wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki

commit by to_remotes 2024-08-26 09:35:24 +0200 from cicd

main
cicd 2024-08-26 09:35:24 +02:00
parent 72a23ea128
commit 213fda7fa7
4 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bundle-audit-time.txt
View File

@ -1 +1 @@
2024-08-23T10:21:53+02:00
2024-08-26T09:35:24+02:00

2
bundle-audit.json
View File

@ -1 +1 @@
{"version":"0.9.1","created_at":"2024-08-23 10:21:53 +0200","results":[]}
{"version":"0.9.1","created_at":"2024-08-26 09:35:24 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.5"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-43398.yml","id":"CVE-2024-43398","url":"https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3","title":"REXML denial of service vulnerability","date":"2024-08-22","description":"### Impact\n\nThe REXML gem before 3.3.6 has a DoS vulnerability when it parses an\nXML that has many deep elements that have same local name attributes.\n\nIf you need to parse untrusted XMLs with tree parser API like\n`REXML::Document.new`, you may be impacted to this vulnerability.\nIf you use other parser APIs such as stream parser API and SAX2\nparser API, this vulnerability is not affected.\n\nThis vulnerability has been assigned the CVE identifier CVE-2024-43398.\nWe strongly recommend upgrading the REXML gem.\n\n### Patches\n\nThe REXML gem 3.3.6 or later include the patch to fix the\nvulnerability.\n\n### Workarounds\n\nDon't parse untrusted XMLs with tree parser API.\n\n## Affected versions\n\nREXML gem 3.3.5 or prior\n\n## Credits\n\nThanks to l33thaxor for discovering this issue.\n\n## History\n\nOriginally published at 2024-08-22 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.9,"cve":"2024-43398","osvdb":null,"ghsa":"vmwr-mc7x-5vc3","unaffected_versions":[],"patched_versions":[">= 3.3.6"],"criticality":"medium"}}]}

11
report.txt
View File

@ -1 +1,10 @@
No vulnerabilities found
Name: rexml
Version: 3.3.5
CVE: CVE-2024-43398
GHSA: GHSA-vmwr-mc7x-5vc3
Criticality: Medium
URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
Title: REXML denial of service vulnerability
Solution: upgrade to '>= 3.3.6'
Vulnerabilities found!

14
update-info.txt
View File

@ -1,7 +1,13 @@
Updating ruby-advisory-db ...
Already up to date.
Updating 3a4007e..33907c1
Fast-forward
gems/request_store/CVE-2024-43791.yml | 39 ++++++++++++++++++++++++++
gems/rexml/CVE-2024-43398.yml | 52 +++++++++++++++++++++++++++++++++++
2 files changed, 91 insertions(+)
create mode 100644 gems/request_store/CVE-2024-43791.yml
create mode 100644 gems/rexml/CVE-2024-43398.yml
Updated ruby-advisory-db
ruby-advisory-db:
advisories: 916 advisories
last updated: 2024-08-21 05:00:56 -0700
commit: 3a4007eb274e3489c0c553a6da69e1590a65ef2e
advisories: 918 advisories
last updated: 2024-08-24 11:36:02 -0700
commit: 33907c16654555cb6089d8a41c6bd20ce8da2698