The new CVE.org website is a security disaster so I made my own
cve.mitre.org
, the CVE database website I was using instead of NIST's website to avoid a bit of JavaScript started showing NOTICE: CVE website transitioning to new “CVE.ORG” web address. Process to begin in late September 2021 and last one year. (details)
some time ago and I actually tried cve.org few times only to be welcomed by an apprently blank page, fine sure, not deployed yet I guessed. I couldn't be more wrong, I got a more curious look at it today and I noticed it requires JavaScript and by JavaScript I mean an epic disaster.
I mean, just look at the security-related Pull Requests on it's github repo.
And even if there wasn't security issues in their new website, requiring Automatic & Unverified Remote Code to be executed on people's machine for getting security information? What is wrong with you? Do I need to make you assign a CVSS on this thing?
As I'd rather not sit idly while this shit seems to be coming, I made cve-client, a simple script in almost dependency-less perl. It takes a CVE-ID, fetches the JSON for it from their API (haven't found a documentation for it btw) and renders it to plain-text but also Gemtext, the format used by the Gemini protocol, this way I could make it available for others without having to use my code and they very likely aren't going to receive malware in the process.
I made the gemini interface available at gemini://hacktivis.me/cgi-bin/cve, feel free to make copies
I will maybe make an HTTP version of this at some point so it doesn't only runs on my own disaster-looking gemini-server (stunnel + shell script), which I still have much more confidence in than most of the web.