cve_server
cve_server copied to clipboard
SpiderLabs
Simple REST-style web service for the CVE searching
Bumps [rack](https://github.com/rack/rack) from 2.2.3 to 2.2.3.1. Changelog Sourced from rack's changelog. Changelog All notable changes to this project will be documented in this file. For info on how to format...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.8 to 1.13.6. Release notes Sourced from nokogiri's releases. 1.13.6 / 2022-05-08 Security [CRuby] Address CVE-2022-29181, improper handling of unexpected data types, related to untrusted inputs to...
Bumps [sinatra](https://github.com/sinatra/sinatra) and [sinatra-contrib](https://github.com/sinatra/sinatra). These dependencies needed to be updated together. Updates `sinatra` from 2.0.7 to 2.2.0 Changelog Sourced from sinatra's changelog. 2.2.0 / 2022-02-15 Handle EOFError raised by Rack...
Bumps [puma](https://github.com/puma/puma) from 4.3.5 to 4.3.12. Release notes Sourced from puma's releases. 4.3.12 Security Close several HTTP Request Smuggling exploits (CVE-2022-24790) 4.3.11 Bugfix/Security Response body will always be closed. (GHSA-rmj8-8hhh-gv5h,...
This flag isn't available on newer versions of mongodb (ex 4.4), causing cpe list to become empty.
Hello! After I'm testing your application I was faced with an interesting issue. I was tried to ask CVE-s for postgresql:postgresql:9.3.10. (with: /v1/cpe_with_version/postgresql:postgresql:9.3.10) And it return some CVE-s: `["CVE-2016-5423","CVE-2016-5424","CVE-2017-12172","CVE-2017-15098","CVE-2017-7484","CVE-2017-7485","CVE-2017-7486","CVE-2017-7546","CVE-2017-7547"]` These...
A call to http://IP/v1/cpes_affected/ returns [] A call to http://IP/v1/cpes_affected/some_cpe returns {"error":"not-found"}
There are several gems based on Capistrano, it is good idea to find a better way to implement a easy deployment.
This would make the deployment of a CVE server so much easier to do. Let me know if you want help or suggestions there, I know for a fact if...
Creating this because I noticed all the default URLs are HTTP, which could be MiTM'd. Maybe cve_server could be adapted to support LetsEncrypt using something like this: https://github.com/unixcharles/acme-client By default...
Metadata
Owner
Metadata
Simple REST-style web service for the CVE searching