{
    "document": {
        "category": "csaf_vex",
        "csaf_version": "2.0",
        "distribution": {
            "tlp": {
                "label": "WHITE",
                "url": "https://www.first.org/tlp/v1/"
            }
        },
        "lang": "en",
        "publisher": {
            "category": "vendor",
            "contact_details": "mailto:security@intevation.de, encryption via OpenPGP: https://intevation.de/.well-known/openpgpkey/hu/t5s8ztdbon8yzntexy6oz5y48etqsnbb",
            "name": "Intevation GmbH",
            "namespace": "https://intevation.de"
        },
        "title": "OpenSlides not affected by xz Backdoor",
        "tracking": {
            "current_release_date": "2024-05-24T11:21:33.000Z",
            "id": "intevation-os-2024-0001",
            "initial_release_date": "2024-04-25T20:00:00.000Z",
            "revision_history": [
                {
                    "date": "2024-04-25T20:00:00.000Z",
                    "number": "1.0.0",
                    "summary": "Initial revision"
                },
                {
                    "date": "2024-05-24T11:21:33.000Z",
                    "number": "1.1.0",
                    "summary": "Added TLP lable, sorted keys, changed category of vulnerability notes"
                }
            ],
            "status": "final",
            "version": "1.1.0"
        }
    },
    "product_tree": {
        "branches": [
            {
                "branches": [
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:all/*",
                                "product": {
                                    "name": "OpenSlides all versions",
                                    "product_id": "openslides-all-versions"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "OpenSlides"
                    }
                ],
                "category": "vendor",
                "name": "Intevation GmbH"
            }
        ]
    },
    "vulnerabilities": [
        {
            "cve": "CVE-2024-3094",
            "notes": [
                {
                    "category": "summary",
                    "text": "XZ Utils backdoor"
                }
            ],
            "product_status": {
                "known_not_affected": [
                    "openslides-all-versions"
                ]
            },
            "threats": [
                {
                    "category": "impact",
                    "details": "Vulnerable version of xz not present",
                    "product_ids": [
                        "openslides-all-versions"
                    ]
                }
            ]
        }
    ]
}
