From 2675ddbfd5accf04d5da39b886a41f31bf683e45 Mon Sep 17 00:00:00 2001
From: ag <ag@wiseadvice.eu>
Date: Thu, 29 Feb 2024 07:25:05 +0100
Subject: [PATCH] commit by to_remotes 2024-02-29 07:25:05 +0100 from vmdevac

---
 bundle-audit-time.txt |  2 +-
 bundle-audit.json     |  2 +-
 report.txt            | 11 ++++++++++-
 update-info.txt       | 15 +++++++++++----
 4 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/bundle-audit-time.txt b/bundle-audit-time.txt
index 999a33a..da8f834 100644
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@@ -1 +1 @@
-2024-02-28T16:44:00+01:00
+2024-02-29T07:25:04+01:00
diff --git a/bundle-audit.json b/bundle-audit.json
index 9eca4a4..4574bb0 100644
--- a/bundle-audit.json
+++ b/bundle-audit.json
@@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-02-28 16:43:59 +0100","results":[]}
\ No newline at end of file
+{"version":"0.9.1","created_at":"2024-02-29 07:25:04 +0100","results":[{"type":"unpatched_gem","gem":{"name":"yard","version":"0.9.28"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/yard/CVE-2024-27285.yml","id":"CVE-2024-27285","url":"https://github.com/advisories/GHSA-8mq4-9jjh-9xrc","title":"YARD's default template vulnerable to Cross-site Scripting in generated frames.html","date":"2024-02-28","description":"\n### Summary\n\nThe \"frames.html\" file within the Yard Doc's generated documentation\nis vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate\nsanitization of user input within the JavaScript segment of the\n\"frames.erb\" template file.\n\n### Details\n\nThe vulnerability stems from mishandling user-controlled data retrieved\nfrom the URL hash in the embedded JavaScript code within the \"frames.erb\"\ntemplate file. Specifically, the script lacks proper sanitization of\nthe hash data before utilizing it to establish the top-level window's\nlocation. This oversight permits an attacker to inject malicious\nJavaScript payloads through carefully crafted URLs.\n\nSnippet from \"frames.erb\":\n```erb\n<script type=\"text/javascript\">\n  var match = unescape(window.location.hash).match(/^#!(.+)/);\n  var name = match ? match[1] : '<= url_for_main >';\n  name = name.replace(/^(\\w+):\\/\\//, '').replace(/^\\/\\//, '');\n  window.top.location = name;\n</script>\n```\n\n### PoC (Proof of Concept)\n\nTo exploit this vulnerability:\n1. Gain access to the generated Yard Doc.\n2. Locate and access the \"frames.html\" file.\n3. Construct a URL containing the malicious payload in the hash\n   segment, for instance: `#!javascript:xss`\n\n### Impact\n\nThis XSS vulnerability presents a substantial threat by enabling\nan attacker to execute arbitrary JavaScript code within the user's\nsession context. Potential ramifications include session hijacking,\ntheft of sensitive data, unauthorized access to user accounts, and\ndefacement of websites. Any user visiting the compromised page is\nsusceptible to exploitation. It is critical to promptly address\nthis vulnerability to mitigate potential harm to users and preserve\nthe application's integrity.\n","cvss_v2":null,"cvss_v3":5.4,"cve":"2024-27285","osvdb":null,"ghsa":"8mq4-9jjh-9xrc","unaffected_versions":[],"patched_versions":[">= 0.9.35"],"criticality":"medium"}}]}
\ No newline at end of file
diff --git a/report.txt b/report.txt
index 8900c02..f81e33d 100644
--- a/report.txt
+++ b/report.txt
@@ -1 +1,10 @@
-No vulnerabilities found
+Name: yard
+Version: 0.9.28
+CVE: CVE-2024-27285
+GHSA: GHSA-8mq4-9jjh-9xrc
+Criticality: Medium
+URL: https://github.com/advisories/GHSA-8mq4-9jjh-9xrc
+Title: YARD's default template vulnerable to Cross-site Scripting in generated frames.html
+Solution: upgrade to '>= 0.9.35'
+
+Vulnerabilities found!
diff --git a/update-info.txt b/update-info.txt
index 83bb8ec..d26dee1 100644
--- a/update-info.txt
+++ b/update-info.txt
@@ -1,7 +1,14 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating 1c7d5b5..06f3374
+Fast-forward
+ gems/rack/CVE-2024-25126.yml |  1 +
+ gems/rack/CVE-2024-26141.yml |  1 +
+ gems/rack/CVE-2024-26146.yml |  1 +
+ gems/yard/CVE-2024-27285.yml | 64 ++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 67 insertions(+)
+ create mode 100644 gems/yard/CVE-2024-27285.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	875 advisories
-  last updated:	2024-02-27 14:25:50 -0800
-  commit:	1c7d5b5233d4c1ace4b6141bb949a2d54028d18e
+  advisories:	876 advisories
+  last updated:	2024-02-28 16:01:01 -0800
+  commit:	06f33746747e89af5634a5e6b41004ad7899a6c0