - "product_id": "118", + "name": "@loopback/rest@1.14.0", + "product_id": "95", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.14.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.14.0" @@ -1495,10 +1209,10 @@ }, { "category": "product_version", - "name": "Version 1.15.0", + "name": "1.15.0", "product": { - "name": "@loopback/rest - Version 1.15.0", - "product_id": "119", + "name": "@loopback/rest@1.15.0", + "product_id": "96", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.15.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.15.0" @@ -1507,10 +1221,10 @@ }, { "category": "product_version", - "name": "Version 1.16.0", + "name": "1.16.0", "product": { - "name": "@loopback/rest - Version 1.16.0", - "product_id": "120", + "name": "@loopback/rest@1.16.0", + "product_id": "97", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.0" @@ -1519,10 +1233,10 @@ }, { "category": "product_version", - "name": "Version 1.16.1", + "name": "1.16.1", "product": { - "name": "@loopback/rest - Version 1.16.1", - "product_id": "121", + "name": "@loopback/rest@1.16.1", + "product_id": "98", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.1" @@ -1531,10 +1245,10 @@ }, { "category": "product_version", - "name": "Version 1.16.2", + "name": "1.16.2", "product": { - "name": "@loopback/rest - Version 1.16.2", - "product_id": "122", + "name": "@loopback/rest@1.16.2", + "product_id": "99", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.2" @@ -1543,10 +1257,10 @@ }, { "category": "product_version", - "name": "Version 1.16.3", + "name": "1.16.3", "product": { - "name": "@loopback/rest - Version 1.16.3", - "product_id": "123", + "name": "@loopback/rest@1.16.3", + "product_id": "100", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.3" @@ -1555,10 +1269,10 @@ }, { "category": "product_version", - "name": "Version 1.16.4", + "name": "1.16.4", "product": { - "name": "@loopback/rest - Version 1.16.4", - "product_id": "124", + "name": "@loopback/rest@1.16.4", + "product_id": "101", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.4" @@ -1567,10 +1281,10 @@ }, { "category": "product_version", - "name": "Version 1.16.5", + "name": "1.16.5", "product": { - "name": "@loopback/rest - Version 1.16.5", - "product_id": "125", + "name": "@loopback/rest@1.16.5", + "product_id": "102", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.5" @@ -1579,10 +1293,10 @@ }, { "category": "product_version", - "name": "Version 1.16.6", + "name": "1.16.6", "product": { - "name": "@loopback/rest - Version 1.16.6", - "product_id": "126", + "name": "@loopback/rest@1.16.6", + "product_id": "103", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.6:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.6" @@ -1591,10 +1305,10 @@ }, { "category": "product_version", - "name": "Version 1.16.7", + "name": "1.16.7", "product": { - "name": "@loopback/rest - Version 1.16.7", - "product_id": "127", + "name": "@loopback/rest@1.16.7", + "product_id": "104", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.7:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.7" @@ -1603,10 +1317,10 @@ }, { "category": "product_version", - "name": "Version 1.16.8", + "name": "1.16.8", "product": { - "name": "@loopback/rest - Version 1.16.8", - "product_id": "128", + "name": "@loopback/rest@1.16.8", + "product_id": "105", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.8:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.8" @@ -1615,10 +1329,10 @@ }, { "category": "product_version", - "name": "Version 1.17.0", + "name": "1.17.0", "product": { - "name": "@loopback/rest - Version 1.17.0", - "product_id": "129", + "name": "@loopback/rest@1.17.0", + "product_id": "106", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.17.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.17.0" @@ -1627,10 +1341,10 @@ }, { "category": "product_version", - "name": "Version 1.18.0", + "name": "1.18.0", "product": { - "name": "@loopback/rest - Version 1.18.0", - "product_id": "130", + "name": "@loopback/rest@1.18.0", + "product_id": "107", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.18.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.18.0" @@ -1639,10 +1353,10 @@ }, { "category": "product_version", - "name": "Version 1.18.1", + "name": "1.18.1", "product": { - "name": "@loopback/rest - Version 1.18.1", - "product_id": "131", + "name": "@loopback/rest@1.18.1", + "product_id": "108", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.18.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.18.1" @@ -1651,10 +1365,10 @@ }, { "category": "product_version", - "name": "Version 1.19.0", + "name": "1.19.0", "product": { - "name": "@loopback/rest - Version 1.19.0", - "product_id": "132", + "name": "@loopback/rest@1.19.0", + "product_id": "109", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.19.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.19.0" @@ -1663,10 +1377,10 @@ }, { "category": "product_version", - "name": "Version 1.20.0", + "name": "1.20.0", "product": { - "name": "@loopback/rest - Version 1.20.0", - "product_id": "133", + "name": "@loopback/rest@1.20.0", + "product_id": "110", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.20.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.20.0" @@ -1675,10 +1389,10 @@ }, { "category": "product_version", - "name": "Version 1.20.1", + "name": "1.20.1", "product": { - "name": "@loopback/rest - Version 1.20.1", - "product_id": "134", + "name": "@loopback/rest@1.20.1", + "product_id": "111", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.20.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.20.1" @@ -1687,10 +1401,10 @@ }, { "category": "product_version", - "name": "Version 1.21.0", + "name": "1.21.0", "product": { - "name": "@loopback/rest - Version 1.21.0", - "product_id": "135", + "name": "@loopback/rest@1.21.0", + "product_id": "112", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.21.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.21.0" @@ -1699,10 +1413,10 @@ }, { "category": "product_version", - "name": "Version 1.22.0", + "name": "1.22.0", "product": { - "name": "@loopback/rest - Version 1.22.0", - "product_id": "136", + "name": "@loopback/rest@1.22.0", + "product_id": "113", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.22.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.22.0" @@ -1711,10 +1425,10 @@ }, { "category": "product_version", - "name": "Version 1.23.0", + "name": "1.23.0", "product": { - "name": "@loopback/rest - Version 1.23.0", - "product_id": "137", + "name": "@loopback/rest@1.23.0", + "product_id": "114", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.23.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.23.0" @@ -1723,10 +1437,10 @@ }, { "category": "product_version", - "name": "Version 1.24.0", + "name": "1.24.0", "product": { - "name": "@loopback/rest - Version 1.24.0", - "product_id": "138", + "name": "@loopback/rest@1.24.0", + "product_id": "115", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.24.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.24.0" @@ -1735,10 +1449,10 @@ }, { "category": "product_version", - "name": "Version 1.25.0", + "name": "1.25.0", "product": { - "name": "@loopback/rest - Version 1.25.0", - "product_id": "139", + "name": "@loopback/rest@1.25.0", + "product_id": "116", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.25.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.25.0" @@ -1747,10 +1461,10 @@ }, { "category": "product_version", - "name": "Version 1.25.1", + "name": "1.25.1", "product": { - "name": "@loopback/rest - Version 1.25.1", - "product_id": "140", + "name": "@loopback/rest@1.25.1", + "product_id": "117", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.25.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.25.1" @@ -1759,10 +1473,10 @@ }, { "category": "product_version", - "name": "Version 1.26.0", + "name": "1.26.0", "product": { - "name": "@loopback/rest - Version 1.26.0", - "product_id": "141", + "name": "@loopback/rest@1.26.0", + "product_id": "118", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.26.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.26.0" @@ -1771,10 +1485,10 @@ }, { "category": "product_version", - "name": "Version 1.26.1", + "name": "1.26.1", "product": { - "name": "@loopback/rest - Version 1.26.1", - "product_id": "142", + "name": "@loopback/rest@1.26.1", + "product_id": "119", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.26.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.26.1" @@ -1783,10 +1497,10 @@ }, { "category": "product_version", - "name": "Version 2.0.0", + "name": "2.0.0", "product": { - "name": "@loopback/rest - Version 2.0.0", - "product_id": "143", + "name": "@loopback/rest@2.0.0", + "product_id": "120", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:2.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@2.0.0" @@ -1795,10 +1509,10 @@ }, { "category": "product_version", - "name": "Version 3.0.0", + "name": "3.0.0", "product": { - "name": "@loopback/rest - Version 3.0.0", - "product_id": "144", + "name": "@loopback/rest@3.0.0", + "product_id": "121", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.0.0" @@ -1807,10 +1521,10 @@ }, { "category": "product_version", - "name": "Version 3.0.1", + "name": "3.0.1", "product": { - "name": "@loopback/rest - Version 3.0.1", - "product_id": "145", + "name": "@loopback/rest@3.0.1", + "product_id": "122", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.0.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.0.1" @@ -1819,10 +1533,10 @@ }, { "category": "product_version", - "name": "Version 3.1.0", + "name": "3.1.0", "product": { - "name": "@loopback/rest - Version 3.1.0", - "product_id": "146", + "name": "@loopback/rest@3.1.0", + "product_id": "123", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.1.0" @@ -1831,10 +1545,10 @@ }, { "category": "product_version", - "name": "Version 3.2.0", + "name": "3.2.0", "product": { - "name": "@loopback/rest - Version 3.2.0", - "product_id": "147", + "name": "@loopback/rest@3.2.0", + "product_id": "124", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.2.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.2.0" @@ -1843,10 +1557,10 @@ }, { "category": "product_version", - "name": "Version 3.2.1", + "name": "3.2.1", "product": { - "name": "@loopback/rest - Version 3.2.1", - "product_id": "148", + "name": "@loopback/rest@3.2.1", + "product_id": "125", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.2.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.2.1" @@ -1855,10 +1569,10 @@ }, { "category": "product_version", - "name": "Version 3.3.0", + "name": "3.3.0", "product": { - "name": "@loopback/rest - Version 3.3.0", - "product_id": "149", + "name": "@loopback/rest@3.3.0", + "product_id": "126", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.3.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.3.0" @@ -1867,10 +1581,10 @@ }, { "category": "product_version", - "name": "Version 3.3.1", + "name": "3.3.1", "product": { - "name": "@loopback/rest - Version 3.3.1", - "product_id": "150", + "name": "@loopback/rest@3.3.1", + "product_id": "127", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.3.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.3.1" @@ -1879,10 +1593,10 @@ }, { "category": "product_version", - "name": "Version 3.3.2", + "name": "3.3.2", "product": { - "name": "@loopback/rest - Version 3.3.2", - "product_id": "151", + "name": "@loopback/rest@3.3.2", + "product_id": "128", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.3.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.3.2" @@ -1891,10 +1605,10 @@ }, { "category": "product_version", - "name": "Version 4.0.0", + "name": "4.0.0", "product": { - "name": "@loopback/rest - Version 4.0.0", - "product_id": "152", + "name": "@loopback/rest@4.0.0", + "product_id": "129", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@4.0.0" @@ -1903,10 +1617,10 @@ }, { "category": "product_version", - "name": "Version 5.0.0", + "name": "5.0.0", "product": { - "name": "@loopback/rest - Version 5.0.0", - "product_id": "153", + "name": "@loopback/rest@5.0.0", + "product_id": "130", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.0.0" @@ -1915,10 +1629,10 @@ }, { "category": "product_version", - "name": "Version 5.0.1", + "name": "5.0.1", "product": { - "name": "@loopback/rest - Version 5.0.1", - "product_id": "154", + "name": "@loopback/rest@5.0.1", + "product_id": "131", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.0.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.0.1" @@ -1927,10 +1641,10 @@ }, { "category": "product_version", - "name": "Version 5.1.0", + "name": "5.1.0", "product": { - "name": "@loopback/rest - Version 5.1.0", - "product_id": "155", + "name": "@loopback/rest@5.1.0", + "product_id": "132", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.1.0" @@ -1939,10 +1653,10 @@ }, { "category": "product_version", - "name": "Version 5.1.1", + "name": "5.1.1", "product": { - "name": "@loopback/rest - Version 5.1.1", - "product_id": "156", + "name": "@loopback/rest@5.1.1", + "product_id": "133", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.1.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.1.1" @@ -1951,10 +1665,10 @@ }, { "category": "product_version", - "name": "Version 5.1.2", + "name": "5.1.2", "product": { - "name": "@loopback/rest - Version 5.1.2", - "product_id": "157", + "name": "@loopback/rest@5.1.2", + "product_id": "134", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.1.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.1.2" @@ -1963,10 +1677,10 @@ }, { "category": "product_version", - "name": "Version 5.2.0", + "name": "5.2.0", "product": { - "name": "@loopback/rest - Version 5.2.0", - "product_id": "158", + "name": "@loopback/rest@5.2.0", + "product_id": "135", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.2.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.2.0" @@ -1975,10 +1689,10 @@ }, { "category": "product_version", - "name": "Version 5.2.1", + "name": "5.2.1", "product": { - "name": "@loopback/rest - Version 5.2.1", - "product_id": "159", + "name": "@loopback/rest@5.2.1", + "product_id": "136", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.2.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.2.1" @@ -1987,10 +1701,10 @@ }, { "category": "product_version", - "name": "Version 6.0.0", + "name": "6.0.0", "product": { - "name": "@loopback/rest - Version 6.0.0", - "product_id": "160", + "name": "@loopback/rest@6.0.0", + "product_id": "137", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:6.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@6.0.0" @@ -1999,10 +1713,10 @@ }, { "category": "product_version", - "name": "Version 6.1.0", + "name": "6.1.0", "product": { - "name": "@loopback/rest - Version 6.1.0", - "product_id": "161", + "name": "@loopback/rest@6.1.0", + "product_id": "138", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:6.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@6.1.0" @@ -2011,10 +1725,10 @@ }, { "category": "product_version", - "name": "Version 6.2.0", + "name": "6.2.0", "product": { - "name": "@loopback/rest - Version 6.2.0", - "product_id": "162", + "name": "@loopback/rest@6.2.0", + "product_id": "139", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:6.2.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@6.2.0" @@ -2023,10 +1737,10 @@ }, { "category": "product_version", - "name": "Version 7.0.0", + "name": "7.0.0", "product": { - "name": "@loopback/rest - Version 7.0.0", - "product_id": "163", + "name": "@loopback/rest@7.0.0", + "product_id": "140", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:7.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@7.0.0" @@ -2035,10 +1749,10 @@ }, { "category": "product_version", - "name": "Version 7.0.1", + "name": "7.0.1", "product": { - "name": "@loopback/rest - Version 7.0.1", - "product_id": "164", + "name": "@loopback/rest@7.0.1", + "product_id": "141", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:7.0.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@7.0.1" @@ -2047,10 +1761,10 @@ }, { "category": "product_version", - "name": "Version 8.0.0", + "name": "8.0.0", "product": { - "name": "@loopback/rest - Version 8.0.0", - "product_id": "165", + "name": "@loopback/rest@8.0.0", + "product_id": "142", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:8.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@8.0.0" @@ -2059,10 +1773,10 @@ }, { "category": "product_version", - "name": "Version 9.0.0", + "name": "9.0.0", "product": { - "name": "@loopback/rest - Version 9.0.0", - "product_id": "166", + "name": "@loopback/rest@9.0.0", + "product_id": "143", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:9.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@9.0.0" @@ -2085,34 +1799,11 @@ "category": "vendor", "name": "LoopBack" } - ] - }, - "vulnerabilities": [ - { - "cve": "CVE-2020-4988", - "cwe": { - "id": "CWE-1321", - "name": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')" - }, - "id": { - "system_name": "IBM X-Force ID", - "text": "192706" - }, - "notes": [ - { - "audience": "all", - "category": "description", - "text": "It's a similar issue as https://snyk.io/vuln/SNYK-JS-LODASH-73638, where the following description is quoted from.\n\n> Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n>\n> There are two main ways in which the pollution of prototypes occurs:\n>\n> - Unsafe Object recursive merge\n> - Property definition by path" - }, - { - "audience": "all", - "category": "summary", - "text": "`@loopback/rest` allows REST APIs to have `constructor` in the JSON payload, which is vulnerable to prototype pollution." - } - ], - "product_status": { - "first_affected": ["1"], - "known_affected": [ + ], + "product_groups": [ + { + "group_id": "1", + "product_ids": [ "1", "2", "3", @@ -2254,64 +1945,91 @@ "139", "140", "141", - "142", - "143", - "144", - "145", - "146", - "147", - "148", - "149", - "150", - "151", - "152", - "153", - "154", - "155", - "156", - "157", - "158", - "159", - "160", - "161", - "162", - "163", - "164", - "165" + "142" ], - "last_affected": ["165"], - "fixed": ["166"], - "recommended": ["166"] + "summary": "Affected products." + } + ] + }, + "vulnerabilities": [ + { + "cve": "CVE-2020-4988", + "cwe": { + "id": "CWE-1321", + "name": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')" + }, + "id": { + "system_name": "IBM X-Force ID", + "text": "192706" + }, + "notes": [ + { + "audience": "all", + "category": "description", + "text": "It's a similar issue as https://snyk.io/vuln/SNYK-JS-LODASH-73638, where the following description is quoted from.\n\n> Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n>\n> There are two main ways in which the pollution of prototypes occurs:\n>\n> - Unsafe Object recursive merge\n> - Property definition by path" + }, + { + "audience": "all", + "category": "summary", + "text": "`@loopback/rest` allows REST APIs to have `constructor` in the JSON payload, which is vulnerable to prototype pollution." + } + ], + "product_status": { + "first_affected": ["1"], + "known_affected": ["142"], + "last_affected": ["142"], + "fixed": ["143"], + "recommended": ["143"] }, "references": [ { "category": "self", - "summary": "GitHub Pull Request", - "url": "https://github.com/loopbackio/loopback-next/pull/6676" + "summary": "CVE Record", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-4988" }, { "category": "self", - "summary": "GitHub Commit", - "url": "https://github.com/loopbackio/loopback-next/tree/ae0b9936e7eadbf6f0ee7c72e1a04b87dda7c2c5" + "summary": "GitHub Commit: LoopBack Juggler 2.x", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/commit/3d71ea1571428e3c3b4816227fec88c9ab1cdd69" }, { "category": "self", - "summary": "NVD CVE Detail", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4988" + "summary": "GitHub Commit: LoopBack Juggler 3.x", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/commit/454fd0f1b2dddb6a26bc665756c1881d4cae4f10" }, { "category": "self", - "summary": "CVE Record", - "url": "https://www.cve.org/CVERecord?id=CVE-2020-4988" + "summary": "GitHub Commit: @loopback/rest", + "url": "https://github.com/loopbackio/loopback-next/commit/ae0b9936e7eadbf6f0ee7c72e1a04b87dda7c2c5" }, { - "summary": "NPM", - "url": "https://www.npmjs.com/package/@loopback/rest" + "category": "self", + "summary": "GitHub Pull Request: LoopBack Juggler 2.x", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/pull/1875" + }, + { + "category": "self", + "summary": "GitHub Pull Request: LoopBack Juggler 3.x", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/pull/1874" + }, + { + "category": "self", + "summary": "GitHub Pull Request: @loopback/rest", + "url": "https://github.com/loopbackio/loopback-next/pull/6676" + }, + { + "category": "self", + "summary": "NVD CVE Detail", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4988" }, { "category": "self", "summary": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192706" + }, + { + "summary": "NPM", + "url": "https://www.npmjs.com/package/@loopback/rest" } ], "remediations": [ @@ -2319,7 +2037,7 @@ "category": "vendor_fix", "date": "2020-05-11T08:22:42.000Z", "details": "Upgrade to `@loopback/rest` 9.0.0 or later.", - "product_ids": ["1"] + "group_ids": ["1"] } ], "scores": [ @@ -2343,7 +2061,150 @@ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/RL:O/E:U/RC:C", "version": "3.0" }, - "products": ["1"] + "products": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "22", + "23", + "24", + "25", + "26", + "27", + "28", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "39", + "40", + "41", + "42", + "43", + "44", + "45", + "46", + "47", + "48", + "49", + "50", + "51", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60", + "61", + "62", + "63", + "64", + "65", + "66", + "67", + "68", + "69", + "70", + "71", + "72", + "73", + "74", + "75", + "76", + "77", + "78", + "79", + "80", + "81", + "82", + "83", + "84", + "85", + "86", + "87", + "88", + "89", + "90", + "91", + "92", + "93", + "94", + "95", + "96", + "97", + "98", + "99", + "100", + "101", + "102", + "103", + "104", + "105", + "106", + "107", + "108", + "109", + "110", + "111", + "112", + "113", + "114", + "115", + "116", + "117", + "118", + "119", + "120", + "121", + "122", + "123", + "124", + "125", + "126", + "127", + "128", + "129", + "130", + "131", + "132", + "133", + "134", + "135", + "136", + "137", + "138", + "139", + "140", + "141", + "142" + ] } ] } diff --git a/advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json.license b/advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json.license new file mode 100644 index 0000000..885aa91 --- /dev/null +++ b/advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json.license @@ -0,0 +1,2 @@ +SPDX-FileCopyrightText: LoopBack Contributors +SPDX-License-Identifier: MIT diff --git a/advisories/lbsec-20201130-1/lbsec-20201130-1.gemnasium.yaml b/advisories/lbsec-20201130-1/lbsec-20201130-1.gemnasium.yaml new file mode 100644 index 0000000..244054a --- /dev/null +++ b/advisories/lbsec-20201130-1/lbsec-20201130-1.gemnasium.yaml @@ -0,0 +1,35 @@ +affected_range: 0.1.0 <9.0.0 +affected_versions: All versions before `@loopback/rest` 9.0.0 +credit: 'Olivier Beg; Samuel Erb' +cvss_v3: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L +cwe_ids: + - CWE-1321 +date: '1970-01-01' +description: It's a similar issue as https://snyk.io/vuln/SNYK-JS-LODASH-73638, where the following description is quoted from.\n\n> Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n>\n> There are two main ways in which the pollution of prototypes occurs:\n>\n> - Unsafe Object recursive merge\n> - Property definition by path +fixed_versions: + - '9.0.0' +identifier: CVE-2020-4988 +identifiers: + - CVE-2020-4988 + - LBSEC-20201130-1 +not_impacted: '`@loopback/rest` 9.0.0 or later' +package_slug: npm/@loopback/rest +pubdate: '2020-11-30' +solution: Upgrade to `@loopback/rest` 9.0.0 or later. +title: "LBSEC-20201130-1: LoopBack Security Advisory 11-30-2020" +urls: + - https://loopback.io/doc/en/sec/lbsa-2020-11-30.csaf.json + - https://loopback.io/doc/en/sec/lbsa-2020-11-30.gemnasium.yaml + - https://loopback.io/doc/en/sec/lbsa-2020-11-30.html + - https://loopback.io/doc/en/sec/lbsa-2020-11-30.osv.json + - https://www.cve.org/CVERecord?id=CVE-2020-4988 + - https://nvd.nist.gov/vuln/detail/CVE-2020-4988 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/192706 + - https://www.npmjs.com/package/@loopback/rest + - https://github.com/loopbackio/loopback-datasource-juggler/commit/3d71ea1571428e3c3b4816227fec88c9ab1cdd69 + - https://github.com/loopbackio/loopback-datasource-juggler/commit/454fd0f1b2dddb6a26bc665756c1881d4cae4f10 + - https://github.com/loopbackio/loopback-next/commit/ae0b9936e7eadbf6f0ee7c72e1a04b87dda7c2c5 + - https://github.com/loopbackio/loopback-datasource-juggler/pull/1875 + - https://github.com/loopbackio/loopback-datasource-juggler/pull/1874 + - https://github.com/loopbackio/loopback-next/pull/6676 +uuid: ac47df4d-2945-4a8d-b406-9fedb5527ab6 diff --git a/advisories/lbsa-20201130.osv.json b/advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json similarity index 83% rename from advisories/lbsa-20201130.osv.json rename to advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json index e6a8a6f..e7f3743 100644 --- a/advisories/lbsa-20201130.osv.json +++ b/advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json @@ -10,7 +10,7 @@ { "events": [ { - "introduced": "02e2ce0a031367438afeaeabdfae2e29e10f25ee" + "introduced": "" }, { "fixed": "f47fad3f4669c3ceae5e0927dc6098da18df864d" @@ -22,7 +22,7 @@ { "events": [ { - "introduced": "0" + "introduced": "0.1.0" }, { "fixed": "9.0.0" @@ -32,29 +32,6 @@ } ], "versions": [ - "4.0.0-alpha.4", - "4.0.0-alpha.5", - "4.0.0-alpha.6", - "4.0.0-alpha.7", - "4.0.0-alpha.8", - "4.0.0-alpha.9", - "4.0.0-alpha.10", - "4.0.0-alpha.11", - "4.0.0-alpha.12", - "4.0.0-alpha.13", - "4.0.0-alpha.14", - "4.0.0-alpha.15", - "4.0.0-alpha.16", - "4.0.0-alpha.17", - "4.0.0-alpha.18", - "4.0.0-alpha.19", - "4.0.0-alpha.20", - "4.0.0-alpha.21", - "4.0.0-alpha.22", - "4.0.0-alpha.23", - "4.0.0-alpha.24", - "4.0.0-alpha.25", - "4.0.0-alpha.26", "0.1.0", "0.1.1", "0.1.2", @@ -213,8 +190,8 @@ "CWE": "CWE-1321" }, "details": "It's a similar issue as https://snyk.io/vuln/SNYK-JS-LODASH-73638, where the following description is quoted from.\n\n> Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n>\n> There are two main ways in which the pollution of prototypes occurs:\n>\n> - Unsafe Object recursive merge\n> - Property definition by path", - "id": "LBSA-20201130", - "modified": "2022-03-07T13:53:00.000Z", + "id": "LBSEC-20201130-1", + "modified": "1970-01-01T00:00:00.000Z", "references": [ { "type": "ADVISORY", @@ -222,7 +199,15 @@ }, { "type": "ADVISORY", - "url": "https://loopback.io/doc/en/sec/Security-advisory-11-30-2020.html" + "url": "https://loopback.io/doc/en/sec/lbsa-2020-11-30.gemnasium.json" + }, + { + "type": "ADVISORY", + "url": "https://loopback.io/doc/en/sec/lbsa-2020-11-30.html" + }, + { + "type": "ADVISORY", + "url": "https://loopback.io/doc/en/sec/lbsa-2020-11-30.osv.json" }, { "type": "PACKAGE", @@ -242,11 +227,27 @@ }, { "type": "WEB", - "url": "https://github.com/loopbackio/loopback-next/pull/6676" + "url": "https://github.com/loopbackio/loopback-datasource-juggler/commit/3d71ea1571428e3c3b4816227fec88c9ab1cdd69" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/pull/1875" }, { "type": "WEB", - "url": "https://github.com/loopbackio/loopback-next/tree/ae0b9936e7eadbf6f0ee7c72e1a04b87dda7c2c5" + "url": "https://github.com/loopbackio/loopback-datasource-juggler/commit/454fd0f1b2dddb6a26bc665756c1881d4cae4f10" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/pull/1874" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-next/commit/ae0b9936e7eadbf6f0ee7c72e1a04b87dda7c2c5" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-next/pull/6676" }, { "type": "WEB", diff --git a/advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json.license b/advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json.license new file mode 100644 index 0000000..885aa91 --- /dev/null +++ b/advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json.license @@ -0,0 +1,2 @@ +SPDX-FileCopyrightText: LoopBack Contributors +SPDX-License-Identifier: MIT diff --git a/package-lock.json b/package-lock.json index 0247d44..cd486c4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -24,6 +24,7 @@ "eslint-plugin-prettier": "^4.0.0", "glob": "^7.2.0", "husky": "^7.0.4", + "js-yaml": "^4.1.0", "lockfile-lint": "^4.7.3", "secvisogram": "file:./vendors/secvisogram/app", "semver": "^7.3.5", diff --git a/package.json b/package.json index 226aff3..e366faf 100644 --- a/package.json +++ b/package.json @@ -14,13 +14,14 @@ "lint:fix": "npm run eslint:fix && npm run prettier:fix", "eslint": "lb-eslint --report-unused-disable-directives .", "eslint:fix": "npm run eslint -- --fix", - "prettier:cli": "lb-prettier '**/*.ts' '**/*.js' 'advisories/lbsa*.csaf.json' '**/*.md'", + "prettier:cli": "lb-prettier '**/*.ts' '**/*.js' 'advisories/**/lbsec-*.json' '**/*.md'", "prettier:check": "npm run prettier:cli -- -l", "prettier:fix": "npm run prettier:cli -- --write", "ts-node": "ts-node --project=scripts/tsconfig.json", - "validate": "npm run validate-csaf20 && npm run validate-osv", + "validate": "npm run validate-csaf20 && npm run validate-gemnasium && npm run validate-osv", "generate-csaf20-product-tree": "npm run ts-node -- scripts/advisories/generate-csaf20-product-tree.ts", "validate-csaf20": "npm run ts-node -- scripts/advisories/validate-csaf20.ts", + "validate-gemnasium": "npm run ts-node -- scripts/advisories/validate-gemnasium.ts", "validate-osv": "npm run ts-node -- scripts/advisories/validate-osv.ts" }, "repository": { @@ -52,6 +53,7 @@ "eslint-plugin-prettier": "^4.0.0", "glob": "^7.2.0", "husky": "^7.0.4", + "js-yaml": "^4.1.0", "lockfile-lint": "^4.7.3", "secvisogram": "file:./vendors/secvisogram/app", "semver": "^7.3.5", diff --git a/scripts/advisories/generate-csaf20-product-tree.ts b/scripts/advisories/generate-csaf20-product-tree.ts index 921238d..0a6185c 100644 --- a/scripts/advisories/generate-csaf20-product-tree.ts +++ b/scripts/advisories/generate-csaf20-product-tree.ts @@ -1,13 +1,17 @@ // SPDX-FileCopyrightText: LoopBack Contributors // SPDX-License-Identifier: MIT -// This is a rudimentary script which reads a newline-delimited list of GitHub -// tag name of format `@` and generates the final -// branch of the CSAF 2.0 Product Tree to stdout. Currently, it's only designed -// for LoopBack 4 packages (i.e. `@loopback/*`). +// This is a rudimentary script which reads a newline-delimited list of +// `@` from stdin and generates the final branch +// of the CSAF 2.0 Product Tree to stdout. // -// To generate a list of Git Tags for this script: -// git tag --sort=taggerdate | grep @ +// To generate a list of Git Tags for this script (LoopBack 4 monorepo only): +// git tag | grep @ +// +// To generate a list of versions from NPM: +// npm view --json versions \ +// | jq "\"@\" + .[]" \ +// | sed -e 's/^.\{1\}//' -e 's/.\{1\}$//' import readline from 'readline'; @@ -20,26 +24,27 @@ var rl = readline.createInterface({ const entries = []; rl.on('line', line => { - if (line.startsWith('@loopback/')) { - const nameVerSeperator = line.lastIndexOf('@'); - const name = line.substring(0, nameVerSeperator); - const version = line.substring(nameVerSeperator + 1); + const nameVerSeperator = line.lastIndexOf('@'); + const name = line.substring(0, nameVerSeperator); + const version = line.substring(nameVerSeperator + 1); - entries.push({ - category: 'product_version', - name: `Version ${version}`, - product: { - name: `${name} - Version ${version}`, - product_id: `${entries.length + 1}`, - product_identification_helper: { - cpe: `cpe:2.3:a:loopback:${name - .replace('/', '_') - .replace('@', '')}:${version}:*:*:*:*:*:*:*`, - purl: `pkg:npm/${encodeURIComponent(name)}@${version}`, - }, + entries.push({ + category: 'product_version', + name: `${version}`, + product: { + name: `${name}@${version}`, + product_id: `${entries.length + 1}`, + product_identification_helper: { + cpe: `cpe:2.3:a:loopback:${name + .replace('/', '_') + .replace('@', '')}:${version}:*:*:*:*:*:*:*`, + purl: `pkg:npm/${encodeURIComponent(name).replace( + '%2F', + '/', + )}@${version}`, }, - }); - } + }, + }); }); rl.on('close', () => { diff --git a/scripts/advisories/validate-csaf20.ts b/scripts/advisories/validate-csaf20.ts index 598a95d..66f9953 100644 --- a/scripts/advisories/validate-csaf20.ts +++ b/scripts/advisories/validate-csaf20.ts @@ -5,7 +5,7 @@ import path from 'path'; import glob from 'glob'; import createCore from 'secvisogram/dist/shared/Core'; -const csaf20DocumentGlob = '../../advisories/*.csaf.json'; +const csaf20DocumentGlob = '../../advisories/*/*.csaf.json'; console.log(`Validating CSAF 2.0 documents... (Glob: ${csaf20DocumentGlob})`); @@ -69,17 +69,10 @@ function validateTracking(fileContents: any): ValidationResult { const tracking = fileContents.document.tracking; let errors: ValidationResult['errors'] = []; - if (!/^(LBSA-[1-9][0-9]*)$/.test(tracking.id)) { + if (!/^(LBSEC-[1-9][0-9]*-[1-9][0-9]*)$/.test(tracking.id)) { errors.push({ instancePath: 'document/tracking/id', - message: 'id must match `/^(LBSA-[1-9][0-9]*)$/`.', - }); - } - - if (tracking.status !== 'final') { - errors.push({ - instancePath: '/document/tracking/status', - message: 'status must equal `final`.', + message: 'id must match `/^(LBSEC-[1-9][0-9]*-[1-9][0-9]*)$/`.', }); } @@ -230,21 +223,24 @@ function validateReferences(fileContents: any): ValidationResult { const refRegexMapping: Record = { 'CVE Record': - /^https:\/\/www\.cve\.org\/CVERecord\?id=CVE-[1-9][0-9]{3}-\d{4}$/, + /^https:\/\/www\.cve\.org\/CVERecord\?id=CVE-[1-9][0-9]{3}-\d{4,}(-\d+)?$/, NPM: /^https:\/\/www\.npmjs\.com\/package\/([a-z0-9-]|(@[a-z0-9._-]+\/))[a-z0-9._-]+$/, 'NVD CVE Detail': /^https:\/\/nvd\.nist\.gov\/vuln\/detail\/CVE-[1-9][0-9]{3}-\d{4}$/, 'GitHub Commit': - /^(https:\/\/github\.com\/loopbackio\/[A-Za-z0-9._-]+\/tree\/[a-z0-9]+)$/, + /^(https:\/\/github\.com\/(strongloop|loopbackio)\/[A-Za-z0-9._-]+\/commit\/[a-z0-9]+)$/, 'GitHub Pull Request': - /^(https:\/\/github\.com\/loopbackio\/[A-Za-z0-9._-]+\/pull\/[1-9]\d*)$/, + /^(https:\/\/github\.com\/(strongloop|loopbackio)\/[A-Za-z0-9._-]+\/pull\/[1-9]\d*)$/, 'X-Force Vulnerability Report': /^https:\/\/exchange\.xforce\.ibmcloud\.com\/vulnerabilities\/[1-9]\d*$/, }; for (let i = 0; i < allReferences.length; i++) { const ref = allReferences[i]; - const matchedRegex = refRegexMapping[ref.summary]; + const matchedRegex = + refRegexMapping[ + Object.keys(refRegexMapping).findIndex(x => ref.summary.startsWith(x)) + ]; if (matchedRegex) { if (!matchedRegex.test(ref.url)) { diff --git a/scripts/advisories/validate-gemnasium.ts b/scripts/advisories/validate-gemnasium.ts new file mode 100644 index 0000000..6a095bf --- /dev/null +++ b/scripts/advisories/validate-gemnasium.ts @@ -0,0 +1,215 @@ +// SPDX-FileCopyrightText: LoopBack Contributors +// SPDX-License-Identifier: MIT + +import addFormats from 'ajv-formats'; +import Ajv from 'ajv'; +import fs from 'fs'; +import glob from 'glob'; +import gemnasiumSchema from '../../vendors/local-gemnasium/schema.json'; +import path from 'path'; +import yaml from 'js-yaml'; + +const osvDocumentGlob = '../../advisories/*/*.gemnasium.yaml'; + +console.log(`Validating OSV 1.2.0 documents... (Glob: ${osvDocumentGlob})`); + +interface ValidationResult { + isValid: boolean; + errors: { + instancePath: string; + message?: string; + }[]; +} + +glob(path.resolve(__dirname, osvDocumentGlob), async (err, matches) => { + if (err) throw Error; + + let errorCount = 0; + + for (const filePath of matches) { + process.stdout.write( + ` L Validating: ${path.relative(process.cwd(), filePath)}...`, + ); + const fileContents = yaml.load(fs.readFileSync(filePath)); + const validationResults: Record = { + jsonSchema: validateJsonSchema(fileContents), + csaf20Sync: validateCSAF20Sync(filePath, fileContents), + }; + + const errors = Object.values(validationResults).flatMap(x => x.errors); + const isValid = errors.length < 1; + + if (isValid) console.log('Done!'); + else { + errorCount += errors.length; + console.log(`${errors.length} error(s) found:`); + for (let i = 0; i < errors.length; i++) { + console.log(` L Error #${i + 1}`); + console.log(` L Instance path : ${errors[i].instancePath}`); + console.log(` L Message : ${errors[i].message ?? 'N/A'}`); + } + } + } + + if (matches.length === 0) console.log('No Gemnasium DB Advisory documents found!'); + + if (errorCount > 0) { + console.log(`${errorCount} error(s) found.`); + process.exit(1); + } + + console.log('OSV 1.2.0 validation done.'); +}); + +function validateJsonSchema(fileContents: any): ValidationResult { + const validate = addFormats( + new Ajv({strict: false, allErrors: true}), + ).compile(gemnasiumSchema); + const isValid = validate(fileContents); + + return { + isValid, + errors: validate.errors ?? [], + }; +} + +function validateCSAF20Sync(filePath: string, gemnasiumDocument: any): ValidationResult { + const errors: ValidationResult['errors'] = []; + const csaf20Document = require(filePath.replace('.gemnasium.yaml', '.csaf.json')); + + // ID sync + const csaf20ID = csaf20Document.document.tracking.id; + const gemnasiumIDs = gemnasiumDocument.identifiers; + + if (!gemnasiumIDs.includes(csaf20ID)) { + errors.push({ + instancePath: '/identifiers', + message: 'identifiers must contain CSAF 2.0 `/document/tracking/id`.', + }); + } + + // CVE sync + const csaf20CVE = csaf20Document.vulnerabilities[0].cve + + if (!gemnasiumIDs.includes(csaf20CVE)) { + errors.push({ + instancePath: '/identifiers', + message: 'identifiers must contain CSAF 2.0 `/vulnerabilities/0/cve`.', + }); + } + + // title sync + const csaf20Title = csaf20Document.document.title; + const gemnasiumTitle = gemnasiumDocument.title; + + if (gemnasiumTitle !== csaf20Title) { + errors.push({ + instancePath: '/title', + message: 'title must match CSAF 2.0 `/document/title`.', + }); + } + + // credit / acknowledgments sync + const csaf20Acknowledgements = csaf20Document.document.acknowledgments.flatMap(x => x.names); + const gemnasiumCredits = gemnasiumDocument.credit.split(';'); + + if (gemnasiumCredits.length >= csaf20Acknowledgements) { + for (let i = 0; i < gemnasiumCredits.length; i++) { + if (!csaf20Acknowledgements.includes(gemnasiumCredits[i])) { + errors.push({ + instancePath: `/credits/${i}`, + message: `entry \`${gemnasiumCredits[i]}\` not found in CSAF 2.0 \`/document/acknowledgements\`.`, + }); + } + } + } else { + for (let i = 0; i < csaf20Acknowledgements.lenght; i++) { + if (!gemnasiumCredits.includes(csaf20Acknowledgements[i])) { + errors.push({ + instancePath: `/credits`, + message: `missing entry \`${csaf20Acknowledgements[i]}\` from CSAF 2.0 \`/document/acknowledgements\``, + }); + } + } + } + + // urls & links / references sync + const csaf20References = [ + ...csaf20Document.document.references.map(x => x.url), + ...csaf20Document.vulnerabilities + .flatMap(x => x.references) + .map(x => x.url), + ]; + const gemnasiumReferences = [...(gemnasiumDocument.urls ?? []), ...(gemnasiumDocument.links ?? []).map(x => x.url)] + + if (gemnasiumReferences.length >= csaf20References.length) { + for (let i = 0; i < gemnasiumReferences.length; i++) { + if (!csaf20References.includes(gemnasiumReferences[i])) { + errors.push({ + instancePath: `/urls|links/${i}`, + message: `entry \`${gemnasiumReferences[i]}\` not found in CSAF 2.0 \`/document/references\`.`, + }); + } + } + } else { + for (let i = 0; i < csaf20References.length; i++) { + if (!gemnasiumReferences.includes(csaf20References[i])) { + errors.push({ + instancePath: '/urls|links', + message: `urls or links entry missing \`${csaf20References[i]}\` from CSAF 2.0 \`/document/references\`.`, + }); + } + } + } + + // CWE sync + const csaf20CWEs = csaf20Document.vulnerabilities.map(x => x.cwe.id); + const gemnasiumCWEs = gemnasiumDocument.cwe_ids; + + if (gemnasiumCWEs.length >= csaf20CWEs.length) { + for (let i = 0; i < gemnasiumCWEs.length; i++) { + if (!csaf20CWEs.includes(gemnasiumCWEs[i])) { + errors.push({ + instancePath: `/cwe_ids/${i}`, + message: `cwe_ids entry \`${gemnasiumCWEs[i]}\` not found in CSAF 2.0 \`/document/vulnerabilities/?/cwe/id`, + }) + } + } + } else { + for (let i = 0; i < csaf20CWEs.length; i++) { + if (!gemnasiumCWEs.includes(csaf20CWEs[i])) { + errors.push({ + instancePath: '/cwe_ids', + message: `missing entry \`${csaf20CWEs[i]}\` from CSAF 2.0 \`/vulnerabilities/?/cwe/id\`.`, + }); + } + } + } + + // description sync + const csaf20Description = csaf20Document.vulnerabilities[0].notes.find(x => x.category === 'description').text; + const gemnasiumDescription = gemnasiumDocument.description; + + if (csaf20Description !== gemnasiumDescription) { + errors.push({ + instancePath: '/description', + message: 'description must match CSAF 2.0 `/vulnerabilities/0/notes[category=description]/text', + }); + } + + // CVSS 3 sync + const csaf20CVSS3 = csaf20Document.vulnerabilities[0].scores[0].cvss_v3.vectorString; + const gemnasiumCVSS3 = gemnasiumDocument.cvss_v3; + + if (!csaf20CVSS3.includes(gemnasiumCVSS3)) { + errors.push({ + instancePath: '/cvss_v3', + message: 'cvss_v3 must be substring of CSAF 2.0 `/vulnerabilities/0/scores/cvss_v3/vectorString' + }); + } + + return { + isValid: errors.length < 1, + errors, + } +} diff --git a/scripts/advisories/validate-osv.ts b/scripts/advisories/validate-osv.ts index 716362e..1bd04a1 100644 --- a/scripts/advisories/validate-osv.ts +++ b/scripts/advisories/validate-osv.ts @@ -8,7 +8,7 @@ import addFormats from 'ajv-formats'; import osvSchema from '../../vendors/osv-schema/validation/schema.json'; import semver from 'semver'; -const osvDocumentGlob = '../../advisories/*.osv.json'; +const osvDocumentGlob = '../../advisories/*/*.osv.json'; console.log(`Validating OSV 1.2.0 documents... (Glob: ${osvDocumentGlob})`); @@ -104,14 +104,21 @@ function validateAffectedVersions(fileContents: any): ValidationResult { const versions = affected.versions; if (versions !== undefined) { - const semverEvents = (affected.ranges as any[]).find( - x => x.type === 'SEMVER', - ).events; - const semverRange = - '>=' + - semverEvents.find(x => x.introduced).introduced + - ' <' + - semverEvents.find(x => x.fixed).fixed; + const semverEvents = (affected.ranges as any[]) + .filter(x => x.type === 'SEMVER') + .map(x => x.events); + + let semverRange = ''; + + for (let i = 0; i < semverEvents.length; i++) { + const eventGroup = semverEvents[i]; + + semverRange += + `>=${eventGroup.find(x => x.introduced).introduced}` + + ` <${eventGroup.find(x => x.fixed).fixed}`; + + if (i + 1 < semverEvents.length) semverRange += ' || '; + } for (let i = 0; i < versions.length; i++) { const version = versions[i]; @@ -191,14 +198,14 @@ function validateCSAF20Sync( if (csaf20CVE !== osvCVE) { errors.push({ instancePath: '/aliases', - message: 'alises must match CSAF `/vulnerabilities/0/cve`.', + message: 'aliases must match CSAF `/vulnerabilities/0/cve`.', }); } // CVSS V3 sync - const csaf20CVSS3 = - csaf20Document.vulnerabilities[0].scores[0].cvss_v3?.vectorString; - const osvCVSS3Index = osvDocument.severity.findIndex( + const csaf20CVSS3 = (csaf20Document.vulnerabilities[0].scores ?? [])[0] + ?.cvss_v3?.vectorString; + const osvCVSS3Index = osvDocument.severity?.findIndex( x => x.type === 'CVSS_V3', ); const osvCVSS3 = diff --git a/vendors/README.md b/vendors/README.md index d982fbf..660cb8f 100644 --- a/vendors/README.md +++ b/vendors/README.md @@ -5,12 +5,11 @@ # Vendors -This directory contains Git submodules that are depended upon by this Git -repository. - -## Submodules - -| Directory | Used by -|-|- -| `osv-schema/` | [OSV 1.2.0 validation](../advisories/README.md#scripts) -| `secvisogram/` | [CSAF 2.0 validation](../advisories/README.md#scripts) +This directory contains directories (Usually Git Submodules) that are depended upon by this Git +repository. If the directory is prefixed with `local-`, it is not a Git Submodule. + +| Directory | Used by | Git Submodule? +|-|-|- +| `local-cpe/` | [CPE 2.3 Extended Dictionary validation](../cpe/README.md#scripts) | No +| `osv-schema/` | [OSV 1.2.0 validation](../advisories/README.md#scripts) | Yes +| `secvisogram/` | [CSAF 2.0 validation](../advisories/README.md#scripts) | Yes diff --git a/vendors/local-gemnasium/schema.json b/vendors/local-gemnasium/schema.json new file mode 100644 index 0000000..a58aed6 --- /dev/null +++ b/vendors/local-gemnasium/schema.json @@ -0,0 +1,335 @@ +{ + "definitions": {}, + "$id": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/schema/schema.json", + "type": "object", + "title": "Gemnasium DB Advisory Schema", + "required": [ + "identifier", + "identifiers", + "package_slug", + "title", + "description", + "date", + "affected_range", + "fixed_versions", + "affected_versions", + "urls", + "uuid", + "pubdate" + ], + "optional": [ + "credit", + "cvss_v2", + "cvss_v3", + "solution", + "not_impacted", + "versions", + "links" + ], + "properties": { + "identifiers": { + "$id": "#/properties/identifiers", + "type": "array", + "title": "The vulnerability identifiers", + "items": { + "$id": "#/properties/identifiers/items", + "type": "string", + "title": "A single identifier", + "default": "", + "examples": [ + "CVE-2020-0001" + ], + "minItems": 1, + "pattern": "^([\\da-zA-Z_\\-]+)$" + } + }, + "identifier": { + "$id": "#/properties/identifier", + "type": "string", + "title": "The CVE id (preferred) or any public identifier", + "default": "", + "examples": [ + "CVE-2019-3888" + ], + "pattern": "^(.*)$" + }, + "package_slug": { + "$id": "#/properties/package_slug", + "type": "string", + "title": "Package type and package name separated by a slash", + "default": "", + "examples": [ + "maven/io.undertow/undertow-core" + ], + "pattern": "^(gem|go|maven|npm|packagist|pypi|nuget|conan)/.+$" + }, + "title": { + "$id": "#/properties/title", + "type": "string", + "title": "A short description of the security flaw", + "default": "", + "examples": [ + "Information Exposure" + ], + "pattern": "^.+$" + }, + "description": { + "$id": "#/properties/description", + "type": "string", + "title": "A long description of the security flaw and the possible risks", + "default": "", + "examples": [ + "A description with `markdown`" + ], + "pattern": "^.+$" + }, + "date": { + "$id": "#/properties/date", + "type": "string", + "title": "The last date on which the advisory was modified, in ISO-8601 format", + "default": "", + "examples": [ + "2019-07-05" + ], + "pattern": "^(\\d\\d\\d\\d-\\d\\d-\\d\\d)$" + }, + "pubdate": { + "$id": "#/properties/pubdate", + "type": "string", + "title": "The date on which the advisory was published, in ISO-8601 format", + "default": "", + "examples": [ + "2019-07-05" + ], + "pattern": "^(\\d\\d\\d\\d-\\d\\d-\\d\\d)$" + }, + "affected_range": { + "$id": "#/properties/affected_range", + "type": "string", + "title": "The range of affected versions in machine-readable syntax used by the package manager", + "default": "", + "examples": [ + "(,2.0.21)" + ], + "pattern": "[<>= ,\\]\\[\\)\\(\\w\\.|]*" + }, + "fixed_versions": { + "$id": "#/properties/fixed_versions", + "type": "array", + "title": "The versions fixing the vulnerability", + "items": { + "$id": "#/properties/fixed_versions/items", + "type": [ + "string", + "number" + ], + "title": "A single affected Version", + "default": "", + "examples": [ + "2.0.21.Final" + ], + "pattern": "^([\\d\\.a-zA-Z_\\-]+)$" + } + }, + "affected_versions": { + "$id": "#/properties/affected_versions", + "type": "string", + "title": "The range of affected versions in human-readable version for display", + "default": "", + "examples": [ + "All versions before 2.0.21" + ], + "pattern": "^.+$" + }, + "not_impacted": { + "$id": "#/properties/not_impacted", + "type": "string", + "title": "Environments not affected by the vulnerability", + "default": "", + "examples": [ + "All versions starting from 2.0.21" + ], + "pattern": "^.*$" + }, + "credit": { + "$id": "#/properties/credit", + "type": "string", + "title": "The names of the people who reported the vulnerability or helped fixing it", + "default": "", + "examples": [ + "Mark Hamill" + ], + "pattern": "^.*$" + }, + "solution": { + "$id": "#/properties/solution", + "type": "string", + "title": "How to remediate the vulnerability", + "default": "", + "examples": [ + "Upgrade to version 2.0.21.Final or above." + ], + "pattern": "^.*$" + }, + "urls": { + "$id": "#/properties/urls", + "type": "array", + "title": "URLs of: detailed advisory, documented exploit, vulnerable source code, etc", + "items": { + "$id": "#/properties/urls/items", + "type": "string", + "title": "The Items Schema", + "default": "", + "examples": [ + "https://nvd.nist.gov/vuln/detail/CVE-2019-3888", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888" + ], + "pattern": "^.*$" + } + }, + "cwe_ids": { + "$id": "#/properties/cwe_ids", + "type": "array", + "title": "List of related cwe_ids", + "items": { + "$id": "#/properties/cwe_ids/items", + "type": "string", + "title": "The Items Schema", + "default": "", + "examples": [ + "CWE-94", + "CWE-76" + ], + "pattern": "^CWE-[0-9]{1,4}$" + } + }, + "uuid": { + "$id": "#/properties/uuid", + "type": "string", + "title": "UUID", + "default": "", + "examples": [ + "e1f57671-bce6-42e6-b344-bc67d25d9ca9" + ], + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$" + }, + "cvss_v2": { + "$id": "#/properties/cvss_v2", + "type": "string", + "title": "Common Vulnerability Scoring System Vector (according to CVSS version 2)", + "default": "", + "examples": [ + "AV:N/AC:M/Au:N/C:N/I:P/A:P" + ], + "pattern": "^AV:[NALP]\\/AC:[HML]\\/Au:[MSN]\\/C:[NPC]\\/I:[NPC]\\/A:[NPC]$" + }, + "cvss_v3": { + "$id": "#/properties/cvss_v3", + "type": "string", + "title": "Common Vulnerability Scoring System Vector (according to CVSS version 3)", + "default": "", + "examples": [ + "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/RL:O/CR:L" + ], + "pattern": "^CVSS:3\\.[\\d\\.]+\\/AV:[NALP]\\/AC:[LH]\\/PR:[NLH]\\/UI:[NR]\\/S:[UC]\\/C:[NLH]\\/I:[NLH]\\/A:[NLH]$" + }, + "links": { + "$id": "#/properties/links", + "type": "array", + "description": "An array of references to external documentation or articles that describe the vulnerability.", + "items": { + "type": "object", + "required": [ + "url" + ], + "properties": { + "type": { + "$id": "#/properties/links/array/type", + "type": "string", + "description": "Type of the link.", + "enum": [ + "poc", + "blog" + ] + }, + "url": { + "$id": "#/properties/links/array/url", + "type": "string", + "description": "URL of the vulnerability details document.", + "format": "uri" + } + } + } + }, + "versions": { + "$id": "#/properties/versions", + "type": "array", + "title": "Version Meta Information", + "items": { + "$id": "#/properties/versions/items", + "type": "object", + "title": "version meta info items", + "required": [ + "number", + "commit" + ], + "properties": { + "number": { + "$id": "#/properties/versions/items/properties/number", + "type": "string", + "title": "Version Information", + "pattern": "^([\\d\\.a-zA-Z_\\-]+)$", + "examples": [ + "1.2.3" + ] + }, + "commit": { + "$id": "#/properties/versions/items/properties/commit", + "type": "object", + "title": "Git commit meta information", + "required": [ + "tags", + "sha", + "timestamp" + ], + "properties": { + "tags": { + "$id": "#/properties/versions/items/properties/commit/tags", + "type": "array", + "title": "Array of Git Tags associated with this particular version", + "items": { + "$id": "#/properties/versions/items/properties/commit/tags/items", + "type": "string", + "title": "The Items Schema", + "examples": [ + "v1.2.3-tag" + ], + "pattern": "^[a-zA-Z0-9_\\-\\.]*$" + } + }, + "sha": { + "$id": "#/properties/versions/items/properties/commit/sha", + "type": "string", + "title": "Commit sha", + "pattern": "^[0-9a-f]{5,40}$", + "examples": [ + "295cf0778821bf08681e2bd0ef0e6cad04fc3001" + ] + }, + "timestamp": { + "$id": "#/properties/versions/items/properties/commit/timestamp", + "type": "string", + "title": "Timestamp of the format YYYYMMDDHHMMSS", + "pattern": "^\\d{14,14}$", + "examples": [ + "20190626162700" + ] + } + } + } + } + } + } + } + } + \ No newline at end of file diff --git a/vendors/local-gemnasium/schema.json.license b/vendors/local-gemnasium/schema.json.license new file mode 100644 index 0000000..1bd2313 --- /dev/null +++ b/vendors/local-gemnasium/schema.json.license @@ -0,0 +1,2 @@ +SPDX-FileCopyrightText: Copyright (c) 2020 GitLab B.V. +SPDX-License-Identifier: MIT