Create the example.com of CVE IDs
todb opened this issue · 2 comments
todb commented
This came up in some conversation, and I think it would be a fine idea to reserve one CVE ID as a reference CVE.
I gave it a shot, here: https://github.com/todb/junkdrawer/blob/main/CVE-1969-12345.json
And I'm happy to publish and maintain it in the real directory if I get some kind of blessing.
todb commented
Features:
- Numbered and named in an obviously example-looking way.
- Text is multiline
- Text includes escaped Javascript
- Text includes the EICAR test file string
- References are resolvable
- References include a raw EICAR test file
- Affected ranges exercise both semver and git commit ranges
- CVSS score is a MEDIUM, 6.7, which is rare but possible in the distribution
- Has a CWE and CAPEC problem type.
- Has an example custom tag
There are more fields to fill in, but some number of fields should be left blank in order for downstream parsers to test blankness. Not sure which are the most commonly parsed but also optional fields. Platforms would be my guess.
If people don't hate this CVE ID, I'll publish it.