{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://github.com/api-evangelist/rhel/blob/main/json-schema/rhel-cve-schema.json",
  "title": "RHEL CVE",
  "description": "A Common Vulnerabilities and Exposures record from the Red Hat Security Data API",
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "CVE identifier",
      "pattern": "^CVE-\\d{4}-\\d{4,}$",
      "example": "CVE-2021-23358"
    },
    "threat_severity": {
      "type": "string",
      "description": "Red Hat severity rating",
      "enum": ["Low", "Moderate", "Important", "Critical"]
    },
    "public_date": {
      "type": "string",
      "format": "date-time",
      "description": "Date the CVE was made public"
    },
    "bugzilla": {
      "type": "object",
      "description": "Associated Bugzilla ticket",
      "properties": {
        "description": {
          "type": "string"
        },
        "id": {
          "type": "string"
        },
        "url": {
          "type": "string",
          "format": "uri"
        }
      }
    },
    "cvss": {
      "type": "object",
      "description": "CVSS v2 scoring information",
      "properties": {
        "cvss_base_score": {
          "type": "string"
        },
        "cvss_scoring_vector": {
          "type": "string"
        },
        "status": {
          "type": "string"
        }
      }
    },
    "cvss3": {
      "type": "object",
      "description": "CVSS v3 scoring information",
      "properties": {
        "cvss3_base_score": {
          "type": "string"
        },
        "cvss3_scoring_vector": {
          "type": "string"
        },
        "status": {
          "type": "string"
        }
      }
    },
    "cwe": {
      "type": "string",
      "description": "CWE identifier",
      "example": "CWE-77"
    },
    "details": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Detailed description of the vulnerability"
    },
    "statement": {
      "type": "string",
      "description": "Red Hat impact statement"
    },
    "affected_release": {
      "type": "array",
      "description": "Fixed package releases",
      "items": {
        "type": "object",
        "properties": {
          "product_name": {
            "type": "string"
          },
          "release_date": {
            "type": "string",
            "format": "date-time"
          },
          "advisory": {
            "type": "string"
          },
          "cpe": {
            "type": "string"
          },
          "package": {
            "type": "string"
          }
        }
      }
    },
    "package_state": {
      "type": "array",
      "description": "Packages without an available fix",
      "items": {
        "type": "object",
        "properties": {
          "product_name": {
            "type": "string"
          },
          "fix_state": {
            "type": "string",
            "enum": ["Affected", "Will not fix", "Fix deferred", "Not affected", "Out of support scope"]
          },
          "package_name": {
            "type": "string"
          },
          "cpe": {
            "type": "string"
          }
        }
      }
    }
  },
  "required": ["name", "threat_severity"]
}