Created attachment 13790 [details] скрин Вместо идентификатора CVE форма ожидает идентификатор BDU: 1) Перехожу на https://rdb.altlinux.org/api/ 2) Открываю форму для отправки запроса /vuln/cve/packages 3) Ввожу следующие значения в поля: CVE id: CVE-2023-33201 branch: p10 4) Получаю следующее (см скрин): >Please correct the following validation errors and try again. >Value must follow pattern ^(BDU:\d{4}-\d{5},?)+$ Если вместо CVE указать любой BDU, то запрос пройдет, но сервер вернет ошибку "CVE id Invalid input". То есть сервер все таки ожидает CVE. Если отправить запрос curl'ом, указав CVE, то ошибок не возникает: >$ curl -X 'GET' \ >> 'https://rdb.altlinux.org/api/vuln/cve/packages?vuln_id=CVE-2022-1227&branch=p10' \ >> -H 'accept: application/json' >{"request_args": {"vuln_id": ["CVE-2022-1227"], "branch": "p10"}, "result": [], "vuln_info": [{"id": "CVE-2022-1227", "summary": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1227", "severity": "HIGH", "score": 8.800000190734863, "published": "2022-04-29T19:15:00", "modified": "2022-07-23T13:04:00", "refs": ["https://bugzilla.redhat.com/show_bug.cgi?id=2070368", "https://github.com/containers/podman/issues/10941", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"], "json": null}], "packages": [{"branch": "p10", "hash": "2924084617307324530", "name": "podman", "version": "4.4.4", "release": "alt1", "vuln_id": "CVE-2022-1227", "vulnerable": false, "fixed": false, "cpe_matches": [], "fixed_in": []}, {"branch": "p10", "hash": "2924084617307324530", "name": "podman", "version": "4.4.4", "release": "alt1", "vuln_id": "CVE-2022-1227", "vulnerable": false, "fixed": true, "cpe_matches": [], "fixed_in": [{"id": "ALT-PU-2023-1476-1", "branch": "p10", "task_id": 315926, "subtask_id": 700, "task_state": "DONE", "hash": "2909862117654465764", "name": "podman", "version": "4.4.2", "release": "alt1", "vulns": ["CVE-2022-1227", "CVE-2022-27191", "CVE-2022-27649", "CVE-2023-0778"]}]}]}
Ошибка валидации ввода для данного запроса исправлена в версии 1.14.0+. Обновление уже развёрнуто на https://rdb.altlinux.org/api/.