{% extends "base.html" %} {% load humanize %} {% load widget_tweaks %} {% load static %} {% load show_cvss %} {% load url_filters %} {% block title %} VulnerableCode Vulnerability Details - {{ vulnerability.vulnerability_id }} {% endblock %} {% block content %}
{% include "vulnerability_search_box.html" %}
{% if vulnerability %}
Vulnerability details: {{ vulnerability.vulnerability_id }}
{% if severity_score_range %} {% endif %}
Vulnerability ID {{ vulnerability.vulnerability_id }}
Aliases {% for alias in aliases %} {% if alias.url %} {{ alias }} {% else %} {{ alias }} {% endif %}
{% endfor %}
Summary {{ vulnerability.summary }}
Severity score range {{ severity_score_range }}
Status {{ status }}
Severity ({{ severities|length }})
{% for severity in severities %} {% empty %} {% endfor %}
System Score Found at
{{ severity.scoring_system }} {{ severity.value }} {{ severity.url }}
There are no known severity scores.
Affected/Fixed by packages ({{ affected_packages|length }}/{{ fixed_by_packages|length }})
{% for package in affected_packages|slice:":3" %} {% empty %} {% endfor %} {% if affected_packages|length > 3 %} {% endif %}
Affected Fixed by
{{ package.purl }} {% for match in all_affected_fixed_by_matches %} {% if match.affected_package == package %} {% if match.matched_fixed_by_packages|length > 0 %} {% for pkg in match.matched_fixed_by_packages %} {{ pkg }}
{% endfor %} {% else %} There are no reported fixed by versions. {% endif %} {% endif %} {% endfor %}
This vulnerability is not known to affect any packages.
See Affected/Fixed by packages tab for more
Weaknesses ({{ weaknesses|length }})
{% for weakness in weaknesses %} {% empty %} {% endfor %}
CWE-{{ weakness.cwe_id }} {{ weakness.name }}
There are no known CWE.
{% for package in affected_packages %} {% empty %} {% endfor %}
Affected Fixed by
{{ package.purl }} {% for match in all_affected_fixed_by_matches %} {% if match.affected_package == package %} {% if match.matched_fixed_by_packages|length > 0 %} {% for pkg in match.matched_fixed_by_packages %} {{ pkg }}
{% endfor %} {% else %} There are no reported fixed by versions. {% endif %} {% endif %} {% endfor %}
This vulnerability is not known to affect any packages.
{% for ref in references %} {% if ref.reference_id %} {% else %} {% endif %} {% if ref.reference_type %} {% else %} {% endif %} {% empty %} {% endfor %}
Reference id Reference type URL
{{ ref.reference_id }}{{ ref.get_reference_type_display }}{{ ref.url }}
There are no known references.
{% for severity_vector in severity_vectors %} {% if severity_vector.version == '2.0' %} Vector: {{ severity_vector.vectorString }}
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)
{{ severity_vector.exploitability|cvss_printer:"high,functional,unproven,proof_of_concept,not_defined" }} {{ severity_vector.accessVector|cvss_printer:"local,adjacent_network,network" }} {{ severity_vector.accessComplexity|cvss_printer:"high,medium,low" }} {{ severity_vector.authentication|cvss_printer:"multiple,single,none" }} {{ severity_vector.confidentialityImpact|cvss_printer:"none,partial,complete" }} {{ severity_vector.integrityImpact|cvss_printer:"none,partial,complete" }} {{ severity_vector.availabilityImpact|cvss_printer:"none,partial,complete" }}
{% elif severity_vector.version == '3.1' or severity_vector.version == '3.0'%} Vector: {{ severity_vector.vectorString }}
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)
{{ severity_vector.attackVector|cvss_printer:"network,adjacent_network,local,physical"}} {{ severity_vector.attackComplexity|cvss_printer:"low,high" }} {{ severity_vector.privilegesRequired|cvss_printer:"none,low,high" }} {{ severity_vector.userInteraction|cvss_printer:"none,required"}} {{ severity_vector.scope|cvss_printer:"unchanged,changed" }} {{ severity_vector.confidentialityImpact|cvss_printer:"high,low,none" }} {{ severity_vector.integrityImpact|cvss_printer:"high,low,none" }} {{ severity_vector.availabilityImpact|cvss_printer:"high,low,none" }}
{% elif severity_vector.version == '4' %} Vector: {{ severity_vector.vectorString }}
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)
{{ severity_vector.attackVector|cvss_printer:"network,adjacent,local,physical"}} {{ severity_vector.attackComplexity|cvss_printer:"low,high" }} {{ severity_vector.attackRequirement|cvss_printer:"none,present" }} {{ severity_vector.privilegesRequired|cvss_printer:"none,low,high" }} {{ severity_vector.userInteraction|cvss_printer:"none,passive,active"}} {{ severity_vector.vulnerableSystemImpactConfidentiality|cvss_printer:"high,low,none" }} {{ severity_vector.vulnerableSystemImpactIntegrity|cvss_printer:"high,low,none" }} {{ severity_vector.vulnerableSystemImpactAvailability|cvss_printer:"high,low,none" }} {{ severity_vector.subsequentSystemImpactConfidentiality|cvss_printer:"high,low,none" }} {{ severity_vector.subsequentSystemImpactIntegrity|cvss_printer:"high,low,none" }} {{ severity_vector.subsequentSystemImpactAvailability|cvss_printer:"high,low,none" }}
{% elif severity_vector.version == 'ssvc' %}
Vector: {{ severity_vector.vectorString }}
{% endif %} {% empty %} There are no known vectors. {% endfor %}
{% for exploit in vulnerability.exploits.all %} {% if exploit.date_added %} {% endif %} {% if exploit.description %} {% endif %} {% if exploit.required_action %} {% endif %} {% if exploit.due_date %} {% endif %} {% if exploit.notes %} {% endif %} {% if exploit.known_ransomware_campaign_use is not None %} {% endif %} {% if exploit.source_date_published %} {% endif %} {% if exploit.exploit_type %} {% endif %} {% if exploit.platform %} {% endif %} {% if exploit.source_date_updated %} {% endif %} {% if exploit.source_url %} {% endif %}
Data source {{ exploit.data_source }}
Date added {{ exploit.date_added }}
Description {{ exploit.description }}
Required action {{ exploit.required_action }}
Due date {{ exploit.due_date }}
Note 
{{ exploit.notes }}
Ransomware campaign use {{ exploit.known_ransomware_campaign_use|yesno:"Known,Unknown" }}
Source publication date {{ exploit.source_date_published }}
Exploit type {{ exploit.exploit_type }}
Platform {{ exploit.platform }}
Source update date {{ exploit.source_date_updated }}
Source URL {{ exploit.source_url }}
{% empty %} No exploits are available. {% endfor %}
{% for severity in severities %} {% if severity.scoring_system == 'epss' %}
Exploit Prediction Scoring System
{% if severity.published_at %} {% endif %}
Percentile {{ severity.scoring_elements }}
EPSS score {{ severity.value }}
Published at {{ severity.published_at }}
{% endif %} {% empty %}
There are no EPSS available.
{% endfor %}
{% for log in history %} {% empty %} {% endfor %}
Date Actor Action Source VulnerableCode Version
{{ log.get_iso_time }} {{ log.actor_name }} {{ log.get_action_type_label }} {{log.source_url }} {{ log.software_version }}
There are no relevant records.
{% endif %} {% endblock %}