CVSS v3.x

`CVSS::V3::Vector`

A single class handles both CVSS v3.0 and CVSS v3.1; only the RoundUp algorithm and the modified-impact polynomial differ. The parsed version is preserved on to_s.

v = CVSS::V3::Vector.parse("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H")
v.base_score              # => 9.8
v.iss                     # => 0.9148...
v.impact_subscore         # => 5.873...
v.exploitability_subscore # => 3.887...
v.network?                # => true
v.scope_changed?          # => false

Class methods

Method	Description
`parse(input : String) : Vector`	Requires the `CVSS:3.0/` or `CVSS:3.1/` prefix.
`parse?(input : String) : Vector?`	Non-raising.

Constructor

CVSS::V3::Vector.new(
  av:, ac:, pr:, ui:, s:, c:, i:, a:,
  version: "3.1",
  e: nil, rl: nil, rc: nil,
  cr: nil, ir: nil, ar: nil,
  mav: nil, mac: nil, mpr: nil, mui: nil, ms: nil,
  mc: nil, mi: nil, ma: nil,
)

version: "9.9" (or any unsupported value) raises CVSS::Error.

Scoring

Method	Description
`base_score : Float64`	Spec base score with version-aware RoundUp.
`temporal_score : Float64`	Applies E/RL/RC multipliers. Equals `base_score` when no temporal metrics are set.
`environmental_score : Float64`	Applies CR/IR/AR + Modified-base overrides. v3.0 and v3.1 use different modified-impact polynomials.

Sub-scores

Method	Description
`iss : Float64`	Impact Sub-Score before scope-aware scaling.
`impact_subscore : Float64`	Scope-aware impact (the `Impact` term in the spec).
`exploitability_subscore : Float64`	The `Exploitability` term.

Severity

Method	Description
`severity / temporal_severity / environmental_severity`	All return `CVSS::Severity`.

Classification helpers

Method	Returns
`network?` / `adjacent_network?` / `local?` / `physical?`	`Bool`
`requires_privileges?`	`Bool` (true when `PR != N`)
`requires_user_interaction?`	`Bool` (true when `UI:R`)
`scope_changed?` / `scope_unchanged?`	`Bool`
`impacts_confidentiality?` / `impacts_integrity?` / `impacts_availability?`	`Bool`

Serialization

Method	Description
`to_s`	Canonical FIRST ordering.
`to_h : Hash(String, String)`	Metric short-codes.
`to_json`	NVD-shaped JSON with `exploitabilityScore`, `impactScore`, optional temporal/environmental scores.

Metric enums

Base

Enum	Codes
`AttackVector`	`N`, `A`, `L`, `P`
`AttackComplexity`	`L`, `H`
`PrivilegesRequired`	`N`, `L`, `H` (weight depends on Scope)
`UserInteraction`	`N`, `R`
`Scope`	`U`, `C`
`Impact` (C/I/A)	`N`, `L`, `H`

Temporal

Enum	Codes
`ExploitCodeMaturity`	`X`, `U`, `P`, `F`, `H`
`RemediationLevel`	`X`, `O`, `T`, `W`, `U`
`ReportConfidence`	`X`, `U`, `R`, `C`

Environmental

Enum	Codes
`SecurityRequirement` (CR/IR/AR)	`X`, `L`, `M`, `H`
`ModifiedAttackVector`	`X` + base AV codes
`ModifiedAttackComplexity`	`X`, `L`, `H`
`ModifiedPrivilegesRequired`	`X`, `N`, `L`, `H`
`ModifiedUserInteraction`	`X`, `N`, `R`
`ModifiedScope`	`X`, `U`, `C`
`ModifiedImpact` (MC/MI/MA)	`X`, `N`, `L`, `H`