Class VulnerabilityNote.Detail (2.43.0)

A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).

Protobuf type grafeas.v1.VulnerabilityNote.Detail

Required. The CPE URI this vulnerability affects.

string affected_cpe_uri = 4;

Required. The CPE URI this vulnerability affects.

string affected_cpe_uri = 4;

Required. The package this vulnerability affects.

string affected_package = 5;

Required. The package this vulnerability affects.

string affected_package = 5;

The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.

.grafeas.v1.Version affected_version_end = 7;

The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.

.grafeas.v1.Version affected_version_end = 7;

The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.

.grafeas.v1.Version affected_version_start = 6;

The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.

.grafeas.v1.Version affected_version_start = 6;

A vendor-specific description of this vulnerability.

string description = 2;

A vendor-specific description of this vulnerability.

string description = 2;

The distro recommended CPE URI to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.

string fixed_cpe_uri = 8;

The distro recommended CPE URI to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.

string fixed_cpe_uri = 8;

The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.

string fixed_package = 9;

The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.

string fixed_package = 9;

The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.

.grafeas.v1.Version fixed_version = 10;

The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.

.grafeas.v1.Version fixed_version = 10;

Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.

bool is_obsolete = 11;

The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

string package_type = 3;

The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).

string package_type = 3;

The distro assigned severity of this vulnerability.

string severity_name = 1;

The distro assigned severity of this vulnerability.

string severity_name = 1;

The source from which the information in this Detail was obtained.

string source = 13;

The source from which the information in this Detail was obtained.

string source = 13;

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

.google.protobuf.Timestamp source_update_time = 12;

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

.google.protobuf.Timestamp source_update_time = 12;

The name of the vendor of the product.

string vendor = 14;

The name of the vendor of the product.

string vendor = 14;

The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.

.grafeas.v1.Version affected_version_end = 7;

The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.

.grafeas.v1.Version affected_version_start = 6;

The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.

.grafeas.v1.Version fixed_version = 10;

The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

.google.protobuf.Timestamp source_update_time = 12;