CVSS - Perl extension for CVSS (Common Vulnerability Scoring System) 2.0/3.x/4.0

       •   Giuseppe Di Terlizzi <gdt@cpan.org>

       This module calculates the CVSS (Common Vulnerability Scoring System) scores (basic, temporal, and
       environmental), convert the "vector string" and returns the CVSS object in JSON or XML.

       The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of
       a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be
       translated into a qualitative representation (such as low, medium, high, and critical) to help
       organizations properly assess and prioritize their vulnerability management processes.

       <https://www.first.org/cvss/>

   FUNCTIONALINTERFACE
       They are exported by default:

       $vector_string = encode_cvss(%params)
           Converts the given CVSS params to "vector string". Croaks on error.

           This function call is functionally identical to:

               $vector_string = CVSS->new(%params)->to_string;

       $cvss = decode_cvss($vector_string)
           Converts the given "vector string" to CVSS. Croaks on error.

           This function call is functionally identical to:

               $cvss = CVSS->from_vector_string($vector_string);

       $xml = cvss_to_xml($vector_string)
           Convert the given "vector string" to XML. Croaks on error.

           This function call is functionally identical to:

               $xml = $cvss->to_xml;

   OBJECT-ORIENTEDINTERFACE
       $cvss = CVSS->new(%params)
           Creates  a  new  CVSS  instance  using the provided parameters (version, metric or vector_string) and
           returns the CVSS subclass that matches the selected CVSS version (2.0, 3.0, 3.1 or 4.0):

             +--------------+----------+
             | CVSS version | Class    |
             +--------------+----------+
             | 2.0          | CVSS::v2 |
             | 3.0          | CVSS::v3 |
             | 3.1          | CVSS::v3 |
             | 4.0          | CVSS::v4 |
             +--------------+----------+

       $cvss = CVSS->from_vector_string($vector_string);
           Converts the given "vector string" to CVSS. Croaks on error

       This software is copyright (c) 2023-2025 by Giuseppe Di Terlizzi.

       This  is  free  software;  you  can  redistribute  it and/or modify it under the same terms as the Perl 5
       programming language system itself.

perl v5.40.1                                       2025-07-08                                          CVSS(3pm)

       CVSS - Perl extension for CVSS (Common Vulnerability Scoring System) 2.0/3.x/4.0

       CVSS::Base, CVSS::v2, CVSS::v3, CVSS::v4

       [FIRST] CVSS Data Representations (<https://www.first.org/cvss/data-representations>)
       [FIRST] CVSS v4.0 Specification (<https://www.first.org/cvss/v4.0/specification-document>)
       [FIRST] CVSS v3.1 Specification (<https://www.first.org/cvss/v3.1/specification-document>)
       [FIRST] CVSS v3.0 Specification (<https://www.first.org/cvss/v3.0/specification-document>)
       [FIRST] CVSS v2.0 Complete Guide (<https://www.first.org/cvss/v2/guide>)

Bugs/FeatureRequests
       Please    report    any    bugs    or    feature    requests    through    the    issue    tracker     at
       <https://github.com/giterlizzi/perl-CVSS/issues>.   You will be notified automatically of any progress on
       your issue.

   SourceCode
       This is open source software.  The code repository is available for public review and contribution  under
       the terms of the license.

       <https://github.com/giterlizzi/perl-CVSS>

           git clone https://github.com/giterlizzi/perl-CVSS.git

         use CVSS;

         # OO-interface

         # Method 1 - Use params

         $cvss = CVSS->new(
           version => '3.1',
           metrics => {
               AV => 'A',
               AC => 'L',
               PR => 'L',
               UI => 'R',
               S => 'U',
               C => 'H',
               I => 'H',
               A => 'H',
           }
         );

         # Method 2 - Decode and parse the vector string

         use CVSS;

         $cvss = CVSS->from_vector_string('CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H');

         say $cvss->base_score; # 7.4

         # Method 3 - Builder

         use CVSS

         $cvss = CVSS->new(version => '3.1');
         $cvss->attackVector('ADJACENT_NETWORK');
         $cvss->attackComplexity('LOW');
         $cvss->privilegesRequired('LOW');
         $cvss->userInteraction('REQUIRED');
         $cvss->scope('UNCHANGED');
         $cvss->confidentialityImpact('HIGH');
         $cvss->integrityImpact('HIGH');
         $cvss->availabilityImpact('HIGH');

         $cvss->calculate_score;

         # Common methods

         # Convert the CVSS object in "vector string"
         say $cvss; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

         # Get metric value
         say $cvss->AV; # A
         say $cvss->attackVector; # ADJACENT_NETWORK

         # Get the base score
         say $cvss->base_score; # 7.4

         # Get all scores
         say Dumper($cvss->scores);

         # { "base"           => "7.4",
         #   "exploitability" => "1.6",
         #   "impact"         => "5.9" }

         # Get the base severity
         say $cvss->base_severity # HIGH

         # Convert CVSS in XML in according of CVSS XML Schema Definition
         $xml = $cvss->to_xml;

         # Convert CVSS in JSON in according of CVSS JSON Schema
         $json = encode_json($cvss);

         # exported functions

         use CVSS qw(decode_cvss encode_cvss)

         $cvss = decode_cvss('CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H');
         say $cvss->base_score;  # 7.4

         $vector_string = encode_cvss(version => '3.1', metrics => {...});
         say $cvss_string; # CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H