wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki

commit by to_remotes 2024-02-06 12:12:16 +0100 from vmdevac

main
ag 2024-02-06 12:12:16 +01:00
parent 822340cf2c
commit 07e5613e67
3 changed files with 3 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bundle-audit-time.txt
View File

@ -1 +1 @@
2024-02-06T12:09:19+01:00
2024-02-06T12:12:15+01:00

2
bundle-audit.json
View File

@ -1 +1 @@
{"version":"0.9.1","created_at":"2024-02-06 12:09:18 +0100","results":[{"type":"unpatched_gem","gem":{"name":"nokogiri","version":"1.16.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml","id":"GHSA-xc9x-jj77-9p9j","url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j","title":"Improper Handling of Unexpected Data Type in Nokogiri","date":"2024-02-04","description":"### Summary\n\nNokogiri v1.16.2 upgrades the version of its dependency libxml2 to v2.12.5.\n\nlibxml2 v2.12.5 addresses the following vulnerability:\n\nCVE-2024-25062 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062\ndescribed at https://gitlab.gnome.org/GNOME/libxml2/-/issues/604\npatched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970\n\nPlease note that this advisory only applies to the CRuby implementation of\nNokogiri < 1.16.2, and only if the packaged libraries are being used. If\nyou've overridden defaults at installation time to use system libraries\ninstead of packaged libraries, you should instead pay attention to your\ndistro's libxml2 release announcements.\n\n### Severity\n\nThe Nokogiri maintainers have evaluated this as **Moderate**.\n\n### Mitigation\n\nUpgrade to Nokogiri >= 1.16.2.\n\nUsers who are unable to upgrade Nokogiri may also choose a more complicated\nmitigation: compile and link Nokogiri against external libraries libxml2 >=\n2.12.5 which will also address these same issues.\n\nJRuby users are not affected.\n\n### Workarounds\n","cvss_v2":null,"cvss_v3":null,"cve":null,"osvdb":null,"ghsa":"xc9x-jj77-9p9j","unaffected_versions":[],"patched_versions":[">= 1.16.2"],"criticality":null}}]}
{"version":"0.9.1","created_at":"2024-02-06 12:12:15 +0100","results":[]}

10
report.txt
View File

@ -1,9 +1 @@
Name: nokogiri
Version: 1.16.0
GHSA: GHSA-xc9x-jj77-9p9j
Criticality: Unknown
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
Title: Improper Handling of Unexpected Data Type in Nokogiri
Solution: upgrade to '>= 1.16.2'
Vulnerabilities found!
No vulnerabilities found