From 25e34049ec265c33527e5d3b64001f187815ec96 Mon Sep 17 00:00:00 2001 From: cicd Date: Wed, 14 Aug 2024 07:24:37 +0200 Subject: [PATCH] commit by to_remotes 2024-08-14 07:24:37 +0200 from cicd --- bundle-audit-time.txt | 2 +- bundle-audit.json | 2 +- report.txt | 20 +++++++++++++++++++- update-info.txt | 36 ++++++++++++++++++++++++++++++++---- 4 files changed, 53 insertions(+), 7 deletions(-) diff --git a/bundle-audit-time.txt b/bundle-audit-time.txt index 3221376..67c4df5 100644 --- a/bundle-audit-time.txt +++ b/bundle-audit-time.txt @@ -1 +1 @@ -2024-07-22T14:38:04+02:00 +2024-08-14T07:19:06+02:00 diff --git a/bundle-audit.json b/bundle-audit.json index 57164f4..c7d61d3 100644 --- a/bundle-audit.json +++ b/bundle-audit.json @@ -1 +1 @@ -{"version":"0.9.1","created_at":"2024-07-22 14:38:04 +0200","results":[]} \ No newline at end of file +{"version":"0.9.1","created_at":"2024-08-14 07:19:06 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41123.yml","id":"CVE-2024-41123","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There are some DoS vulnerabilities in REXML gem.\nThese vulnerabilities have been assigned the CVE identifier\nCVE-2024-41123. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML document that has many specific characters such\nas whitespace character, >] and ]>, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer and scyoon for discovering these issues.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41123","osvdb":null,"ghsa":"r55c-59qm-vjw6","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}},{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41946.yml","id":"CVE-2024-41946","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There is a DoS vulnerability in REXML gem.\nThis vulnerability has been assigned the CVE identifier\nCVE-2024-41946. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML that has many entity expansions with SAX2 or\npull parser API, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to NAITOH Jun for discovering and fixing this issue.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41946","osvdb":null,"ghsa":"5866-49gr-22v4","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}}]} \ No newline at end of file diff --git a/report.txt b/report.txt index 8900c02..729b5db 100644 --- a/report.txt +++ b/report.txt @@ -1 +1,19 @@ -No vulnerabilities found +Name: rexml +Version: 3.3.2 +CVE: CVE-2024-41123 +GHSA: GHSA-r55c-59qm-vjw6 +Criticality: Medium +URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 +Title: DoS vulnerabilities in REXML +Solution: upgrade to '>= 3.3.3' + +Name: rexml +Version: 3.3.2 +CVE: CVE-2024-41946 +GHSA: GHSA-5866-49gr-22v4 +Criticality: Medium +URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 +Title: DoS vulnerabilities in REXML +Solution: upgrade to '>= 3.3.3' + +Vulnerabilities found! diff --git a/update-info.txt b/update-info.txt index c420cec..22ead06 100644 --- a/update-info.txt +++ b/update-info.txt @@ -1,7 +1,35 @@ Updating ruby-advisory-db ... -Already up to date. +Updating a3b9e12..3f2952b +Fast-forward + gems/bootstrap-sass/CVE-2016-10735.yml | 2 +- + gems/bootstrap-sass/CVE-2018-14040.yml | 47 ++++++++++++++++++++++++++++++++++ + gems/bootstrap-sass/CVE-2018-14042.yml | 45 ++++++++++++++++++++++++++++++++ + gems/bootstrap-sass/CVE-2018-20676.yml | 31 ++++++++++++++++++++++ + gems/bootstrap-sass/CVE-2018-20677.yml | 32 +++++++++++++++++++++++ + gems/bootstrap-sass/CVE-2024-6484.yml | 23 +++++++++++++++++ + gems/bootstrap/CVE-2016-10735.yml | 2 +- + gems/bootstrap/CVE-2018-20676.yml | 31 ++++++++++++++++++++++ + gems/bootstrap/CVE-2018-20677.yml | 32 +++++++++++++++++++++++ + gems/bootstrap/CVE-2024-6484.yml | 24 +++++++++++++++++ + gems/bootstrap/CVE-2024-6531.yml | 24 +++++++++++++++++ + gems/grpc/CVE-2023-33953.yml | 47 ++++++++++++++++++++++++++++++++++ + gems/rexml/CVE-2024-41123.yml | 36 ++++++++++++++++++++++++++ + gems/rexml/CVE-2024-41946.yml | 36 ++++++++++++++++++++++++++ + 14 files changed, 410 insertions(+), 2 deletions(-) + create mode 100644 gems/bootstrap-sass/CVE-2018-14040.yml + create mode 100644 gems/bootstrap-sass/CVE-2018-14042.yml + create mode 100644 gems/bootstrap-sass/CVE-2018-20676.yml + create mode 100644 gems/bootstrap-sass/CVE-2018-20677.yml + create mode 100644 gems/bootstrap-sass/CVE-2024-6484.yml + create mode 100644 gems/bootstrap/CVE-2018-20676.yml + create mode 100644 gems/bootstrap/CVE-2018-20677.yml + create mode 100644 gems/bootstrap/CVE-2024-6484.yml + create mode 100644 gems/bootstrap/CVE-2024-6531.yml + create mode 100644 gems/grpc/CVE-2023-33953.yml + create mode 100644 gems/rexml/CVE-2024-41123.yml + create mode 100644 gems/rexml/CVE-2024-41946.yml Updated ruby-advisory-db ruby-advisory-db: - advisories: 901 advisories - last updated: 2024-07-17 12:30:44 -0700 - commit: a3b9e1240633295a4c5582bbe353bf22ec595090 + advisories: 913 advisories + last updated: 2024-08-03 17:03:05 -0700 + commit: 3f2952b7fd694022225eb502be77a9b8b4b5676a