toufik-airane · August 9, 2024 12:23
diff --git a/vulnerability.json b/vulnerability.json
 {
  "id": "VULN-001",
  "title": "SQL Injection",
  "description": {
    "detailedDescription": "A vulnerability that allows attackers to execute arbitrary SQL commands.",
    "detailedImpact": "The attacker can gain unautorized access to the database.",
    "stepsToReproduce": [
      "Navigate to the login page.",
      "Enter a valid username and use the following payload as the password: ' OR '1'='1'; --",
      "Submit the form.",
      "Observe that the login is successful without a valid password, indicating a successful SQL injection."
    ]
  },
  "status": "Open",
  "severity": "High",
  "impact": {
    "confidentiality": "High",
    "integrity": "High",
    "availability": "Medium"
  },
  "date":{
    "discovered": "2024-08-09",
    "lastUpdated": "2024-08-09",
  },
  "source": {
    "type": "SAST",
    "toolName": "Semgrep"
  },
  "affectedComponents": [
    {
      "name": "User Login Module",
      "type": "Web Application",
      "version": "v2.3.1"
    }
  ],
  "references": [
    {
      "type": "CVE",
      "id": "CVE-2024-1234",
      "link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1234"
    },
    {
      "type": "OWASP",
      "id": "A1-2017",
      "link": "https://owasp.org/www-project-top-ten/2017/A1_2017-Injection"
    }
  ],
  "remediation": {
    "linkedIssue": "https://atlassian.com/jira/SEC-123"
    "status": "In Progress",
    "plannedCompletionDate": "2024-08-20",
    "steps": [
      "Sanitize input fields",
      "Use parameterized queries",
      "Update database layer"
    ]
  },
  "reportedBy": {
    "name": "John Doe",
    "email": "[email protected]"
  }
 }
	{
	"id": "VULN-001",
	"title": "SQL Injection",
	"description": {
	"detailedDescription": "A vulnerability that allows attackers to execute arbitrary SQL commands.",
	"detailedImpact": "The attacker can gain unautorized access to the database.",
	"stepsToReproduce": [
	"Navigate to the login page.",
	"Enter a valid username and use the following payload as the password: ' OR '1'='1'; --",
	"Submit the form.",
	"Observe that the login is successful without a valid password, indicating a successful SQL injection."
	]
	},
	"status": "Open",
	"severity": "High",
	"impact": {
	"confidentiality": "High",
	"integrity": "High",
	"availability": "Medium"
	},
	"date":{
	"discovered": "2024-08-09",
	"lastUpdated": "2024-08-09",
	},
	"source": {
	"type": "SAST",
	"toolName": "Semgrep"
	},
	"affectedComponents": [
	{
	"name": "User Login Module",
	"type": "Web Application",
	"version": "v2.3.1"
	}
	],
	"references": [
	{
	"type": "CVE",
	"id": "CVE-2024-1234",
	"link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1234"
	},
	{
	"type": "OWASP",
	"id": "A1-2017",
	"link": "https://owasp.org/www-project-top-ten/2017/A1_2017-Injection"
	}
	],
	"remediation": {
	"linkedIssue": "https://atlassian.com/jira/SEC-123"
	"status": "In Progress",
	"plannedCompletionDate": "2024-08-20",
	"steps": [
	"Sanitize input fields",
	"Use parameterized queries",
	"Update database layer"
	]
	},
	"reportedBy": {
	"name": "John Doe",
	"email": "[email protected]"
	}
	}