wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki

commit by to_remotes 2025-10-09 08:31:58 +0200 from cicd

main
cicd 2025-10-09 08:31:58 +02:00
parent 4e41f234cf
commit 09ab3ea9e0
4 changed files with 4 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bundle-audit-time.txt
View File

@ -1 +1 @@
2025-10-09T08:31:10+02:00
2025-10-09T08:31:58+02:00

2
bundle-audit.json
View File

File diff suppressed because one or more lines are too long

37
report.txt
View File

@ -1,36 +1 @@
Name: rack
Version: 3.2.0
CVE: CVE-2025-61770
GHSA: GHSA-p543-xpfm-54cp
Criticality: High
URL: https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
Title: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
Name: rack
Version: 3.2.0
CVE: CVE-2025-61771
GHSA: GHSA-w9pc-fmgc-vxvw
Criticality: High
URL: https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
Title: Multipart parser buffers large nonfile fields entirely in memory, enabling DoS (memory exhaustion)
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
Name: rack
Version: 3.2.0
CVE: CVE-2025-61772
GHSA: GHSA-wpv5-97wm-hp9c
Criticality: High
URL: https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
Title: Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
Name: uri
Version: 1.0.3
CVE: CVE-2025-61594
Criticality: Unknown
URL: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594
Title: CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221
Solution: update to '~> 0.12.5', '~> 0.13.3', '>= 1.0.4'
Vulnerabilities found!
No vulnerabilities found

12
update-info.txt
View File

@ -1,15 +1,5 @@
Updating ruby-advisory-db ...
Updating c1fcbac..e80dfb0
Fast-forward
gems/rack/CVE-2025-61770.yml | 61 ++++++++++++++++++++++++++++++++++++++++++++
gems/rack/CVE-2025-61771.yml | 60 +++++++++++++++++++++++++++++++++++++++++++
gems/rack/CVE-2025-61772.yml | 59 ++++++++++++++++++++++++++++++++++++++++++
gems/uri/CVE-2025-61594.yml | 41 +++++++++++++++++++++++++++++
4 files changed, 221 insertions(+)
create mode 100644 gems/rack/CVE-2025-61770.yml
create mode 100644 gems/rack/CVE-2025-61771.yml
create mode 100644 gems/rack/CVE-2025-61772.yml
create mode 100644 gems/uri/CVE-2025-61594.yml
Already up to date.
Updated ruby-advisory-db
ruby-advisory-db:
advisories: 1029 advisories