CVE Vulnerabilities

Draft

Get the Common Vulnerabilities and Exposures (CVE) summary of an application.
The service returns the CVE description and the number of impacted third-party packages.
These insights come from CAST Highlight Scanner.

URI

GET /rest/applications/{name}/insights/cve

Path Parameters

name (string):

This parameter identifies the analyzed application.
The application name must be properly encoded if it is required. Character back-quote is not allowed.

Query Parameters

criticality (string), optional:

Filter detection patterns on criticality level (case insensitive). See Insight CVE Criticality.

Responses

application/json:

The response is the list of CVE insights.

Example:

[
    {
        "id": "CVE-2021-41411",
        "description": "drools \u003C=7.59.x is affected by an XML External Entity (XXE) vulnerability ...",
        "reference": "https://nvd.nist.gov/vuln/detail/CVE-2021-41411",
        "criticality": { "id": "CRITICAL" },
        "nbPackages": 1
    },
    ...
]

JSON Representation

Property Type Description

id string CVE reference ID.

description string Summary

reference string Official Web Page URL

criticality.id enum Level of criticality/severity.

nbPackages int The number of impacted third-party packages

Property	Type	Description
id	string	CVE reference ID.
description	string	Summary
reference	string	Official Web Page URL
criticality.id	enum	Level of criticality/severity.
nbPackages	int	The number of impacted third-party packages