commit by to_remotes 2025-10-09 08:31:58 +0200 from cicd
parent
4e41f234cf
commit
09ab3ea9e0
|
|
@ -1 +1 @@
|
||||||
2025-10-09T08:31:10+02:00
|
2025-10-09T08:31:58+02:00
|
||||||
|
|
|
||||||
File diff suppressed because one or more lines are too long
37
report.txt
37
report.txt
|
|
@ -1,36 +1 @@
|
||||||
Name: rack
|
No vulnerabilities found
|
||||||
Version: 3.2.0
|
|
||||||
CVE: CVE-2025-61770
|
|
||||||
GHSA: GHSA-p543-xpfm-54cp
|
|
||||||
Criticality: High
|
|
||||||
URL: https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
|
|
||||||
Title: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
|
|
||||||
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
|
|
||||||
|
|
||||||
Name: rack
|
|
||||||
Version: 3.2.0
|
|
||||||
CVE: CVE-2025-61771
|
|
||||||
GHSA: GHSA-w9pc-fmgc-vxvw
|
|
||||||
Criticality: High
|
|
||||||
URL: https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
|
|
||||||
Title: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
|
|
||||||
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
|
|
||||||
|
|
||||||
Name: rack
|
|
||||||
Version: 3.2.0
|
|
||||||
CVE: CVE-2025-61772
|
|
||||||
GHSA: GHSA-wpv5-97wm-hp9c
|
|
||||||
Criticality: High
|
|
||||||
URL: https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
|
|
||||||
Title: Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
|
|
||||||
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
|
|
||||||
|
|
||||||
Name: uri
|
|
||||||
Version: 1.0.3
|
|
||||||
CVE: CVE-2025-61594
|
|
||||||
Criticality: Unknown
|
|
||||||
URL: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594
|
|
||||||
Title: CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221
|
|
||||||
Solution: update to '~> 0.12.5', '~> 0.13.3', '>= 1.0.4'
|
|
||||||
|
|
||||||
Vulnerabilities found!
|
|
||||||
|
|
|
||||||
|
|
@ -1,15 +1,5 @@
|
||||||
Updating ruby-advisory-db ...
|
Updating ruby-advisory-db ...
|
||||||
Updating c1fcbac..e80dfb0
|
Already up to date.
|
||||||
Fast-forward
|
|
||||||
gems/rack/CVE-2025-61770.yml | 61 ++++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
gems/rack/CVE-2025-61771.yml | 60 +++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
gems/rack/CVE-2025-61772.yml | 59 ++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
gems/uri/CVE-2025-61594.yml | 41 +++++++++++++++++++++++++++++
|
|
||||||
4 files changed, 221 insertions(+)
|
|
||||||
create mode 100644 gems/rack/CVE-2025-61770.yml
|
|
||||||
create mode 100644 gems/rack/CVE-2025-61771.yml
|
|
||||||
create mode 100644 gems/rack/CVE-2025-61772.yml
|
|
||||||
create mode 100644 gems/uri/CVE-2025-61594.yml
|
|
||||||
Updated ruby-advisory-db
|
Updated ruby-advisory-db
|
||||||
ruby-advisory-db:
|
ruby-advisory-db:
|
||||||
advisories: 1029 advisories
|
advisories: 1029 advisories
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue