Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new flag to display overview of CVEs #354

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add new flag to display overview of CVEs #354

wants to merge 3 commits into from
+53 −0

Conversation

Gr1mmie
Copy link

@Gr1mmie Gr1mmie commented Jan 6, 2025

Description

Adds -explain flag to cvemap. This flag will display general information on the CVEs returned from a search. It is most helpful when querying a small amount of CVEs, JSON is recommended for larger outputs. Flag can be combined with -silent to omit banner if needed.

Reason for Addition

While it is possible to retrieve all available CVE data in the form of JSON, it's convenient to be able to view general data (description, cwe info, POC and reference links, patches, etc.) in an easy-to-read fashion and without having to parse data outside the tool. This feature merely adds an additional option for viewing data pertaining to the CVEs returned from a search.

Usage

./cvemap -limit 1 -explain


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

[INF] Current cvemap version v0.0.7 (latest)
CVE ID: CVE-2024-9680
Description: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
CVSS Score: 9.8
Severity: critical
CWE Info: CWE-416(Use After Free)
Age: 89
Vulnerability Status: confirmed
Exploited Remotely: true
POC Available: true
POC(s):
        gh-nomi-sec - https://github.com/PraiseImafidon/Version_Vulnerability_Scanner
        gh-nomi-sec - https://github.com/tdonaworth/Firefox-CVE-2024-9680
Available Patch(es):
        - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039
Reference(s):
        - https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
        - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992
        - https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html
        - https://github.com/PraiseImafidon/Version_Vulnerability_Scanner
        - https://github.com/fkie-cad/nvd-json-data-feeds
        - https://github.com/nomi-sec/PoC-in-GitHub
        - https://github.com/tdonaworth/Firefox-CVE-2024-9680

For all CVE data, output to JSON using -j/-json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Gr1mmie