From bb15c0e451a97c1bd5203ce11aa1fa4b41ad1bbc Mon Sep 17 00:00:00 2001 From: Rifa Achrinza <25147899+achrinza@users.noreply.github.com> Date: Fri, 11 Mar 2022 23:26:15 +0800 Subject: [PATCH] feat: update last 3 advisories Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com> --- .vscode/settings.json | 4 +- advisories/README.md | 9 +- .../lbsec-20180815-1.csaf.json | 1028 +++++++++ .../lbsec-20180815-1.csaf.json.license} | 0 .../lbsec-20180815-1.osv.json | 167 ++ .../lbsec-20180815-1.osv.json.license} | 0 .../lbsec-20190617-1.csaf.json | 2024 +++++++++++++++++ .../lbsec-20190617-1.csaf.json.license | 2 + .../lbsec-20190617-1.osv.json | 250 ++ .../lbsec-20190617-1.osv.json.license | 2 + .../lbsec-20201130-1.csaf.json} | 1455 ++++++------ .../lbsec-20201130-1.csaf.json.license | 2 + .../lbsec-20201130-1.osv.json} | 51 +- .../lbsec-20201130-1.osv.json.license | 2 + package.json | 2 +- .../generate-csaf20-product-tree.ts | 53 +- scripts/advisories/validate-csaf20.ts | 24 +- scripts/advisories/validate-osv.ts | 33 +- vendors/README.md | 17 +- 19 files changed, 4224 insertions(+), 901 deletions(-) create mode 100644 advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json rename advisories/{lbsa-20201130.csaf.json.license => lbsec-20180815-1/lbsec-20180815-1.csaf.json.license} (100%) create mode 100644 advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json rename advisories/{lbsa-20201130.osv.json.license => lbsec-20180815-1/lbsec-20180815-1.osv.json.license} (100%) create mode 100644 advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json create mode 100644 advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json.license create mode 100644 advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json create mode 100644 advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json.license rename advisories/{lbsa-20201130.csaf.json => lbsec-20201130-1/lbsec-20201130-1.csaf.json} (69%) create mode 100644 advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json.license rename advisories/{lbsa-20201130.osv.json => lbsec-20201130-1/lbsec-20201130-1.osv.json} (86%) create mode 100644 advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json.license diff --git a/.vscode/settings.json b/.vscode/settings.json index d93513f..a730bcf 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -5,13 +5,13 @@ "json.schemas": [ { "fileMatch": [ - "advisories/lbsa-*.csaf.json" + "advisories/*/lbsec-*.csaf.json" ], "url": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json" }, { "fileMatch": [ - "advisories/lbsa-*.osv.json" + "advisories/*/lbsec-*.osv.json" ], "url": "./vendors/osv-schema/validation/schema.json" } diff --git a/advisories/README.md b/advisories/README.md index 900d8a3..4f9016f 100644 --- a/advisories/README.md +++ b/advisories/README.md @@ -46,12 +46,8 @@ CSAF 2.0 document must also be reflected back in the CSAF 2.0 document itself. ## Vendors -This section depends on [Secvisogram](../vendors/README.md#submodules) for -validation, its ports of JSON Schemas from Draft-04 (No first-class AJV support) -to Draft-2019, and for a strict variant of CSAF 2.0 JSON Schema. There are plans -to utilise the other parts of the codebase for more thorough validation. - -It also depends on +This section depends on [Secvisogram](../vendors/README.md#submodules) for CSAF +2.0 validation and the [Open Source Vulnerability schema](../vendors/README.md#submodules) for JSON Schema-based OSV validation. @@ -64,5 +60,4 @@ are future plans to add integration: | ----------------------------------------------------------------------------------------------------- | ------- | | Generation of security advisories on [loopback.io website](https://loopback.io/doc/en/sec/index.html) | Planned | | Publishing as a CSAF Provider through csaf.data.loopback.io | Planned | -| Down-conversion and publication of CVRF 1.2 | Planned | | Sync with Gitlab Advisory Database | Planned | diff --git a/advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json b/advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json new file mode 100644 index 0000000..be02fff --- /dev/null +++ b/advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json @@ -0,0 +1,1028 @@ +{ + "document": { + "acknowledgments": [ + { + "names": ["Nelson Brandão"], + "urls": ["https://github.com/NelsonBrandao"] + } + ], + "category": "security_advisory", + "csaf_version": "2.0", + "distribution": { + "text": "Disclosure is not limited.\nSPDX-FileCopyrightText: LoopBack Contributors\nSPDX-License-Identifier: MIT", + "tlp": { + "label": "WHITE" + } + }, + "lang": "en", + "publisher": { + "category": "vendor", + "name": "LoopBack", + "namespace": "https://loopback.io" + }, + "references": [ + { + "category": "self", + "summary": "LBSEC-20180815-1: LoopBack Security Advisory 08-15-2018 - CSAF Version", + "url": "https://security.loopback.io/en/advisories/csaf/lbsa-20180815-1.csaf.json" + }, + { + "category": "self", + "summary": "LBSEC-20180815-1: LoopBack Security Advisory 08-15-2018 - HTML Version", + "url": "https://security.loopback.io/en/advisories/html/lbsa-20180815-1.html" + }, + { + "category": "self", + "summary": "LBSEC-20180815-1: LoopBack Security Advisory 08-15-2018 - OSV Version", + "url": "https://security.loopback.io/en/advisories/osv/lbsa-20180815-1.osv.json" + }, + { + "summary": "GitHub Security Advisory", + "url": "https://github.com/advisories/GHSA-hxwc-5vw9-2w4w" + }, + { + "summary": "Snyk Vulnerability", + "url": "https://security.snyk.io/vuln/SNYK-JS-LOOPBACKCONNECTORMONGODB-73555" + } + ], + "title": "LBSEC-20180815-1: LoopBack Security Advisory 11-30-2020", + "tracking": { + "current_release_date": "1970-01-01T00:00:00.000Z", + "id": "LBSEC-20180815-1", + "initial_release_date": "1970-01-01T00:00:00.000Z", + "revision_history": [ + { + "date": "1970-01-01T00:00:00.000Z", + "number": "0.1.0", + "summary": "Draft version." + } + ], + "status": "draft", + "version": "0.1.0" + } + }, + "product_tree": { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "category": "product_version", + "name": "1.0.0", + "product": { + "name": "loopback-connector-mongodb@1.0.0", + "product_id": "1", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.0.0" + } + } + }, + { + "category": "product_version", + "name": "1.1.0", + "product": { + "name": "loopback-connector-mongodb@1.1.0", + "product_id": "2", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.0" + } + } + }, + { + "category": "product_version", + "name": "1.1.3", + "product": { + "name": "loopback-connector-mongodb@1.1.3", + "product_id": "3", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.3" + } + } + }, + { + "category": "product_version", + "name": "1.1.4", + "product": { + "name": "loopback-connector-mongodb@1.1.4", + "product_id": "4", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.4" + } + } + }, + { + "category": "product_version", + "name": "1.1.5", + "product": { + "name": "loopback-connector-mongodb@1.1.5", + "product_id": "5", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.5:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.5" + } + } + }, + { + "category": "product_version", + "name": "1.1.6", + "product": { + "name": "loopback-connector-mongodb@1.1.6", + "product_id": "6", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.6:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.6" + } + } + }, + { + "category": "product_version", + "name": "1.1.7", + "product": { + "name": "loopback-connector-mongodb@1.1.7", + "product_id": "7", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.7:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.7" + } + } + }, + { + "category": "product_version", + "name": "1.1.8", + "product": { + "name": "loopback-connector-mongodb@1.1.8", + "product_id": "8", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.1.8:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.1.8" + } + } + }, + { + "category": "product_version", + "name": "1.2.0", + "product": { + "name": "loopback-connector-mongodb@1.2.0", + "product_id": "9", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.0" + } + } + }, + { + "category": "product_version", + "name": "1.2.1", + "product": { + "name": "loopback-connector-mongodb@1.2.1", + "product_id": "10", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.1" + } + } + }, + { + "category": "product_version", + "name": "1.2.2", + "product": { + "name": "loopback-connector-mongodb@1.2.2", + "product_id": "11", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.2" + } + } + }, + { + "category": "product_version", + "name": "1.2.3", + "product": { + "name": "loopback-connector-mongodb@1.2.3", + "product_id": "12", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.3" + } + } + }, + { + "category": "product_version", + "name": "1.2.4", + "product": { + "name": "loopback-connector-mongodb@1.2.4", + "product_id": "13", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.4" + } + } + }, + { + "category": "product_version", + "name": "1.2.5", + "product": { + "name": "loopback-connector-mongodb@1.2.5", + "product_id": "14", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.5:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.5" + } + } + }, + { + "category": "product_version", + "name": "1.2.6", + "product": { + "name": "loopback-connector-mongodb@1.2.6", + "product_id": "15", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.2.6:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.2.6" + } + } + }, + { + "category": "product_version", + "name": "1.3.0", + "product": { + "name": "loopback-connector-mongodb@1.3.0", + "product_id": "16", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.3.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.3.0" + } + } + }, + { + "category": "product_version", + "name": "1.4.0", + "product": { + "name": "loopback-connector-mongodb@1.4.0", + "product_id": "17", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.0" + } + } + }, + { + "category": "product_version", + "name": "1.4.1", + "product": { + "name": "loopback-connector-mongodb@1.4.1", + "product_id": "18", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.1" + } + } + }, + { + "category": "product_version", + "name": "1.4.2", + "product": { + "name": "loopback-connector-mongodb@1.4.2", + "product_id": "19", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.2" + } + } + }, + { + "category": "product_version", + "name": "1.4.3", + "product": { + "name": "loopback-connector-mongodb@1.4.3", + "product_id": "20", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.3" + } + } + }, + { + "category": "product_version", + "name": "1.4.4", + "product": { + "name": "loopback-connector-mongodb@1.4.4", + "product_id": "21", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.4" + } + } + }, + { + "category": "product_version", + "name": "1.4.5", + "product": { + "name": "loopback-connector-mongodb@1.4.5", + "product_id": "22", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.4.5:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.4.5" + } + } + }, + { + "category": "product_version", + "name": "1.5.0", + "product": { + "name": "loopback-connector-mongodb@1.5.0", + "product_id": "23", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.5.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.5.0" + } + } + }, + { + "category": "product_version", + "name": "1.6.0", + "product": { + "name": "loopback-connector-mongodb@1.6.0", + "product_id": "24", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.6.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.6.0" + } + } + }, + { + "category": "product_version", + "name": "1.7.0", + "product": { + "name": "loopback-connector-mongodb@1.7.0", + "product_id": "25", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.7.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.7.0" + } + } + }, + { + "category": "product_version", + "name": "1.8.0", + "product": { + "name": "loopback-connector-mongodb@1.8.0", + "product_id": "26", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.8.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.8.0" + } + } + }, + { + "category": "product_version", + "name": "1.9.0", + "product": { + "name": "loopback-connector-mongodb@1.9.0", + "product_id": "27", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.9.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.9.0" + } + } + }, + { + "category": "product_version", + "name": "1.9.1", + "product": { + "name": "loopback-connector-mongodb@1.9.1", + "product_id": "28", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.9.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.9.1" + } + } + }, + { + "category": "product_version", + "name": "1.9.2", + "product": { + "name": "loopback-connector-mongodb@1.9.2", + "product_id": "29", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.9.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.9.2" + } + } + }, + { + "category": "product_version", + "name": "1.10.0", + "product": { + "name": "loopback-connector-mongodb@1.10.0", + "product_id": "30", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.10.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.10.0" + } + } + }, + { + "category": "product_version", + "name": "1.10.1", + "product": { + "name": "loopback-connector-mongodb@1.10.1", + "product_id": "31", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.10.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.10.1" + } + } + }, + { + "category": "product_version", + "name": "1.11.0", + "product": { + "name": "loopback-connector-mongodb@1.11.0", + "product_id": "32", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.11.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.11.0" + } + } + }, + { + "category": "product_version", + "name": "1.11.1", + "product": { + "name": "loopback-connector-mongodb@1.11.1", + "product_id": "33", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.11.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.11.1" + } + } + }, + { + "category": "product_version", + "name": "1.11.2", + "product": { + "name": "loopback-connector-mongodb@1.11.2", + "product_id": "34", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.11.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.11.2" + } + } + }, + { + "category": "product_version", + "name": "1.11.3", + "product": { + "name": "loopback-connector-mongodb@1.11.3", + "product_id": "35", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.11.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.11.3" + } + } + }, + { + "category": "product_version", + "name": "1.12.0", + "product": { + "name": "loopback-connector-mongodb@1.12.0", + "product_id": "36", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.12.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.12.0" + } + } + }, + { + "category": "product_version", + "name": "1.13.0", + "product": { + "name": "loopback-connector-mongodb@1.13.0", + "product_id": "37", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.13.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.13.0" + } + } + }, + { + "category": "product_version", + "name": "1.13.1", + "product": { + "name": "loopback-connector-mongodb@1.13.1", + "product_id": "38", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.13.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.13.1" + } + } + }, + { + "category": "product_version", + "name": "1.13.2", + "product": { + "name": "loopback-connector-mongodb@1.13.2", + "product_id": "39", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.13.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.13.2" + } + } + }, + { + "category": "product_version", + "name": "1.13.3", + "product": { + "name": "loopback-connector-mongodb@1.13.3", + "product_id": "40", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.13.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.13.3" + } + } + }, + { + "category": "product_version", + "name": "1.14.0", + "product": { + "name": "loopback-connector-mongodb@1.14.0", + "product_id": "41", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.14.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.14.0" + } + } + }, + { + "category": "product_version", + "name": "1.15.0", + "product": { + "name": "loopback-connector-mongodb@1.15.0", + "product_id": "42", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.15.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.15.0" + } + } + }, + { + "category": "product_version", + "name": "1.15.1", + "product": { + "name": "loopback-connector-mongodb@1.15.1", + "product_id": "43", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.15.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.15.1" + } + } + }, + { + "category": "product_version", + "name": "1.15.2", + "product": { + "name": "loopback-connector-mongodb@1.15.2", + "product_id": "44", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.15.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.15.2" + } + } + }, + { + "category": "product_version", + "name": "1.17.0", + "product": { + "name": "loopback-connector-mongodb@1.17.0", + "product_id": "45", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.17.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.17.0" + } + } + }, + { + "category": "product_version", + "name": "1.18.0", + "product": { + "name": "loopback-connector-mongodb@1.18.0", + "product_id": "46", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.18.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.18.0" + } + } + }, + { + "category": "product_version", + "name": "1.18.1", + "product": { + "name": "loopback-connector-mongodb@1.18.1", + "product_id": "47", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:1.18.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@1.18.1" + } + } + }, + { + "category": "product_version", + "name": "3.0.0", + "product": { + "name": "loopback-connector-mongodb@3.0.0", + "product_id": "48", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.0.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.0.0" + } + } + }, + { + "category": "product_version", + "name": "3.0.1", + "product": { + "name": "loopback-connector-mongodb@3.0.1", + "product_id": "49", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.0.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.0.1" + } + } + }, + { + "category": "product_version", + "name": "3.1.0", + "product": { + "name": "loopback-connector-mongodb@3.1.0", + "product_id": "50", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.1.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.1.0" + } + } + }, + { + "category": "product_version", + "name": "3.2.0", + "product": { + "name": "loopback-connector-mongodb@3.2.0", + "product_id": "51", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.2.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.2.0" + } + } + }, + { + "category": "product_version", + "name": "3.2.1", + "product": { + "name": "loopback-connector-mongodb@3.2.1", + "product_id": "52", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.2.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.2.1" + } + } + }, + { + "category": "product_version", + "name": "3.3.0", + "product": { + "name": "loopback-connector-mongodb@3.3.0", + "product_id": "53", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.3.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.3.0" + } + } + }, + { + "category": "product_version", + "name": "3.3.1", + "product": { + "name": "loopback-connector-mongodb@3.3.1", + "product_id": "54", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.3.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.3.1" + } + } + }, + { + "category": "product_version", + "name": "3.4.0", + "product": { + "name": "loopback-connector-mongodb@3.4.0", + "product_id": "55", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.4.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.4.0" + } + } + }, + { + "category": "product_version", + "name": "3.4.1", + "product": { + "name": "loopback-connector-mongodb@3.4.1", + "product_id": "56", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.4.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.4.1" + } + } + }, + { + "category": "product_version", + "name": "3.4.2", + "product": { + "name": "loopback-connector-mongodb@3.4.2", + "product_id": "57", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.4.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.4.2" + } + } + }, + { + "category": "product_version", + "name": "3.4.3", + "product": { + "name": "loopback-connector-mongodb@3.4.3", + "product_id": "58", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.4.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.4.3" + } + } + }, + { + "category": "product_version", + "name": "3.4.4", + "product": { + "name": "loopback-connector-mongodb@3.4.4", + "product_id": "59", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.4.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.4.4" + } + } + }, + { + "category": "product_version", + "name": "3.5.0", + "product": { + "name": "loopback-connector-mongodb@3.5.0", + "product_id": "60", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.5.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.5.0" + } + } + }, + { + "category": "product_version", + "name": "3.6.0", + "product": { + "name": "loopback-connector-mongodb@3.6.0", + "product_id": "61", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback-connector-mongodb:3.6.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback-connector-mongodb@3.6.0" + } + } + } + ], + "category": "product_name", + "name": "loopback-connector-mongodb" + } + ], + "category": "product_family", + "name": "LoopBack Juggler" + } + ], + "category": "product_family", + "name": "LoopBack" + } + ], + "category": "vendor", + "name": "LoopBack" + } + ], + "product_groups": [ + { + "group_id": "1", + "product_ids": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "22", + "23", + "24", + "25", + "26", + "27", + "28", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "39", + "40", + "41", + "42", + "43", + "44", + "45", + "46", + "47", + "48", + "49", + "50", + "51", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60" + ], + "summary": "Affected products." + } + ] + }, + "vulnerabilities": [ + { + "cwe": { + "id": "CWE-89", + "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + }, + "notes": [ + { + "audience": "all", + "category": "description", + "text": "MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous `$where` property to be passed to the MongoDB Driver. The Driver allows the special `$where` property in a filter to execute JavaScript (client can pass in a malicious script) on the database Driver. This is an [intended feature of MongoDB](https://docs.mongodb.com/manual/core/server-side-javascript/) unless [disabled (instructions here)](https://docs.mongodb.com/manual/core/server-side-javascript/#disable-server-side-js).\n\nAn example malicious query:\n\n```\nGET /POST filter={\"where\": {\"$where\": \"function(){sleep(5000); return this.title.contains('Hello');}\"}}\n```\n\nThe above makes the database sleep for 5 seconds and then returns all \"Posts\" with the title containing the word `Hello`.\n\nThe connector now sanitizes all queries passed to the MongoDB Driver by default and deletes the `$where` and `mapReduce` properties. If you need to use these properties from within LoopBack programatically, you can disable the sanitization by passing in an `options` object with `disableSanitization` property set to `true`:\n\n```js\nPost.find(\n { where: { $where: \"function() { /*dangerous function here*/}\" } },\n { disableSanitization: true },\n (err, p) => {\n // code to handle results / error.\n }\n);\n```" + }, + { + "audience": "all", + "category": "summary", + "text": "`loopback-connector-mongodb` version 3.5.0 and below allows NoSQL Injections." + } + ], + "product_status": { + "first_affected": ["1"], + "known_affected": ["60"], + "last_affected": ["60"], + "fixed": ["61"], + "recommended": ["61"] + }, + "references": [ + { + "category": "self", + "summary": "GitHub Commit", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/commit/ee24cd08b8ccc32711264831c71b1da628df357b" + }, + { + "category": "self", + "summary": "GitHub Issue", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/issues/403" + }, + { + "category": "self", + "summary": "GitHub Pull Request", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/pull/452" + }, + { + "summary": "NPM", + "url": "https://www.npmjs.com/package/loopback-connector-mongodb" + } + ], + "remediations": [ + { + "category": "vendor_fix", + "date": "2018-08-15T15:42:26.938Z", + "details": "Upgrade to `loopback-connector-mongodb` 3.6.0 or later if your repository is using an outdated package.\n\nEnsure that your application's `package.json` has the following line:\n\n```js\n\"dependencies\": {\n ...\n \"loopback-connector-mongodb\": \"^3.6.0\",\n ...\n },\n```\n\nThen upgrade your project dependencies to use the latest version :\n\n```\n$ cd \n$ npm update\n```", + "group_ids": ["1"] + } + ], + "scores": [ + { + "cvss_v3": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availability": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentiality": "HIGH", + "integrity": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + }, + "products": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "22", + "23", + "24", + "25", + "26", + "27", + "28", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "39", + "40", + "41", + "42", + "43", + "44", + "45", + "46", + "47", + "48", + "49", + "50", + "51", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60" + ] + } + ] + } + ] +} diff --git a/advisories/lbsa-20201130.csaf.json.license b/advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json.license similarity index 100% rename from advisories/lbsa-20201130.csaf.json.license rename to advisories/lbsec-20180815-1/lbsec-20180815-1.csaf.json.license diff --git a/advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json b/advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json new file mode 100644 index 0000000..e209f7d --- /dev/null +++ b/advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json @@ -0,0 +1,167 @@ +{ + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "loopback-connector-mongodb", + "purl": "pkg:npm/loopback-connector-mongodb" + }, + "ranges": [ + { + "events": [ + { + "introduced": "" + }, + { + "fixed": "ee24cd08b8ccc32711264831c71b1da628df357b" + } + ], + "repo": "https://github.com/strongloop/loopback-connector-mongodb.git", + "type": "GIT" + }, + { + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.6.0" + } + ], + "type": "SEMVER" + } + ], + "versions": [ + "1.0.0", + "1.1.0", + "1.1.3", + "1.1.4", + "1.1.5", + "1.1.6", + "1.1.7", + "1.1.8", + "1.2.0", + "1.2.1", + "1.2.2", + "1.2.3", + "1.2.4", + "1.2.5", + "1.2.6", + "1.3.0", + "1.4.0", + "1.4.1", + "1.4.2", + "1.4.3", + "1.4.4", + "1.4.5", + "1.5.0", + "1.6.0", + "1.7.0", + "1.8.0", + "1.9.0", + "1.9.1", + "1.9.2", + "1.10.0", + "1.10.1", + "1.11.0", + "1.11.1", + "1.11.2", + "1.11.3", + "1.12.0", + "1.13.0", + "1.13.1", + "1.13.2", + "1.13.3", + "1.14.0", + "1.15.0", + "1.15.1", + "1.15.2", + "1.17.0", + "1.18.0", + "1.18.1", + "3.0.0", + "3.0.1", + "3.1.0", + "3.2.0", + "3.2.1", + "3.3.0", + "3.3.1", + "3.4.0", + "3.4.1", + "3.4.2", + "3.4.3", + "3.4.4", + "3.5.0" + ] + } + ], + "aliases": [ + "GHSA-hxwc-5vw9-2w4w", + "GHSA-m734-r4g6-34f9", + "GMS-2019-37", + "GMS-2020-360", + "SNYK-JS-LOOPBACKCONNECTORMONGODB-73555" + ], + "credits": [ + { + "name": "Nelson Brandão", + "urls": ["https://github.com/NelsonBrandao"] + } + ], + "database_specific": { + "CWE": "CWE-89" + }, + "details": "MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous `$where` property to be passed to the MongoDB Driver. The Driver allows the special `$where` property in a filter to execute JavaScript (client can pass in a malicious script) on the database Driver. This is an [intended feature of MongoDB](https://docs.mongodb.com/manual/core/server-side-javascript/) unless [disabled (instructions here)](https://docs.mongodb.com/manual/core/server-side-javascript/#disable-server-side-js).\n\nAn example malicious query:\n\n```\nGET /POST filter={\"where\": {\"$where\": \"function(){sleep(5000); return this.title.contains('Hello');}\"}}\n```\n\nThe above makes the database sleep for 5 seconds and then returns all \"Posts\" with the title containing the word `Hello`.\n\nThe connector now sanitizes all queries passed to the MongoDB Driver by default and deletes the `$where` and `mapReduce` properties. If you need to use these properties from within LoopBack programatically, you can disable the sanitization by passing in an `options` object with `disableSanitization` property set to `true`:\n\n```js\nPost.find(\n { where: { $where: \"function() { /*dangerous function here*/}\" } },\n { disableSanitization: true },\n (err, p) => {\n // code to handle results / error.\n }\n);\n```", + "id": "LBSEC-20180815-1", + "modified": "1970-01-01T00:00:00.000Z", + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hxwc-5vw9-2w4w" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/csaf/lbsa-20180815-1.csaf.json" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/html/lbsa-20180815-1.html" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/osv/lbsa-20180815-1.osv.json" + }, + { + "type": "ADVISORY", + "url": "https://security.snyk.io/vuln/SNYK-JS-LOOPBACKCONNECTORMONGODB-73555" + }, + { + "type": "PACKAGE", + "url": "https://loopback.io" + }, + { + "type": "PACKAGE", + "url": "https://www.npmjs.com/package/loopback-connector-mongodb" + }, + { + "type": "REPORT", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/issues/403" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/commit/ee24cd08b8ccc32711264831c71b1da628df357b" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-connector-mongodb/pull/452" + } + ], + "schema_version": "1.2.0", + "severity": [ + { + "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "type": "CVSS_V3" + } + ], + "summary": "`loopback-connector-mongodb` version 3.5.0 and below allows NoSQL Injections." +} diff --git a/advisories/lbsa-20201130.osv.json.license b/advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json.license similarity index 100% rename from advisories/lbsa-20201130.osv.json.license rename to advisories/lbsec-20180815-1/lbsec-20180815-1.osv.json.license diff --git a/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json b/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json new file mode 100644 index 0000000..541b52c --- /dev/null +++ b/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json @@ -0,0 +1,2024 @@ +{ + "document": { + "acknowledgments": [ + { + "names": ["@gabjauf"], + "urls": ["https://github.com/gabjauf"] + } + ], + "category": "security_advisory", + "csaf_version": "2.0", + "distribution": { + "text": "Disclosure is not limited.\nSPDX-FileCopyrightText: LoopBack Contributors\nSPDX-License-Identifier: MIT", + "tlp": { + "label": "WHITE" + } + }, + "lang": "en", + "publisher": { + "category": "vendor", + "name": "LoopBack", + "namespace": "https://loopback.io" + }, + "references": [ + { + "category": "self", + "summary": "LBSEC-20190617-1: LoopBack Security Advisory 11-30-2020 - CSAF Version", + "url": "https://security.loopback.io/en/advisories/csaf/lbsa-20190617-1.csaf.json" + }, + { + "category": "self", + "summary": "LBSEC-20190617-1: LoopBack Security Advisory 11-30-2020 - HTML Version", + "url": "https://security.loopback.io/en/advisories/html/lbsa-20190617-1.html" + }, + { + "category": "self", + "summary": "LBSEC-20190617-1: LoopBack Security Advisory 11-30-2020 - OSV Version", + "url": "https://security.loopback.io/en/advisories/osv/lbsa-20190617-1.osv.json" + }, + { + "summary": "GitHub Security Advisory", + "url": "https://github.com/advisories/GHSA-724c-6vrf-99rq" + } + ], + "title": "LBSEC-20190617-1: LoopBack Security Advisory 11-30-2020", + "tracking": { + "current_release_date": "1970-01-01T00:00:00.000Z", + "id": "LBSEC-20190617-1", + "initial_release_date": "1970-01-01T00:00:00.000Z", + "revision_history": [ + { + "date": "1970-01-01T00:00:00.000Z", + "number": "0.1.0", + "summary": "Draft version." + } + ], + "status": "draft", + "version": "0.1.0" + } + }, + "product_tree": { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "branches": [ + { + "category": "product_version", + "name": "2.0.0", + "product": { + "name": "loopback@2.0.0", + "product_id": "1", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.0.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.0.0" + } + } + }, + { + "category": "product_version", + "name": "2.0.1", + "product": { + "name": "loopback@2.0.1", + "product_id": "2", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.0.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.0.1" + } + } + }, + { + "category": "product_version", + "name": "2.0.2", + "product": { + "name": "loopback@2.0.2", + "product_id": "3", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.0.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.0.2" + } + } + }, + { + "category": "product_version", + "name": "2.1.0", + "product": { + "name": "loopback@2.1.0", + "product_id": "4", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.1.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.1.0" + } + } + }, + { + "category": "product_version", + "name": "2.1.1", + "product": { + "name": "loopback@2.1.1", + "product_id": "5", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.1.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.1.1" + } + } + }, + { + "category": "product_version", + "name": "2.1.2", + "product": { + "name": "loopback@2.1.2", + "product_id": "6", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.1.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.1.2" + } + } + }, + { + "category": "product_version", + "name": "2.1.3", + "product": { + "name": "loopback@2.1.3", + "product_id": "7", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.1.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.1.3" + } + } + }, + { + "category": "product_version", + "name": "2.1.4", + "product": { + "name": "loopback@2.1.4", + "product_id": "8", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.1.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.1.4" + } + } + }, + { + "category": "product_version", + "name": "2.2.0", + "product": { + "name": "loopback@2.2.0", + "product_id": "9", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.2.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.2.0" + } + } + }, + { + "category": "product_version", + "name": "2.3.0", + "product": { + "name": "loopback@2.3.0", + "product_id": "10", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.3.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.3.0" + } + } + }, + { + "category": "product_version", + "name": "2.3.1", + "product": { + "name": "loopback@2.3.1", + "product_id": "11", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.3.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.3.1" + } + } + }, + { + "category": "product_version", + "name": "2.4.0", + "product": { + "name": "loopback@2.4.0", + "product_id": "12", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.4.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.4.0" + } + } + }, + { + "category": "product_version", + "name": "2.4.1", + "product": { + "name": "loopback@2.4.1", + "product_id": "13", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.4.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.4.1" + } + } + }, + { + "category": "product_version", + "name": "2.5.0", + "product": { + "name": "loopback@2.5.0", + "product_id": "14", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.5.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.5.0" + } + } + }, + { + "category": "product_version", + "name": "2.6.0", + "product": { + "name": "loopback@2.6.0", + "product_id": "15", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.6.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.6.0" + } + } + }, + { + "category": "product_version", + "name": "2.7.0", + "product": { + "name": "loopback@2.7.0", + "product_id": "16", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.7.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.7.0" + } + } + }, + { + "category": "product_version", + "name": "2.8.0", + "product": { + "name": "loopback@2.8.0", + "product_id": "17", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.0" + } + } + }, + { + "category": "product_version", + "name": "2.8.1", + "product": { + "name": "loopback@2.8.1", + "product_id": "18", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.1" + } + } + }, + { + "category": "product_version", + "name": "2.8.2", + "product": { + "name": "loopback@2.8.2", + "product_id": "19", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.2" + } + } + }, + { + "category": "product_version", + "name": "2.8.3", + "product": { + "name": "loopback@2.8.3", + "product_id": "20", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.3" + } + } + }, + { + "category": "product_version", + "name": "2.8.4", + "product": { + "name": "loopback@2.8.4", + "product_id": "21", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.4:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.4" + } + } + }, + { + "category": "product_version", + "name": "2.8.5", + "product": { + "name": "loopback@2.8.5", + "product_id": "22", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.5:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.5" + } + } + }, + { + "category": "product_version", + "name": "2.8.6", + "product": { + "name": "loopback@2.8.6", + "product_id": "23", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.6:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.6" + } + } + }, + { + "category": "product_version", + "name": "2.8.7", + "product": { + "name": "loopback@2.8.7", + "product_id": "24", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.7:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.7" + } + } + }, + { + "category": "product_version", + "name": "2.8.8", + "product": { + "name": "loopback@2.8.8", + "product_id": "25", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.8.8:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.8.8" + } + } + }, + { + "category": "product_version", + "name": "2.9.0", + "product": { + "name": "loopback@2.9.0", + "product_id": "26", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.9.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.9.0" + } + } + }, + { + "category": "product_version", + "name": "2.10.0", + "product": { + "name": "loopback@2.10.0", + "product_id": "27", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.10.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.10.0" + } + } + }, + { + "category": "product_version", + "name": "2.10.1", + "product": { + "name": "loopback@2.10.1", + "product_id": "28", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.10.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.10.1" + } + } + }, + { + "category": "product_version", + "name": "2.10.2", + "product": { + "name": "loopback@2.10.2", + "product_id": "29", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.10.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.10.2" + } + } + }, + { + "category": "product_version", + "name": "2.11.0", + "product": { + "name": "loopback@2.11.0", + "product_id": "30", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.11.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.11.0" + } + } + }, + { + "category": "product_version", + "name": "2.12.0", + "product": { + "name": "loopback@2.12.0", + "product_id": "31", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.12.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.12.0" + } + } + }, + { + "category": "product_version", + "name": "2.12.1", + "product": { + "name": "loopback@2.12.1", + "product_id": "32", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.12.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.12.1" + } + } + }, + { + "category": "product_version", + "name": "2.13.0", + "product": { + "name": "loopback@2.13.0", + "product_id": "33", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.13.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.13.0" + } + } + }, + { + "category": "product_version", + "name": "2.14.0", + "product": { + "name": "loopback@2.14.0", + "product_id": "34", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.14.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.14.0" + } + } + }, + { + "category": "product_version", + "name": "2.15.0", + "product": { + "name": "loopback@2.15.0", + "product_id": "35", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.15.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.15.0" + } + } + }, + { + "category": "product_version", + "name": "2.16.0", + "product": { + "name": "loopback@2.16.0", + "product_id": "36", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.16.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.16.0" + } + } + }, + { + "category": "product_version", + "name": "2.16.1", + "product": { + "name": "loopback@2.16.1", + "product_id": "37", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.16.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.16.1" + } + } + }, + { + "category": "product_version", + "name": "2.16.3", + "product": { + "name": "loopback@2.16.3", + "product_id": "38", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.16.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.16.3" + } + } + }, + { + "category": "product_version", + "name": "2.17.0", + "product": { + "name": "loopback@2.17.0", + "product_id": "39", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.17.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.17.0" + } + } + }, + { + "category": "product_version", + "name": "2.17.1", + "product": { + "name": "loopback@2.17.1", + "product_id": "40", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.17.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.17.1" + } + } + }, + { + "category": "product_version", + "name": "2.17.2", + "product": { + "name": "loopback@2.17.2", + "product_id": "41", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.17.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.17.2" + } + } + }, + { + "category": "product_version", + "name": "2.17.3", + "product": { + "name": "loopback@2.17.3", + "product_id": "42", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.17.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.17.3" + } + } + }, + { + "category": "product_version", + "name": "2.18.0", + "product": { + "name": "loopback@2.18.0", + "product_id": "43", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.18.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.18.0" + } + } + }, + { + "category": "product_version", + "name": "2.19.0", + "product": { + "name": "loopback@2.19.0", + "product_id": "44", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.19.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.19.0" + } + } + }, + { + "category": "product_version", + "name": "2.19.1", + "product": { + "name": "loopback@2.19.1", + "product_id": "45", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.19.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.19.1" + } + } + }, + { + "category": "product_version", + "name": "2.20.0", + "product": { + "name": "loopback@2.20.0", + "product_id": "46", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.20.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.20.0" + } + } + }, + { + "category": "product_version", + "name": "2.21.0", + "product": { + "name": "loopback@2.21.0", + "product_id": "47", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.21.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.21.0" + } + } + }, + { + "category": "product_version", + "name": "2.22.0", + "product": { + "name": "loopback@2.22.0", + "product_id": "48", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.22.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.22.0" + } + } + }, + { + "category": "product_version", + "name": "2.22.1", + "product": { + "name": "loopback@2.22.1", + "product_id": "49", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.22.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.22.1" + } + } + }, + { + "category": "product_version", + "name": "2.22.2", + "product": { + "name": "loopback@2.22.2", + "product_id": "50", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.22.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.22.2" + } + } + }, + { + "category": "product_version", + "name": "2.23.0", + "product": { + "name": "loopback@2.23.0", + "product_id": "51", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.23.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.23.0" + } + } + }, + { + "category": "product_version", + "name": "2.25.0", + "product": { + "name": "loopback@2.25.0", + "product_id": "52", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.25.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.25.0" + } + } + }, + { + "category": "product_version", + "name": "2.26.0", + "product": { + "name": "loopback@2.26.0", + "product_id": "53", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.26.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.26.0" + } + } + }, + { + "category": "product_version", + "name": "2.26.1", + "product": { + "name": "loopback@2.26.1", + "product_id": "54", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.26.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.26.1" + } + } + }, + { + "category": "product_version", + "name": "2.26.2", + "product": { + "name": "loopback@2.26.2", + "product_id": "55", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.26.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.26.2" + } + } + }, + { + "category": "product_version", + "name": "2.27.0", + "product": { + "name": "loopback@2.27.0", + "product_id": "56", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.27.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.27.0" + } + } + }, + { + "category": "product_version", + "name": "2.28.0", + "product": { + "name": "loopback@2.28.0", + "product_id": "57", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.28.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.28.0" + } + } + }, + { + "category": "product_version", + "name": "2.29.0", + "product": { + "name": "loopback@2.29.0", + "product_id": "58", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.29.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.29.0" + } + } + }, + { + "category": "product_version", + "name": "2.29.1", + "product": { + "name": "loopback@2.29.1", + "product_id": "59", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.29.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.29.1" + } + } + }, + { + "category": "product_version", + "name": "2.30.0", + "product": { + "name": "loopback@2.30.0", + "product_id": "60", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.30.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.30.0" + } + } + }, + { + "category": "product_version", + "name": "2.31.0", + "product": { + "name": "loopback@2.31.0", + "product_id": "61", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.31.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.31.0" + } + } + }, + { + "category": "product_version", + "name": "2.32.0", + "product": { + "name": "loopback@2.32.0", + "product_id": "62", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.32.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.32.0" + } + } + }, + { + "category": "product_version", + "name": "2.33.0", + "product": { + "name": "loopback@2.33.0", + "product_id": "63", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.33.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.33.0" + } + } + }, + { + "category": "product_version", + "name": "2.34.0", + "product": { + "name": "loopback@2.34.0", + "product_id": "64", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.34.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.34.0" + } + } + }, + { + "category": "product_version", + "name": "2.34.1", + "product": { + "name": "loopback@2.34.1", + "product_id": "65", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.34.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.34.1" + } + } + }, + { + "category": "product_version", + "name": "2.35.0", + "product": { + "name": "loopback@2.35.0", + "product_id": "66", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.35.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.35.0" + } + } + }, + { + "category": "product_version", + "name": "2.36.0", + "product": { + "name": "loopback@2.36.0", + "product_id": "67", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.36.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.36.0" + } + } + }, + { + "category": "product_version", + "name": "2.36.2", + "product": { + "name": "loopback@2.36.2", + "product_id": "68", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.36.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.36.2" + } + } + }, + { + "category": "product_version", + "name": "2.37.0", + "product": { + "name": "loopback@2.37.0", + "product_id": "69", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.37.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.37.0" + } + } + }, + { + "category": "product_version", + "name": "2.37.1", + "product": { + "name": "loopback@2.37.1", + "product_id": "70", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.37.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.37.1" + } + } + }, + { + "category": "product_version", + "name": "2.38.0", + "product": { + "name": "loopback@2.38.0", + "product_id": "71", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.38.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.38.0" + } + } + }, + { + "category": "product_version", + "name": "2.38.1", + "product": { + "name": "loopback@2.38.1", + "product_id": "72", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.38.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.38.1" + } + } + }, + { + "category": "product_version", + "name": "2.38.2", + "product": { + "name": "loopback@2.38.2", + "product_id": "73", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.38.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.38.2" + } + } + }, + { + "category": "product_version", + "name": "2.38.3", + "product": { + "name": "loopback@2.38.3", + "product_id": "74", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.38.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.38.3" + } + } + }, + { + "category": "product_version", + "name": "2.39.0", + "product": { + "name": "loopback@2.39.0", + "product_id": "75", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.39.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.39.0" + } + } + }, + { + "category": "product_version", + "name": "2.39.1", + "product": { + "name": "loopback@2.39.1", + "product_id": "76", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.39.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.39.1" + } + } + }, + { + "category": "product_version", + "name": "2.39.2", + "product": { + "name": "loopback@2.39.2", + "product_id": "77", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.39.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.39.2" + } + } + }, + { + "category": "product_version", + "name": "2.40.0", + "product": { + "name": "loopback@2.40.0", + "product_id": "78", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.40.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.40.0" + } + } + }, + { + "category": "product_version", + "name": "2.41.0", + "product": { + "name": "loopback@2.41.0", + "product_id": "79", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.41.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.41.0" + } + } + }, + { + "category": "product_version", + "name": "2.41.1", + "product": { + "name": "loopback@2.41.1", + "product_id": "80", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.41.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.41.1" + } + } + }, + { + "category": "product_version", + "name": "2.41.2", + "product": { + "name": "loopback@2.41.2", + "product_id": "81", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.41.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.41.2" + } + } + }, + { + "category": "product_version", + "name": "2.42.0", + "product": { + "name": "loopback@2.42.0", + "product_id": "82", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:2.42.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@2.42.0" + } + } + } + ], + "category": "product_name", + "name": "loopback" + } + ], + "category": "product_family", + "name": "LoopBack 2" + }, + { + "branches": [ + { + "branches": [ + { + "category": "product_version", + "name": "3.0.0", + "product": { + "name": "loopback@3.0.0", + "product_id": "83", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.0.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.0.0" + } + } + }, + { + "category": "product_version", + "name": "3.1.0", + "product": { + "name": "loopback@3.1.0", + "product_id": "84", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.1.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.1.0" + } + } + }, + { + "category": "product_version", + "name": "3.1.1", + "product": { + "name": "loopback@3.1.1", + "product_id": "85", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.1.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.1.1" + } + } + }, + { + "category": "product_version", + "name": "3.2.0", + "product": { + "name": "loopback@3.2.0", + "product_id": "86", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.2.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.2.0" + } + } + }, + { + "category": "product_version", + "name": "3.2.1", + "product": { + "name": "loopback@3.2.1", + "product_id": "87", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.2.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.2.1" + } + } + }, + { + "category": "product_version", + "name": "3.3.0", + "product": { + "name": "loopback@3.3.0", + "product_id": "88", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.3.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.3.0" + } + } + }, + { + "category": "product_version", + "name": "3.4.0", + "product": { + "name": "loopback@3.4.0", + "product_id": "89", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.4.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.4.0" + } + } + }, + { + "category": "product_version", + "name": "3.5.0", + "product": { + "name": "loopback@3.5.0", + "product_id": "90", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.5.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.5.0" + } + } + }, + { + "category": "product_version", + "name": "3.6.0", + "product": { + "name": "loopback@3.6.0", + "product_id": "91", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.6.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.6.0" + } + } + }, + { + "category": "product_version", + "name": "3.7.0", + "product": { + "name": "loopback@3.7.0", + "product_id": "92", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.7.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.7.0" + } + } + }, + { + "category": "product_version", + "name": "3.8.0", + "product": { + "name": "loopback@3.8.0", + "product_id": "93", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.8.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.8.0" + } + } + }, + { + "category": "product_version", + "name": "3.9.0", + "product": { + "name": "loopback@3.9.0", + "product_id": "94", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.9.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.9.0" + } + } + }, + { + "category": "product_version", + "name": "3.10.0", + "product": { + "name": "loopback@3.10.0", + "product_id": "95", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.10.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.10.0" + } + } + }, + { + "category": "product_version", + "name": "3.10.1", + "product": { + "name": "loopback@3.10.1", + "product_id": "96", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.10.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.10.1" + } + } + }, + { + "category": "product_version", + "name": "3.11.0", + "product": { + "name": "loopback@3.11.0", + "product_id": "97", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.11.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.11.0" + } + } + }, + { + "category": "product_version", + "name": "3.11.1", + "product": { + "name": "loopback@3.11.1", + "product_id": "98", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.11.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.11.1" + } + } + }, + { + "category": "product_version", + "name": "3.12.0", + "product": { + "name": "loopback@3.12.0", + "product_id": "99", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.12.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.12.0" + } + } + }, + { + "category": "product_version", + "name": "3.13.0", + "product": { + "name": "loopback@3.13.0", + "product_id": "100", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.13.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.13.0" + } + } + }, + { + "category": "product_version", + "name": "3.14.0", + "product": { + "name": "loopback@3.14.0", + "product_id": "101", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.14.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.14.0" + } + } + }, + { + "category": "product_version", + "name": "3.15.0", + "product": { + "name": "loopback@3.15.0", + "product_id": "102", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.15.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.15.0" + } + } + }, + { + "category": "product_version", + "name": "3.16.0", + "product": { + "name": "loopback@3.16.0", + "product_id": "103", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.16.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.16.0" + } + } + }, + { + "category": "product_version", + "name": "3.16.1", + "product": { + "name": "loopback@3.16.1", + "product_id": "104", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.16.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.16.1" + } + } + }, + { + "category": "product_version", + "name": "3.16.2", + "product": { + "name": "loopback@3.16.2", + "product_id": "105", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.16.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.16.2" + } + } + }, + { + "category": "product_version", + "name": "3.17.0", + "product": { + "name": "loopback@3.17.0", + "product_id": "106", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.17.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.17.0" + } + } + }, + { + "category": "product_version", + "name": "3.17.1", + "product": { + "name": "loopback@3.17.1", + "product_id": "107", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.17.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.17.1" + } + } + }, + { + "category": "product_version", + "name": "3.18.0", + "product": { + "name": "loopback@3.18.0", + "product_id": "108", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.18.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.18.0" + } + } + }, + { + "category": "product_version", + "name": "3.18.1", + "product": { + "name": "loopback@3.18.1", + "product_id": "109", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.18.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.18.1" + } + } + }, + { + "category": "product_version", + "name": "3.18.2", + "product": { + "name": "loopback@3.18.2", + "product_id": "110", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.18.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.18.2" + } + } + }, + { + "category": "product_version", + "name": "3.18.3", + "product": { + "name": "loopback@3.18.3", + "product_id": "111", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.18.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.18.3" + } + } + }, + { + "category": "product_version", + "name": "3.19.0", + "product": { + "name": "loopback@3.19.0", + "product_id": "112", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.19.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.19.0" + } + } + }, + { + "category": "product_version", + "name": "3.19.1", + "product": { + "name": "loopback@3.19.1", + "product_id": "113", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.19.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.19.1" + } + } + }, + { + "category": "product_version", + "name": "3.19.2", + "product": { + "name": "loopback@3.19.2", + "product_id": "114", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.19.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.19.2" + } + } + }, + { + "category": "product_version", + "name": "3.19.3", + "product": { + "name": "loopback@3.19.3", + "product_id": "115", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.19.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.19.3" + } + } + }, + { + "category": "product_version", + "name": "3.20.0", + "product": { + "name": "loopback@3.20.0", + "product_id": "116", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.20.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.20.0" + } + } + }, + { + "category": "product_version", + "name": "3.21.0", + "product": { + "name": "loopback@3.21.0", + "product_id": "117", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.21.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.21.0" + } + } + }, + { + "category": "product_version", + "name": "3.22.0", + "product": { + "name": "loopback@3.22.0", + "product_id": "118", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.22.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.22.0" + } + } + }, + { + "category": "product_version", + "name": "3.22.1", + "product": { + "name": "loopback@3.22.1", + "product_id": "119", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.22.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.22.1" + } + } + }, + { + "category": "product_version", + "name": "3.22.2", + "product": { + "name": "loopback@3.22.2", + "product_id": "120", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.22.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.22.2" + } + } + }, + { + "category": "product_version", + "name": "3.22.3", + "product": { + "name": "loopback@3.22.3", + "product_id": "121", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.22.3:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.22.3" + } + } + }, + { + "category": "product_version", + "name": "3.23.0", + "product": { + "name": "loopback@3.23.0", + "product_id": "122", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.23.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.23.0" + } + } + }, + { + "category": "product_version", + "name": "3.23.1", + "product": { + "name": "loopback@3.23.1", + "product_id": "123", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.23.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.23.1" + } + } + }, + { + "category": "product_version", + "name": "3.23.2", + "product": { + "name": "loopback@3.23.2", + "product_id": "124", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.23.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.23.2" + } + } + }, + { + "category": "product_version", + "name": "3.24.0", + "product": { + "name": "loopback@3.24.0", + "product_id": "125", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.24.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.24.0" + } + } + }, + { + "category": "product_version", + "name": "3.24.1", + "product": { + "name": "loopback@3.24.1", + "product_id": "126", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.24.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.24.1" + } + } + }, + { + "category": "product_version", + "name": "3.24.2", + "product": { + "name": "loopback@3.24.2", + "product_id": "127", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.24.2:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.24.2" + } + } + }, + { + "category": "product_version", + "name": "3.25.0", + "product": { + "name": "loopback@3.25.0", + "product_id": "128", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.25.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.25.0" + } + } + }, + { + "category": "product_version", + "name": "3.25.1", + "product": { + "name": "loopback@3.25.1", + "product_id": "129", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.25.1:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.25.1" + } + } + }, + { + "category": "product_version", + "name": "3.26.0", + "product": { + "name": "loopback@3.26.0", + "product_id": "130", + "product_identification_helper": { + "cpe": "cpe:2.3:a:loopback:loopback:3.26.0:*:*:*:*:*:*:*", + "purl": "pkg:npm/loopback@3.26.0" + } + } + } + ], + "category": "product_name", + "name": "loopback" + } + ], + "category": "product_family", + "name": "LoopBack 3" + } + ], + "category": "product_family", + "name": "LoopBack" + } + ], + "category": "vendor", + "name": "LoopBack" + } + ], + "product_groups": [ + { + "group_id": "1", + "product_ids": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "22", + "23", + "24", + "25", + "26", + "27", + "28", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "39", + "40", + "41", + "42", + "43", + "44", + "45", + "46", + "47", + "48", + "49", + "50", + "51", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60", + "61", + "62", + "63", + "64", + "65", + "66", + "67", + "68", + "69", + "70", + "71", + "72", + "73", + "74", + "75", + "76", + "77", + "78", + "79", + "80", + "81" + ], + "summary": "Affected LoopBack 2 products." + }, + { + "group_id": "2", + "product_ids": [ + "82", + "83", + "84", + "85", + "86", + "87", + "88", + "89", + "90", + "91", + "92", + "93", + "94", + "95", + "96", + "97", + "98", + "99", + "100", + "101", + "102", + "103", + "104", + "105", + "106", + "107", + "108", + "109", + "110", + "111", + "112", + "113", + "114", + "115", + "116", + "117", + "118", + "119", + "120", + "121", + "122", + "123", + "124", + "125", + "126", + "127", + "128", + "129" + ], + "summary": "Affected LoopBack 3 products." + } + ] + }, + "vulnerabilities": [ + { + "cwe": { + "id": "CWE-89", + "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + }, + "notes": [ + { + "audience": "all", + "category": "description", + "text": "The built-in `User` model's `login` method allows search criteria objects to be passed as values for its `email`, `username`, and `realm` parameters.\nUsing conditional properties like `neq` and `regexp`, an unspecific but valid username or email can be used for trying the weak password.\n\nFor example, if the hacker guesses there are some users in the system have a weak password 'x', this query:\n\n```js\nUser.login({username: {'regexp': '^ap'}, password: 'x'});\n```\n\nwill set the username to the first user whose username starts with `ap`, against whose account the password-guessing attack can be performed." + }, + { + "audience": "all", + "category": "summary", + "text": "`loopback@2.x` or `loopback@3.x` allows logging into a user account by trying weak passwords without knowing the exact username/email." + } + ], + "product_status": { + "first_affected": ["1", "83"], + "known_affected": ["81", "129"], + "last_affected": ["81", "129"], + "fixed": ["82", "130"], + "recommended": ["82", "130"] + }, + "references": [ + { + "category": "self", + "summary": "GitHub Commit: LoopBack 2.x", + "url": "https://github.com/strongloop/loopback/commit/2dd98a368b719e85644c7cd901694ac38393d808" + }, + { + "category": "self", + "summary": "GitHub Commit: LoopBack 3.x", + "url": "https://github.com/strongloop/loopback/commit/58a0e6c8e95c346442a055510bc14e36207e7d85" + }, + { + "category": "self", + "summary": "GitHub Issue", + "url": "https://github.com/strongloop/loopback/issues/4195" + }, + { + "category": "self", + "summary": "GitHub Pull Request: LoopBack 3.x", + "url": "https://github.com/strongloop/loopback/pull/4213" + }, + { + "category": "self", + "summary": "GitHub Pull Request: LoopBack 3.x", + "url": "https://github.com/strongloop/loopback/pull/4208" + }, + { + "summary": "NPM", + "url": "https://www.npmjs.com/package/loopback" + } + ], + "remediations": [ + { + "category": "vendor_fix", + "date": "2019-06-04T17:45:17.255Z", + "details": "Upgrade to `loopback@2.42.0` or later", + "group_ids": ["1"] + }, + { + "category": "vendor_fix", + "date": "2019-05-31T07:06:20.417Z", + "details": "Upgrade to `loopback@3.26.0` or later", + "group_ids": ["2"] + } + ], + "scores": [ + { + "cvss_v3": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availability": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentiality": "LOW", + "integrity": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + }, + "products": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "22", + "23", + "24", + "25", + "26", + "27", + "28", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "39", + "40", + "41", + "42", + "43", + "44", + "45", + "46", + "47", + "48", + "49", + "50", + "51", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60", + "61", + "62", + "63", + "64", + "65", + "66", + "67", + "68", + "69", + "70", + "71", + "72", + "73", + "74", + "75", + "76", + "77", + "78", + "79", + "80", + "81", + "82", + "83", + "84", + "85", + "86", + "87", + "88", + "89", + "90", + "91", + "92", + "93", + "94", + "95", + "96", + "97", + "98", + "99", + "100", + "101", + "102", + "103", + "104", + "105", + "106", + "107", + "108", + "109", + "110", + "111", + "112", + "113", + "114", + "115", + "116", + "117", + "118", + "119", + "120", + "121", + "122", + "123", + "124", + "125", + "126", + "127", + "128", + "129" + ] + } + ] + } + ] +} diff --git a/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json.license b/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json.license new file mode 100644 index 0000000..885aa91 --- /dev/null +++ b/advisories/lbsec-20190617-1/lbsec-20190617-1.csaf.json.license @@ -0,0 +1,2 @@ +SPDX-FileCopyrightText: LoopBack Contributors +SPDX-License-Identifier: MIT diff --git a/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json b/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json new file mode 100644 index 0000000..9986666 --- /dev/null +++ b/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json @@ -0,0 +1,250 @@ +{ + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "loopback", + "purl": "pkg:npm/loopback" + }, + "ranges": [ + { + "events": [ + { + "introduced": "" + }, + { + "fixed": "58a0e6c8e95c346442a055510bc14e36207e7d85" + } + ], + "repo": "https://github.com/strongloop/loopback.git", + "type": "GIT" + }, + { + "events": [ + { + "introduced": "2.0.0" + }, + { + "fixed": "2.41.1" + } + ], + "type": "SEMVER" + }, + { + "events": [ + { + "introduced": "" + }, + { + "fixed": "2dd98a368b719e85644c7cd901694ac38393d808" + } + ], + "repo": "https://github.com/strongloop/loopback.git", + "type": "GIT" + }, + { + "events": [ + { + "introduced": "3.0.0" + }, + { + "fixed": "3.24.1" + } + ], + "type": "SEMVER" + } + ], + "versions": [ + "2.0.0", + "2.0.1", + "2.0.2", + "2.1.0", + "2.1.1", + "2.1.2", + "2.1.3", + "2.1.4", + "2.2.0", + "2.3.0", + "2.3.1", + "2.4.0", + "2.4.1", + "2.5.0", + "2.6.0", + "2.7.0", + "2.8.0", + "2.8.1", + "2.8.2", + "2.8.3", + "2.8.4", + "2.8.5", + "2.8.6", + "2.8.7", + "2.8.8", + "2.9.0", + "2.10.0", + "2.10.1", + "2.10.2", + "2.11.0", + "2.12.0", + "2.12.1", + "2.13.0", + "2.14.0", + "2.15.0", + "2.16.0", + "2.16.1", + "2.16.3", + "2.17.0", + "2.17.1", + "2.17.2", + "2.17.3", + "2.18.0", + "2.19.0", + "2.19.1", + "2.20.0", + "2.21.0", + "2.22.0", + "2.22.1", + "2.22.2", + "2.23.0", + "2.25.0", + "2.26.0", + "2.26.1", + "2.26.2", + "2.27.0", + "2.28.0", + "2.29.0", + "2.29.1", + "2.30.0", + "2.31.0", + "2.32.0", + "2.33.0", + "2.34.0", + "2.34.1", + "2.35.0", + "2.36.0", + "2.36.2", + "2.37.0", + "2.37.1", + "2.38.0", + "2.38.1", + "2.38.2", + "2.38.3", + "2.39.0", + "2.39.1", + "2.39.2", + "2.40.0", + "2.41.0", + "3.0.0", + "3.1.0", + "3.1.1", + "3.2.0", + "3.2.1", + "3.3.0", + "3.4.0", + "3.5.0", + "3.6.0", + "3.7.0", + "3.8.0", + "3.9.0", + "3.10.0", + "3.10.1", + "3.11.0", + "3.11.1", + "3.12.0", + "3.13.0", + "3.14.0", + "3.15.0", + "3.16.0", + "3.16.1", + "3.16.2", + "3.17.0", + "3.17.1", + "3.18.0", + "3.18.1", + "3.18.2", + "3.18.3", + "3.19.0", + "3.19.1", + "3.19.2", + "3.19.3", + "3.20.0", + "3.21.0", + "3.22.0", + "3.22.1", + "3.22.2", + "3.22.3", + "3.23.0", + "3.23.1", + "3.23.2", + "3.24.0" + ] + } + ], + "aliases": ["GHSA-724c-6vrf-99rq", "GMS-2020-358"], + "credits": [ + { + "name": "@gabjauf", + "urls": ["https://github.com/gabjauf"] + } + ], + "database_specific": { + "CWE": "CWE-89" + }, + "details": "The built-in `User` model's `login` method allows search criteria objects to be passed as values for its `email`, `username`, and `realm` parameters.\nUsing conditional properties like `neq` and `regexp`, an unspecific but valid username or email can be used for trying the weak password.\n\nFor example, if the hacker guesses there are some users in the system have a weak password 'x', this query:\n\n```js\nUser.login({username: {'regexp': '^ap'}, password: 'x'});\n```\n\nwill set the username to the first user whose username starts with `ap`, against whose account the password-guessing attack can be performed.", + "id": "LBSEC-20190617-1", + "modified": "1970-01-01T00:00:00.000Z", + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-724c-6vrf-99rq" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/csaf/lbsa-20190617-1.csaf.json" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/html/lbsa-20190617-1.html" + }, + { + "type": "ADVISORY", + "url": "https://security.loopback.io/en/advisories/osv/lbsa-20190617-1.osv.json" + }, + { + "type": "PACKAGE", + "url": "https://loopback.io" + }, + { + "type": "PACKAGE", + "url": "https://www.npmjs.com/package/loopback" + }, + { + "type": "REPORT", + "url": "https://github.com/strongloop/loopback/issues/4195" + }, + { + "type": "WEB", + "url": "https://github.com/strongloop/loopback/commit/2dd98a368b719e85644c7cd901694ac38393d808" + }, + { + "type": "WEB", + "url": "https://github.com/strongloop/loopback/commit/58a0e6c8e95c346442a055510bc14e36207e7d85" + }, + { + "type": "WEB", + "url": "https://github.com/strongloop/loopback/pull/4213" + }, + { + "type": "WEB", + "url": "https://github.com/strongloop/loopback/pull/4208" + } + ], + "schema_version": "1.2.0", + "severity": [ + { + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "type": "CVSS_V3" + } + ], + "summary": "`loopback@2.x` or `loopback@3.x` allows logging into a user account by trying weak passwords without knowing the exact username/email." +} diff --git a/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json.license b/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json.license new file mode 100644 index 0000000..885aa91 --- /dev/null +++ b/advisories/lbsec-20190617-1/lbsec-20190617-1.osv.json.license @@ -0,0 +1,2 @@ +SPDX-FileCopyrightText: LoopBack Contributors +SPDX-License-Identifier: MIT diff --git a/advisories/lbsa-20201130.csaf.json b/advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json similarity index 69% rename from advisories/lbsa-20201130.csaf.json rename to advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json index ea11fa5..3565881 100644 --- a/advisories/lbsa-20201130.csaf.json +++ b/advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json @@ -22,49 +22,29 @@ "references": [ { "category": "self", - "summary": "LoopBack Security Advisory 11-30-2020 CSAF document", + "summary": "LBSEC-20201130-1: LoopBack Security Advisory 11-30-2020 - CSAF document", "url": "https://loopback.io/doc/en/sec/lbsa-2020-11-30.csaf.json" }, { "category": "self", - "summary": "LoopBack Security Advisory 11-30-2020 HTML document", + "summary": "LBSEC-20201130-1: LoopBack Security Advisory 11-30-2020 - HTML document", "url": "https://loopback.io/doc/en/sec/Security-advisory-11-30-2020.html" } ], - "title": "LoopBack Security Advisory 11-30-2020", + "title": "LBSEC-20201130-1: LoopBack Security Advisory 11-30-2020", "tracking": { - "current_release_date": "2022-03-07T13:53:00.000Z", - "id": "LBSA-20201130", - "initial_release_date": "2022-01-18T00:00:00.000Z", + "current_release_date": "1970-01-01T00:00:00.000Z", + "id": "LBSEC-20201130-1", + "initial_release_date": "1970-01-01T00:00:00.000Z", "revision_history": [ { - "date": "2022-03-07T13:53:00.000Z", - "number": "2.1.0", - "summary": "Updated vendor; Updated references; Reorganised notes." - }, - { - "date": "2022-03-07T03:42:00.000Z", - "number": "2.0.0", - "summary": "Updated product tree, product status." - }, - { - "date": "2022-03-05T16:39:00.000Z", - "number": "1.1.0", - "summary": "Updated tracking ID; Added references." - }, - { - "date": "2022-03-05T00:00:00.000Z", - "number": "1.0.1", - "summary": "Fixed validation errors." - }, - { - "date": "2022-01-18T00:00:00.000Z", - "number": "1.0.0", - "summary": "Initial version." + "date": "1970-01-01T00:00:00.000Z", + "number": "0.1.0", + "summary": "Draft version." } ], - "status": "final", - "version": "2.1.0" + "status": "draft", + "version": "0.1.0" } }, "product_tree": { @@ -79,286 +59,10 @@ "branches": [ { "category": "product_version", - "name": "Version 4.0.0-alpha.4", + "name": "0.1.0", "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.4", + "name": "@loopback/rest@0.1.0", "product_id": "1", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.4:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.4" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.5", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.5", - "product_id": "2", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.5:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.5" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.6", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.6", - "product_id": "3", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.6:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.6" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.7", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.7", - "product_id": "4", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.7:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.7" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.8", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.8", - "product_id": "5", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.8:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.8" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.9", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.9", - "product_id": "6", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.9:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.9" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.10", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.10", - "product_id": "7", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.10:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.10" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.11", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.11", - "product_id": "8", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.11:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.11" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.12", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.12", - "product_id": "9", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.12:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.12" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.13", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.13", - "product_id": "10", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.13:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.13" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.14", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.14", - "product_id": "11", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.14:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.14" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.15", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.15", - "product_id": "12", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.15:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.15" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.16", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.16", - "product_id": "13", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.16:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.16" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.17", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.17", - "product_id": "14", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.17:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.17" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.18", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.18", - "product_id": "15", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.18:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.18" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.19", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.19", - "product_id": "16", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.19:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.19" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.20", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.20", - "product_id": "17", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.20:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.20" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.21", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.21", - "product_id": "18", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.21:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.21" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.22", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.22", - "product_id": "19", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.22:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.22" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.23", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.23", - "product_id": "20", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.23:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.23" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.24", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.24", - "product_id": "21", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.24:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.24" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.25", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.25", - "product_id": "22", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.25:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.25" - } - } - }, - { - "category": "product_version", - "name": "Version 4.0.0-alpha.26", - "product": { - "name": "@loopback/rest - Version 4.0.0-alpha.26", - "product_id": "23", - "product_identification_helper": { - "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0-alpha.26:*:*:*:*:*:*:*", - "purl": "pkg:npm/%40loopback/rest@4.0.0-alpha.26" - } - } - }, - { - "category": "product_version", - "name": "Version 0.1.0", - "product": { - "name": "@loopback/rest - Version 0.1.0", - "product_id": "24", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.1.0" @@ -367,10 +71,10 @@ }, { "category": "product_version", - "name": "Version 0.1.1", + "name": "0.1.1", "product": { - "name": "@loopback/rest - Version 0.1.1", - "product_id": "25", + "name": "@loopback/rest@0.1.1", + "product_id": "2", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.1.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.1.1" @@ -379,10 +83,10 @@ }, { "category": "product_version", - "name": "Version 0.1.2", + "name": "0.1.2", "product": { - "name": "@loopback/rest - Version 0.1.2", - "product_id": "26", + "name": "@loopback/rest@0.1.2", + "product_id": "3", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.1.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.1.2" @@ -391,10 +95,10 @@ }, { "category": "product_version", - "name": "Version 0.2.0", + "name": "0.2.0", "product": { - "name": "@loopback/rest - Version 0.2.0", - "product_id": "27", + "name": "@loopback/rest@0.2.0", + "product_id": "4", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.2.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.2.0" @@ -403,10 +107,10 @@ }, { "category": "product_version", - "name": "Version 0.3.0", + "name": "0.3.0", "product": { - "name": "@loopback/rest - Version 0.3.0", - "product_id": "28", + "name": "@loopback/rest@0.3.0", + "product_id": "5", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.3.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.3.0" @@ -415,10 +119,10 @@ }, { "category": "product_version", - "name": "Version 0.3.1", + "name": "0.3.1", "product": { - "name": "@loopback/rest - Version 0.3.1", - "product_id": "29", + "name": "@loopback/rest@0.3.1", + "product_id": "6", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.3.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.3.1" @@ -427,10 +131,10 @@ }, { "category": "product_version", - "name": "Version 0.3.2", + "name": "0.3.2", "product": { - "name": "@loopback/rest - Version 0.3.2", - "product_id": "30", + "name": "@loopback/rest@0.3.2", + "product_id": "7", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.3.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.3.2" @@ -439,10 +143,10 @@ }, { "category": "product_version", - "name": "Version 0.3.3", + "name": "0.3.3", "product": { - "name": "@loopback/rest - Version 0.3.3", - "product_id": "31", + "name": "@loopback/rest@0.3.3", + "product_id": "8", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.3.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.3.3" @@ -451,10 +155,10 @@ }, { "category": "product_version", - "name": "Version 0.3.4", + "name": "0.3.4", "product": { - "name": "@loopback/rest - Version 0.3.4", - "product_id": "32", + "name": "@loopback/rest@0.3.4", + "product_id": "9", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.3.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.3.4" @@ -463,10 +167,10 @@ }, { "category": "product_version", - "name": "Version 0.4.0", + "name": "0.4.0", "product": { - "name": "@loopback/rest - Version 0.4.0", - "product_id": "33", + "name": "@loopback/rest@0.4.0", + "product_id": "10", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.4.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.4.0" @@ -475,10 +179,10 @@ }, { "category": "product_version", - "name": "Version 0.4.1", + "name": "0.4.1", "product": { - "name": "@loopback/rest - Version 0.4.1", - "product_id": "34", + "name": "@loopback/rest@0.4.1", + "product_id": "11", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.4.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.4.1" @@ -487,10 +191,10 @@ }, { "category": "product_version", - "name": "Version 0.5.0", + "name": "0.5.0", "product": { - "name": "@loopback/rest - Version 0.5.0", - "product_id": "35", + "name": "@loopback/rest@0.5.0", + "product_id": "12", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.5.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.5.0" @@ -499,10 +203,10 @@ }, { "category": "product_version", - "name": "Version 0.5.1", + "name": "0.5.1", "product": { - "name": "@loopback/rest - Version 0.5.1", - "product_id": "36", + "name": "@loopback/rest@0.5.1", + "product_id": "13", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.5.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.5.1" @@ -511,10 +215,10 @@ }, { "category": "product_version", - "name": "Version 0.5.2", + "name": "0.5.2", "product": { - "name": "@loopback/rest - Version 0.5.2", - "product_id": "37", + "name": "@loopback/rest@0.5.2", + "product_id": "14", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.5.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.5.2" @@ -523,10 +227,10 @@ }, { "category": "product_version", - "name": "Version 0.6.0", + "name": "0.6.0", "product": { - "name": "@loopback/rest - Version 0.6.0", - "product_id": "38", + "name": "@loopback/rest@0.6.0", + "product_id": "15", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.6.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.6.0" @@ -535,10 +239,10 @@ }, { "category": "product_version", - "name": "Version 0.6.1", + "name": "0.6.1", "product": { - "name": "@loopback/rest - Version 0.6.1", - "product_id": "39", + "name": "@loopback/rest@0.6.1", + "product_id": "16", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.6.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.6.1" @@ -547,10 +251,10 @@ }, { "category": "product_version", - "name": "Version 0.6.2", + "name": "0.6.2", "product": { - "name": "@loopback/rest - Version 0.6.2", - "product_id": "40", + "name": "@loopback/rest@0.6.2", + "product_id": "17", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.6.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.6.2" @@ -559,10 +263,10 @@ }, { "category": "product_version", - "name": "Version 0.6.3", + "name": "0.6.3", "product": { - "name": "@loopback/rest - Version 0.6.3", - "product_id": "41", + "name": "@loopback/rest@0.6.3", + "product_id": "18", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.6.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.6.3" @@ -571,10 +275,10 @@ }, { "category": "product_version", - "name": "Version 0.7.0", + "name": "0.7.0", "product": { - "name": "@loopback/rest - Version 0.7.0", - "product_id": "42", + "name": "@loopback/rest@0.7.0", + "product_id": "19", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.7.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.7.0" @@ -583,10 +287,10 @@ }, { "category": "product_version", - "name": "Version 0.8.0", + "name": "0.8.0", "product": { - "name": "@loopback/rest - Version 0.8.0", - "product_id": "43", + "name": "@loopback/rest@0.8.0", + "product_id": "20", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.8.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.8.0" @@ -595,10 +299,10 @@ }, { "category": "product_version", - "name": "Version 0.8.1", + "name": "0.8.1", "product": { - "name": "@loopback/rest - Version 0.8.1", - "product_id": "44", + "name": "@loopback/rest@0.8.1", + "product_id": "21", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.8.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.8.1" @@ -607,10 +311,10 @@ }, { "category": "product_version", - "name": "Version 0.9.0", + "name": "0.9.0", "product": { - "name": "@loopback/rest - Version 0.9.0", - "product_id": "45", + "name": "@loopback/rest@0.9.0", + "product_id": "22", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.9.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.9.0" @@ -619,10 +323,10 @@ }, { "category": "product_version", - "name": "Version 0.10.0", + "name": "0.10.0", "product": { - "name": "@loopback/rest - Version 0.10.0", - "product_id": "46", + "name": "@loopback/rest@0.10.0", + "product_id": "23", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.0" @@ -631,10 +335,10 @@ }, { "category": "product_version", - "name": "Version 0.10.1", + "name": "0.10.1", "product": { - "name": "@loopback/rest - Version 0.10.1", - "product_id": "47", + "name": "@loopback/rest@0.10.1", + "product_id": "24", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.1" @@ -643,10 +347,10 @@ }, { "category": "product_version", - "name": "Version 0.10.2", + "name": "0.10.2", "product": { - "name": "@loopback/rest - Version 0.10.2", - "product_id": "48", + "name": "@loopback/rest@0.10.2", + "product_id": "25", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.2" @@ -655,10 +359,10 @@ }, { "category": "product_version", - "name": "Version 0.10.3", + "name": "0.10.3", "product": { - "name": "@loopback/rest - Version 0.10.3", - "product_id": "49", + "name": "@loopback/rest@0.10.3", + "product_id": "26", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.3" @@ -667,10 +371,10 @@ }, { "category": "product_version", - "name": "Version 0.10.4", + "name": "0.10.4", "product": { - "name": "@loopback/rest - Version 0.10.4", - "product_id": "50", + "name": "@loopback/rest@0.10.4", + "product_id": "27", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.4" @@ -679,10 +383,10 @@ }, { "category": "product_version", - "name": "Version 0.10.5", + "name": "0.10.5", "product": { - "name": "@loopback/rest - Version 0.10.5", - "product_id": "51", + "name": "@loopback/rest@0.10.5", + "product_id": "28", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.10.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.10.5" @@ -691,10 +395,10 @@ }, { "category": "product_version", - "name": "Version 0.11.0", + "name": "0.11.0", "product": { - "name": "@loopback/rest - Version 0.11.0", - "product_id": "52", + "name": "@loopback/rest@0.11.0", + "product_id": "29", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.11.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.11.0" @@ -703,10 +407,10 @@ }, { "category": "product_version", - "name": "Version 0.11.1", + "name": "0.11.1", "product": { - "name": "@loopback/rest - Version 0.11.1", - "product_id": "53", + "name": "@loopback/rest@0.11.1", + "product_id": "30", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.11.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.11.1" @@ -715,10 +419,10 @@ }, { "category": "product_version", - "name": "Version 0.11.2", + "name": "0.11.2", "product": { - "name": "@loopback/rest - Version 0.11.2", - "product_id": "54", + "name": "@loopback/rest@0.11.2", + "product_id": "31", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.11.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.11.2" @@ -727,10 +431,10 @@ }, { "category": "product_version", - "name": "Version 0.11.3", + "name": "0.11.3", "product": { - "name": "@loopback/rest - Version 0.11.3", - "product_id": "55", + "name": "@loopback/rest@0.11.3", + "product_id": "32", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.11.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.11.3" @@ -739,10 +443,10 @@ }, { "category": "product_version", - "name": "Version 0.12.0", + "name": "0.12.0", "product": { - "name": "@loopback/rest - Version 0.12.0", - "product_id": "56", + "name": "@loopback/rest@0.12.0", + "product_id": "33", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.12.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.12.0" @@ -751,10 +455,10 @@ }, { "category": "product_version", - "name": "Version 0.14.0", + "name": "0.14.0", "product": { - "name": "@loopback/rest - Version 0.14.0", - "product_id": "57", + "name": "@loopback/rest@0.14.0", + "product_id": "34", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.14.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.14.0" @@ -763,10 +467,10 @@ }, { "category": "product_version", - "name": "Version 0.14.1", + "name": "0.14.1", "product": { - "name": "@loopback/rest - Version 0.14.1", - "product_id": "58", + "name": "@loopback/rest@0.14.1", + "product_id": "35", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.14.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.14.1" @@ -775,10 +479,10 @@ }, { "category": "product_version", - "name": "Version 0.15.0", + "name": "0.15.0", "product": { - "name": "@loopback/rest - Version 0.15.0", - "product_id": "59", + "name": "@loopback/rest@0.15.0", + "product_id": "36", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.15.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.15.0" @@ -787,10 +491,10 @@ }, { "category": "product_version", - "name": "Version 0.15.1", + "name": "0.15.1", "product": { - "name": "@loopback/rest - Version 0.15.1", - "product_id": "60", + "name": "@loopback/rest@0.15.1", + "product_id": "37", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.15.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.15.1" @@ -799,10 +503,10 @@ }, { "category": "product_version", - "name": "Version 0.16.0", + "name": "0.16.0", "product": { - "name": "@loopback/rest - Version 0.16.0", - "product_id": "61", + "name": "@loopback/rest@0.16.0", + "product_id": "38", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.16.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.16.0" @@ -811,10 +515,10 @@ }, { "category": "product_version", - "name": "Version 0.17.0", + "name": "0.17.0", "product": { - "name": "@loopback/rest - Version 0.17.0", - "product_id": "62", + "name": "@loopback/rest@0.17.0", + "product_id": "39", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.17.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.17.0" @@ -823,10 +527,10 @@ }, { "category": "product_version", - "name": "Version 0.17.1", + "name": "0.17.1", "product": { - "name": "@loopback/rest - Version 0.17.1", - "product_id": "63", + "name": "@loopback/rest@0.17.1", + "product_id": "40", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.17.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.17.1" @@ -835,10 +539,10 @@ }, { "category": "product_version", - "name": "Version 0.18.0", + "name": "0.18.0", "product": { - "name": "@loopback/rest - Version 0.18.0", - "product_id": "64", + "name": "@loopback/rest@0.18.0", + "product_id": "41", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.18.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.18.0" @@ -847,10 +551,10 @@ }, { "category": "product_version", - "name": "Version 0.19.0", + "name": "0.19.0", "product": { - "name": "@loopback/rest - Version 0.19.0", - "product_id": "65", + "name": "@loopback/rest@0.19.0", + "product_id": "42", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.0" @@ -859,10 +563,10 @@ }, { "category": "product_version", - "name": "Version 0.19.1", + "name": "0.19.1", "product": { - "name": "@loopback/rest - Version 0.19.1", - "product_id": "66", + "name": "@loopback/rest@0.19.1", + "product_id": "43", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.1" @@ -871,10 +575,10 @@ }, { "category": "product_version", - "name": "Version 0.19.2", + "name": "0.19.2", "product": { - "name": "@loopback/rest - Version 0.19.2", - "product_id": "67", + "name": "@loopback/rest@0.19.2", + "product_id": "44", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.2" @@ -883,10 +587,10 @@ }, { "category": "product_version", - "name": "Version 0.19.3", + "name": "0.19.3", "product": { - "name": "@loopback/rest - Version 0.19.3", - "product_id": "68", + "name": "@loopback/rest@0.19.3", + "product_id": "45", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.3" @@ -895,10 +599,10 @@ }, { "category": "product_version", - "name": "Version 0.19.4", + "name": "0.19.4", "product": { - "name": "@loopback/rest - Version 0.19.4", - "product_id": "69", + "name": "@loopback/rest@0.19.4", + "product_id": "46", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.4" @@ -907,10 +611,10 @@ }, { "category": "product_version", - "name": "Version 0.19.5", + "name": "0.19.5", "product": { - "name": "@loopback/rest - Version 0.19.5", - "product_id": "70", + "name": "@loopback/rest@0.19.5", + "product_id": "47", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.5" @@ -919,10 +623,10 @@ }, { "category": "product_version", - "name": "Version 0.19.6", + "name": "0.19.6", "product": { - "name": "@loopback/rest - Version 0.19.6", - "product_id": "71", + "name": "@loopback/rest@0.19.6", + "product_id": "48", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.19.6:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.19.6" @@ -931,10 +635,10 @@ }, { "category": "product_version", - "name": "Version 0.20.0", + "name": "0.20.0", "product": { - "name": "@loopback/rest - Version 0.20.0", - "product_id": "72", + "name": "@loopback/rest@0.20.0", + "product_id": "49", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.20.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.20.0" @@ -943,10 +647,10 @@ }, { "category": "product_version", - "name": "Version 0.21.0", + "name": "0.21.0", "product": { - "name": "@loopback/rest - Version 0.21.0", - "product_id": "73", + "name": "@loopback/rest@0.21.0", + "product_id": "50", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.21.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.21.0" @@ -955,10 +659,10 @@ }, { "category": "product_version", - "name": "Version 0.21.1", + "name": "0.21.1", "product": { - "name": "@loopback/rest - Version 0.21.1", - "product_id": "74", + "name": "@loopback/rest@0.21.1", + "product_id": "51", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.21.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.21.1" @@ -967,10 +671,10 @@ }, { "category": "product_version", - "name": "Version 0.22.0", + "name": "0.22.0", "product": { - "name": "@loopback/rest - Version 0.22.0", - "product_id": "75", + "name": "@loopback/rest@0.22.0", + "product_id": "52", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.22.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.22.0" @@ -979,10 +683,10 @@ }, { "category": "product_version", - "name": "Version 0.22.1", + "name": "0.22.1", "product": { - "name": "@loopback/rest - Version 0.22.1", - "product_id": "76", + "name": "@loopback/rest@0.22.1", + "product_id": "53", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.22.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.22.1" @@ -991,10 +695,10 @@ }, { "category": "product_version", - "name": "Version 0.22.2", + "name": "0.22.2", "product": { - "name": "@loopback/rest - Version 0.22.2", - "product_id": "77", + "name": "@loopback/rest@0.22.2", + "product_id": "54", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.22.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.22.2" @@ -1003,10 +707,10 @@ }, { "category": "product_version", - "name": "Version 0.23.0", + "name": "0.23.0", "product": { - "name": "@loopback/rest - Version 0.23.0", - "product_id": "78", + "name": "@loopback/rest@0.23.0", + "product_id": "55", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.23.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.23.0" @@ -1015,10 +719,10 @@ }, { "category": "product_version", - "name": "Version 0.24.0", + "name": "0.24.0", "product": { - "name": "@loopback/rest - Version 0.24.0", - "product_id": "79", + "name": "@loopback/rest@0.24.0", + "product_id": "56", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.24.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.24.0" @@ -1027,10 +731,10 @@ }, { "category": "product_version", - "name": "Version 0.25.0", + "name": "0.25.0", "product": { - "name": "@loopback/rest - Version 0.25.0", - "product_id": "80", + "name": "@loopback/rest@0.25.0", + "product_id": "57", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.0" @@ -1039,10 +743,10 @@ }, { "category": "product_version", - "name": "Version 0.25.1", + "name": "0.25.1", "product": { - "name": "@loopback/rest - Version 0.25.1", - "product_id": "81", + "name": "@loopback/rest@0.25.1", + "product_id": "58", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.1" @@ -1051,10 +755,10 @@ }, { "category": "product_version", - "name": "Version 0.25.2", + "name": "0.25.2", "product": { - "name": "@loopback/rest - Version 0.25.2", - "product_id": "82", + "name": "@loopback/rest@0.25.2", + "product_id": "59", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.2" @@ -1063,10 +767,10 @@ }, { "category": "product_version", - "name": "Version 0.25.3", + "name": "0.25.3", "product": { - "name": "@loopback/rest - Version 0.25.3", - "product_id": "83", + "name": "@loopback/rest@0.25.3", + "product_id": "60", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.3" @@ -1075,10 +779,10 @@ }, { "category": "product_version", - "name": "Version 0.25.4", + "name": "0.25.4", "product": { - "name": "@loopback/rest - Version 0.25.4", - "product_id": "84", + "name": "@loopback/rest@0.25.4", + "product_id": "61", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.4" @@ -1087,10 +791,10 @@ }, { "category": "product_version", - "name": "Version 0.25.5", + "name": "0.25.5", "product": { - "name": "@loopback/rest - Version 0.25.5", - "product_id": "85", + "name": "@loopback/rest@0.25.5", + "product_id": "62", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.25.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.25.5" @@ -1099,10 +803,10 @@ }, { "category": "product_version", - "name": "Version 0.26.0", + "name": "0.26.0", "product": { - "name": "@loopback/rest - Version 0.26.0", - "product_id": "86", + "name": "@loopback/rest@0.26.0", + "product_id": "63", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.26.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.26.0" @@ -1111,10 +815,10 @@ }, { "category": "product_version", - "name": "Version 0.26.1", + "name": "0.26.1", "product": { - "name": "@loopback/rest - Version 0.26.1", - "product_id": "87", + "name": "@loopback/rest@0.26.1", + "product_id": "64", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:0.26.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@0.26.1" @@ -1123,10 +827,10 @@ }, { "category": "product_version", - "name": "Version 1.0.0", + "name": "1.0.0", "product": { - "name": "@loopback/rest - Version 1.0.0", - "product_id": "88", + "name": "@loopback/rest@1.0.0", + "product_id": "65", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.0.0" @@ -1135,10 +839,10 @@ }, { "category": "product_version", - "name": "Version 1.0.1", + "name": "1.0.1", "product": { - "name": "@loopback/rest - Version 1.0.1", - "product_id": "89", + "name": "@loopback/rest@1.0.1", + "product_id": "66", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.0.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.0.1" @@ -1147,10 +851,10 @@ }, { "category": "product_version", - "name": "Version 1.1.0", + "name": "1.1.0", "product": { - "name": "@loopback/rest - Version 1.1.0", - "product_id": "90", + "name": "@loopback/rest@1.1.0", + "product_id": "67", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.1.0" @@ -1159,10 +863,10 @@ }, { "category": "product_version", - "name": "Version 1.2.0", + "name": "1.2.0", "product": { - "name": "@loopback/rest - Version 1.2.0", - "product_id": "91", + "name": "@loopback/rest@1.2.0", + "product_id": "68", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.2.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.2.0" @@ -1171,10 +875,10 @@ }, { "category": "product_version", - "name": "Version 1.3.0", + "name": "1.3.0", "product": { - "name": "@loopback/rest - Version 1.3.0", - "product_id": "92", + "name": "@loopback/rest@1.3.0", + "product_id": "69", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.3.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.3.0" @@ -1183,10 +887,10 @@ }, { "category": "product_version", - "name": "Version 1.3.1", + "name": "1.3.1", "product": { - "name": "@loopback/rest - Version 1.3.1", - "product_id": "93", + "name": "@loopback/rest@1.3.1", + "product_id": "70", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.3.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.3.1" @@ -1195,10 +899,10 @@ }, { "category": "product_version", - "name": "Version 1.4.0", + "name": "1.4.0", "product": { - "name": "@loopback/rest - Version 1.4.0", - "product_id": "94", + "name": "@loopback/rest@1.4.0", + "product_id": "71", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.4.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.4.0" @@ -1207,10 +911,10 @@ }, { "category": "product_version", - "name": "Version 1.5.0", + "name": "1.5.0", "product": { - "name": "@loopback/rest - Version 1.5.0", - "product_id": "95", + "name": "@loopback/rest@1.5.0", + "product_id": "72", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.0" @@ -1219,10 +923,10 @@ }, { "category": "product_version", - "name": "Version 1.5.1", + "name": "1.5.1", "product": { - "name": "@loopback/rest - Version 1.5.1", - "product_id": "96", + "name": "@loopback/rest@1.5.1", + "product_id": "73", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.1" @@ -1231,10 +935,10 @@ }, { "category": "product_version", - "name": "Version 1.5.2", + "name": "1.5.2", "product": { - "name": "@loopback/rest - Version 1.5.2", - "product_id": "97", + "name": "@loopback/rest@1.5.2", + "product_id": "74", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.2" @@ -1243,10 +947,10 @@ }, { "category": "product_version", - "name": "Version 1.5.3", + "name": "1.5.3", "product": { - "name": "@loopback/rest - Version 1.5.3", - "product_id": "98", + "name": "@loopback/rest@1.5.3", + "product_id": "75", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.3" @@ -1255,10 +959,10 @@ }, { "category": "product_version", - "name": "Version 1.5.4", + "name": "1.5.4", "product": { - "name": "@loopback/rest - Version 1.5.4", - "product_id": "99", + "name": "@loopback/rest@1.5.4", + "product_id": "76", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.4" @@ -1267,10 +971,10 @@ }, { "category": "product_version", - "name": "Version 1.5.5", + "name": "1.5.5", "product": { - "name": "@loopback/rest - Version 1.5.5", - "product_id": "100", + "name": "@loopback/rest@1.5.5", + "product_id": "77", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.5.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.5.5" @@ -1279,10 +983,10 @@ }, { "category": "product_version", - "name": "Version 1.6.0", + "name": "1.6.0", "product": { - "name": "@loopback/rest - Version 1.6.0", - "product_id": "101", + "name": "@loopback/rest@1.6.0", + "product_id": "78", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.6.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.6.0" @@ -1291,10 +995,10 @@ }, { "category": "product_version", - "name": "Version 1.7.0", + "name": "1.7.0", "product": { - "name": "@loopback/rest - Version 1.7.0", - "product_id": "102", + "name": "@loopback/rest@1.7.0", + "product_id": "79", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.7.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.7.0" @@ -1303,10 +1007,10 @@ }, { "category": "product_version", - "name": "Version 1.8.0", + "name": "1.8.0", "product": { - "name": "@loopback/rest - Version 1.8.0", - "product_id": "103", + "name": "@loopback/rest@1.8.0", + "product_id": "80", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.8.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.8.0" @@ -1315,10 +1019,10 @@ }, { "category": "product_version", - "name": "Version 1.9.0", + "name": "1.9.0", "product": { - "name": "@loopback/rest - Version 1.9.0", - "product_id": "104", + "name": "@loopback/rest@1.9.0", + "product_id": "81", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.9.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.9.0" @@ -1327,10 +1031,10 @@ }, { "category": "product_version", - "name": "Version 1.9.1", + "name": "1.9.1", "product": { - "name": "@loopback/rest - Version 1.9.1", - "product_id": "105", + "name": "@loopback/rest@1.9.1", + "product_id": "82", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.9.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.9.1" @@ -1339,10 +1043,10 @@ }, { "category": "product_version", - "name": "Version 1.10.0", + "name": "1.10.0", "product": { - "name": "@loopback/rest - Version 1.10.0", - "product_id": "106", + "name": "@loopback/rest@1.10.0", + "product_id": "83", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.0" @@ -1351,10 +1055,10 @@ }, { "category": "product_version", - "name": "Version 1.10.1", + "name": "1.10.1", "product": { - "name": "@loopback/rest - Version 1.10.1", - "product_id": "107", + "name": "@loopback/rest@1.10.1", + "product_id": "84", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.1" @@ -1363,10 +1067,10 @@ }, { "category": "product_version", - "name": "Version 1.10.2", + "name": "1.10.2", "product": { - "name": "@loopback/rest - Version 1.10.2", - "product_id": "108", + "name": "@loopback/rest@1.10.2", + "product_id": "85", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.2" @@ -1375,10 +1079,10 @@ }, { "category": "product_version", - "name": "Version 1.10.3", + "name": "1.10.3", "product": { - "name": "@loopback/rest - Version 1.10.3", - "product_id": "109", + "name": "@loopback/rest@1.10.3", + "product_id": "86", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.3" @@ -1387,10 +1091,10 @@ }, { "category": "product_version", - "name": "Version 1.10.4", + "name": "1.10.4", "product": { - "name": "@loopback/rest - Version 1.10.4", - "product_id": "110", + "name": "@loopback/rest@1.10.4", + "product_id": "87", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.4" @@ -1399,10 +1103,10 @@ }, { "category": "product_version", - "name": "Version 1.10.5", + "name": "1.10.5", "product": { - "name": "@loopback/rest - Version 1.10.5", - "product_id": "111", + "name": "@loopback/rest@1.10.5", + "product_id": "88", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.10.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.10.5" @@ -1411,10 +1115,10 @@ }, { "category": "product_version", - "name": "Version 1.11.0", + "name": "1.11.0", "product": { - "name": "@loopback/rest - Version 1.11.0", - "product_id": "112", + "name": "@loopback/rest@1.11.0", + "product_id": "89", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.11.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.11.0" @@ -1423,10 +1127,10 @@ }, { "category": "product_version", - "name": "Version 1.11.1", + "name": "1.11.1", "product": { - "name": "@loopback/rest - Version 1.11.1", - "product_id": "113", + "name": "@loopback/rest@1.11.1", + "product_id": "90", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.11.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.11.1" @@ -1435,10 +1139,10 @@ }, { "category": "product_version", - "name": "Version 1.11.2", + "name": "1.11.2", "product": { - "name": "@loopback/rest - Version 1.11.2", - "product_id": "114", + "name": "@loopback/rest@1.11.2", + "product_id": "91", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.11.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.11.2" @@ -1447,10 +1151,10 @@ }, { "category": "product_version", - "name": "Version 1.12.0", + "name": "1.12.0", "product": { - "name": "@loopback/rest - Version 1.12.0", - "product_id": "115", + "name": "@loopback/rest@1.12.0", + "product_id": "92", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.12.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.12.0" @@ -1459,10 +1163,10 @@ }, { "category": "product_version", - "name": "Version 1.13.0", + "name": "1.13.0", "product": { - "name": "@loopback/rest - Version 1.13.0", - "product_id": "116", + "name": "@loopback/rest@1.13.0", + "product_id": "93", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.13.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.13.0" @@ -1471,10 +1175,10 @@ }, { "category": "product_version", - "name": "Version 1.13.1", + "name": "1.13.1", "product": { - "name": "@loopback/rest - Version 1.13.1", - "product_id": "117", + "name": "@loopback/rest@1.13.1", + "product_id": "94", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.13.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.13.1" @@ -1483,10 +1187,10 @@ }, { "category": "product_version", - "name": "Version 1.14.0", + "name": "1.14.0", "product": { - "name": "@loopback/rest - Version 1.14.0", - "product_id": "118", + "name": "@loopback/rest@1.14.0", + "product_id": "95", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.14.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.14.0" @@ -1495,10 +1199,10 @@ }, { "category": "product_version", - "name": "Version 1.15.0", + "name": "1.15.0", "product": { - "name": "@loopback/rest - Version 1.15.0", - "product_id": "119", + "name": "@loopback/rest@1.15.0", + "product_id": "96", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.15.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.15.0" @@ -1507,10 +1211,10 @@ }, { "category": "product_version", - "name": "Version 1.16.0", + "name": "1.16.0", "product": { - "name": "@loopback/rest - Version 1.16.0", - "product_id": "120", + "name": "@loopback/rest@1.16.0", + "product_id": "97", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.0" @@ -1519,10 +1223,10 @@ }, { "category": "product_version", - "name": "Version 1.16.1", + "name": "1.16.1", "product": { - "name": "@loopback/rest - Version 1.16.1", - "product_id": "121", + "name": "@loopback/rest@1.16.1", + "product_id": "98", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.1" @@ -1531,10 +1235,10 @@ }, { "category": "product_version", - "name": "Version 1.16.2", + "name": "1.16.2", "product": { - "name": "@loopback/rest - Version 1.16.2", - "product_id": "122", + "name": "@loopback/rest@1.16.2", + "product_id": "99", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.2" @@ -1543,10 +1247,10 @@ }, { "category": "product_version", - "name": "Version 1.16.3", + "name": "1.16.3", "product": { - "name": "@loopback/rest - Version 1.16.3", - "product_id": "123", + "name": "@loopback/rest@1.16.3", + "product_id": "100", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.3:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.3" @@ -1555,10 +1259,10 @@ }, { "category": "product_version", - "name": "Version 1.16.4", + "name": "1.16.4", "product": { - "name": "@loopback/rest - Version 1.16.4", - "product_id": "124", + "name": "@loopback/rest@1.16.4", + "product_id": "101", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.4:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.4" @@ -1567,10 +1271,10 @@ }, { "category": "product_version", - "name": "Version 1.16.5", + "name": "1.16.5", "product": { - "name": "@loopback/rest - Version 1.16.5", - "product_id": "125", + "name": "@loopback/rest@1.16.5", + "product_id": "102", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.5:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.5" @@ -1579,10 +1283,10 @@ }, { "category": "product_version", - "name": "Version 1.16.6", + "name": "1.16.6", "product": { - "name": "@loopback/rest - Version 1.16.6", - "product_id": "126", + "name": "@loopback/rest@1.16.6", + "product_id": "103", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.6:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.6" @@ -1591,10 +1295,10 @@ }, { "category": "product_version", - "name": "Version 1.16.7", + "name": "1.16.7", "product": { - "name": "@loopback/rest - Version 1.16.7", - "product_id": "127", + "name": "@loopback/rest@1.16.7", + "product_id": "104", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.7:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.7" @@ -1603,10 +1307,10 @@ }, { "category": "product_version", - "name": "Version 1.16.8", + "name": "1.16.8", "product": { - "name": "@loopback/rest - Version 1.16.8", - "product_id": "128", + "name": "@loopback/rest@1.16.8", + "product_id": "105", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.16.8:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.16.8" @@ -1615,10 +1319,10 @@ }, { "category": "product_version", - "name": "Version 1.17.0", + "name": "1.17.0", "product": { - "name": "@loopback/rest - Version 1.17.0", - "product_id": "129", + "name": "@loopback/rest@1.17.0", + "product_id": "106", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.17.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.17.0" @@ -1627,10 +1331,10 @@ }, { "category": "product_version", - "name": "Version 1.18.0", + "name": "1.18.0", "product": { - "name": "@loopback/rest - Version 1.18.0", - "product_id": "130", + "name": "@loopback/rest@1.18.0", + "product_id": "107", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.18.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.18.0" @@ -1639,10 +1343,10 @@ }, { "category": "product_version", - "name": "Version 1.18.1", + "name": "1.18.1", "product": { - "name": "@loopback/rest - Version 1.18.1", - "product_id": "131", + "name": "@loopback/rest@1.18.1", + "product_id": "108", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.18.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.18.1" @@ -1651,10 +1355,10 @@ }, { "category": "product_version", - "name": "Version 1.19.0", + "name": "1.19.0", "product": { - "name": "@loopback/rest - Version 1.19.0", - "product_id": "132", + "name": "@loopback/rest@1.19.0", + "product_id": "109", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.19.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.19.0" @@ -1663,10 +1367,10 @@ }, { "category": "product_version", - "name": "Version 1.20.0", + "name": "1.20.0", "product": { - "name": "@loopback/rest - Version 1.20.0", - "product_id": "133", + "name": "@loopback/rest@1.20.0", + "product_id": "110", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.20.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.20.0" @@ -1675,10 +1379,10 @@ }, { "category": "product_version", - "name": "Version 1.20.1", + "name": "1.20.1", "product": { - "name": "@loopback/rest - Version 1.20.1", - "product_id": "134", + "name": "@loopback/rest@1.20.1", + "product_id": "111", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.20.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.20.1" @@ -1687,10 +1391,10 @@ }, { "category": "product_version", - "name": "Version 1.21.0", + "name": "1.21.0", "product": { - "name": "@loopback/rest - Version 1.21.0", - "product_id": "135", + "name": "@loopback/rest@1.21.0", + "product_id": "112", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.21.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.21.0" @@ -1699,10 +1403,10 @@ }, { "category": "product_version", - "name": "Version 1.22.0", + "name": "1.22.0", "product": { - "name": "@loopback/rest - Version 1.22.0", - "product_id": "136", + "name": "@loopback/rest@1.22.0", + "product_id": "113", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.22.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.22.0" @@ -1711,10 +1415,10 @@ }, { "category": "product_version", - "name": "Version 1.23.0", + "name": "1.23.0", "product": { - "name": "@loopback/rest - Version 1.23.0", - "product_id": "137", + "name": "@loopback/rest@1.23.0", + "product_id": "114", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.23.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.23.0" @@ -1723,10 +1427,10 @@ }, { "category": "product_version", - "name": "Version 1.24.0", + "name": "1.24.0", "product": { - "name": "@loopback/rest - Version 1.24.0", - "product_id": "138", + "name": "@loopback/rest@1.24.0", + "product_id": "115", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.24.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.24.0" @@ -1735,10 +1439,10 @@ }, { "category": "product_version", - "name": "Version 1.25.0", + "name": "1.25.0", "product": { - "name": "@loopback/rest - Version 1.25.0", - "product_id": "139", + "name": "@loopback/rest@1.25.0", + "product_id": "116", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.25.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.25.0" @@ -1747,10 +1451,10 @@ }, { "category": "product_version", - "name": "Version 1.25.1", + "name": "1.25.1", "product": { - "name": "@loopback/rest - Version 1.25.1", - "product_id": "140", + "name": "@loopback/rest@1.25.1", + "product_id": "117", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.25.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.25.1" @@ -1759,10 +1463,10 @@ }, { "category": "product_version", - "name": "Version 1.26.0", + "name": "1.26.0", "product": { - "name": "@loopback/rest - Version 1.26.0", - "product_id": "141", + "name": "@loopback/rest@1.26.0", + "product_id": "118", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.26.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.26.0" @@ -1771,10 +1475,10 @@ }, { "category": "product_version", - "name": "Version 1.26.1", + "name": "1.26.1", "product": { - "name": "@loopback/rest - Version 1.26.1", - "product_id": "142", + "name": "@loopback/rest@1.26.1", + "product_id": "119", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:1.26.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@1.26.1" @@ -1783,10 +1487,10 @@ }, { "category": "product_version", - "name": "Version 2.0.0", + "name": "2.0.0", "product": { - "name": "@loopback/rest - Version 2.0.0", - "product_id": "143", + "name": "@loopback/rest@2.0.0", + "product_id": "120", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:2.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@2.0.0" @@ -1795,10 +1499,10 @@ }, { "category": "product_version", - "name": "Version 3.0.0", + "name": "3.0.0", "product": { - "name": "@loopback/rest - Version 3.0.0", - "product_id": "144", + "name": "@loopback/rest@3.0.0", + "product_id": "121", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.0.0" @@ -1807,10 +1511,10 @@ }, { "category": "product_version", - "name": "Version 3.0.1", + "name": "3.0.1", "product": { - "name": "@loopback/rest - Version 3.0.1", - "product_id": "145", + "name": "@loopback/rest@3.0.1", + "product_id": "122", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.0.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.0.1" @@ -1819,10 +1523,10 @@ }, { "category": "product_version", - "name": "Version 3.1.0", + "name": "3.1.0", "product": { - "name": "@loopback/rest - Version 3.1.0", - "product_id": "146", + "name": "@loopback/rest@3.1.0", + "product_id": "123", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.1.0" @@ -1831,10 +1535,10 @@ }, { "category": "product_version", - "name": "Version 3.2.0", + "name": "3.2.0", "product": { - "name": "@loopback/rest - Version 3.2.0", - "product_id": "147", + "name": "@loopback/rest@3.2.0", + "product_id": "124", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.2.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.2.0" @@ -1843,10 +1547,10 @@ }, { "category": "product_version", - "name": "Version 3.2.1", + "name": "3.2.1", "product": { - "name": "@loopback/rest - Version 3.2.1", - "product_id": "148", + "name": "@loopback/rest@3.2.1", + "product_id": "125", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.2.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.2.1" @@ -1855,10 +1559,10 @@ }, { "category": "product_version", - "name": "Version 3.3.0", + "name": "3.3.0", "product": { - "name": "@loopback/rest - Version 3.3.0", - "product_id": "149", + "name": "@loopback/rest@3.3.0", + "product_id": "126", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.3.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.3.0" @@ -1867,10 +1571,10 @@ }, { "category": "product_version", - "name": "Version 3.3.1", + "name": "3.3.1", "product": { - "name": "@loopback/rest - Version 3.3.1", - "product_id": "150", + "name": "@loopback/rest@3.3.1", + "product_id": "127", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.3.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.3.1" @@ -1879,10 +1583,10 @@ }, { "category": "product_version", - "name": "Version 3.3.2", + "name": "3.3.2", "product": { - "name": "@loopback/rest - Version 3.3.2", - "product_id": "151", + "name": "@loopback/rest@3.3.2", + "product_id": "128", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:3.3.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@3.3.2" @@ -1891,10 +1595,10 @@ }, { "category": "product_version", - "name": "Version 4.0.0", + "name": "4.0.0", "product": { - "name": "@loopback/rest - Version 4.0.0", - "product_id": "152", + "name": "@loopback/rest@4.0.0", + "product_id": "129", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:4.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@4.0.0" @@ -1903,10 +1607,10 @@ }, { "category": "product_version", - "name": "Version 5.0.0", + "name": "5.0.0", "product": { - "name": "@loopback/rest - Version 5.0.0", - "product_id": "153", + "name": "@loopback/rest@5.0.0", + "product_id": "130", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.0.0" @@ -1915,10 +1619,10 @@ }, { "category": "product_version", - "name": "Version 5.0.1", + "name": "5.0.1", "product": { - "name": "@loopback/rest - Version 5.0.1", - "product_id": "154", + "name": "@loopback/rest@5.0.1", + "product_id": "131", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.0.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.0.1" @@ -1927,10 +1631,10 @@ }, { "category": "product_version", - "name": "Version 5.1.0", + "name": "5.1.0", "product": { - "name": "@loopback/rest - Version 5.1.0", - "product_id": "155", + "name": "@loopback/rest@5.1.0", + "product_id": "132", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.1.0" @@ -1939,10 +1643,10 @@ }, { "category": "product_version", - "name": "Version 5.1.1", + "name": "5.1.1", "product": { - "name": "@loopback/rest - Version 5.1.1", - "product_id": "156", + "name": "@loopback/rest@5.1.1", + "product_id": "133", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.1.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.1.1" @@ -1951,10 +1655,10 @@ }, { "category": "product_version", - "name": "Version 5.1.2", + "name": "5.1.2", "product": { - "name": "@loopback/rest - Version 5.1.2", - "product_id": "157", + "name": "@loopback/rest@5.1.2", + "product_id": "134", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.1.2:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.1.2" @@ -1963,10 +1667,10 @@ }, { "category": "product_version", - "name": "Version 5.2.0", + "name": "5.2.0", "product": { - "name": "@loopback/rest - Version 5.2.0", - "product_id": "158", + "name": "@loopback/rest@5.2.0", + "product_id": "135", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.2.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.2.0" @@ -1975,10 +1679,10 @@ }, { "category": "product_version", - "name": "Version 5.2.1", + "name": "5.2.1", "product": { - "name": "@loopback/rest - Version 5.2.1", - "product_id": "159", + "name": "@loopback/rest@5.2.1", + "product_id": "136", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:5.2.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@5.2.1" @@ -1987,10 +1691,10 @@ }, { "category": "product_version", - "name": "Version 6.0.0", + "name": "6.0.0", "product": { - "name": "@loopback/rest - Version 6.0.0", - "product_id": "160", + "name": "@loopback/rest@6.0.0", + "product_id": "137", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:6.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@6.0.0" @@ -1999,10 +1703,10 @@ }, { "category": "product_version", - "name": "Version 6.1.0", + "name": "6.1.0", "product": { - "name": "@loopback/rest - Version 6.1.0", - "product_id": "161", + "name": "@loopback/rest@6.1.0", + "product_id": "138", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:6.1.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@6.1.0" @@ -2011,10 +1715,10 @@ }, { "category": "product_version", - "name": "Version 6.2.0", + "name": "6.2.0", "product": { - "name": "@loopback/rest - Version 6.2.0", - "product_id": "162", + "name": "@loopback/rest@6.2.0", + "product_id": "139", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:6.2.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@6.2.0" @@ -2023,10 +1727,10 @@ }, { "category": "product_version", - "name": "Version 7.0.0", + "name": "7.0.0", "product": { - "name": "@loopback/rest - Version 7.0.0", - "product_id": "163", + "name": "@loopback/rest@7.0.0", + "product_id": "140", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:7.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@7.0.0" @@ -2035,10 +1739,10 @@ }, { "category": "product_version", - "name": "Version 7.0.1", + "name": "7.0.1", "product": { - "name": "@loopback/rest - Version 7.0.1", - "product_id": "164", + "name": "@loopback/rest@7.0.1", + "product_id": "141", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:7.0.1:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@7.0.1" @@ -2047,10 +1751,10 @@ }, { "category": "product_version", - "name": "Version 8.0.0", + "name": "8.0.0", "product": { - "name": "@loopback/rest - Version 8.0.0", - "product_id": "165", + "name": "@loopback/rest@8.0.0", + "product_id": "142", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:8.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@8.0.0" @@ -2059,10 +1763,10 @@ }, { "category": "product_version", - "name": "Version 9.0.0", + "name": "9.0.0", "product": { - "name": "@loopback/rest - Version 9.0.0", - "product_id": "166", + "name": "@loopback/rest@9.0.0", + "product_id": "143", "product_identification_helper": { "cpe": "cpe:2.3:a:loopback:loopback_rest:9.0.0:*:*:*:*:*:*:*", "purl": "pkg:npm/%40loopback/rest@9.0.0" @@ -2085,34 +1789,11 @@ "category": "vendor", "name": "LoopBack" } - ] - }, - "vulnerabilities": [ - { - "cve": "CVE-2020-4988", - "cwe": { - "id": "CWE-1321", - "name": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')" - }, - "id": { - "system_name": "IBM X-Force ID", - "text": "192706" - }, - "notes": [ - { - "audience": "all", - "category": "description", - "text": "It's a similar issue as https://snyk.io/vuln/SNYK-JS-LODASH-73638, where the following description is quoted from.\n\n> Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n>\n> There are two main ways in which the pollution of prototypes occurs:\n>\n> - Unsafe Object recursive merge\n> - Property definition by path" - }, - { - "audience": "all", - "category": "summary", - "text": "`@loopback/rest` allows REST APIs to have `constructor` in the JSON payload, which is vulnerable to prototype pollution." - } - ], - "product_status": { - "first_affected": ["1"], - "known_affected": [ + ], + "product_groups": [ + { + "group_id": "1", + "product_ids": [ "1", "2", "3", @@ -2254,64 +1935,91 @@ "139", "140", "141", - "142", - "143", - "144", - "145", - "146", - "147", - "148", - "149", - "150", - "151", - "152", - "153", - "154", - "155", - "156", - "157", - "158", - "159", - "160", - "161", - "162", - "163", - "164", - "165" + "142" ], - "last_affected": ["165"], - "fixed": ["166"], - "recommended": ["166"] + "summary": "Affected products." + } + ] + }, + "vulnerabilities": [ + { + "cve": "CVE-2020-4988", + "cwe": { + "id": "CWE-1321", + "name": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')" + }, + "id": { + "system_name": "IBM X-Force ID", + "text": "192706" + }, + "notes": [ + { + "audience": "all", + "category": "description", + "text": "It's a similar issue as https://snyk.io/vuln/SNYK-JS-LODASH-73638, where the following description is quoted from.\n\n> Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n>\n> There are two main ways in which the pollution of prototypes occurs:\n>\n> - Unsafe Object recursive merge\n> - Property definition by path" + }, + { + "audience": "all", + "category": "summary", + "text": "`@loopback/rest` allows REST APIs to have `constructor` in the JSON payload, which is vulnerable to prototype pollution." + } + ], + "product_status": { + "first_affected": ["1"], + "known_affected": ["142"], + "last_affected": ["142"], + "fixed": ["143"], + "recommended": ["143"] }, "references": [ { "category": "self", - "summary": "GitHub Pull Request", - "url": "https://github.com/loopbackio/loopback-next/pull/6676" + "summary": "CVE Record", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-4988" }, { "category": "self", - "summary": "GitHub Commit", - "url": "https://github.com/loopbackio/loopback-next/tree/ae0b9936e7eadbf6f0ee7c72e1a04b87dda7c2c5" + "summary": "GitHub Commit: LoopBack Juggler 2.x", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/commit/3d71ea1571428e3c3b4816227fec88c9ab1cdd69" }, { "category": "self", - "summary": "NVD CVE Detail", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4988" + "summary": "GitHub Commit: LoopBack Juggler 3.x", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/commit/454fd0f1b2dddb6a26bc665756c1881d4cae4f10" }, { "category": "self", - "summary": "CVE Record", - "url": "https://www.cve.org/CVERecord?id=CVE-2020-4988" + "summary": "GitHub Commit: @loopback/rest", + "url": "https://github.com/loopbackio/loopback-next/commit/ae0b9936e7eadbf6f0ee7c72e1a04b87dda7c2c5" }, { - "summary": "NPM", - "url": "https://www.npmjs.com/package/@loopback/rest" + "category": "self", + "summary": "GitHub Pull Request: LoopBack Juggler 2.x", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/pull/1875" + }, + { + "category": "self", + "summary": "GitHub Pull Request: LoopBack Juggler 3.x", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/pull/1874" + }, + { + "category": "self", + "summary": "GitHub Pull Request: @loopback/rest", + "url": "https://github.com/loopbackio/loopback-next/pull/6676" + }, + { + "category": "self", + "summary": "NVD CVE Detail", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4988" }, { "category": "self", "summary": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192706" + }, + { + "summary": "NPM", + "url": "https://www.npmjs.com/package/@loopback/rest" } ], "remediations": [ @@ -2319,7 +2027,7 @@ "category": "vendor_fix", "date": "2020-05-11T08:22:42.000Z", "details": "Upgrade to `@loopback/rest` 9.0.0 or later.", - "product_ids": ["1"] + "group_ids": ["1"] } ], "scores": [ @@ -2343,7 +2051,150 @@ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/RL:O/E:U/RC:C", "version": "3.0" }, - "products": ["1"] + "products": [ + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15", + "16", + "17", + "18", + "19", + "20", + "21", + "22", + "23", + "24", + "25", + "26", + "27", + "28", + "29", + "30", + "31", + "32", + "33", + "34", + "35", + "36", + "37", + "38", + "39", + "40", + "41", + "42", + "43", + "44", + "45", + "46", + "47", + "48", + "49", + "50", + "51", + "52", + "53", + "54", + "55", + "56", + "57", + "58", + "59", + "60", + "61", + "62", + "63", + "64", + "65", + "66", + "67", + "68", + "69", + "70", + "71", + "72", + "73", + "74", + "75", + "76", + "77", + "78", + "79", + "80", + "81", + "82", + "83", + "84", + "85", + "86", + "87", + "88", + "89", + "90", + "91", + "92", + "93", + "94", + "95", + "96", + "97", + "98", + "99", + "100", + "101", + "102", + "103", + "104", + "105", + "106", + "107", + "108", + "109", + "110", + "111", + "112", + "113", + "114", + "115", + "116", + "117", + "118", + "119", + "120", + "121", + "122", + "123", + "124", + "125", + "126", + "127", + "128", + "129", + "130", + "131", + "132", + "133", + "134", + "135", + "136", + "137", + "138", + "139", + "140", + "141", + "142" + ] } ] } diff --git a/advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json.license b/advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json.license new file mode 100644 index 0000000..885aa91 --- /dev/null +++ b/advisories/lbsec-20201130-1/lbsec-20201130-1.csaf.json.license @@ -0,0 +1,2 @@ +SPDX-FileCopyrightText: LoopBack Contributors +SPDX-License-Identifier: MIT diff --git a/advisories/lbsa-20201130.osv.json b/advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json similarity index 86% rename from advisories/lbsa-20201130.osv.json rename to advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json index e6a8a6f..623800c 100644 --- a/advisories/lbsa-20201130.osv.json +++ b/advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json @@ -10,7 +10,7 @@ { "events": [ { - "introduced": "02e2ce0a031367438afeaeabdfae2e29e10f25ee" + "introduced": "" }, { "fixed": "f47fad3f4669c3ceae5e0927dc6098da18df864d" @@ -22,7 +22,7 @@ { "events": [ { - "introduced": "0" + "introduced": "0.1.0" }, { "fixed": "9.0.0" @@ -32,29 +32,6 @@ } ], "versions": [ - "4.0.0-alpha.4", - "4.0.0-alpha.5", - "4.0.0-alpha.6", - "4.0.0-alpha.7", - "4.0.0-alpha.8", - "4.0.0-alpha.9", - "4.0.0-alpha.10", - "4.0.0-alpha.11", - "4.0.0-alpha.12", - "4.0.0-alpha.13", - "4.0.0-alpha.14", - "4.0.0-alpha.15", - "4.0.0-alpha.16", - "4.0.0-alpha.17", - "4.0.0-alpha.18", - "4.0.0-alpha.19", - "4.0.0-alpha.20", - "4.0.0-alpha.21", - "4.0.0-alpha.22", - "4.0.0-alpha.23", - "4.0.0-alpha.24", - "4.0.0-alpha.25", - "4.0.0-alpha.26", "0.1.0", "0.1.1", "0.1.2", @@ -213,8 +190,8 @@ "CWE": "CWE-1321" }, "details": "It's a similar issue as https://snyk.io/vuln/SNYK-JS-LODASH-73638, where the following description is quoted from.\n\n> Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n>\n> There are two main ways in which the pollution of prototypes occurs:\n>\n> - Unsafe Object recursive merge\n> - Property definition by path", - "id": "LBSA-20201130", - "modified": "2022-03-07T13:53:00.000Z", + "id": "LBSEC-20201130-1", + "modified": "1970-01-01T00:00:00.000Z", "references": [ { "type": "ADVISORY", @@ -242,11 +219,27 @@ }, { "type": "WEB", - "url": "https://github.com/loopbackio/loopback-next/pull/6676" + "url": "https://github.com/loopbackio/loopback-datasource-juggler/commit/3d71ea1571428e3c3b4816227fec88c9ab1cdd69" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/pull/1875" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-datasource-juggler/commit/454fd0f1b2dddb6a26bc665756c1881d4cae4f10" }, { "type": "WEB", - "url": "https://github.com/loopbackio/loopback-next/tree/ae0b9936e7eadbf6f0ee7c72e1a04b87dda7c2c5" + "url": "https://github.com/loopbackio/loopback-datasource-juggler/pull/1874" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-next/commit/ae0b9936e7eadbf6f0ee7c72e1a04b87dda7c2c5" + }, + { + "type": "WEB", + "url": "https://github.com/loopbackio/loopback-next/pull/6676" }, { "type": "WEB", diff --git a/advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json.license b/advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json.license new file mode 100644 index 0000000..885aa91 --- /dev/null +++ b/advisories/lbsec-20201130-1/lbsec-20201130-1.osv.json.license @@ -0,0 +1,2 @@ +SPDX-FileCopyrightText: LoopBack Contributors +SPDX-License-Identifier: MIT diff --git a/package.json b/package.json index 53879f3..fe3b310 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "lint:fix": "npm run eslint:fix && npm run prettier:fix", "eslint": "lb-eslint --report-unused-disable-directives .", "eslint:fix": "npm run eslint -- --fix", - "prettier:cli": "lb-prettier '**/*.ts' '**/*.js' 'advisories/lbsa*.csaf.json' '**/*.md'", + "prettier:cli": "lb-prettier '**/*.ts' '**/*.js' 'advisories/**/lbsec-*.json' '**/*.md'", "prettier:check": "npm run prettier:cli -- -l", "prettier:fix": "npm run prettier:cli -- --write", "ts-node": "ts-node --project=scripts/tsconfig.json", diff --git a/scripts/advisories/generate-csaf20-product-tree.ts b/scripts/advisories/generate-csaf20-product-tree.ts index 921238d..0a6185c 100644 --- a/scripts/advisories/generate-csaf20-product-tree.ts +++ b/scripts/advisories/generate-csaf20-product-tree.ts @@ -1,13 +1,17 @@ // SPDX-FileCopyrightText: LoopBack Contributors // SPDX-License-Identifier: MIT -// This is a rudimentary script which reads a newline-delimited list of GitHub -// tag name of format `@` and generates the final -// branch of the CSAF 2.0 Product Tree to stdout. Currently, it's only designed -// for LoopBack 4 packages (i.e. `@loopback/*`). +// This is a rudimentary script which reads a newline-delimited list of +// `@` from stdin and generates the final branch +// of the CSAF 2.0 Product Tree to stdout. // -// To generate a list of Git Tags for this script: -// git tag --sort=taggerdate | grep @ +// To generate a list of Git Tags for this script (LoopBack 4 monorepo only): +// git tag | grep @ +// +// To generate a list of versions from NPM: +// npm view --json versions \ +// | jq "\"@\" + .[]" \ +// | sed -e 's/^.\{1\}//' -e 's/.\{1\}$//' import readline from 'readline'; @@ -20,26 +24,27 @@ var rl = readline.createInterface({ const entries = []; rl.on('line', line => { - if (line.startsWith('@loopback/')) { - const nameVerSeperator = line.lastIndexOf('@'); - const name = line.substring(0, nameVerSeperator); - const version = line.substring(nameVerSeperator + 1); + const nameVerSeperator = line.lastIndexOf('@'); + const name = line.substring(0, nameVerSeperator); + const version = line.substring(nameVerSeperator + 1); - entries.push({ - category: 'product_version', - name: `Version ${version}`, - product: { - name: `${name} - Version ${version}`, - product_id: `${entries.length + 1}`, - product_identification_helper: { - cpe: `cpe:2.3:a:loopback:${name - .replace('/', '_') - .replace('@', '')}:${version}:*:*:*:*:*:*:*`, - purl: `pkg:npm/${encodeURIComponent(name)}@${version}`, - }, + entries.push({ + category: 'product_version', + name: `${version}`, + product: { + name: `${name}@${version}`, + product_id: `${entries.length + 1}`, + product_identification_helper: { + cpe: `cpe:2.3:a:loopback:${name + .replace('/', '_') + .replace('@', '')}:${version}:*:*:*:*:*:*:*`, + purl: `pkg:npm/${encodeURIComponent(name).replace( + '%2F', + '/', + )}@${version}`, }, - }); - } + }, + }); }); rl.on('close', () => { diff --git a/scripts/advisories/validate-csaf20.ts b/scripts/advisories/validate-csaf20.ts index 598a95d..66f9953 100644 --- a/scripts/advisories/validate-csaf20.ts +++ b/scripts/advisories/validate-csaf20.ts @@ -5,7 +5,7 @@ import path from 'path'; import glob from 'glob'; import createCore from 'secvisogram/dist/shared/Core'; -const csaf20DocumentGlob = '../../advisories/*.csaf.json'; +const csaf20DocumentGlob = '../../advisories/*/*.csaf.json'; console.log(`Validating CSAF 2.0 documents... (Glob: ${csaf20DocumentGlob})`); @@ -69,17 +69,10 @@ function validateTracking(fileContents: any): ValidationResult { const tracking = fileContents.document.tracking; let errors: ValidationResult['errors'] = []; - if (!/^(LBSA-[1-9][0-9]*)$/.test(tracking.id)) { + if (!/^(LBSEC-[1-9][0-9]*-[1-9][0-9]*)$/.test(tracking.id)) { errors.push({ instancePath: 'document/tracking/id', - message: 'id must match `/^(LBSA-[1-9][0-9]*)$/`.', - }); - } - - if (tracking.status !== 'final') { - errors.push({ - instancePath: '/document/tracking/status', - message: 'status must equal `final`.', + message: 'id must match `/^(LBSEC-[1-9][0-9]*-[1-9][0-9]*)$/`.', }); } @@ -230,21 +223,24 @@ function validateReferences(fileContents: any): ValidationResult { const refRegexMapping: Record = { 'CVE Record': - /^https:\/\/www\.cve\.org\/CVERecord\?id=CVE-[1-9][0-9]{3}-\d{4}$/, + /^https:\/\/www\.cve\.org\/CVERecord\?id=CVE-[1-9][0-9]{3}-\d{4,}(-\d+)?$/, NPM: /^https:\/\/www\.npmjs\.com\/package\/([a-z0-9-]|(@[a-z0-9._-]+\/))[a-z0-9._-]+$/, 'NVD CVE Detail': /^https:\/\/nvd\.nist\.gov\/vuln\/detail\/CVE-[1-9][0-9]{3}-\d{4}$/, 'GitHub Commit': - /^(https:\/\/github\.com\/loopbackio\/[A-Za-z0-9._-]+\/tree\/[a-z0-9]+)$/, + /^(https:\/\/github\.com\/(strongloop|loopbackio)\/[A-Za-z0-9._-]+\/commit\/[a-z0-9]+)$/, 'GitHub Pull Request': - /^(https:\/\/github\.com\/loopbackio\/[A-Za-z0-9._-]+\/pull\/[1-9]\d*)$/, + /^(https:\/\/github\.com\/(strongloop|loopbackio)\/[A-Za-z0-9._-]+\/pull\/[1-9]\d*)$/, 'X-Force Vulnerability Report': /^https:\/\/exchange\.xforce\.ibmcloud\.com\/vulnerabilities\/[1-9]\d*$/, }; for (let i = 0; i < allReferences.length; i++) { const ref = allReferences[i]; - const matchedRegex = refRegexMapping[ref.summary]; + const matchedRegex = + refRegexMapping[ + Object.keys(refRegexMapping).findIndex(x => ref.summary.startsWith(x)) + ]; if (matchedRegex) { if (!matchedRegex.test(ref.url)) { diff --git a/scripts/advisories/validate-osv.ts b/scripts/advisories/validate-osv.ts index 716362e..1bd04a1 100644 --- a/scripts/advisories/validate-osv.ts +++ b/scripts/advisories/validate-osv.ts @@ -8,7 +8,7 @@ import addFormats from 'ajv-formats'; import osvSchema from '../../vendors/osv-schema/validation/schema.json'; import semver from 'semver'; -const osvDocumentGlob = '../../advisories/*.osv.json'; +const osvDocumentGlob = '../../advisories/*/*.osv.json'; console.log(`Validating OSV 1.2.0 documents... (Glob: ${osvDocumentGlob})`); @@ -104,14 +104,21 @@ function validateAffectedVersions(fileContents: any): ValidationResult { const versions = affected.versions; if (versions !== undefined) { - const semverEvents = (affected.ranges as any[]).find( - x => x.type === 'SEMVER', - ).events; - const semverRange = - '>=' + - semverEvents.find(x => x.introduced).introduced + - ' <' + - semverEvents.find(x => x.fixed).fixed; + const semverEvents = (affected.ranges as any[]) + .filter(x => x.type === 'SEMVER') + .map(x => x.events); + + let semverRange = ''; + + for (let i = 0; i < semverEvents.length; i++) { + const eventGroup = semverEvents[i]; + + semverRange += + `>=${eventGroup.find(x => x.introduced).introduced}` + + ` <${eventGroup.find(x => x.fixed).fixed}`; + + if (i + 1 < semverEvents.length) semverRange += ' || '; + } for (let i = 0; i < versions.length; i++) { const version = versions[i]; @@ -191,14 +198,14 @@ function validateCSAF20Sync( if (csaf20CVE !== osvCVE) { errors.push({ instancePath: '/aliases', - message: 'alises must match CSAF `/vulnerabilities/0/cve`.', + message: 'aliases must match CSAF `/vulnerabilities/0/cve`.', }); } // CVSS V3 sync - const csaf20CVSS3 = - csaf20Document.vulnerabilities[0].scores[0].cvss_v3?.vectorString; - const osvCVSS3Index = osvDocument.severity.findIndex( + const csaf20CVSS3 = (csaf20Document.vulnerabilities[0].scores ?? [])[0] + ?.cvss_v3?.vectorString; + const osvCVSS3Index = osvDocument.severity?.findIndex( x => x.type === 'CVSS_V3', ); const osvCVSS3 = diff --git a/vendors/README.md b/vendors/README.md index d982fbf..660cb8f 100644 --- a/vendors/README.md +++ b/vendors/README.md @@ -5,12 +5,11 @@ # Vendors -This directory contains Git submodules that are depended upon by this Git -repository. - -## Submodules - -| Directory | Used by -|-|- -| `osv-schema/` | [OSV 1.2.0 validation](../advisories/README.md#scripts) -| `secvisogram/` | [CSAF 2.0 validation](../advisories/README.md#scripts) +This directory contains directories (Usually Git Submodules) that are depended upon by this Git +repository. If the directory is prefixed with `local-`, it is not a Git Submodule. + +| Directory | Used by | Git Submodule? +|-|-|- +| `local-cpe/` | [CPE 2.3 Extended Dictionary validation](../cpe/README.md#scripts) | No +| `osv-schema/` | [OSV 1.2.0 validation](../advisories/README.md#scripts) | Yes +| `secvisogram/` | [CSAF 2.0 validation](../advisories/README.md#scripts) | Yes