commit by to_remotes 2024-08-14 07:24:37 +0200 from cicd

2024-08-14 07:24:37 +02:00 · 2024-08-14 07:24:37 +02:00 · 25e34049ec
parent 76dc8e2388
commit 25e34049ec
4 changed files with 53 additions and 7 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2024-07-22T14:38:04+02:00
+2024-08-14T07:19:06+02:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-07-22 14:38:04 +0200","results":[]}
+{"version":"0.9.1","created_at":"2024-08-14 07:19:06 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41123.yml","id":"CVE-2024-41123","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There are some DoS vulnerabilities in REXML gem.\nThese vulnerabilities have been assigned the CVE identifier\nCVE-2024-41123. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML document that has many specific characters such\nas whitespace character, >] and ]>, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer and scyoon for discovering these issues.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41123","osvdb":null,"ghsa":"r55c-59qm-vjw6","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}},{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41946.yml","id":"CVE-2024-41946","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There is a DoS vulnerability in REXML gem.\nThis vulnerability has been assigned the CVE identifier\nCVE-2024-41946. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML that has many entity expansions with SAX2 or\npull parser API, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to NAITOH Jun for discovering and fixing this issue.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41946","osvdb":null,"ghsa":"5866-49gr-22v4","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}}]}
--- a/report.txt
+++ b/report.txt
@ -1 +1,19 @@
-No vulnerabilities found
+Name: rexml
 Version: 3.3.2
 CVE: CVE-2024-41123
 GHSA: GHSA-r55c-59qm-vjw6
 Criticality: Medium
 URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
 Title: DoS vulnerabilities in REXML
 Solution: upgrade to '>= 3.3.3'
 Name: rexml
 Version: 3.3.2
 CVE: CVE-2024-41946
 GHSA: GHSA-5866-49gr-22v4
 Criticality: Medium
 URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
 Title: DoS vulnerabilities in REXML
 Solution: upgrade to '>= 3.3.3'
 Vulnerabilities found!
--- a/update-info.txt
+++ b/update-info.txt
@ -1,7 +1,35 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating a3b9e12..3f2952b
 Fast-forward
 gems/bootstrap-sass/CVE-2016-10735.yml |  2 +-
 gems/bootstrap-sass/CVE-2018-14040.yml | 47 ++++++++++++++++++++++++++++++++++
 gems/bootstrap-sass/CVE-2018-14042.yml | 45 ++++++++++++++++++++++++++++++++
 gems/bootstrap-sass/CVE-2018-20676.yml | 31 ++++++++++++++++++++++
 gems/bootstrap-sass/CVE-2018-20677.yml | 32 +++++++++++++++++++++++
 gems/bootstrap-sass/CVE-2024-6484.yml  | 23 +++++++++++++++++
 gems/bootstrap/CVE-2016-10735.yml      |  2 +-
 gems/bootstrap/CVE-2018-20676.yml      | 31 ++++++++++++++++++++++
 gems/bootstrap/CVE-2018-20677.yml      | 32 +++++++++++++++++++++++
 gems/bootstrap/CVE-2024-6484.yml       | 24 +++++++++++++++++
 gems/bootstrap/CVE-2024-6531.yml       | 24 +++++++++++++++++
 gems/grpc/CVE-2023-33953.yml           | 47 ++++++++++++++++++++++++++++++++++
 gems/rexml/CVE-2024-41123.yml          | 36 ++++++++++++++++++++++++++
 gems/rexml/CVE-2024-41946.yml          | 36 ++++++++++++++++++++++++++
 14 files changed, 410 insertions(+), 2 deletions(-)
 create mode 100644 gems/bootstrap-sass/CVE-2018-14040.yml
 create mode 100644 gems/bootstrap-sass/CVE-2018-14042.yml
 create mode 100644 gems/bootstrap-sass/CVE-2018-20676.yml
 create mode 100644 gems/bootstrap-sass/CVE-2018-20677.yml
 create mode 100644 gems/bootstrap-sass/CVE-2024-6484.yml
 create mode 100644 gems/bootstrap/CVE-2018-20676.yml
 create mode 100644 gems/bootstrap/CVE-2018-20677.yml
 create mode 100644 gems/bootstrap/CVE-2024-6484.yml
 create mode 100644 gems/bootstrap/CVE-2024-6531.yml
 create mode 100644 gems/grpc/CVE-2023-33953.yml
 create mode 100644 gems/rexml/CVE-2024-41123.yml
 create mode 100644 gems/rexml/CVE-2024-41946.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	901 advisories
+  advisories:	913 advisories
-  last updated:	2024-07-17 12:30:44 -0700
+  last updated:	2024-08-03 17:03:05 -0700
-  commit:	a3b9e1240633295a4c5582bbe353bf22ec595090
+  commit:	3f2952b7fd694022225eb502be77a9b8b4b5676a
`@ -1 +1 @@`
	`2024-07-22T14:38:04+02:00`	`2024-08-14T07:19:06+02:00`
		`@ -1 +1 @@`
			`{"version":"0.9.1","created_at":"2024-07-22 14:38:04 +0200","results":[]}`				{"version":"0.9.1","created_at":"2024-08-14 07:19:06 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41123.yml","id":"CVE-2024-41123","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There are some DoS vulnerabilities in REXML gem.\nThese vulnerabilities have been assigned the CVE identifier\nCVE-2024-41123. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML document that has many specific characters such\nas whitespace character, >] and ]>, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer and scyoon for discovering these issues.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41123","osvdb":null,"ghsa":"r55c-59qm-vjw6","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}},{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41946.yml","id":"CVE-2024-41946","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There is a DoS vulnerability in REXML gem.\nThis vulnerability has been assigned the CVE identifier\nCVE-2024-41946. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML that has many entity expansions with SAX2 or\npull parser API, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to NAITOH Jun for discovering and fixing this issue.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41946","osvdb":null,"ghsa":"5866-49gr-22v4","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}}]}