CVE Vulnerabilities

Overview

Get the Common Vulnerabilities and Exposures (CVE) summary of an application. The service returns the CVE description and the number of impacted third-party packages. These insights come from the com.castsoftware.highlight2mri scanner.

URI

GET /rest/applications/{name}/insights/cve

Path parameters

name (string)

This parameter identifies the analyzed application. The application name must be properly encoded if it is required. Character back-quote is not allowed.

Query parameters

criticality (string)

Optional. Filter detection patterns on criticality level (case insensitive). See Insight CVE Criticality.

Responses

application/json

The response is the list of CVE insights. Example:

[
    {
        "id": "CVE-2021-41411",
        "description": "drools \u003C=7.59.x is affected by an XML External Entity (XXE) vulnerability ...",
        "reference": "https://nvd.nist.gov/vuln/detail/CVE-2021-41411",
        "criticality": { "id": "CRITICAL" },
        "nbPackages": 1
    },
    ...
]

JSON representation

Property	Type	Description
id	string	CVE reference ID.
description	string	Summary
reference	string	Official Web Page URL
criticality.id	enum	Level of criticality/severity.
nbPackages	int	The number of impacted third-party packages