Add level of severity for PHP Security Advisories

Question

Add level of severity for PHP Security Advisories

TheGarious opened this issue 4 years ago · 3 comments

TheGarious commented 4 years ago

For each update i don't have a level of severity from this vulnerability.

I don't know if possible to graduate each vulnerability, else how evaluate level of severity.

Thanks,

Answer 1 · 2021-01-04T14:12:24.000Z

No, this information does not exist, but should be part of any CVE. I think we should not duplicate the information.

Answer 2 · 2021-03-05T05:09:19.000Z

@fabpot avoiding the duplication is certainly a good approach, but what about the advisories which don't have a CVE reference? Should the goal be in these cases to create a matching CVE?

Answer 3 · 2021-03-05T12:11:16.000Z

Indeed, I think getting a CVE is the way to go to give more details. This repository is "just" a database that references where to find more information.