Uploaded image for project: 'Security Data'
  1. Security Data
  2. SECDATA-1146

Question Regarding references Field Format in Red Hat Security Data API

XMLWordPrintable

    • Icon: Ticket Ticket
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Very Likely
    • 0

      I am reaching out because I noticed something unexpected while using
      the Red Hat Security Data API.

      Why is the references field returned as a single string containing
      newline characters, even though it is wrapped in an array?

      For example:

      $ curl -s https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47907.json
| jq .references
[
  "https://www.cve.org/CVERecord?id=CVE-2025-47907\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-47907\nhttps://go.dev/cl/693735\nhttps://go.dev/issue/74831\nhttps://groups.google.com/g/golang-announce/c/x5MKroML2yM\nhttps://pkg.go.dev/vuln/GO-2025-3849"
]

      Wouldn't it be more appropriate for the API to return the references
      as a proper JSON array of strings, like this?

      [
  "https://www.cve.org/CVERecord?id=CVE-2025-47907",
  "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
  "https://go.dev/cl/693735",
  "https://go.dev/issue/74831",
  "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
  "https://pkg.go.dev/vuln/GO-2025-3849"
]

      Could you please clarify if this behavior is intentional or a potential issue?

              Unassigned Unassigned
              mainek00n Norihiro Nakaoka
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: