{ "$schema": "http://json-schema.org/draft-04/schema#", "definitions": { "def_configurations": { "description": "Defines the set of product configurations for a NVD applicability statement.", "properties": { "CVE_data_version": { "type": "string" }, "nodes": { "items": { "$ref": "#/definitions/def_node" }, "type": "array" } }, "required": [ "CVE_data_version" ] }, "def_cpe_match": { "description": "CPE match string or range", "properties": { "cpe22Uri": { "type": "string" }, "cpe23Uri": { "type": "string" }, "cpe_name": { "items": { "$ref": "#/definitions/def_cpe_name" }, "type": "array" }, "versionEndExcluding": { "type": "string" }, "versionEndIncluding": { "type": "string" }, "versionStartExcluding": { "type": "string" }, "versionStartIncluding": { "type": "string" }, "vulnerable": { "type": "boolean" } }, "required": [ "vulnerable", "cpe23Uri" ], "type": "object" }, "def_cpe_name": { "description": "CPE name", "properties": { "cpe22Uri": { "type": "string" }, "cpe23Uri": { "type": "string" }, "lastModifiedDate": { "type": "string" } }, "required": [ "cpe23Uri" ], "type": "object" }, "def_cve_item": { "description": "Defines a vulnerability in the NVD data feed.", "properties": { "configurations": { "$ref": "#/definitions/def_configurations" }, "cve": { "$ref": "CVE_JSON_4.0_min_1.1_beta.schema" }, "impact": { "$ref": "#/definitions/def_impact" }, "lastModifiedDate": { "type": "string" }, "publishedDate": { "type": "string" } }, "required": [ "cve" ] }, "def_impact": { "description": "Impact scores for a vulnerability as found on NVD.", "properties": { "baseMetricV2": { "description": "CVSS V2.0 score.", "properties": { "acInsufInfo": { "type": "boolean" }, "cvssV2": { "$ref": "cvss-v2.0_beta.json" }, "exploitabilityScore": { "$ref": "#/definitions/def_subscore" }, "impactScore": { "$ref": "#/definitions/def_subscore" }, "obtainAllPrivilege": { "type": "boolean" }, "obtainOtherPrivilege": { "type": "boolean" }, "obtainUserPrivilege": { "type": "boolean" }, "severity": { "type": "string" }, "userInteractionRequired": { "type": "boolean" } }, "type": "object" }, "baseMetricV3": { "description": "CVSS V3.x score.", "properties": { "cvssV3": { "$ref": "cvss-v3.x_beta.json" }, "exploitabilityScore": { "$ref": "#/definitions/def_subscore" }, "impactScore": { "$ref": "#/definitions/def_subscore" } }, "type": "object" } }, "type": "object" }, "def_node": { "description": "Defines a node or sub-node in an NVD applicability statement.", "properties": { "children": { "items": { "$ref": "#/definitions/def_node" }, "type": "array" }, "cpe_match": { "items": { "$ref": "#/definitions/def_cpe_match" }, "type": "array" }, "negate": { "type": "boolean" }, "operator": { "type": "string" } } }, "def_subscore": { "description": "CVSS subscore.", "maximum": 10, "minimum": 0, "type": "number" } }, "id": "https://scap.nist.gov/schema/nvd/feed/1.1/nvd_cve_feed_json_1.1_beta.schema", "properties": { "CVE_Items": { "description": "NVD feed array of CVE", "items": { "$ref": "#/definitions/def_cve_item" }, "type": "array" }, "CVE_data_format": { "type": "string" }, "CVE_data_numberOfCVEs": { "description": "NVD adds number of CVE in this feed", "type": "string" }, "CVE_data_timestamp": { "description": "NVD adds feed date timestamp", "type": "string" }, "CVE_data_type": { "type": "string" }, "CVE_data_version": { "type": "string" } }, "required": [ "CVE_data_type", "CVE_data_format", "CVE_data_version", "CVE_Items" ], "title": "JSON Schema for NVD Vulnerability Data Feed version 1.1", "type": "object" }