「 网络安全常用术语解读 」通用漏洞报告框架CVRF详解

1. 背景

ICASI在推进多供应商协调漏洞披露方面处于领先地位,引入了通用漏洞报告框架(Common Vulnerability Reporting Format,CVRF)标准,制定了统一安全事件响应计划(USIRP)的原则,帮助创建了多方漏洞协调和披露指南和实践,并建立了一个成功协调多供应商应对众多安全事件的行业领导者信托小组。为了继续取得这些成功,并确保全球社会更广泛的参与,ICASI(Industry Consortium for Advancement of Security on the Internet,互联网安全的行业促进联盟)将作为一个独立组织解散,并将其所有资产于2021年5月28日转移给了FIRST(Forum of Incident Response and Security Teams,事件响应和安全团队论坛)

  • ICASI成立于2008年,旨在通过推动安全应对实践的卓越和创新来加强全球安全格局,促进成员之间的合作,以分析、缓解和解决多方利益相关者的全球安全挑战。这一角色将继续,但作为现有FIRST PSIRT SIG的一部分,扩展和提高社区应对多个供应商漏洞的能力。
  • FIRST成立于1990年,是全球安全事件响应的领导者。

在这里插入图片描述
截止目前,CVRF的治理已从ICASI过渡到结构化信息标准促进组织(Organization for the Advancement of Structured Information Standards,OASIS),并将更名为CSAF(通用安全能告框架)。

2. CVRF概览

通用漏洞报告框架(Common Vulnerability Reporting Format,CVRF)是以机器可读形式(XML文件)发布安全通告(Security Advisory,SA)的行业标准格式。安全通告包含漏洞严重等级、业务影响和修补方案等信息,用以传递漏洞修补方案。安全通告(SA)用于发布华为产品直接相关的严重(Critical)和高(High)等级的漏洞信息及修补方案。安全通告(SA)一般都会提供下载通用漏洞报告框架(CVRF)内容的选项,旨在以机器可读格式描述漏洞信息,以支持受影响客户的工具使用。

CVRF与OVAL格式不同,OVAL格式的目标是能够在安全性方面对系统的状态进行机器验证,而CVRF格式的目标则是基于机器导入票证系统和漏洞跟踪器以进行漏洞响应。

在这里插入图片描述

CVRF样例(CVE-2024-4340)

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:cvrf="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf" xmlns:cvrf-common="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common" xmlns:cvssv2="http://scap.nist.gov/schema/cvss-v2/1.0" xmlns:cvssv3="https://www.first.org/cvss/cvss-v3.0.xsd" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ns0="http://purl.org/dc/elements/1.1/" xmlns:prod="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/1.0" xmlns:sch="http://purl.oclc.org/dsdl/schematron" xmlns:vuln="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf">
  <DocumentTitle xml:lang="en">CVE-2024-4340</DocumentTitle>
  <DocumentType>SUSE CVE</DocumentType>
  <DocumentPublisher Type="Vendor">
    <ContactDetails>security@suse.de</ContactDetails>
    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
  </DocumentPublisher>
  <DocumentTracking>
    <Identification>
      <ID>SUSE CVE-2024-4340</ID>
    </Identification>
    <Status>Interim</Status>
    <Version>1</Version>
    <RevisionHistory>
      <Revision>
        <Number>2</Number>
        <Date>2024-05-01T23:14:09Z</Date>
        <Description>current</Description>
      </Revision>
    </RevisionHistory>
    <InitialReleaseDate>2024-04-30T23:14:33Z</InitialReleaseDate>
    <CurrentReleaseDate>2024-05-01T23:14:09Z</CurrentReleaseDate>
    <Generator>
      <Engine>cve-database/bin/generate-cvrf-cve.pl</Engine>
      <Date>2020-12-27T01:00:00Z</Date>
    </Generator>
  </DocumentTracking>
  <DocumentNotes>
    <Note Title="CVE" Type="Summary" Ordinal="1" xml:lang="en">CVE-2024-4340</Note>
    <Note Title="Mitre CVE Description" Type="Description" Ordinal="2" xml:lang="en">Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

</Note>
    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="4" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
  </DocumentNotes>
  <DocumentReferences>
    <Reference Type="Self">
      <URL>https://www.suse.com/support/security/rating/</URL>
      <Description>SUSE Security Ratings</Description>
    </Reference>
  </DocumentReferences>
  <ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
    <Branch Type="Product Family" Name="HPE Helion OpenStack 8">
      <Branch Type="Product Name" Name="HPE Helion OpenStack 8">
        <FullProductName ProductID="HPE Helion OpenStack 8" CPE="cpe:/o:suse:hpe-helion-openstack:8">HPE Helion OpenStack 8</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Enterprise Storage 7.1">
      <Branch Type="Product Name" Name="SUSE Enterprise Storage 7.1">
        <FullProductName ProductID="SUSE Enterprise Storage 7.1" CPE="cpe:/o:suse:ses:7.1">SUSE Enterprise Storage 7.1</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Desktop 15 SP5">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP5" CPE="cpe:/o:suse:sle-module-basesystem:15:sp5">SUSE Linux Enterprise Module for Basesystem 15 SP5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Desktop 15 SP6">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP6" CPE="cpe:/o:suse:sle-module-basesystem:15:sp6">SUSE Linux Enterprise Module for Basesystem 15 SP6</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Python 3 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Python 3 15 SP6" CPE="cpe:/o:suse:sle-module-python3:15:sp6">SUSE Linux Enterprise Module for Python 3 15 SP6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS" CPE="cpe:/o:suse:sle_hpc-ltss:15:sp2">SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS" CPE="cpe:/o:suse:sle_hpc-ltss:15:sp3">SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP4">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS">
        <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS" CPE="cpe:/o:suse:sle_hpc-espos:15:sp4">SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS" CPE="cpe:/o:suse:sle_hpc-ltss:15:sp4">SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP5">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP5" CPE="cpe:/o:suse:sle-module-basesystem:15:sp5">SUSE Linux Enterprise Module for Basesystem 15 SP5</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP5" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp5">SUSE Linux Enterprise Module for Public Cloud 15 SP5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise High Performance Computing 15 SP6">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP6" CPE="cpe:/o:suse:sle-module-basesystem:15:sp6">SUSE Linux Enterprise Module for Basesystem 15 SP6</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Python 3 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Python 3 15 SP6" CPE="cpe:/o:suse:sle-module-python3:15:sp6">SUSE Linux Enterprise Module for Python 3 15 SP6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Module for Package Hub 15 SP5">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Package Hub 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Package Hub 15 SP5" CPE="cpe:/o:suse:packagehub:15:sp5">SUSE Linux Enterprise Module for Package Hub 15 SP5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Module for Package Hub 15 SP6">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Package Hub 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Package Hub 15 SP6" CPE="cpe:/o:suse:packagehub:15:sp6">SUSE Linux Enterprise Module for Package Hub 15 SP6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP1-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server 15 SP1-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP1-LTSS" CPE="cpe:/o:suse:sles-ltss:15:sp1">SUSE Linux Enterprise Server 15 SP1-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP2-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server 15 SP2-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP2-LTSS" CPE="cpe:/o:suse:sles-ltss:15:sp2">SUSE Linux Enterprise Server 15 SP2-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP3-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server 15 SP3-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP3-LTSS" CPE="cpe:/o:suse:sles-ltss:15:sp3">SUSE Linux Enterprise Server 15 SP3-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP4">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP4-LTSS">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server 15 SP4-LTSS">
        <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP4-LTSS" CPE="cpe:/o:suse:sles-ltss:15:sp4">SUSE Linux Enterprise Server 15 SP4-LTSS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP5">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP5" CPE="cpe:/o:suse:sle-module-basesystem:15:sp5">SUSE Linux Enterprise Module for Basesystem 15 SP5</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP5" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp5">SUSE Linux Enterprise Module for Public Cloud 15 SP5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 15 SP6">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP6" CPE="cpe:/o:suse:sle-module-basesystem:15:sp6">SUSE Linux Enterprise Module for Basesystem 15 SP6</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Python 3 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Python 3 15 SP6" CPE="cpe:/o:suse:sle-module-python3:15:sp6">SUSE Linux Enterprise Module for Python 3 15 SP6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP2">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP2">
        <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP2" CPE="cpe:/o:suse:sles_sap:15:sp2">SUSE Linux Enterprise Server for SAP Applications 15 SP2</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP3">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP3">
        <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP3" CPE="cpe:/o:suse:sles_sap:15:sp3">SUSE Linux Enterprise Server for SAP Applications 15 SP3</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP4">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP4" CPE="cpe:/o:suse:sles_sap:15:sp4">SUSE Linux Enterprise Server for SAP Applications 15 SP4</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP5">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP5" CPE="cpe:/o:suse:sle-module-basesystem:15:sp5">SUSE Linux Enterprise Module for Basesystem 15 SP5</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP5">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP5" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp5">SUSE Linux Enterprise Module for Public Cloud 15 SP5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server for SAP Applications 15 SP6">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Basesystem 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP6" CPE="cpe:/o:suse:sle-module-basesystem:15:sp6">SUSE Linux Enterprise Module for Basesystem 15 SP6</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Python 3 15 SP6">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Python 3 15 SP6" CPE="cpe:/o:suse:sle-module-python3:15:sp6">SUSE Linux Enterprise Module for Python 3 15 SP6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Manager Proxy 4.3">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Manager Proxy 4.3">
        <FullProductName ProductID="SUSE Manager Proxy 4.3" CPE="cpe:/o:suse:suse-manager-proxy:4.3">SUSE Manager Proxy 4.3</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Manager Retail Branch Server 4.3">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Manager Retail Branch Server 4.3">
        <FullProductName ProductID="SUSE Manager Retail Branch Server 4.3" CPE="cpe:/o:suse:suse-manager-retail-branch-server:4.3">SUSE Manager Retail Branch Server 4.3</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Manager Server 4.3">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
        <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4" CPE="cpe:/o:suse:sle-module-public-cloud:15:sp4">SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
      </Branch>
      <Branch Type="Product Name" Name="SUSE Manager Server 4.3">
        <FullProductName ProductID="SUSE Manager Server 4.3" CPE="cpe:/o:suse:suse-manager-server:4.3">SUSE Manager Server 4.3</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE OpenStack Cloud 8">
      <Branch Type="Product Name" Name="SUSE OpenStack Cloud 8">
        <FullProductName ProductID="SUSE OpenStack Cloud 8" CPE="cpe:/o:suse:suse-openstack-cloud:8">SUSE OpenStack Cloud 8</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE OpenStack Cloud 9">
      <Branch Type="Product Name" Name="SUSE OpenStack Cloud 9">
        <FullProductName ProductID="SUSE OpenStack Cloud 9" CPE="cpe:/o:suse:suse-openstack-cloud:9">SUSE OpenStack Cloud 9</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE OpenStack Cloud Crowbar 8">
      <Branch Type="Product Name" Name="SUSE OpenStack Cloud Crowbar 8">
        <FullProductName ProductID="SUSE OpenStack Cloud Crowbar 8" CPE="cpe:/o:suse:suse-openstack-cloud-crowbar:8">SUSE OpenStack Cloud Crowbar 8</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE OpenStack Cloud Crowbar 9">
      <Branch Type="Product Name" Name="SUSE OpenStack Cloud Crowbar 9">
        <FullProductName ProductID="SUSE OpenStack Cloud Crowbar 9" CPE="cpe:/o:suse:suse-openstack-cloud-crowbar:9">SUSE OpenStack Cloud Crowbar 9</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="openSUSE Leap 15.5">
      <Branch Type="Product Name" Name="openSUSE Leap 15.5">
        <FullProductName ProductID="openSUSE Leap 15.5" CPE="cpe:/o:opensuse:leap:15.5">openSUSE Leap 15.5</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="openSUSE Leap 15.6">
      <Branch Type="Product Name" Name="openSUSE Leap 15.6">
        <FullProductName ProductID="openSUSE Leap 15.6" CPE="cpe:/o:opensuse:leap:15.6">openSUSE Leap 15.6</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Version" Name="python-sqlparse">
      <FullProductName ProductID="python-sqlparse" CPE="cpe:2.3:a:sqlparse_project:sqlparse:*:*:*:*:*:*:*:*">python-sqlparse</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="python2-sqlparse">
      <FullProductName ProductID="python2-sqlparse">python2-sqlparse</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="python3-sqlparse">
      <FullProductName ProductID="python3-sqlparse">python3-sqlparse</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="python311-sqlparse">
      <FullProductName ProductID="python311-sqlparse">python311-sqlparse</FullProductName>
    </Branch>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="HPE Helion OpenStack 8">
      <FullProductName ProductID="HPE Helion OpenStack 8:python-sqlparse">python-sqlparse as a component of HPE Helion OpenStack 8</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Enterprise Storage 7.1">
      <FullProductName ProductID="SUSE Enterprise Storage 7.1:python3-sqlparse">python3-sqlparse as a component of SUSE Enterprise Storage 7.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS">
      <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Basesystem 15 SP5">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Basesystem 15 SP6">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6</FullProductName>
    </Relationship>
    <Relationship ProductReference="python2-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Package Hub 15 SP5">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Package Hub 15 SP5:python2-sqlparse">python2-sqlparse as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Package Hub 15 SP5">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Package Hub 15 SP5:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Package Hub 15 SP6">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Package Hub 15 SP6:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6</FullProductName>
    </Relationship>
    <Relationship ProductReference="python311-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-sqlparse">python311-sqlparse as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Public Cloud 15 SP4">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP4:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP4</FullProductName>
    </Relationship>
    <Relationship ProductReference="python311-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Public Cloud 15 SP5">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP5:python311-sqlparse">python311-sqlparse as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Public Cloud 15 SP5">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Public Cloud 15 SP5:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Module for Python 3 15 SP6">
      <FullProductName ProductID="SUSE Linux Enterprise Module for Python 3 15 SP6:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Module for Python 3 15 SP6</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP1-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP1-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server 15 SP1-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP1-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP1-LTSS:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Server 15 SP1-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP2-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP2-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server 15 SP2-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP2-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP2-LTSS:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Server 15 SP2-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP3-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP3-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server 15 SP3-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 15 SP4-LTSS">
      <FullProductName ProductID="SUSE Linux Enterprise Server 15 SP4-LTSS:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server 15 SP4-LTSS</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server for SAP Applications 15 SP2">
      <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server for SAP Applications 15 SP2">
      <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP2:python-sqlparse">python-sqlparse as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server for SAP Applications 15 SP3">
      <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server for SAP Applications 15 SP4">
      <FullProductName ProductID="SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-sqlparse">python3-sqlparse as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Manager Proxy 4.3">
      <FullProductName ProductID="SUSE Manager Proxy 4.3:python3-sqlparse">python3-sqlparse as a component of SUSE Manager Proxy 4.3</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Manager Retail Branch Server 4.3">
      <FullProductName ProductID="SUSE Manager Retail Branch Server 4.3:python3-sqlparse">python3-sqlparse as a component of SUSE Manager Retail Branch Server 4.3</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE Manager Server 4.3">
      <FullProductName ProductID="SUSE Manager Server 4.3:python3-sqlparse">python3-sqlparse as a component of SUSE Manager Server 4.3</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE OpenStack Cloud 8">
      <FullProductName ProductID="SUSE OpenStack Cloud 8:python-sqlparse">python-sqlparse as a component of SUSE OpenStack Cloud 8</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE OpenStack Cloud 9">
      <FullProductName ProductID="SUSE OpenStack Cloud 9:python-sqlparse">python-sqlparse as a component of SUSE OpenStack Cloud 9</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE OpenStack Cloud Crowbar 8">
      <FullProductName ProductID="SUSE OpenStack Cloud Crowbar 8:python-sqlparse">python-sqlparse as a component of SUSE OpenStack Cloud Crowbar 8</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="SUSE OpenStack Cloud Crowbar 9">
      <FullProductName ProductID="SUSE OpenStack Cloud Crowbar 9:python-sqlparse">python-sqlparse as a component of SUSE OpenStack Cloud Crowbar 9</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.5">
      <FullProductName ProductID="openSUSE Leap 15.5:python-sqlparse">python-sqlparse as a component of openSUSE Leap 15.5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python3-sqlparse" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.5">
      <FullProductName ProductID="openSUSE Leap 15.5:python3-sqlparse">python3-sqlparse as a component of openSUSE Leap 15.5</FullProductName>
    </Relationship>
    <Relationship ProductReference="python-sqlparse" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.6">
      <FullProductName ProductID="openSUSE Leap 15.6:python-sqlparse">python-sqlparse as a component of openSUSE Leap 15.6</FullProductName>
    </Relationship>
  </ProductTree>
  <Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="1">
    <Notes>
      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

</Note>
    </Notes>
    <CVE>CVE-2024-4340</CVE>
    <ProductStatuses>
      <Status Type="Known Affected">
        <ProductID>HPE Helion OpenStack 8:python-sqlparse</ProductID>
        <ProductID>SUSE Enterprise Storage 7.1:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Package Hub 15 SP5:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Package Hub 15 SP5:python2-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Package Hub 15 SP6:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Public Cloud 15 SP4:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Public Cloud 15 SP5:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Public Cloud 15 SP5:python311-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Module for Python 3 15 SP6:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP1-LTSS:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP1-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP2-LTSS:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP2-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP3-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server 15 SP4-LTSS:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server for SAP Applications 15 SP2:python-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-sqlparse</ProductID>
        <ProductID>SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-sqlparse</ProductID>
        <ProductID>SUSE Manager Proxy 4.3:python3-sqlparse</ProductID>
        <ProductID>SUSE Manager Retail Branch Server 4.3:python3-sqlparse</ProductID>
        <ProductID>SUSE Manager Server 4.3:python3-sqlparse</ProductID>
        <ProductID>SUSE OpenStack Cloud 8:python-sqlparse</ProductID>
        <ProductID>SUSE OpenStack Cloud 9:python-sqlparse</ProductID>
        <ProductID>SUSE OpenStack Cloud Crowbar 8:python-sqlparse</ProductID>
        <ProductID>SUSE OpenStack Cloud Crowbar 9:python-sqlparse</ProductID>
        <ProductID>openSUSE Leap 15.5:python-sqlparse</ProductID>
        <ProductID>openSUSE Leap 15.5:python3-sqlparse</ProductID>
        <ProductID>openSUSE Leap 15.6:python-sqlparse</ProductID>
      </Status>
    </ProductStatuses>
    <Threats>
      <Threat Type="Impact">
        <Description>important</Description>
      </Threat>
    </Threats>
    <CVSSScoreSets>
      <ScoreSetV3>
        <BaseScoreV3>7.5</BaseScoreV3>
        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</VectorV3>
      </ScoreSetV3>
    </CVSSScoreSets>
  </Vulnerability>
</cvrfdoc>

3. CVRF主要内容

在这里插入图片描述
CVRF一级节点有11个,具体如下:

  1. Title(标题): cvrf:DocumentTitle
  2. Type(类型): cvrf:DocumentType
  3. Publisher(发布者): cvrf:DocumentPublisher
  4. Tracking(跟踪): cvrf:DocumentTracking
  5. Notes(注释): cvrf:DocumentNotes
  6. Distribution(分发): cvrf:DocumentDistribution
  7. Aggregate Severity(严重级别): cvrf:AggregateSeverity
  8. References( 参考): cvrf:DocumentReferences
  9. Acknowledgements(致谢): cvrf:Acknowledgements
  10. Product Tree(产品树): prod:ProductTree
  11. Vulnerability(漏洞): vuln:Vulnerability

关于CVRF的文档的详细介绍可以参阅如下官方文档:

  • pcsaf-cvrf-v1.2-cs01.pdf (访问密码: 6277)

4. CSAF是CVRF的替代品吗?

答案是肯定的。CSAF是通用漏洞报告框架(CVRF)的替代品,它增强了CVRF的能力,包括不同的配置文件(例如,CSAF基础、信息咨询、事件响应、VEX等)。每个配置文件通过强制使用标准中的其他字段,直接或间接地通过标准中的另一个配置文件扩展基本配置文件“CSAF基本”。概要文件总是可以添加,但决不能减去或覆盖其扩展的概要文件中定义的需求。CSAF还提供了CVRF不支持的几个附加增强功能。此外,CSAF使用JSON,而CVRF使用XML

CVRF文件可以转换为CSAF,它将 CVRF 文档作为输入并将其转换为有效的 CSAF 文档。

5. 参考

[1] https://github.com/oasis-tcs/csaf/tree/master/cvrf_1.2
[2] https://oasis-open.github.io/csaf-documentation/
[3] https://www.suse.com/zh-cn/support/security/cvrf/
[4] https://www.redhat.com/zh/blog/csaf-vex-documents-now-generally-available
[5] https://ftp.suse.com/pub/projects/security/cvrf-cve/


推荐阅读:

  • 「 网络安全常用术语解读 」软件物料清单SBOM详解
  • 「 网络安全常用术语解读 」SBOM主流格式CycloneDX详解
  • 「 网络安全常用术语解读 」SBOM主流格式SPDX详解
  • 「 网络安全常用术语解读 」SBOM主流格式CycloneDX详解
  • 「 网络安全常用术语解读 」漏洞利用交换VEX详解
  • 「 网络安全常用术语解读 」软件成分分析SCA详解:从发展背景到技术原理再到业界常用检测工具推荐
  • 「 网络安全常用术语解读 」什么是0day、1day、nday漏洞
  • 「 网络安全常用术语解读 」软件物料清单SBOM详解
  • 「 网络安全常用术语解读 」杀链Kill Chain详解
  • 「 网络安全常用术语解读 」点击劫持Clickjacking详解
  • 「 网络安全常用术语解读 」悬空标记注入详解
  • 「 网络安全常用术语解读 」内容安全策略CSP详解
  • 「 网络安全常用术语解读 」同源策略SOP详解
  • 「 网络安全常用术语解读 」静态分析结果交换格式SARIF详解
  • 「 网络安全常用术语解读 」安全自动化协议SCAP详解
  • 「 网络安全常用术语解读 」通用平台枚举CPE详解
  • 「 网络安全常用术语解读 」通用缺陷枚举CWE详解
  • 「 网络安全常用术语解读 」通用漏洞披露CVE详解
  • 「 网络安全常用术语解读 」通用配置枚举CCE详解
  • 「 网络安全常用术语解读 」通用漏洞评分系统CVSS详解
  • 「 网络安全常用术语解读 」漏洞利用交换VEX详解
  • 「 网络安全常用术语解读 」软件成分分析SCA详解:从发展背景到技术原理再到业界常用检测工具推荐
  • 「 网络安全常用术语解读 」通用攻击模式枚举和分类CAPEC详解
  • 「 网络安全常用术语解读 」网络攻击者的战术、技术和常识知识库ATT&CK详解

在这里插入图片描述

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/592505.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

mysql 指定根目录 迁移根目录

mysql 指定根目录 迁移根目录 1、问题描述2、问题分析3、解决方法3.1、初始化mysql前就手动指定mysql根目录为一个大的分区(支持动态扩容)&#xff0c;事前就根本上解决mysql根目录空间不够问题3.1.0、方法思路3.1.1、卸载mariadb3.1.2、下载Mysql安装包3.1.3、安装Mysql 8.353…

ASP.NET 两种开发模式

1》》WebForm 开发模式 1. 服务器端控件 2. 一般处理程序html静态页Ajax 3. 一般处理程序html模板 如下图 2》》MVC 太复杂的系统&#xff0c;会造成Controller 过复杂。 后来就诞生了 MVP、MVVM等模式

腾讯云CentOS7使用Docker安装ElasticSearch与Kibana详细教程

文章目录 一、安装ElasticSearch二、安装Kibana 一、安装ElasticSearch 使用Docker拉取ElasticSearch镜像 这里版本选择的是7.15.2 docker pull docker.elastic.co/elasticsearch/elasticsearch:7.15.22. 查看ElasticSearch的镜像id docker images3. 创建ElasticSearch容器 …

目标跟踪—卡尔曼滤波

目标跟踪—卡尔曼滤波 卡尔曼滤波引入 滤波是将信号中特定波段频率滤除的操作&#xff0c;是抑制和防止干扰的一项重要措施。是根据观察某一随机过程的结果&#xff0c;对另一与之有关的随机过程进行估计的概率理论与方法。 历史上最早考虑的是维纳滤波&#xff0c;后来R.E.卡…

nn.GRU层输出:state与output的关系

在 GRU&#xff08;Gated Recurrent Unit&#xff09;中&#xff0c;output 和 state 都是由 GRU 层的循环计算产生的&#xff0c;它们之间有直接的关系。state 实际上是 output 中最后一个时间步的隐藏状态。 GRU 的基本公式 GRU 的核心计算包括更新门&#xff08;update gat…

从零开始学AI绘画,万字Stable Diffusion终极教程(四)

【第4期】图生图 欢迎来到SD的终极教程&#xff0c;这是我们的第四节课 这套课程分为六节课&#xff0c;会系统性的介绍sd的全部功能&#xff0c;让你打下坚实牢靠的基础 1.SD入门 2.关键词 3.Lora模型 4.图生图 5.controlnet 6.知识补充 在前面的课程中&#xff0c;我…

QT:QT窗口(一)

文章目录 菜单栏创建菜单栏在菜单栏中添加菜单创建菜单项添加分割线 工具栏创建工具栏设置停靠位置创建工具栏的同时指定停靠位置使用QToolBar类提供的setAllowedAreas函数来设置停靠位置 设置浮动属性设置移动属性 状态栏状态栏的创建在状态栏中显示实时消息在状态栏中显示永久…

数据结构-二叉树结尾+排序

一、二叉树结尾 1、如何判断一棵树是完全二叉树。 我们可以使用层序遍历的思路&#xff0c;利用一个队列&#xff0c;去完成层序遍历&#xff0c;但是这里会有些许的不同&#xff0c;我们需要让空也进队列。如果队列里到最后只剩下空那么这棵树就是完全二叉树。具体的实现如下…

工作问题记录React(持续更新中)

一、backdrop-filter:blur(20px); 毛玻璃效果&#xff0c;在安卓机上有兼容问题&#xff0c;添加兼容前缀也无效&#xff1b; 解决方案&#xff1a;让设计师调整渐变&#xff0c;不要使用该属性! 复制代码 background: radial-gradient(33% 33% at 100% 5%, #e9e5e5 0%, rgba…

本地部署大模型ollama+docker+open WebUI/Lobe Chat

文章目录 大模型工具Ollama下载安装运行Spring Ai 代码测试加依赖配置写代码 ollama的web&Desktop搭建部署Open WebUI有两种方式Docker DesktopDocker部署Open WebUIDocker部署Lobe Chat可以配置OpenAI的key也可以配置ollama 大模型的选择 本篇基于windows环境下配置 大模型…

线性数据结构-手写链表-LinkList

为什么需要手写实现数据结构&#xff1f; 其实技术的本身就是基础的积累和搭建的过程&#xff0c;基础扎实 地基平稳 万丈高楼才会久战不衰&#xff0c;做技术能一通百&#xff0c;百通千就不怕有再难得技术了。 一&#xff1a;链表的分类 主要有单向&#xff0c;双向和循环链表…

迎接AI时代:智能科技的社会责任与未来展望

AI智能体的社会角色、伦理挑战与可持续发展路径 引言&#xff1a; 在技术的浪潮中&#xff0c;AI智能体正逐步成为我们生活的一部分。它们在医疗、教育、交通等领域的应用&#xff0c;预示着一个全新的时代即将到来。本文将结合实际案例和数据分析&#xff0c;深入探讨AI智能体…

vue3--element-plus-抽屉文件上传和富文本编辑器

一、封装组件 article/components/ArticleEdit.vue <script setup> import { ref } from vue const visibleDrawer ref(false)const open (row) > {visibleDrawer.value trueconsole.log(row) }defineExpose({open }) </script><template><!-- 抽…

《MySQL45讲》读书笔记

重建表 alter table t engine InnoDB&#xff08;也就是recreate&#xff09;&#xff0c;而optimize table t 等于recreateanalyze&#xff0c;让表大小变小 重建表的执行流程 建立一个临时文件&#xff0c;扫描表 t 主键的所有数据页&#xff1b;用数据页中表 t 的记录生…

华为机考入门python3--(22)牛客22- 汽水瓶

分类&#xff1a;数字 知识点&#xff1a; 整除符号// 5//3 1 取余符号% 5%3 2 题目来自【牛客】 import sysdef calc_soda_bottles(n):if n 0: # 结束输入&#xff0c;不进行处理returnelse:# 循环进行汽水换算total_drunk 0 # 记录总共喝了多少瓶汽水while…

XSS注入漏洞解析(上)

XSS跨站脚本介绍 跨站脚本&#xff08;Cross-Site Scripting&#xff0c;XSS/CSS&#xff09;是一种经常出现在Web应用程序中的计算机安全漏洞&#xff0c;是 由于Web应用程序对用户的输入过滤不足而产生的。攻击者利用网站漏洞把恶意的脚本代码&#xff08;通常包括 HTML代码和…

深入浅出 BERT

Transformer 用于学习句子中的长距离依赖关系&#xff0c;同时执行序列到序列的建模。 它通过解决可变长度输入、并行化、梯度消失或爆炸、数据规模巨大等问题&#xff0c;比其他模型表现更好。使用的注意力机制是神经架构的一部分&#xff0c;使其能够动态突出显示输入数据的…

Meta Llama 3 使用 Hugging Face 和 PyTorch 优化 CPU 推理

原文地址&#xff1a;meta-llama-3-optimized-cpu-inference-with-hugging-face-and-pytorch 了解在 CPU 上部署 Meta* Llama 3 时如何减少模型延迟 2024 年 4 月 19 日 万众期待的 Meta 第三代 Llama 发布了&#xff0c;我想确保你知道如何以最佳方式部署这个最先进的&…

java基于云计算的SaaS医院his信息系统源码 HIS云平台源码

目录 云HIS功能模块 1、预约挂号&#xff1a; 2、药库管理&#xff1a; 3、门诊医生站&#xff1a; 4、门诊费用&#xff1a; 5、药房管理&#xff1a; 6、治疗室&#xff08;门诊护士工作站&#xff09;&#xff1a; 7、统计分析&#xff1a; 8、财务管理&#xff1a;…

vue快速入门(五十三)使用js进行路由跳转

注释很详细&#xff0c;直接上代码 上一篇 新增内容 几种常用的路由跳转方式演示 源码 App.vue <template><div id"app"><div class"nav"><!-- router-link 自带两个高亮样式类 router-link-exact-active和router-link-active区别&a…