| $schema: "http://json-schema.org/draft/2020-12/schema" |
| title: VEX Front Matter |
| type: object |
| required: |
| - category |
| - analysis |
| - title |
| properties: |
| cve: |
| description: | |
| CVE identifier(s) this entry covers. May be a single id or a list. |
| Omitted for catch-all dependency notes that have no assigned CVE. |
| oneOf: |
| - type: string |
| - type: array |
| items: |
| type: string |
| jira: |
| type: string |
| description: Related JIRA issue ID. |
| category: |
| type: array |
| minItems: 1 |
| items: |
| type: string |
| description: List of categories this vulnerability belongs to. |
| versions: |
| type: string |
| description: Affected Apache Solr versions, as a free-form display string. |
| jars: |
| type: array |
| items: |
| type: string |
| description: Vulnerable JAR files (present for dependency CVEs). |
| analysis: |
| "$ref": "bom-1.6.schema.json#/definitions/vulnerability/properties/analysis" |
| description: | |
| Analysis of the vulnerability in CycloneDX format. |
| Currently only the `state`, `justification`, and `response` properties are used. |
| title: |
| type: string |
| additionalProperties: false |