cve_schema 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +3 -0
- data/.github/workflows/ruby.yml +28 -0
- data/.gitignore +6 -0
- data/.rspec +1 -0
- data/.yardopts +1 -0
- data/ChangeLog.md +26 -0
- data/Gemfile +14 -0
- data/LICENSE.txt +20 -0
- data/README.md +50 -0
- data/Rakefile +23 -0
- data/benchmark.rb +47 -0
- data/cve_schema.gemspec +61 -0
- data/gemspec.yml +19 -0
- data/lib/cve_schema.rb +2 -0
- data/lib/cve_schema/cve.rb +257 -0
- data/lib/cve_schema/cve/affects.rb +55 -0
- data/lib/cve_schema/cve/configuration.rb +14 -0
- data/lib/cve_schema/cve/credit.rb +14 -0
- data/lib/cve_schema/cve/data_meta.rb +185 -0
- data/lib/cve_schema/cve/description.rb +24 -0
- data/lib/cve_schema/cve/exploit.rb +14 -0
- data/lib/cve_schema/cve/has_lang_value.rb +93 -0
- data/lib/cve_schema/cve/id.rb +79 -0
- data/lib/cve_schema/cve/impact.rb +75 -0
- data/lib/cve_schema/cve/impact/cvss_v2.rb +318 -0
- data/lib/cve_schema/cve/impact/cvss_v3.rb +388 -0
- data/lib/cve_schema/cve/na.rb +8 -0
- data/lib/cve_schema/cve/problem_type.rb +56 -0
- data/lib/cve_schema/cve/product.rb +79 -0
- data/lib/cve_schema/cve/reference.rb +82 -0
- data/lib/cve_schema/cve/solution.rb +14 -0
- data/lib/cve_schema/cve/source.rb +75 -0
- data/lib/cve_schema/cve/timeline.rb +65 -0
- data/lib/cve_schema/cve/timestamp.rb +25 -0
- data/lib/cve_schema/cve/vendor.rb +83 -0
- data/lib/cve_schema/cve/version.rb +126 -0
- data/lib/cve_schema/cve/work_around.rb +14 -0
- data/lib/cve_schema/exceptions.rb +20 -0
- data/lib/cve_schema/version.rb +6 -0
- data/spec/affects_spec.rb +28 -0
- data/spec/configuration_spec.rb +6 -0
- data/spec/credit_spec.rb +6 -0
- data/spec/cve_schema_spec.rb +8 -0
- data/spec/cve_spec.rb +414 -0
- data/spec/data_meta_spec.rb +167 -0
- data/spec/description.rb +24 -0
- data/spec/exploit_spec.rb +6 -0
- data/spec/fixtures/CVE-2020-1994.json +140 -0
- data/spec/fixtures/CVE-2020-2005.json +152 -0
- data/spec/fixtures/CVE-2020-2050.json +233 -0
- data/spec/fixtures/CVE-2020-4700.json +99 -0
- data/spec/has_lang_value_spec.rb +56 -0
- data/spec/id_spec.rb +91 -0
- data/spec/impact/cvss_v3_spec.rb +118 -0
- data/spec/impact_spec.rb +45 -0
- data/spec/na_spec.rb +14 -0
- data/spec/problem_type_spec.rb +26 -0
- data/spec/product_spec.rb +73 -0
- data/spec/reference_spec.rb +70 -0
- data/spec/shared_examples.rb +19 -0
- data/spec/solution_spec.rb +6 -0
- data/spec/source_spec.rb +84 -0
- data/spec/spec_helper.rb +4 -0
- data/spec/timeline_spec.rb +86 -0
- data/spec/timestamp_spec.rb +24 -0
- data/spec/vendor_spec.rb +73 -0
- data/spec/version_spec.rb +104 -0
- data/spec/work_around_spec.rb +6 -0
- metadata +133 -0
@@ -0,0 +1,167 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'shared_examples'
|
3
|
+
require 'cve_schema/cve/data_meta'
|
4
|
+
|
5
|
+
describe CVESchema::CVE::DataMeta do
|
6
|
+
describe "#initialize" do
|
7
|
+
let(:id) { CVESchema::CVE::ID.parse('CVE-2021-9999') }
|
8
|
+
let(:assigner) { 'foo@example.com' }
|
9
|
+
|
10
|
+
describe "required keywords" do
|
11
|
+
context "when id: is not given" do
|
12
|
+
it do
|
13
|
+
expect {
|
14
|
+
described_class.new(assigner: assigner)
|
15
|
+
}.to raise_error(ArgumentError)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
context "when assigner: is not given" do
|
20
|
+
it do
|
21
|
+
expect {
|
22
|
+
described_class.new(id: id)
|
23
|
+
}.to raise_error(ArgumentError)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context "when updated: is given" do
|
29
|
+
let(:updated) { Time.now }
|
30
|
+
|
31
|
+
subject do
|
32
|
+
described_class.new(id: id, assigner: assigner, updated: updated)
|
33
|
+
end
|
34
|
+
|
35
|
+
it "must set #updated" do
|
36
|
+
expect(subject.updated).to eq(updated)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
describe ".load" do
|
42
|
+
include_examples ".load"
|
43
|
+
|
44
|
+
let(:json_node) { json_tree['CVE_data_meta'] }
|
45
|
+
|
46
|
+
context '"ID":' do
|
47
|
+
let(:json_value) { json_node['ID'] }
|
48
|
+
let(:expected) { CVESchema::CVE::ID.parse(json_value) }
|
49
|
+
|
50
|
+
it 'must parse the "ID": CVE ID and set #id' do
|
51
|
+
expect(subject.id).to eq(expected)
|
52
|
+
end
|
53
|
+
|
54
|
+
context 'when the "ID" key is missing' do
|
55
|
+
before { json_node.delete('ID') }
|
56
|
+
|
57
|
+
it do
|
58
|
+
expect {
|
59
|
+
described_class.load(json_node)
|
60
|
+
}.to raise_error(CVESchema::CVE::MissingJSONKey)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
context '"ASSIGNER":' do
|
66
|
+
it "must set #assigner" do
|
67
|
+
expect(subject.assigner).to eq(json_node['ASSIGNER'])
|
68
|
+
end
|
69
|
+
|
70
|
+
context 'when the "ASSIGNER" key is missing' do
|
71
|
+
before { json_node.delete('ASSIGNER') }
|
72
|
+
|
73
|
+
it do
|
74
|
+
expect {
|
75
|
+
described_class.load(json_node)
|
76
|
+
}.to raise_error(CVESchema::CVE::MissingJSONKey)
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
context '"UPDATED":' do
|
82
|
+
pending 'need to find a CVE with the "UPDATED": key' do
|
83
|
+
let(:json_value) { json_node['UPDATED'] }
|
84
|
+
let(:expected) { CVESchema::CVE::Timestamp.parse(json_value) }
|
85
|
+
|
86
|
+
it 'must parse the "UPDATED": Timestamp and set #updated' do
|
87
|
+
expect(subject.updated).to eq(expected)
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
context '"SERIAL":' do
|
93
|
+
pending 'need to find a CVE with the "SERIAL": key' do
|
94
|
+
it "must set #serial" do
|
95
|
+
expect(subject.serial).to eq(json_node['SERIAL'])
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
context '"DATE_REQUESTED":' do
|
101
|
+
pending 'need to find a CVE with the "DATE_REQUESTED": key' do
|
102
|
+
let(:json_value) { json_node['DATE_REQUESTED'] }
|
103
|
+
let(:expected) { CVESchema::CVE::Timestamp.parse(json_value) }
|
104
|
+
|
105
|
+
it 'must parse the "DATE_REQUESTED": Timestamp and set #date_requested' do
|
106
|
+
expect(subject.date_requested).to eq(expected)
|
107
|
+
end
|
108
|
+
end
|
109
|
+
end
|
110
|
+
|
111
|
+
context '"DATE_ASSIGNED":' do
|
112
|
+
pending 'need to find a CVE with the "DATE_ASSIGNED": key' do
|
113
|
+
let(:json_value) { json_node['DATE_ASSIGNED'] }
|
114
|
+
let(:expected) { CVESchema::CVE::Timestamp.parse(json_value) }
|
115
|
+
|
116
|
+
it 'must parse the "DATE_ASSIGNED": Timestamp and set #date_assigned' do
|
117
|
+
expect(subject.date_assigned).to eq(expected)
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
context '"DATE_PUBLIC":' do
|
123
|
+
let(:json_value) { json_node['DATE_PUBLIC'] }
|
124
|
+
let(:expected) { CVESchema::CVE::Timestamp.parse(json_value) }
|
125
|
+
|
126
|
+
it 'must parse the "DATE_PUBLIC": Timestamp and set #date_public' do
|
127
|
+
expect(subject.date_public).to eq(expected)
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
context '"STATE":' do
|
132
|
+
let(:json_value) { json_node['STATE'] }
|
133
|
+
let(:expected) { json_value.to_sym }
|
134
|
+
|
135
|
+
it 'must parse the "STATE": value and set #state' do
|
136
|
+
expect(subject.state).to eq(expected)
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
context '"TITLE":' do
|
141
|
+
it "must set #title" do
|
142
|
+
expect(subject.title).to eq(json_node['TITLE'])
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
context '"REQUESTER":' do
|
147
|
+
pending 'need to find a CVE with the "REQUESTED": key' do
|
148
|
+
it "must set #serial" do
|
149
|
+
expect(subject.serial).to eq(json_node['REQUESTER'])
|
150
|
+
end
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
context '"REPLACED_BY":' do
|
155
|
+
pending 'need to find a CVE with the "REPLACED_BY": key' do
|
156
|
+
let(:json_value) { json_node['REPLACED_BY'] }
|
157
|
+
let(:expected) do
|
158
|
+
json_value.split(',').map(&CVESchema::CVE::ID.method(:parse))
|
159
|
+
end
|
160
|
+
|
161
|
+
it 'must parse the "REPLACED_BY": String of IDs and set #replaced_by' do
|
162
|
+
expect(subject.replaced_by).to eq(expected)
|
163
|
+
end
|
164
|
+
end
|
165
|
+
end
|
166
|
+
end
|
167
|
+
end
|
data/spec/description.rb
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'cve_schema/cve/description'
|
3
|
+
|
4
|
+
describe CVESchema::CVE::Description do
|
5
|
+
it { expect(described_class).to include(CVESchema::CVE::HasLangValue) }
|
6
|
+
|
7
|
+
describe "#na?" do
|
8
|
+
let(:lang) { 'eng' }
|
9
|
+
|
10
|
+
subject { described_class.new(lang: lang, value: value) }
|
11
|
+
|
12
|
+
context "when value is 'n/a'" do
|
13
|
+
let(:value) { 'n/a' }
|
14
|
+
|
15
|
+
it { expect(subject.na?).to be(true) }
|
16
|
+
end
|
17
|
+
|
18
|
+
context "when value is not 'n/a'" do
|
19
|
+
let(:value) { 'foo' }
|
20
|
+
|
21
|
+
it { expect(subject.na?).to be(false) }
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,140 @@
|
|
1
|
+
{
|
2
|
+
"CVE_data_meta": {
|
3
|
+
"ASSIGNER": "psirt@paloaltonetworks.com",
|
4
|
+
"DATE_PUBLIC": "2020-05-13T16:00:00.000Z",
|
5
|
+
"ID": "CVE-2020-1994",
|
6
|
+
"STATE": "PUBLIC",
|
7
|
+
"TITLE": "PAN-OS: Predictable temporary file vulnerability"
|
8
|
+
},
|
9
|
+
"affects": {
|
10
|
+
"vendor": {
|
11
|
+
"vendor_data": [
|
12
|
+
{
|
13
|
+
"product": {
|
14
|
+
"product_data": [
|
15
|
+
{
|
16
|
+
"product_name": "PAN-OS",
|
17
|
+
"version": {
|
18
|
+
"version_data": [
|
19
|
+
{
|
20
|
+
"version_affected": "<",
|
21
|
+
"version_name": "8.1",
|
22
|
+
"version_value": "8.1.13"
|
23
|
+
},
|
24
|
+
{
|
25
|
+
"version_affected": "<",
|
26
|
+
"version_name": "9.0",
|
27
|
+
"version_value": "9.0.7"
|
28
|
+
},
|
29
|
+
{
|
30
|
+
"version_affected": "=",
|
31
|
+
"version_name": "7.1",
|
32
|
+
"version_value": "7.1.*"
|
33
|
+
},
|
34
|
+
{
|
35
|
+
"version_affected": "=",
|
36
|
+
"version_name": "8.0",
|
37
|
+
"version_value": "8.0.*"
|
38
|
+
},
|
39
|
+
{
|
40
|
+
"version_affected": "!>=",
|
41
|
+
"version_name": "8.1",
|
42
|
+
"version_value": "8.1.13"
|
43
|
+
},
|
44
|
+
{
|
45
|
+
"version_affected": "!>=",
|
46
|
+
"version_name": "9.0",
|
47
|
+
"version_value": "9.0.7"
|
48
|
+
},
|
49
|
+
{
|
50
|
+
"version_affected": "!>=",
|
51
|
+
"version_name": "9.1",
|
52
|
+
"version_value": "9.1.0"
|
53
|
+
}
|
54
|
+
]
|
55
|
+
}
|
56
|
+
}
|
57
|
+
]
|
58
|
+
},
|
59
|
+
"vendor_name": "Palo Alto Networks"
|
60
|
+
}
|
61
|
+
]
|
62
|
+
}
|
63
|
+
},
|
64
|
+
"credit": [
|
65
|
+
{
|
66
|
+
"lang": "eng",
|
67
|
+
"value": "This issue was found by a customer."
|
68
|
+
}
|
69
|
+
],
|
70
|
+
"data_format": "MITRE",
|
71
|
+
"data_type": "CVE",
|
72
|
+
"data_version": "4.0",
|
73
|
+
"description": {
|
74
|
+
"description_data": [
|
75
|
+
{
|
76
|
+
"lang": "eng",
|
77
|
+
"value": "A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7."
|
78
|
+
}
|
79
|
+
]
|
80
|
+
},
|
81
|
+
"generator": {
|
82
|
+
"engine": "Vulnogram 0.0.9"
|
83
|
+
},
|
84
|
+
"impact": {
|
85
|
+
"cvss": {
|
86
|
+
"attackComplexity": "HIGH",
|
87
|
+
"attackVector": "LOCAL",
|
88
|
+
"availabilityImpact": "NONE",
|
89
|
+
"baseScore": 4.1,
|
90
|
+
"baseSeverity": "MEDIUM",
|
91
|
+
"confidentialityImpact": "NONE",
|
92
|
+
"integrityImpact": "HIGH",
|
93
|
+
"privilegesRequired": "HIGH",
|
94
|
+
"scope": "UNCHANGED",
|
95
|
+
"userInteraction": "NONE",
|
96
|
+
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
|
97
|
+
"version": "3.1"
|
98
|
+
}
|
99
|
+
},
|
100
|
+
"problemtype": {
|
101
|
+
"problemtype_data": [
|
102
|
+
{
|
103
|
+
"description": [
|
104
|
+
{
|
105
|
+
"lang": "eng",
|
106
|
+
"value": "CWE-377 Insecure Temporary File"
|
107
|
+
}
|
108
|
+
]
|
109
|
+
}
|
110
|
+
]
|
111
|
+
},
|
112
|
+
"references": {
|
113
|
+
"reference_data": [
|
114
|
+
{
|
115
|
+
"refsource": "MISC",
|
116
|
+
"url": "https://security.paloaltonetworks.com/CVE-2020-1994",
|
117
|
+
"name": "https://security.paloaltonetworks.com/CVE-2020-1994"
|
118
|
+
}
|
119
|
+
]
|
120
|
+
},
|
121
|
+
"solution": [
|
122
|
+
{
|
123
|
+
"lang": "eng",
|
124
|
+
"value": "This issue is fixed in PAN-OS 8.1.13, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.\n\nPAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes."
|
125
|
+
}
|
126
|
+
],
|
127
|
+
"source": {
|
128
|
+
"defect": [
|
129
|
+
"PAN-123391"
|
130
|
+
],
|
131
|
+
"discovery": "USER"
|
132
|
+
},
|
133
|
+
"timeline": [
|
134
|
+
{
|
135
|
+
"lang": "eng",
|
136
|
+
"time": "2020-05-13T16:00:00.000Z",
|
137
|
+
"value": "Initial publication"
|
138
|
+
}
|
139
|
+
]
|
140
|
+
}
|
@@ -0,0 +1,152 @@
|
|
1
|
+
{
|
2
|
+
"CVE_data_meta": {
|
3
|
+
"ASSIGNER": "psirt@paloaltonetworks.com",
|
4
|
+
"DATE_PUBLIC": "2020-05-13T16:00:00.000Z",
|
5
|
+
"ID": "CVE-2020-2005",
|
6
|
+
"STATE": "PUBLIC",
|
7
|
+
"TITLE": "PAN-OS: GlobalProtect Clientless VPN session hijacking"
|
8
|
+
},
|
9
|
+
"affects": {
|
10
|
+
"vendor": {
|
11
|
+
"vendor_data": [
|
12
|
+
{
|
13
|
+
"product": {
|
14
|
+
"product_data": [
|
15
|
+
{
|
16
|
+
"product_name": "PAN-OS",
|
17
|
+
"version": {
|
18
|
+
"version_data": [
|
19
|
+
{
|
20
|
+
"version_affected": "<",
|
21
|
+
"version_name": "7.1",
|
22
|
+
"version_value": "7.1.26"
|
23
|
+
},
|
24
|
+
{
|
25
|
+
"version_affected": "<",
|
26
|
+
"version_name": "8.1",
|
27
|
+
"version_value": "8.1.13"
|
28
|
+
},
|
29
|
+
{
|
30
|
+
"version_affected": "<",
|
31
|
+
"version_name": "9.0",
|
32
|
+
"version_value": "9.0.7"
|
33
|
+
},
|
34
|
+
{
|
35
|
+
"version_affected": "!>=",
|
36
|
+
"version_name": "7.1",
|
37
|
+
"version_value": "7.1.26"
|
38
|
+
},
|
39
|
+
{
|
40
|
+
"version_affected": "!>=",
|
41
|
+
"version_name": "8.1",
|
42
|
+
"version_value": "8.1.13"
|
43
|
+
},
|
44
|
+
{
|
45
|
+
"version_affected": "!>=",
|
46
|
+
"version_name": "9.0",
|
47
|
+
"version_value": "9.0.7"
|
48
|
+
},
|
49
|
+
{
|
50
|
+
"version_affected": "=",
|
51
|
+
"version_name": "8.0",
|
52
|
+
"version_value": "8.0.*"
|
53
|
+
}
|
54
|
+
]
|
55
|
+
}
|
56
|
+
}
|
57
|
+
]
|
58
|
+
},
|
59
|
+
"vendor_name": "Palo Alto Networks"
|
60
|
+
}
|
61
|
+
]
|
62
|
+
}
|
63
|
+
},
|
64
|
+
"configuration": [
|
65
|
+
{
|
66
|
+
"lang": "eng",
|
67
|
+
"value": "This issue only affects firewalls configured with GlobalProtect Clientless VPN."
|
68
|
+
}
|
69
|
+
],
|
70
|
+
"credit": [
|
71
|
+
{
|
72
|
+
"lang": "eng",
|
73
|
+
"value": "This issue was discovered by Ron Masas of Palo Alto Networks during internal security review."
|
74
|
+
}
|
75
|
+
],
|
76
|
+
"data_format": "MITRE",
|
77
|
+
"data_type": "CVE",
|
78
|
+
"data_version": "4.0",
|
79
|
+
"description": {
|
80
|
+
"description_data": [
|
81
|
+
{
|
82
|
+
"lang": "eng",
|
83
|
+
"value": "A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0."
|
84
|
+
}
|
85
|
+
]
|
86
|
+
},
|
87
|
+
"generator": {
|
88
|
+
"engine": "Vulnogram 0.0.9"
|
89
|
+
},
|
90
|
+
"impact": {
|
91
|
+
"cvss": {
|
92
|
+
"attackComplexity": "LOW",
|
93
|
+
"attackVector": "NETWORK",
|
94
|
+
"availabilityImpact": "NONE",
|
95
|
+
"baseScore": 7.1,
|
96
|
+
"baseSeverity": "HIGH",
|
97
|
+
"confidentialityImpact": "HIGH",
|
98
|
+
"integrityImpact": "LOW",
|
99
|
+
"privilegesRequired": "NONE",
|
100
|
+
"scope": "UNCHANGED",
|
101
|
+
"userInteraction": "REQUIRED",
|
102
|
+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
|
103
|
+
"version": "3.1"
|
104
|
+
}
|
105
|
+
},
|
106
|
+
"problemtype": {
|
107
|
+
"problemtype_data": [
|
108
|
+
{
|
109
|
+
"description": [
|
110
|
+
{
|
111
|
+
"lang": "eng",
|
112
|
+
"value": "CWE-79 Cross-site Scripting (XSS)"
|
113
|
+
}
|
114
|
+
]
|
115
|
+
}
|
116
|
+
]
|
117
|
+
},
|
118
|
+
"references": {
|
119
|
+
"reference_data": [
|
120
|
+
{
|
121
|
+
"refsource": "MISC",
|
122
|
+
"url": "https://security.paloaltonetworks.com/CVE-2020-2005",
|
123
|
+
"name": "https://security.paloaltonetworks.com/CVE-2020-2005"
|
124
|
+
}
|
125
|
+
]
|
126
|
+
},
|
127
|
+
"solution": [
|
128
|
+
{
|
129
|
+
"lang": "eng",
|
130
|
+
"value": "This issue is fixed in PAN-OS 7.1.26, PAN-OS 8.1.13, PAN-OS 9.0.7, and all later versions of PAN-OS.\n\nPAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies."
|
131
|
+
}
|
132
|
+
],
|
133
|
+
"source": {
|
134
|
+
"defect": [
|
135
|
+
"GPCON-551"
|
136
|
+
],
|
137
|
+
"discovery": "INTERNAL"
|
138
|
+
},
|
139
|
+
"timeline": [
|
140
|
+
{
|
141
|
+
"lang": "eng",
|
142
|
+
"time": "2020-05-13T16:00:00.000Z",
|
143
|
+
"value": "Initial publication"
|
144
|
+
}
|
145
|
+
],
|
146
|
+
"work_around": [
|
147
|
+
{
|
148
|
+
"lang": "eng",
|
149
|
+
"value": "Configure GlobalProtect Clientless VPN to only access known trusted websites, and block access all other websites."
|
150
|
+
}
|
151
|
+
]
|
152
|
+
}
|