parseCvssVector

Usage

The parseCvssVector function parses a CVSS v3.1 vector string and returns either all components or a specific metric value in human-readable format.

Syntax

{cvssVector | parseCvssVector:property}

Parameters

• input (string): CVSS v3.1 vector string (e.g., “CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H”)
• property (string, optional): Specific metric to retrieve (e.g., “AV”, “AC”, “PR”, etc.)

Returns

• If property specified: String value of that metric
• If no property: Array of strings in format “Metric: Value”
• Error if invalid CVSS vector format

CVSS Metrics

Metric	Code	Possible Values
Attack Vector	AV	Network (N), Adjacent (A), Local (L), Physical (P)
Attack Complexity	AC	Low (L), High (H)
Privileges Required	PR	None (N), Low (L), High (H)
User Interaction	UI	None (N), Required (R)
Scope	S	Unchanged (U), Changed (C)
Confidentiality	C	High (H), Low (L), None (N)
Integrity	I	High (H), Low (L), None (N)
Availability	A	High (H), Low (L), None (N)

Examples

Get specific metric

{"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | parseCvssVector:"AV"}
// Returns: "Network"

Get all components

{"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N" | parseCvssVector}
// Returns: ["AV: Local", "AC: High", "PR: Low", "UI: Required", "S: Changed", "C: Low", "I: Low", "A: None"]

Attack complexity

{vulnerability.cvss_vector | parseCvssVector:"AC"}
// Returns: "Low" or "High"

Invalid property

{"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | parseCvssVector:"XY"}
// Returns: "Property XY not found"

Use Cases

• Displaying CVSS metrics in human-readable format
• Creating detailed vulnerability descriptions
• Building attack vector summaries
• Filtering vulnerabilities by specific CVSS components
• Compliance reporting requiring CVSS breakdown