commit by to_remotes 2025-03-04 07:31:07 +0100 from cicd

2025-03-04 07:31:07 +01:00 · 2025-03-04 07:31:07 +01:00 · 19710d3af7
parent 823f3692c2
commit 19710d3af7
4 changed files with 23 additions and 7 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2025-03-03T14:33:44+01:00
+2025-03-04T07:31:06+01:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
@ -1 +1 @@
-{"version":"0.9.2","created_at":"2025-03-03 14:33:44 +0100","results":[]}
+{"version":"0.9.2","created_at":"2025-03-04 07:31:06 +0100","results":[{"type":"unpatched_gem","gem":{"name":"uri","version":"1.0.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/uri/CVE-2025-27221.yml","id":"CVE-2025-27221","url":"https://www.cve.org/CVERecord?id=CVE-2025-27221","title":"CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.","date":"2025-02-26","description":"\nThere is a possibility for userinfo leakage by in the uri gem.\nThis vulnerability has been assigned the CVE identifier\nCVE-2025-27221. We recommend upgrading the uri gem.\n\n## Details\n\nThe methods URI#join, URI#merge, and URI#+ retained userinfo, such\nas user:password, even after the host is replaced. When generating\na URL to a malicious host from a URL containing secret userinfo\nusing these methods, and having someone access that URL, an\nunintended userinfo leak could occur.\n\nPlease update URI gem to version 0.11.3, 0.12.4, 0.13.2, 1.0.3 or later.\n\n## Affected versions\n\nuri gem versions < 0.11.3, 0.12.0 to 0.12.3, 0.13.0, 0.13.1 and\n1.0.0 to 1.0.2.\n\n## Credits\n\nThanks to Tsubasa Irisawa (lambdasawa) for discovering this issue.\nAlso thanks to nobu for additional fixes of this vulnerability.\n","cvss_v2":null,"cvss_v3":null,"cve":"2025-27221","osvdb":null,"ghsa":null,"unaffected_versions":[],"patched_versions":["~> 0.11.3","~> 0.12.4","~> 0.13.2",">= 1.0.3"],"criticality":null}}]}
--- a/report.txt
+++ b/report.txt
@ -1 +1,9 @@
-No vulnerabilities found
+Name: uri
 Version: 1.0.2
 CVE: CVE-2025-27221
 Criticality: Unknown
 URL: https://www.cve.org/CVERecord?id=CVE-2025-27221
 Title: CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.
 Solution: update to '~> 0.11.3', '~> 0.12.4', '~> 0.13.2', '>= 1.0.3'
 Vulnerabilities found!
--- a/update-info.txt
+++ b/update-info.txt
@ -1,7 +1,15 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating deb44c6..4b6766f
 Fast-forward
 gems/cgi/CVE-2025-27219.yml | 36 ++++++++++++++++++++++++++++++++++++
 gems/cgi/CVE-2025-27220.yml | 36 ++++++++++++++++++++++++++++++++++++
 gems/uri/CVE-2025-27221.yml | 40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 112 insertions(+)
 create mode 100644 gems/cgi/CVE-2025-27219.yml
 create mode 100644 gems/cgi/CVE-2025-27220.yml
 create mode 100644 gems/uri/CVE-2025-27221.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	960 advisories
+  advisories:	963 advisories
-  last updated:	2025-02-25 14:47:23 -0800
+  last updated:	2025-03-03 08:44:49 -0800
-  commit:	deb44c6739da981d817bd1f61bb2befadc902b5a
+  commit:	4b6766fe26a9f2590732bca3b563bf37d3aeacc9
`@ -1 +1 @@`
	`2025-03-03T14:33:44+01:00`	`2025-03-04T07:31:06+01:00`
		`@ -1 +1 @@`
			`{"version":"0.9.2","created_at":"2025-03-03 14:33:44 +0100","results":[]}`				{"version":"0.9.2","created_at":"2025-03-04 07:31:06 +0100","results":[{"type":"unpatched_gem","gem":{"name":"uri","version":"1.0.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/uri/CVE-2025-27221.yml","id":"CVE-2025-27221","url":"https://www.cve.org/CVERecord?id=CVE-2025-27221","title":"CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.","date":"2025-02-26","description":"\nThere is a possibility for userinfo leakage by in the uri gem.\nThis vulnerability has been assigned the CVE identifier\nCVE-2025-27221. We recommend upgrading the uri gem.\n\n## Details\n\nThe methods URI#join, URI#merge, and URI#+ retained userinfo, such\nas user:password, even after the host is replaced. When generating\na URL to a malicious host from a URL containing secret userinfo\nusing these methods, and having someone access that URL, an\nunintended userinfo leak could occur.\n\nPlease update URI gem to version 0.11.3, 0.12.4, 0.13.2, 1.0.3 or later.\n\n## Affected versions\n\nuri gem versions < 0.11.3, 0.12.0 to 0.12.3, 0.13.0, 0.13.1 and\n1.0.0 to 1.0.2.\n\n## Credits\n\nThanks to Tsubasa Irisawa (lambdasawa) for discovering this issue.\nAlso thanks to nobu for additional fixes of this vulnerability.\n","cvss_v2":null,"cvss_v3":null,"cve":"2025-27221","osvdb":null,"ghsa":null,"unaffected_versions":[],"patched_versions":["~> 0.11.3","~> 0.12.4","~> 0.13.2",">= 1.0.3"],"criticality":null}}]}