full-record-advanced-example.json Does Not Contain A Tags Field

Question

full-record-advanced-example.json Does Not Contain A Tags Field

nickspurry opened this issue 7 months ago · 0 comments

The schema for version 5.0 contains the following definition for a tags field within the CNA Container.

{
    "$schema": "http://json-schema.org/draft-07/schema#",
    "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/",
    "type": "string",
    "description": "exclusively-hosted-service: All known software and/or hardware affected by this CVE Record is known to exist only in the affected hosted service. If the vulnerability affects both hosted and on-prem software and/or hardware, then the tag should not be used.\n\nunsupported-when-assigned: Used by the assigning CNA to indicate that when a request for a CVE assignment was received, the product was already end-of-life (EOL) or a product or specific version was deemed not to be supported by the vendor. This tag should only be applied to a CVE Record when all affected products or version lines referenced in the CVE-Record are EOL.\n\ndisputed: When one party disagrees with another party's assertion that a particular issue in software is a vulnerability, a CVE Record assigned to that issue may be tagged as being 'disputed'.",
    "enum": ["unsupported-when-assigned", "exclusively-hosted-service", "disputed"]
}

full-record-advanced-example.json does not implement this field. If it is intended that this example provide a working demonstration of all fields, then this field should probably be implemented.