blob: 4bd124975b7511869b0b9804b8ed2d15b198b1ea [file]
$schema: "http://json-schema.org/draft/2020-12/schema"
title: VEX Front Matter
type: object
required:
- category
- analysis
- title
properties:
cve:
description: |
CVE identifier(s) this entry covers. May be a single id or a list.
Omitted for catch-all dependency notes that have no assigned CVE.
oneOf:
- type: string
- type: array
items:
type: string
jira:
type: string
description: Related JIRA issue ID.
category:
type: array
minItems: 1
items:
type: string
description: List of categories this vulnerability belongs to.
versions:
type: string
description: Affected Apache Solr versions, as a free-form display string.
jars:
type: array
items:
type: string
description: Vulnerable JAR files (present for dependency CVEs).
analysis:
"$ref": "bom-1.6.schema.json#/definitions/vulnerability/properties/analysis"
description: |
Analysis of the vulnerability in CycloneDX format.
Currently only the `state`, `justification`, and `response` properties are used.
title:
type: string
additionalProperties: false