Affected Software Package
The Affected Package object describes details about a software package identified as affected by a vulnerability/vulnerabilities.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Architecture | architecture |
String | Architecture is a shorthand name describing the type of computer hardware the packaged software is meant to run on. |
The product CPE identifier | cpe_name |
String |
The Common Platform Enumeration (CPE) name as described by (NIST) For example: cpe:/a:apple:safari:16.2 .
|
Epoch | epoch |
Integer | The software package epoch. Epoch is a way to define weighted dependencies based on version numbers. |
Fixed In Version | fixed_in_version |
String | The software package version in which a reported vulnerability was patched/fixed. |
Hash | hash |
Fingerprint[] | Cryptographic hash to identify the binary instance of a software component. This can include any component such file, package, or library. |
Software License | license |
String | The software license applied to this package. |
Name | name |
String | The software package name. |
Package Manager | package_manager |
String | The software packager manager utilized to manage a package on a system, e.g. npm, yum, dpkg etc. |
Path | path |
String | The installation path of the affected package. |
Package URL | purl |
String | A purl is a URL string used to identify and locate a software package in a mostly universal and uniform way across programming languages, package managers, packaging conventions, tools, APIs and databases. |
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Record ID | record_id |
String | Unique identifier for the object |
Software Release Details | release |
String | Release is the number of times a version of the software has been packaged. |
Remediation Guidance | remediation |
Remediation[] | Describes the recommended remediation steps to address identified issue(s). |
Type | type |
String | The type of software package, normalized to the caption of the type_id value. In the case of 'Other', it is defined by the source. |
Type ID | type_id |
Integer |
The type of software package.
|
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Vendor Name | vendor_name |
String | The name of the vendor who published the software package. |
Version | version |
String | The software package version. |
Relationships
Inbound Relationships
These objects and events reference Affected Software Package in their attributes:
Outbound Relationships
Affected Software Package references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated 2 months ago