haskell/security-advisories

add CVSS 4.0 support

frasertweedale opened this issue · 6 comments

Summary

CVSS 4.0 is here, and already supported by OSV. Add support for it in our cvss lib and hsec-tools.

Hey! I'll take this one! :)

@unorsk Thanks! I wrote the initial CVSS library, please let me know if you need any help.

Started working on this. No wonder this hasn't been implemented yet 😅
The way they changed the scoring system isn't very straightforward... but it's fun :)

It seems like you can find an JavaScript implementation in https://www.first.org/cvss/calculator/app.js?v=7 . Looks pretty onerous, good luck!

It seems like you can find an JavaScript implementation in https://www.first.org/cvss/calculator/app.js?v=7 . Looks pretty onerous, good luck!

Yeah, thanks! It looks like it's just an embedded (and a bit outdated) version of this one

Might be better to just read the spec: https://www.first.org/cvss/v4.0/specification-document
and test the implementation using the official examples: https://www.first.org/cvss/v4.0/examples