From 3b551fc466b992ac09ab04d54ddcb3c36e1dd670 Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Wed, 23 Oct 2024 11:45:22 +0200
Subject: cve-check: add support for cvss v4.0

https://nvd.nist.gov/general/news/cvss-v4-0-official-support

CVSS v4.0 was released in November 2023
NVD announced support for it in June 2024

Current stats are:
* cvss v4 provided, but also v3, so cve-check showed a value
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 != 0.0;
2069
* only cvss v4 provided, so cve-check did not show any
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 = 0.0;
260

(From OE-Core rev: 358dbfcd80ae1fa414d294c865dd293670c287f0)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 scripts/cve-json-to-text.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'scripts/cve-json-to-text.py')

diff --git a/scripts/cve-json-to-text.py b/scripts/cve-json-to-text.py
index 5531ee5eb6..87a5669987 100755
--- a/scripts/cve-json-to-text.py
+++ b/scripts/cve-json-to-text.py
@@ -125,6 +125,8 @@ def process_data(filename, data):
                 lines += "CVSS v2 BASE SCORE: %s\n" % issue["scorev2"]
             if "scorev3" in issue:
                 lines += "CVSS v3 BASE SCORE: %s\n" % issue["scorev3"]
+            if "scorev4" in issue:
+                lines += "CVSS v4 BASE SCORE: %s\n" % issue["scorev4"]
             if "vector" in issue:
                 lines += "VECTOR: %s\n" % issue["vector"]
             if "vectorString" in issue:
-- 
cgit v1.2.3-54-g00ecf