wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki

commit by to_remotes 2024-08-21 08:52:00 +0200 from cicd

main
cicd 2024-08-21 08:52:00 +02:00
parent 49c628c276
commit 2253e231e2
4 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bundle-audit-time.txt
View File

@ -1 +1 @@
2024-08-20T14:13:06+02:00
2024-08-21T08:52:00+02:00

2
bundle-audit.json
View File

@ -1 +1 @@
{"version":"0.9.1","created_at":"2024-08-20 14:13:05 +0200","results":[]}
{"version":"0.9.1","created_at":"2024-08-21 08:51:59 +0200","results":[{"type":"unpatched_gem","gem":{"name":"fugit","version":"1.11.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/fugit/CVE-2024-43380.yml","id":"CVE-2024-43380","url":"https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g","title":"fugit parse and parse_nat stall on lengthy input","date":"2024-08-19","description":"### Impact\n\nThe fugit \"natural\" parser, that turns \"every wednesday at 5pm\" into\n\"0 17 * * 3\", accepted any length of input and went on attempting to\nparse it, not returning promptly, as expected. The parse call could\nhold the thread with no end in sight.\n\nFugit dependents that do not check (user) input length for\nplausability are impacted.\n\n### Patches\n\nProblem was reported in #104 and the fix was released in\n[fugit 1.11.1](https://rubygems.org/gems/fugit/versions/1.11.1)\n\n### Workarounds\n\nBy making sure that `Fugit.parse(s)`, `Fugit.do_parse(s)`,\n`Fugit.parse_nat(s)`, `Fugit.do_parse_nat(s)`, `Fugit::Nat.parse(s)`,\nand `Fugit::Nat.do_parse(s)` are not fed strings too long.\n1000 chars feels ok, while 10_000 chars makes it stall.\n\nIn fewer words, making sure those fugit methods are not fed\nunvetted input strings.\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-43380","osvdb":null,"ghsa":"2m96-52r3-2f3g","unaffected_versions":[],"patched_versions":[">= 1.11.1"],"criticality":"medium"}}]}

11
report.txt
View File

@ -1 +1,10 @@
No vulnerabilities found
Name: fugit
Version: 1.11.0
CVE: CVE-2024-43380
GHSA: GHSA-2m96-52r3-2f3g
Criticality: Medium
URL: https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g
Title: fugit parse and parse_nat stall on lengthy input
Solution: upgrade to '>= 1.11.1'
Vulnerabilities found!

12
update-info.txt
View File

@ -1,7 +1,11 @@
Updating ruby-advisory-db ...
Already up to date.
Updating b5e80a6..e38cfdd
Fast-forward
gems/fugit/CVE-2024-43380.yml | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
create mode 100644 gems/fugit/CVE-2024-43380.yml
Updated ruby-advisory-db
ruby-advisory-db:
advisories: 915 advisories
last updated: 2024-08-18 23:32:52 -0700
commit: b5e80a635bcc4d85d6e9f5b741510fb63a05150f
advisories: 916 advisories
last updated: 2024-08-20 16:44:10 -0700
commit: e38cfdd4a646821224272f3a4d404171d34dc9ce