commit by to_remotes 2024-08-21 09:19:02 +0200 from cicd

2024-08-21 09:19:02 +02:00 · 2024-08-21 09:19:02 +02:00 · 2aa17d75bd
parent 9a37cc692f
commit 2aa17d75bd
3 changed files with 3 additions and 12 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2024-08-21T09:02:43+02:00
+2024-08-21T09:19:01+02:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-08-21 09:02:42 +0200","results":[{"type":"unpatched_gem","gem":{"name":"fugit","version":"1.11.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/fugit/CVE-2024-43380.yml","id":"CVE-2024-43380","url":"https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g","title":"fugit parse and parse_nat stall on lengthy input","date":"2024-08-19","description":"### Impact\n\nThe fugit \"natural\" parser, that turns \"every wednesday at 5pm\" into\n\"0 17 * * 3\", accepted any length of input and went on attempting to\nparse it, not returning promptly, as expected. The parse call could\nhold the thread with no end in sight.\n\nFugit dependents that do not check (user) input length for\nplausability are impacted.\n\n### Patches\n\nProblem was reported in #104 and the fix was released in\n[fugit 1.11.1](https://rubygems.org/gems/fugit/versions/1.11.1)\n\n### Workarounds\n\nBy making sure that `Fugit.parse(s)`, `Fugit.do_parse(s)`,\n`Fugit.parse_nat(s)`, `Fugit.do_parse_nat(s)`, `Fugit::Nat.parse(s)`,\nand `Fugit::Nat.do_parse(s)` are not fed strings too long.\n1000 chars feels ok, while 10_000 chars makes it stall.\n\nIn fewer words, making sure those fugit methods are not fed\nunvetted input strings.\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-43380","osvdb":null,"ghsa":"2m96-52r3-2f3g","unaffected_versions":[],"patched_versions":[">= 1.11.1"],"criticality":"medium"}}]}
+{"version":"0.9.1","created_at":"2024-08-21 09:19:01 +0200","results":[]}
--- a/report.txt
+++ b/report.txt
@ -1,10 +1 @@
-Name: fugit
+No vulnerabilities found
 Version: 1.11.0
 CVE: CVE-2024-43380
 GHSA: GHSA-2m96-52r3-2f3g
 Criticality: Medium
 URL: https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g
 Title: fugit parse and parse_nat stall on lengthy input
 Solution: upgrade to '>= 1.11.1'
 Vulnerabilities found!
`@ -1 +1 @@`
	`2024-08-21T09:02:43+02:00`	`2024-08-21T09:19:01+02:00`
		`@ -1 +1 @@`
			{"version":"0.9.1","created_at":"2024-08-21 09:02:42 +0200","results":[{"type":"unpatched_gem","gem":{"name":"fugit","version":"1.11.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/fugit/CVE-2024-43380.yml","id":"CVE-2024-43380","url":"https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g","title":"fugit parse and parse_nat stall on lengthy input","date":"2024-08-19","description":"### Impact\n\nThe fugit \"natural\" parser, that turns \"every wednesday at 5pm\" into\n\"0 17 * * 3\", accepted any length of input and went on attempting to\nparse it, not returning promptly, as expected. The parse call could\nhold the thread with no end in sight.\n\nFugit dependents that do not check (user) input length for\nplausability are impacted.\n\n### Patches\n\nProblem was reported in #104 and the fix was released in\n[fugit 1.11.1](https://rubygems.org/gems/fugit/versions/1.11.1)\n\n### Workarounds\n\nBy making sure that `Fugit.parse(s)`, `Fugit.do_parse(s)`,\n`Fugit.parse_nat(s)`, `Fugit.do_parse_nat(s)`, `Fugit::Nat.parse(s)`,\nand `Fugit::Nat.do_parse(s)` are not fed strings too long.\n1000 chars feels ok, while 10_000 chars makes it stall.\n\nIn fewer words, making sure those fugit methods are not fed\nunvetted input strings.\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-43380","osvdb":null,"ghsa":"2m96-52r3-2f3g","unaffected_versions":[],"patched_versions":[">= 1.11.1"],"criticality":"medium"}}]}				`{"version":"0.9.1","created_at":"2024-08-21 09:19:01 +0200","results":[]}`