ae-cvss-calculator/dist/ae-cvss-calculator.js

A CVSS vector modeling and score calculation implementation for all CVSS versions by {metæffekt}.

!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.CvssCalculator=t():e.CvssCalculator=t()}(this,(()=>(()=>{"use strict";var e={154:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.CvssVector=void 0;class o{constructor(e,t,o){this.vector=e,this.normalize=t,this.scores=o}isUpToDate(e,t){return this.vector===e&&this.normalize===t}getScores(){return this.scores}}t.CvssVector=class{constructor(e){this.vectorChangedListeners=[],this.components=new Map,this.clearComponents(),e&&this.applyVector(e)}calculateScores(e=!1){const t=this.toString(!0);if(this.cachedScores&&this.cachedScores.isUpToDate(t,e))return this.cachedScores.getScores();const a=this.calculateScoresInternal(e);return this.cachedScores=new o(t,e,a),a}fillBaseMetrics(){for(const[e,t]of this.getRegisteredComponents())if("base"===e.name){for(const e of t){const t=e.values[1];t&&this.applyComponent(e,t)}return}throw new Error("No base category found")}getComponents(){return this.components}clearComponents(){this.getRegisteredComponents().forEach(((e,t)=>{e.forEach((e=>this.components.set(e,e.values[0])))}))}clearSpecifiedComponents(e){e.forEach((e=>this.components.set(e,e.values[0])))}addVectorChangedListener(e){this.vectorChangedListeners.push(e)}normalizeVector(e){return e.replace(/\(/g,"").replace(/\)/g,"").replace(/CVSS:\d+\.?\d?/g,"").replace(/\s/g,"").replace(/\\/g,"").replace(/^\//g,"").replace(/\/$/g,"").trim()}findComponent(e){for(const t of this.getRegisteredComponents().values()){const o=t.find((t=>t.name===e||t.shortName===e));if(o)return o}return Array.from(this.components.keys()).find((t=>t.name===e||t.shortName===e))}applyVector(e){this.applyVectorCount(e)}applyVectorCount(e){const t=this.normalizeVector(e).split("/");let o=0;return t.forEach((e=>{if(0===e.length)return;const[t,a]=e.split(":");0!==t.length&&0!==a.length?this.applyComponentString(t,a,!1)&&o++:console.warn("Invalid component/value pair",e)})),this.vectorChangedListeners.forEach((e=>e(this))),o}applyComponentString(e,t,o=!0){const a=this.findComponent(e);if(a){const i=a.values.find((e=>e.name===t||e.shortName===t));if(i)return this.components.get(a)!==i&&(this.applyComponent(a,i),o&&this.vectorChangedListeners.forEach((e=>e(this))),!0);throw new Error(`Unknown component value ${t} for component ${e}`)}throw new Error(`Unknown component ${e} when setting value ${t}`)}applyComponentStringSilent(e,t,o=!0){try{return this.applyComponentString(e,t,o)}catch(e){return!1}}applyComponent(e,t,o=!0){this.components.set(e,t),o&&this.vectorChangedListeners.forEach((e=>e(this)))}applyVectorPartsIf(e,t,o){if(!e)return 0;const a=this.normalizeVector(e);if(0===a.length)return 0;const i=a.split("/");let s=0;for(const e of i){if(!e)continue;const a=e.split(":",2),i=this.clone(),n=t(i);if(2===a.length){i.applyComponentStringSilent(a[0],a[1]);const e=t(i);o?e<=n&&(s+=this.applyComponentStringSilent(a[0],a[1])?1:0):e>=n&&(s+=this.applyComponentStringSilent(a[0],a[1])?1:0)}else console.warn("Unknown vector argument:",e)}return s}applyVectorPartsIfLower(e,t){return this.applyVectorPartsIf(e,t,!0)}applyVectorPartsIfHigher(e,t){return this.applyVectorPartsIf(e,t,!1)}applyVectorPartsIfLowerVector(e,t){return this.applyVectorPartsIf(e.toStringDefinedParts(),t,!0)}applyVectorPartsIfHigherVector(e,t){return this.applyVectorPartsIf(e.toStringDefinedParts(),t,!1)}getComponent(e){const t=this.components.get(e);if(!t)throw new Error(`Unknown component: ${e.name}`);return t}getComponentByString(e){const t=this.findComponent(e);if(!t)throw new Error(`Unknown component: ${e}`);const o=this.components.get(t);if(!o)throw new Error(`Unknown component: ${e}`);return o}getComponentByStringOpt(e){try{return this.getComponentByString(e)}catch(e){return null}}size(){return Array.from(this.components.values()).filter(this.isComponentValueDefined).length}getFirstDefinedComponent(e){return e.map((e=>this.components.get(e))).find(this.isComponentValueDefined)}toString(e=!1,t=this.getRegisteredComponents(),o=!1){let a="";for(const[i,s]of t)if(e||this.isCategoryPartiallyDefined(i))for(const e of s){const t=this.components.get(e);if(t){if(o&&!this.isComponentValueDefined(t))continue;a+=`${e.shortName}:${t.shortName}/`}}return this.getVectorPrefix()+a.slice(0,-1)}toStringDefinedParts(){return this.toString(!1,this.getRegisteredComponents(),!0)}isCategoryFullyDefined(e){const t=this.getRegisteredComponents().get(e);return!!t&&t.every((e=>void 0!==this.components.get(e)&&"ND"!==this.components.get(e).shortName&&"X"!==this.components.get(e).shortName))}isCategoryPartiallyDefined(e){const t=this.getRegisteredComponents().get(e);return!!t&&t.some((e=>void 0!==this.components.get(e)&&"ND"!==this.components.get(e).shortName&&"X"!==this.components.get(e).shortName))}round(e,t){let o=Math.pow(10,t);return Math.round(e*o)/o}roundUp(e){let t=Math.round(1e5*e);return t%1e4==0?t/1e5:(Math.floor(t/1e4)+1)/10}normalizeScore(e,t){return 10===t?e:this.round(this.mapRange(e,0,t,0,10),1)}mapRange(e,t,o,a,i){return(e-t)/(o-t)*(i-a)+a}pickRandomDefinedComponentValue(e){for(let t=0;t<999999;t++){const t=e.values[Math.floor(Math.random()*e.values.length)];if("X"!==t.shortName&&"ND"!==t.shortName&&!t.hide)return t}}clone(){const e=new this.constructor;return e.components=new Map(this.components),e}diffVector(e){const t=new this.constructor;for(const[o,a]of this.getRegisteredComponents())for(const o of a){const a=this.components.get(o),i=e.components.get(o),s=this.isComponentValueDefined(a),n=this.isComponentValueDefined(i);s&&n&&a.shortName!==i.shortName||!s&&n?t.applyComponent(o,i):s&&!n&&t.applyComponent(o,a)}return t}applyEnvironmentalMetricsOntoBase(){for(const[e,t]of this.getRegisteredComponents())for(const e of t){const t=this.components.get(e);t&&e.baseMetricEquivalent&&this.isComponentValueDefined(t)&&(e.baseMetricEquivalentMapper?this.applyComponentString(e.baseMetricEquivalent.shortName,e.baseMetricEquivalentMapper(t).shortName,!1):this.applyComponentString(e.baseMetricEquivalent.shortName,t.shortName,!1),this.applyComponent(e,e.values[0],!1))}this.vectorChangedListeners.forEach((e=>e(this)))}isComponentValueDefined(e){return void 0!==e&&"ND"!==e.shortName&&"X"!==e.shortName}static _reorderAttributeSeverityOrder(e){const t=[];return e.forEach(((e,o)=>{t.push([e])})),t}}},156:function(e,t,o){var a=this&&this.__createBinding||(Object.create?function(e,t,o,a){void 0===a&&(a=o);var i=Object.getOwnPropertyDescriptor(t,o);i&&!("get"in i?!t.__esModule:i.writable||i.configurable)||(i={enumerable:!0,get:function(){return t[o]}}),Object.defineProperty(e,a,i)}:function(e,t,o,a){void 0===a&&(a=o),e[a]=t[o]}),i=this&&this.__exportStar||function(e,t){for(var o in e)"default"===o||Object.prototype.hasOwnProperty.call(t,o)||a(t,e,o)};Object.defineProperty(t,"__esModule",{value:!0}),t.Cvss4P0=t.Cvss3P0=t.Cvss3P1=t.Cvss2=t.CvssVector=void 0;var s=o(154);Object.defineProperty(t,"CvssVector",{enumerable:!0,get:function(){return s.CvssVector}}),i(o(564),t);var n=o(475);Object.defineProperty(t,"Cvss2",{enumerable:!0,get:function(){return n.Cvss2}});var r=o(371);Object.defineProperty(t,"Cvss3P1",{enumerable:!0,get:function(){return r.Cvss3P1}});var c=o(623);Object.defineProperty(t,"Cvss3P0",{enumerable:!0,get:function(){return c.Cvss3P0}});var l=o(987);Object.defineProperty(t,"Cvss4P0",{enumerable:!0,get:function(){return l.Cvss4P0}})},331:(e,t)=>{var o;Object.defineProperty(t,"__esModule",{value:!0}),t.Cvss3P0Components=void 0;class a{}t.Cvss3P0Components=a,o=a,a.CONFIDENTIALITY_IMPACT_VALUES={X:{shortName:"X",value:0,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},N:{shortName:"N",value:0,name:"None",jsonSchemaName:"NONE",description:"There is no loss of confidentiality within the impacted component."},L:{shortName:"L",value:.22,name:"Low",jsonSchemaName:"LOW",description:"There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the impacted component."},H:{shortName:"H",value:.56,name:"High",jsonSchemaName:"HIGH",description:"There is a total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server."}},a.CONFIDENTIALITY_IMPACT=[o.CONFIDENTIALITY_IMPACT_VALUES.X,o.CONFIDENTIALITY_IMPACT_VALUES.N,o.CONFIDENTIALITY_IMPACT_VALUES.L,o.CONFIDENTIALITY_IMPACT_VALUES.H],a.INTEGRITY_IMPACT_VALUES={X:{shortName:"X",value:0,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},N:{shortName:"N",value:0,name:"None",jsonSchemaName:"NONE",description:"There is no loss of integrity within the impacted component."},L:{shortName:"L",value:.22,name:"Low",jsonSchemaName:"LOW",description:"Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact on the impacted component."},H:{shortName:"H",value:.56,name:"High",jsonSchemaName:"HIGH",description:"There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component."}},a.INTEGRITY_IMPACT=[o.INTEGRITY_IMPACT_VALUES.X,o.INTEGRITY_IMPACT_VALUES.N,o.INTEGRITY_IMPACT_VALUES.L,o.INTEGRITY_IMPACT_VALUES.H],a.AVAILABILITY_IMPACT_VALUES={X:{shortName:"X",value:0,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},N:{shortName:"N",value:0,name:"None",jsonSchemaName:"NONE",description:"There is no impact to availability within the impacted component."},L:{shortName:"L",value:.22,name:"Low",jsonSchemaName:"LOW",description:"Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the impacted component are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the impacted component."},H:{shortName:"H",value:.56,name:"High",jsonSchemaName:"HIGH",description:"There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable)."}},a.AVAILABILITY_IMPACT=[o.AVAILABILITY_IMPACT_VALUES.X,o.AVAILABILITY_IMPACT_VALUES.N,o.AVAILABILITY_IMPACT_VALUES.L,o.AVAILABILITY_IMPACT_VALUES.H],a.CONFIDENTIALITY_REQUIREMENT_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Assigning this value indicates there is insufficient information to choose one of the other values, and has no impact on the overall Environmental Score, i.e., it has the same effect on scoring as assigning Medium."},L:{shortName:"L",value:.5,name:"Low",jsonSchemaName:"LOW",description:"Loss of Confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."},M:{shortName:"M",value:1,name:"Medium",jsonSchemaName:"MEDIUM",description:"Loss of Confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."},H:{shortName:"H",value:1.5,name:"High",jsonSchemaName:"HIGH",description:"Loss of Confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."}},a.CONFIDENTIALITY_REQUIREMENT=[o.CONFIDENTIALITY_REQUIREMENT_VALUES.X,o.CONFIDENTIALITY_REQUIREMENT_VALUES.L,o.CONFIDENTIALITY_REQUIREMENT_VALUES.M,o.CONFIDENTIALITY_REQUIREMENT_VALUES.H],a.INTEGRITY_REQUIREMENT_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Assigning this value indicates there is insufficient information to choose one of the other values, and has no impact on the overall Environmental Score, i.e., it has the same effect on scoring as assigning Medium."},L:{shortName:"L",value:.5,name:"Low",jsonSchemaName:"LOW",description:"Loss of Integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."},M:{shortName:"M",value:1,name:"Medium",jsonSchemaName:"MEDIUM",description:"Loss of Integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."},H:{shortName:"H",value:1.5,name:"High",jsonSchemaName:"HIGH",description:"Loss of Integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."}},a.INTEGRITY_REQUIREMENT=[o.INTEGRITY_REQUIREMENT_VALUES.X,o.INTEGRITY_REQUIREMENT_VALUES.L,o.INTEGRITY_REQUIREMENT_VALUES.M,o.INTEGRITY_REQUIREMENT_VALUES.H],a.AVAILABILITY_REQUIREMENT_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Assigning this value indicates there is insufficient information to choose one of the other values, and has no impact on the overall Environmental Score, i.e., it has the same effect on scoring as assigning Medium."},L:{shortName:"L",value:.5,name:"Low",jsonSchemaName:"LOW",description:"Loss of Availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."},M:{shortName:"M",value:1,name:"Medium",jsonSchemaName:"MEDIUM",description:"Loss of Availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."},H:{shortName:"H",value:1.5,name:"High",jsonSchemaName:"HIGH",description:"Loss of Availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)."}},a.AVAILABILITY_REQUIREMENT=[o.AVAILABILITY_REQUIREMENT_VALUES.X,o.AVAILABILITY_REQUIREMENT_VALUES.L,o.AVAILABILITY_REQUIREMENT_VALUES.M,o.AVAILABILITY_REQUIREMENT_VALUES.H],a.TEMPLATE_CIA_REQUIREMENT_MODIFIED_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},L:{shortName:"L",value:.5,name:"Low",jsonSchemaName:"LOW",description:"There is no impact to the integrity of the system."},M:{shortName:"M",value:1,name:"Medium",jsonSchemaName:"MEDIUM",description:"There is a partial compromise of system integrity."},H:{shortName:"H",value:1.5,name:"High",jsonSchemaName:"HIGH",description:"There is a total compromise of system integrity."}},a.TEMPLATE_CIA_REQUIREMENT_MODIFIED=[o.TEMPLATE_CIA_REQUIREMENT_MODIFIED_VALUES.X,o.TEMPLATE_CIA_REQUIREMENT_MODIFIED_VALUES.L,o.TEMPLATE_CIA_REQUIREMENT_MODIFIED_VALUES.M,o.TEMPLATE_CIA_REQUIREMENT_MODIFIED_VALUES.H],a.BASE_CATEGORY={name:"base",description:"This metric reflects the qualities of a vulnerability that are constant over time and across user environments."},a.AV_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},N:{shortName:"N",value:.85,name:"Network",abbreviatedName:"Netw.",jsonSchemaName:"NETWORK",description:"The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet."},A:{shortName:"A",value:.62,name:"Adjacent Network",abbreviatedName:"Adj. Network",jsonSchemaName:"ADJACENT_NETWORK",description:"The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology."},L:{shortName:"L",value:.55,name:"Local",jsonSchemaName:"LOCAL",description:"The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities."},P:{shortName:"P",value:.2,name:"Physical",abbreviatedName:"Phys.",jsonSchemaName:"PHYSICAL",description:"The attack requires the attacker to physically touch or manipulate the vulnerable component."}},a.AV={name:"Attack Vector",shortName:"AV",subCategory:"Exploitability Metrics",description:"This metric reflects the context by which vulnerability exploitation is possible. The more remote an attacker can be to attack a host, the greater the vulnerability score.",values:[o.AV_VALUES.X,o.AV_VALUES.N,o.AV_VALUES.A,o.AV_VALUES.L,o.AV_VALUES.P]},a.AC_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},L:{shortName:"L",value:.77,name:"Low",jsonSchemaName:"LOW",description:"Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component."},H:{shortName:"H",value:.44,name:"High",jsonSchemaName:"HIGH",description:"A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected."}},a.AC={name:"Attack Complexity",shortName:"AC",subCategory:"Exploitability Metrics",description:"This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.",values:[o.AC_VALUES.X,o.AC_VALUES.L,o.AC_VALUES.H]},a.PR_VALUES={X:{shortName:"X",value:1,changedValue:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},N:{shortName:"N",value:.85,changedValue:.85,name:"None",jsonSchemaName:"NONE",description:"The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack."},L:{shortName:"L",value:.62,changedValue:.68,name:"Low",jsonSchemaName:"LOW",description:"The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources."},H:{shortName:"H",value:.27,changedValue:.5,name:"High",jsonSchemaName:"HIGH",description:"The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files."}},a.PR={name:"Privileges Required",shortName:"PR",subCategory:"Exploitability Metrics",description:"This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.",values:[o.PR_VALUES.X,o.PR_VALUES.N,o.PR_VALUES.L,o.PR_VALUES.H]},a.UI_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},N:{shortName:"N",value:.85,name:"None",jsonSchemaName:"NONE",description:"The vulnerable system can be exploited without interaction from any user."},R:{shortName:"R",value:.62,name:"Required",abbreviatedName:"Req.",jsonSchemaName:"REQUIRED",description:"Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited. For example, a successful exploit may only be possible during the installation of an application by a system administrator."}},a.UI={name:"User Interaction",shortName:"UI",subCategory:"Exploitability Metrics",description:"This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.",values:[o.UI_VALUES.X,o.UI_VALUES.N,o.UI_VALUES.R]},a.S_VALUES={X:{shortName:"X",value:!1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},U:{shortName:"U",value:!1,name:"Unchanged",abbreviatedName:"Unchang.",jsonSchemaName:"UNCHANGED",description:"An exploited vulnerability can only affect resources managed by the same authority."},C:{shortName:"C",value:!0,name:"Changed",jsonSchemaName:"CHANGED",description:"An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable system's design."}},a.S={name:"Scope",shortName:"S",subCategory:"Exploitability Metrics",description:"Can an exploit of the vulnerability be accomplished remotely?",values:[o.S_VALUES.X,o.S_VALUES.U,o.S_VALUES.C]},a.C={name:"Confidentiality Impact",shortName:"C",subCategory:"Impact Metrics",description:"This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.",values:o.CONFIDENTIALITY_IMPACT},a.I={name:"Integrity Impact",shortName:"I",subCategory:"Impact Metrics",description:"This metric measures the impact to integrity of a successfully exploited vulnerability.",values:o.INTEGRITY_IMPACT},a.A={name:"Availability Impact",shortName:"A",subCategory:"Impact Metrics",description:"This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.",values:o.AVAILABILITY_IMPACT},a.BASE_CATEGORY_VALUES=[o.AV,o.AC,o.PR,o.UI,o.S,o.C,o.I,o.A],a.TEMPORAL_CATEGORY={name:"temporal",description:"This metric reflects the current state of exploit techniques or code availability."},a.E_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},U:{shortName:"U",value:.91,name:"Unproven",abbreviatedName:"Unproven",description:"No exploit code is available, or an exploit is theoretical."},P:{shortName:"P",value:.94,name:"Proof-of-Concept",abbreviatedName:"Proof-of-conc.",jsonSchemaName:"PROOF_OF_CONCEPT",description:"Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker."},F:{shortName:"F",value:.97,name:"Functional",jsonSchemaName:"FUNCTIONAL",description:"Functional exploit code is available. The code works in most situations where the vulnerability exists."},H:{shortName:"H",value:1,name:"High",jsonSchemaName:"HIGH",description:"Functional exploit code is available. The code is widespread and automated and works in all situations where the vulnerability exists."}},a.E={name:"Exploit Code Maturity",shortName:"E",description:"This metric measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, successful exploitation of the vulnerability.",values:[o.E_VALUES.X,o.E_VALUES.U,o.E_VALUES.P,o.E_VALUES.F,o.E_VALUES.H]},a.RL_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},O:{shortName:"O",value:.95,name:"Official Fix",abbreviatedName:"Off. Fix",jsonSchemaName:"OFFICIAL_FIX",description:"A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available."},T:{shortName:"T",value:.96,name:"Temporary Fix",abbreviatedName:"Temp. Fix",jsonSchemaName:"TEMPORARY_FIX",description:"There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool, or workaround."},W:{shortName:"W",value:.97,name:"Workaround",jsonSchemaName:"WORKAROUND",description:"There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate the vulnerability."},U:{shortName:"U",value:1,name:"Unavailable",jsonSchemaName:"UNAVAILABLE",description:"There is either no solution available or it is impossible to apply."}},a.RL={name:"Remediation Level",shortName:"RL",description:"This metric describes the remediation level for a vulnerability in an affected resource.",values:[o.RL_VALUES.X,o.RL_VALUES.O,o.RL_VALUES.T,o.RL_VALUES.W,o.RL_VALUES.U]},a.RC_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},U:{shortName:"U",value:.92,name:"Unknown",description:"Report confidence is unknown."},R:{shortName:"R",value:.96,name:"Reasonable",jsonSchemaName:"REASONABLE",description:"Reasonable confidence exists, or the reported vulnerability is in a component not typically used by a target or not having a large installed base."},C:{shortName:"C",value:1,name:"Confirmed",jsonSchemaName:"CONFIRMED",description:"Confirmed confidence exists, or the exploit is functional in the environment where the vulnerability exists."}},a.RC={name:"Report Confidence",shortName:"RC",description:"This metric describes the level of confidence in the existence of the vulnerability and the credibility of the known technical details.",values:[o.RC_VALUES.X,o.RC_VALUES.U,o.RC_VALUES.R,o.RC_VALUES.C]},a.TEMPORAL_CATEGORY_VALUES=[o.E,o.RL,o.RC],a.ENVIRONMENTAL_CATEGORY={name:"environmental",description:"This metric reflects the characteristics of a vulnerability that are relevant and unique to a particular user's environment. This metric can greatly improve the accuracy of a score."},a.MAV_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},N:{shortName:"N",value:.85,name:"Network",abbreviatedName:"Netw.",jsonSchemaName:"NETWORK",description:"The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet."},A:{shortName:"A",value:.62,name:"Adjacent Network",abbreviatedName:"Adj. Network",jsonSchemaName:"ADJACENT_NETWORK",description:"The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology."},L:{shortName:"L",value:.55,name:"Local",jsonSchemaName:"LOCAL",description:"The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities."},P:{shortName:"P",value:.2,name:"Physical",abbreviatedName:"Phys.",jsonSchemaName:"PHYSICAL",description:"The attack requires the attacker to physically touch or manipulate the vulnerable component."}},a.MAV={name:"Modified Attack Vector",shortName:"MAV",subCategory:"Exploitability Metrics",description:"This metric reflects the context by which vulnerability exploitation is possible. The more remote an attacker can be to attack a host, the greater the vulnerability score.",baseMetricEquivalent:o.AV,values:[o.MAV_VALUES.X,o.MAV_VALUES.N,o.MAV_VALUES.A,o.MAV_VALUES.L,o.MAV_VALUES.P]},a.MAC_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},L:{shortName:"L",value:.77,name:"Low",jsonSchemaName:"LOW",description:"Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component."},H:{shortName:"H",value:.44,name:"High",jsonSchemaName:"HIGH",description:"A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected."}},a.MAC={name:"Modified Attack Complexity",shortName:"MAC",subCategory:"Exploitability Metrics",description:"This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.",baseMetricEquivalent:o.AC,values:[o.MAC_VALUES.X,o.MAC_VALUES.L,o.MAC_VALUES.H]},a.MPR_VALUES={X:{shortName:"X",value:1,changedValue:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},N:{shortName:"N",value:.85,changedValue:.85,name:"None",jsonSchemaName:"NONE",description:"The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack."},L:{shortName:"L",value:.62,changedValue:.68,name:"Low",jsonSchemaName:"LOW",description:"The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources."},H:{shortName:"H",value:.27,changedValue:.5,name:"High",jsonSchemaName:"HIGH",description:"The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files."}},a.MPR={name:"Modified Privileges Required",shortName:"MPR",subCategory:"Exploitability Metrics",description:"This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.",baseMetricEquivalent:o.PR,values:[o.MPR_VALUES.X,o.MPR_VALUES.N,o.MPR_VALUES.L,o.MPR_VALUES.H]},a.MUI_VALUES={X:{shortName:"X",value:1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},N:{shortName:"N",value:.85,name:"None",jsonSchemaName:"NONE",description:"The vulnerable system can be exploited without interaction from any user."},R:{shortName:"R",value:.62,name:"Required",jsonSchemaName:"REQUIRED",description:"Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited. For example, a successful exploit may only be possible during the installation of an application by a system administrator."}},a.MUI={name:"Modified User Interaction",shortName:"MUI",subCategory:"Exploitability Metrics",description:"This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.",baseMetricEquivalent:o.UI,values:[o.MUI_VALUES.X,o.MUI_VALUES.N,o.MUI_VALUES.R]},a.MS_VALUES={X:{shortName:"X",value:!1,name:"Not Defined",abbreviatedName:"Not Def.",jsonSchemaName:"NOT_DEFINED",description:"Component is not defined."},U:{shortName:"U",value:!1,name:"Unchanged",abbreviatedName:"Unchang.",jsonSchemaName:"UNCHANGED",description:"An exploited vulnerability can only affect resources managed by the same authority."},C:{shortName:"C",value:!0,name:"Changed",jsonSchemaName:"CHANGED",description:"An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable system's design."}},a.MS={name:"Modified Scope",shortName:"MS",subCategory:"Exploitability Metrics",description:"Can an exploit of the vulnerability be accomplished remotely?",baseMetricEquivalent:o.S,values:[o.MS_VALUES.X,o.MS_VALUES.U,o.MS_VALUES.C]},a.MC={name:"Confidentiality Impact",shortName:"MC",subCategory:"Modified Impact",description:"This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.",baseMetricEquivalent:o.C,values:o.CONFIDENTIALITY_IMPACT},a.MI={name:"Integrity Impact",shortName:"MI",subCategory:"Modified Impact",description:"This metric measures the impact to integrity of a successfully exploited vulnerability.",baseMetricEquivalent:o.I,values:o.INTEGRITY_IMPACT},a.MA={name:"Availability Impact",shortName:"MA",subCategory:"Modified Impact",description:"This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.",baseMetricEquivalent:o.A,values:o.AVAILABILITY_IMPACT},a.CR={name:"Confidentiality Requirement",shortName:"CR",subCategory:"Modified Requirement (Impact Subscore) Modifiers",description:"This metric describes the remediation level for a vulnerability in an affected resource.",values:o.CONFIDENTIALITY_REQUIREMENT},a.IR={name:"Integrity Requirement",shortName:"IR",subCategory:"Modified Requirement (Impact Subscore) Modifiers",description:"This metric describes the remediation level for a vulnerability in an affected resource.",values:o.INTEGRITY_REQUIREMENT},a.AR={name:"Availability Requirement",shortName:"AR",subCategory:"Modified Requirement (Impact Subscore) Modifiers",description:"This metric describes the remediation level for a vulnerability in an affected resource.",values:o.AVAILABILITY_REQUIREMENT},a.ENVIRONMENTAL_CATEGORY_VALUES=[o.MAV,o.MAC,o.MPR,o.MUI,o.MS,o.MC,o.MI,o.MA,o.CR,o.IR,o.AR],a.REGISTERED_COMPONENTS=new Map,o.REGISTERED_COMPONENTS.set(o.BASE_CATEGORY,o.BASE_CATEGORY_VALUES),o.REGISTERED_COMPONENTS.set(o.TEMPORAL_CATEGORY,o.TEMPORAL_CATEGORY_VALUES),o.REGISTERED_COMPONENTS.set(o.ENVIRONMENTAL_CATEGORY,o.ENVIRONMENTAL_CATEGORY_VALUES),a.ATTRIBUTE_SEVERITY_ORDER=[[o.S_VALUES.U,o.MS_VALUES.U],[o.CONFIDENTIALITY_IMPACT_VALUES.N,o.INTEGRITY_IMPACT_VALUES.N,o.AVAILABILITY_IMPACT_VALUES.N],[o.AV_VALUES.P,o.MAV_VALUES.P],[o.CONFIDENTIALITY_IMPACT_VALUES.L,o.INTEGRITY_IMPACT_VALUES.L,o.AVAILABILITY_IMPACT_VALUES.L],[o.PR_VALUES.H,o.MPR_VALUES.H],[o.AC_VALUES.H,o.MAC_VALUES.H],[o.CONFIDENTIALITY_REQUIREMENT_VALUES.L,o.INTEGRITY_REQUIREMENT_VALUES.L,o.AVAILABILITY_REQUIREMENT_VALUES.L],[o.AV_VALUES.L,o.MAV_VALUES.L],[o.CONFIDENTIALITY_IMPACT_VALUES.H,o.INTEGRITY_IMPACT_VALUES.H,o.AVAILABILITY_IMPACT_VALUES.H],[o.AV_VALUES.A,o.MAV_VALUES.A],[o.UI_VALUES.R,o.MUI_VALUES.R],[o.PR_VALUES.L,o.MPR_VALUES.L],[o.AC_VALUES.L,o.MAC_VALUES.L],[o.AV_VALUES.N,o.MAV_VALUES.N],[o.PR_VALUES.N,o.MPR_VALUES.N],[o.UI_VALUES.N,o.MUI_VALUES.N],[o.E_VALUES.U],[o.E_VALUES.P],[o.E_VALUES.F],[o.E_VALUES.H],[o.E_VALUES.X],[o.RC_VALUES.U],[o.RL_VALUES.O],[o.RL_VALUES.T],[o.RC_VALUES.R],[o.RL_VALUES.W],[o.AV_VALUES.X,o.MAV_VALUES.X],[o.AC_VALUES.X,o.MAC_VALUES.X],[o.PR_VALUES.X,o.MPR_VALUES.X],[o.UI_VALUES.X,o.MUI_VALUES.X],[o.S_VALUES.C,o.MS_VALUES.C],[o.S_VALUES.X,o.MS_VALUES.X],[o.CONFIDENTIALITY_IMPACT_VALUES.X],[o.INTEGRITY_IMPACT_VALUES.X],[o.AVAILABILITY_IMPACT_VALUES.X],[o.RL_VALUES.U],[o.RL_VALUES.X],[o.RC_VALUES.C],[o.RC_VALUES.X],[o.CONFIDENTIALITY_REQUIREMENT_VALUES.M,o.INTEGRITY_REQUIREMENT_VALUES.M,o.AVAILABILITY_REQUIREMENT_VALUES.M],[o.CONFIDENTIALITY_REQUIREMENT_VALUES.X,o.INTEGRITY_REQUIREMENT_VALUES.X,o.AVAILABILITY_REQUIREMENT_VALUES.X],[o.CONFIDENTIALITY_REQUIREMENT_VALUES.H,o.INTEGRITY_REQUIREMENT_VALUES.H,o.AVAILABILITY_REQUIREMENT_VALUES.H]]},371:(e,t,o)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.Cvss3P1=void 0;const a=o(154),i=o(951);class s extends a.CvssVector{constructor(e){super(e)}getRegisteredComponents(){return i.Cvss3P1Components.REGISTERED_COMPONENTS}getVectorPrefix(){return"CVSS:3.1/"}getVectorName(){return"CVSS:3.1"}fillAverageVector(){this.applyVector("AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L")}fillRandomBaseVector(){this.fillRandomComponentsForCategory(i.Cvss3P1Components.BASE_CATEGORY)}fillRandomTemporalVector(){this.fillRandomComponentsForCategory(i.Cvss3P1Components.TEMPORAL_CATEGORY)}fillRandomEnvironmentalVector(){this.fillRandomComponentsForCategory(i.Cvss3P1Components.ENVIRONMENTAL_CATEGORY)}fillRandomComponentsForCategory(e){const t=i.Cvss3P1Components.REGISTERED_COMPONENTS.get(e);if(t)for(let e=0;e<t.length;e++){const o=t[e],a=super.pickRandomDefinedComponentValue(o);if(!a)return console.warn("Failed to pick random vector component for",o),void this.fillAverageVector();this.applyComponent(o,a)}else console.warn("Failed to pick random vector components for",e)}calculateScoresInternal(e=!1){const t=this.isBaseFullyDefined(),o=this.isAnyTemporalDefined(),a=this.isAnyEnvironmentalDefined();return{normalized:e,base:t?super.round(this.calculateExactBaseScore(),1):void 0,impact:t?super.normalizeScore(super.round(this.calculateImpactScore(),1),e?6:10):void 0,exploitability:t?super.normalizeScore(super.round(this.calculateExactExploitabilityScore(),1),e?3.9:10):void 0,temporal:t&&o?super.round(this.calculateExactTemporalScore(),1):void 0,environmental:t&&a?super.round(this.calculateExactEnvironmentalScore(),1):void 0,modifiedImpact:t&&a?super.normalizeScore(super.round(Math.max(0,this.calculateExactAdjustedImpactScore()),1),e?6.1:10):void 0,overall:super.round(this.calculateExactOverallScore(),1),vector:this.toString()}}calculateExactBaseScore(){if(!this.isBaseFullyDefined())return 0;let e=this.calculateExactImpactScore();if(e<=0)return 0;let t=this.calculateExactExploitabilityScore();return this.getComponent(i.Cvss3P1Components.S).value?super.roundUp(Math.min(s.SCOPE_COEFFICIENT*(e+t),10)):super.roundUp(Math.min(e+t,10))}calculateImpactScore(){const e=this.calculateExactImpactScore();return e<=0?0:e}calculateExactImpactScore(){let e=this.calculateExactISSScore();return this.getComponent(i.Cvss3P1Components.S).value?s.SCOPE_CHANGED_FACTOR*(e-.029)-3.25*Math.pow(e-.02,15):s.SCOPE_UNCHANGED_FACTOR*e}calculateExactISSScore(){return 1-(1-this.getComponent(i.Cvss3P1Components.C).value)*(1-this.getComponent(i.Cvss3P1Components.I).value)*(1-this.getComponent(i.Cvss3P1Components.A).value)}calculateExactMISSScore(){let e,t,o,a,s,n,r=this.getComponent(i.Cvss3P1Components.MC),c=this.getComponent(i.Cvss3P1Components.MI),l=this.getComponent(i.Cvss3P1Components.MA),m=this.getComponent(i.Cvss3P1Components.C),E=this.getComponent(i.Cvss3P1Components.I),h=this.getComponent(i.Cvss3P1Components.A),u=this.getComponent(i.Cvss3P1Components.CR),d=this.getComponent(i.Cvss3P1Components.IR),p=this.getComponent(i.Cvss3P1Components.AR);return e=r===i.Cvss3P1Components.MC.values[0]?m.value:r.value,t=c===i.Cvss3P1Components.MI.values[0]?E.value:c.value,o=l===i.Cvss3P1Components.MA.values[0]?h.value:l.value,i.Cvss3P1Components.CR.values[0],a=u.value,i.Cvss3P1Components.IR.values[0],s=d.value,i.Cvss3P1Components.AR.values[0],n=p.value,Math.min(1-(1-a*e)*(1-s*t)*(1-n*o),.915)}calculateExactExploitabilityScore(){const e=this.getComponent(i.Cvss3P1Components.AV).value,t=this.getComponent(i.Cvss3P1Components.AC).value,o=this.getComponent(i.Cvss3P1Components.UI).value;let a;return a=this.getComponent(i.Cvss3P1Components.S).value?this.getComponent(i.Cvss3P1Components.PR).changedValue:this.getComponent(i.Cvss3P1Components.PR).value,s.EXPLOITABILITY_COEFFICIENT*e*t*a*o}calculateExactTemporalScore(){if(!this.isBaseFullyDefined())return 0;if(!this.isAnyTemporalDefined())return 0;let e=this.getComponent(i.Cvss3P1Components.E).value,t=this.getComponent(i.Cvss3P1Components.RL).value,o=this.getComponent(i.Cvss3P1Components.RC).value,a=this.calculateExactBaseScore();return super.roundUp(a*e*t*o)}calculateExactEnvironmentalScore(){if(!this.isBaseFullyDefined())return 0;if(!this.isAnyEnvironmentalDefined())return 0;let e=this.calculateExactAdjustedImpactScore();if(e<=0)return 0;let t=this.calculateAdjustedExploitability(),o=this.getComponent(i.Cvss3P1Components.E).value,a=this.getComponent(i.Cvss3P1Components.RL).value,n=this.getComponent(i.Cvss3P1Components.RC).value;if(this.isModifiedScope()){let i=super.roundUp(Math.min(e+t,10));return super.roundUp(i*o*a*n)}{let i=super.roundUp(Math.min(s.SCOPE_COEFFICIENT*(e+t),10));return super.roundUp(i*o*a*n)}}calculateExactAdjustedImpactScore(){if(!this.isBaseFullyDefined())return 0;if(!this.isAnyEnvironmentalDefined())return 0;let e=this.calculateExactMISSScore();return this.isModifiedScope()?s.SCOPE_UNCHANGED_FACTOR*e:s.SCOPE_CHANGED_FACTOR*(e-.029)-3.25*Math.pow(.9731*e-.02,13)}calculateAdjustedExploitability(){let e,t=this.getFirstDefinedComponent([i.Cvss3P1Components.MAV,i.Cvss3P1Components.AV]).value,o=this.getFirstDefinedComponent([i.Cvss3P1Components.MAC,i.Cvss3P1Components.AC]).value,a=this.getFirstDefinedComponent([i.Cvss3P1Components.MUI,i.Cvss3P1Components.UI]).value,n=this.getFirstDefinedComponent([i.Cvss3P1Components.MPR,i.Cvss3P1Components.PR]);return e=this.isModifiedScope()?n.value:n.changedValue,s.EXPLOITABILITY_COEFFICIENT*t*o*e*a}isModifiedScope(){let e=this.getComponent(i.Cvss3P1Components.S),t=this.getComponent(i.Cvss3P1Components.MS);return t===i.Cvss3P1Components.MS.values[0]?!e.value:!t.value}calculateExactOverallScore(){return this.isAnyEnvironmentalDefined()?this.calculateExactEnvironmentalScore():this.isAnyTemporalDefined()?this.calculateExactTemporalScore():this.calculateExactBaseScore()}isBaseFullyDefined(){return super.isCategoryFullyDefined(i.Cvss3P1Components.BASE_CATEGORY)}isTemporalFullyDefined(){return super.isCategoryFullyDefined(i.Cvss3P1Components.TEMPORAL_CATEGORY)}isEnvironmentalFullyDefined(){return super.isCategoryFullyDefined(i.Cvss3P1Components.ENVIRONMENTAL_CATEGORY)}isAnyBaseDefined(){return super.isCategoryPartiallyDefined(i.Cvss3P1Components.BASE_CATEGORY)}isAnyTemporalDefined(){return super.isCategoryPartiallyDefined(i.Cvss3P1Components.TEMPORAL_CATEGORY)}isAnyEnvironmentalDefined(){return super.isCategoryPartiallyDefined(i.Cvss3P1Components.ENVIRONMENTAL_CATEGORY)}getJsonSchemaSeverity(e){return 0===e||isNaN(e)?"NONE":e<=3.9?"LOW":e<=6.9?"MEDIUM":e<=8.9?"HIGH":"CRITICAL"}createJsonSchema(){const e=this.calculateScores();return{version:"3.1",vectorString:this.toString(),baseScore:e.base,temporalScore:e.temporal,environmentalScore:e.environmental,baseSeverity:this.getJsonSchemaSeverity(e.base),temporalSeverity:e.temporal?this.getJsonSchemaSeverity(e.temporal):void 0,environmentalSeverity:e.environmental?this.getJsonSchemaSeverity(e.environmental):void 0,attackVector:this.getComponent(i.Cvss3P1Components.AV).jsonSchemaName,attackComplexity:this.getComponent(i.Cvss3P1Components.AC).jsonSchemaName,privilegesRequired:this.getComponent(i.Cvss3P1Components.PR).jsonSchemaName,userInteraction:this.getComponent(i.Cvss3P1Components.UI).jsonSchemaName,scope:this.getComponent(i.Cvss3P1Components.S).jsonSchemaName,confidentialityImpact:this.getComponent(i.Cvss3P1Components.C).jsonSchemaName,integrityImpact:this.getComponent(i.Cvss3P1Components.I).jsonSchemaName,availabilityImpact:this.getComponent(i.Cvss3P1Components.A).jsonSchemaName,exploitCodeMaturity:this.getComponent(i.Cvss3P1Components.E).jsonSchemaName,remediationLevel:this.getComponent(i.Cvss3P1Components.RL).jsonSchemaName,reportConfidence:this.getComponent(i.Cvss3P1Components.RC).jsonSchemaName,confidentialityRequirement:this.getComponent(i.Cvss3P1Components.CR).jsonSchemaName,integrityRequirement:this.getComponent(i.Cvss3P1Components.IR).jsonSchemaName,availabilityRequirement:this.getComponent(i.Cvss3P1Components.AR).jsonSchemaName,modifiedAttackVector:this.getComponent(i.Cvss3P1Components.MAV).jsonSchemaName,modifiedAttackComplexity:this.getComponent(i.Cvss3P1Components.MAC).jsonSchemaName,modifiedPrivilegesRequired:this.getComponent(i.Cvss3P1Components.MPR).jsonSchemaName,modifiedUserInteraction:this.getComponent(i.Cvss3P1Components.MUI).jsonSchemaName,modifiedScope:this.getComponent(i.Cvss3P1Components.MS).jsonSchemaName,modifiedConfidentialityImpact:this.getComponent(i.Cvss3P1Components.MC).jsonSchemaName,modifiedIntegrityImpact:this.getComponent(i.Cvss3P1Components.MI).jsonSchemaName,modifiedAvailabilityImpact:this.getComponent(i.Cvss3P1Components.MA).jsonSchemaName}}}t.Cvss3P1=s,s.SCOPE_CHANGED_FACTOR=7.52,s.SCOPE_UNCHANGED_FACTOR=6.42,s.EXPLOITABILITY_COEFFICIENT=8.22,s.SCOPE_COEFFICIENT=1.08},475:(e,t,o)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.Cvss2=void 0;const a=o(154),i=o(479);class s extends a.CvssVector{constructor(e){super(e)}getRegisteredComponents(){return i.Cvss2Components.REGISTERED_COMPONENTS}getVectorPrefix(){return""}getVectorName(){return"CVSS:2.0"}fillAverageVector(){this.applyVector("AV:A/AC:M/Au:N/C:P/I:P/A:P")}fillRandomBaseVector(){const e=i.Cvss2Components.BASE_CATEGORY_VALUES;for(let t=0;t<e.length;t++){const o=e[t],a=super.pickRandomDefinedComponentValue(o);if(!a)return console.warn("Failed to pick random vector component for",o),void this.fillAverageVector();this.applyComponent(o,a)}}calculateScoresInternal(e=!1){const t=this.isBaseFullyDefined(),o=this.isAnyTemporalDefined(),a=this.isAnyEnvironmentalDefined();return{normalized:e,base:t?super.round(this.calculateExactBaseScore(),1):void 0,impact:t?super.round(this.calculateExactImpactScore(),1):void 0,exploitability:t?super.round(this.calculateExactExploitabilityScore(),1):void 0,temporal:t&&o?super.round(this.calculateExactTemporalScore(),1):void 0,environmental:t&&a?super.round(this.calculateExactEnvironmentalScore(),1):void 0,modifiedImpact:t&&a?super.round(this.calculateExactAdjustedImpactScore(),1):void 0,overall:super.round(this.calculateExactOverallScore(),1),vector:this.toString()}}calculateExactBaseScore(){if(!this.isBaseFullyDefined())return 0;let e=this.calculateExactImpactScore();return(.6*e+.4*this.calculateExactExploitabilityScore()-1.5)*this.f(e)}calculateExactImpactScore(){return this.isBaseFullyDefined()?10.41*(1-(1-this.getComponent(i.Cvss2Components.C).value)*(1-this.getComponent(i.Cvss2Components.I).value)*(1-this.getComponent(i.Cvss2Components.A).value)):0}calculateExactExploitabilityScore(){return this.isBaseFullyDefined()?20*this.getComponent(i.Cvss2Components.AC).value*this.getComponent(i.Cvss2Components.Au).value*this.getComponent(i.Cvss2Components.AV).value:0}calculateExactTemporalScore(){return this.isAnyTemporalDefined()?super.round(this.calculateExactBaseScore(),1)*this.getComponent(i.Cvss2Components.E).value*this.getComponent(i.Cvss2Components.RL).value*this.getComponent(i.Cvss2Components.RC).value:0}calculateExactAdjustedBaseScore(){let e=this.calculateExactAdjustedImpactScore(),t=this.calculateExactExploitabilityScore();return t=this.round(t,1),(.6*e+.4*t-1.5)*this.f(e)}calculateExactAdjustedTemporalScore(){return this.calculateExactAdjustedBaseScore()*this.getComponent(i.Cvss2Components.E).value*this.getComponent(i.Cvss2Components.RL).value*this.getComponent(i.Cvss2Components.RC).value}calculateExactEnvironmentalScore(){if(!this.isAnyEnvironmentalDefined())return 0;let e=this.calculateExactAdjustedTemporalScore();return(e+(10-e)*this.getComponent(i.Cvss2Components.CDP).value)*this.getComponent(i.Cvss2Components.TD).value}calculateExactAdjustedImpactScore(){if(!this.isAnyEnvironmentalDefined())return 0;let e=this.getComponent(i.Cvss2Components.C).value,t=this.getComponent(i.Cvss2Components.I).value,o=this.getComponent(i.Cvss2Components.A).value,a=this.getComponent(i.Cvss2Components.CR).value,s=this.getComponent(i.Cvss2Components.IR).value,n=this.getComponent(i.Cvss2Components.AR).value;return Math.min(10,10.41*(1-(1-e*a)*(1-t*s)*(1-o*n)))}calculateExactOverallScore(){return this.isAnyEnvironmentalDefined()?this.calculateExactEnvironmentalScore():this.isAnyTemporalDefined()?this.calculateExactTemporalScore():this.calculateExactBaseScore()}isBaseFullyDefined(){return super.isCategoryFullyDefined(i.Cvss2Components.BASE_CATEGORY)}isTemporalFullyDefined(){return super.isCategoryFullyDefined(i.Cvss2Components.TEMPORAL_CATEGORY)}isEnvironmentalFullyDefined(){return super.isCategoryFullyDefined(i.Cvss2Components.ENVIRONMENTAL_CATEGORY)}isAnyBaseDefined(){return super.isCategoryPartiallyDefined(i.Cvss2Components.BASE_CATEGORY)}isAnyTemporalDefined(){return super.isCategoryPartiallyDefined(i.Cvss2Components.TEMPORAL_CATEGORY)}isAnyEnvironmentalDefined(){return super.isCategoryPartiallyDefined(i.Cvss2Components.ENVIRONMENTAL_CATEGORY)}f(e){return 0===e?0:1.176}createJsonSchema(){const e=this.calculateScores();return{version:"2.0",vectorString:this.toString(),baseScore:e.base,temporalScore:e.temporal,environmentalScore:e.environmental,accessVector:this.getComponent(i.Cvss2Components.AV).jsonSchemaName,accessComplexity:this.getComponent(i.Cvss2Components.AC).jsonSchemaName,authentication:this.getComponent(i.Cvss2Components.Au).jsonSchemaName,confidentialityImpact:this.getComponent(i.Cvss2Components.C).jsonSchemaName,integrityImpact:this.getComponent(i.Cvss2Components.I).jsonSchemaName,availabilityImpact:this.getComponent(i.Cvss2Components.A).jsonSchemaName,exploitability:this.getComponent(i.Cvss2Components.E).jsonSchemaName,remediationLevel:this.getComponent(i.Cvss2Components.RL).jsonSchemaName,reportConfidence:this.getComponent(i.Cvss2Components.RC).jsonSchemaName,collateralDamagePotential:this.getComponent(i.Cvss2Components.CDP).jsonSchemaName,targetDistribution:this.getComponent(i.Cvss2Components.TD).jsonSchema