Skip to content

Add CVSS4 support #12751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
valentijnscholten merged 29 commits into from
Jul 15, 2025

Update dojo/models.py

31aca16
Select commit
Loading
Failed to load commit list.
Merged

Add CVSS4 support #12751

Update dojo/models.py
31aca16
Select commit
Loading
Failed to load commit list.
DryRunSecurity / General Security Analyzer succeeded Jul 15, 2025 in 37s

DryRun Security

Details

General Security Analyzer Findings: 4 detected

⚠️ Regular Expression DoS dojo/utils.py (click for details)
Type Regular Expression DoS
Description The parse_cvss_from_text function uses a regular expression that could be vulnerable to catastrophic backtracking. Complex or specially crafted input strings might cause excessive CPU consumption during regex matching, potentially leading to a Denial of Service condition.
Filename dojo/utils.py
CodeLink

django-DefectDojo/dojo/utils.py

Lines 15 to 27 in 31aca16

import bleach
import crum
import hyperlink
import vobject
from asteval import Interpreter
from auditlog.models import LogEntry
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cvss import CVSS2, CVSS3, CVSS4, CVSSError
from dateutil.parser import parse
from dateutil.relativedelta import MO, SU, relativedelta
from django.conf import settings
⚠️ Potential DoS via CVSS Parsing dojo/models.py (click for details)
Type Potential DoS via CVSS Parsing
Description The save method of the Finding model attempts to parse CVSS vectors using parse_cvss_data. If the parsing function is not robust against complex or malformed inputs, it could consume excessive computational resources, potentially leading to a Denial of Service condition.
Filename dojo/models.py
CodeLink

django-DefectDojo/dojo/models.py

Lines 43 to 49 in 31aca16

from tagulous.models import TagField
from tagulous.models.managers import FakeTagRelatedManager
from dojo.validators import cvss3_validator, cvss4_validator
logger = logging.getLogger(__name__)
deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication")
⚠️ Open Redirect dojo/forms.py (click for details)
Type Open Redirect
Description The BulletListDisplayWidget renders URLs directly from a dictionary without sanitization. If the URLs dictionary were populated with untrusted input, an attacker could inject a malicious URL that would redirect users when clicked, potentially facilitating phishing or other attacks.
Filename dojo/forms.py
CodeLink

django-DefectDojo/dojo/forms.py

Lines 123 to 135 in 31aca16

("duplicate", "Duplicate"),
("out_of_scope", "Out of Scope"))
CVSS_CALCULATOR_URLS = {
"https://www.first.org/cvss/calculator/3-0": "CVSS3 Calculator by FIRST",
"https://www.first.org/cvss/calculator/4-0": "CVSS4 Calculator by FIRST",
"https://www.metaeffekt.com/security/cvss/calculator/": "CVSS2/3/4 Calculator by Metaeffekt",
}
vulnerability_ids_field = forms.CharField(max_length=5000,
required=False,
label="Vulnerability Ids",
⚠️ Command Injection run-unittest.sh (click for details)
Type Command Injection
Description The unittest script allows shell command injection via the TEST_CASE parameter. An attacker could inject arbitrary shell commands by providing a maliciously crafted test case, potentially executing code within the Docker container. The script does not sanitize or validate the TEST_CASE input before using it in a shell command.
Filename run-unittest.sh
CodeLink

django-DefectDojo/run-unittest.sh

Lines 1 to 6 in 31aca16

#!/usr/bin/env bash
unset TEST_CASE
unset FAIL_FAST
bash ./docker/docker-compose-check.sh
if [[ $? -eq 1 ]]; then exit 1; fi
View more details on DryRunSecurity