CVE Vulnerabilities Occurrences

Overview

Get the packages and impacted external objects for a Common Vulnerabilities and Exposures (CVE) reference. The service returns the list of impacted packages, and for each package the list of external objects. These insights come from the com.castsoftware.highlight2mri scanner.

URI

GET /rest/applications/{name}/insights/cve/{id}/occurrences

Path parameters

name (string)

This parameter identifies the analyzed application. The application name must be properly encoded if it is required. Character back-quote is not allowed.

id (string)

The CVE reference.

Query parameters

limit (integer)

Required. The maximum number of packages to return.

skip (integer)

Optional. The number of packages to skip before including packages in the search limit.

Responses

application/json

The response is the list of CVE packages. Example:

[
    {
        "name": "org.drools:drools-core",
        "releaseDate": {
          "dateTime": "2024-04-22T08:41:34Z"
        },
        "releasesPerYear": 9,
        "saferClosestVersion": "7.39.0.CR1",
        "safestVersion": "7.39.0.CR1",
        "version": "7.32.0.Final"
        "objects": [
            {
            "id": "18097",
            "name": "StringUtils",
            "fullName": "org.drools.core.util.StringUtils",
            "mangling": "",
            "type": "Java Class",
            "typeId": "JV_CLASS"
          },
          {
            "id": "4846",
            "name": "isEmpty",
            "fullName": "org.drools.core.util.StringUtils.isEmpty",
            "mangling": "isEmpty(java.lang.CharSequence) return boolean",
            "type": "Java Method",
            "typeId": "JV_METHOD"
          }
        ]
    }
]

JSON representation

Property	Type	Description
name	string	The package name. Note: A Maven package name is the concatenation of artifact ID with package ID.
version	string	The used package version.
releaseDate.dateTime	string	Release date of the package.
releasesPerYear	integer	Number of packages release per year on average.
saferClosestVersion	string	A safer closest package version minimizing code break changes.
safestVersion	string	The safest package version.
objects	array	The list of external objects of this package referred from the application
objects[].id	string	The external object ID.
objects[].name	string	The external object name.
objects[].fullName	string	The external object long name, usually locates the object in software architecture.
objects[].mangling	string	The external function signature or an empty string if not applicable.
objects[].type	string	The external object type for a display.
objects[].typeId	string	The external object type identifier is the type reference key.