wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki

commit by to_remotes 2024-09-24 07:30:21 +0200 from cicd

main
cicd 2024-09-24 07:30:21 +02:00
parent 7121e8dc8b
commit 2d6fa41d6d
4 changed files with 4 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bundle-audit-time.txt
View File

@ -1 +1 @@
2024-09-24T07:26:02+02:00
2024-09-24T07:30:21+02:00

2
bundle-audit.json
View File

@ -1 +1 @@
{"version":"0.9.2","created_at":"2024-09-24 07:26:02 +0200","results":[{"type":"unpatched_gem","gem":{"name":"webrick","version":"1.8.1"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/webrick/CVE-2024-47220.yml","id":"CVE-2024-47220","url":"https://github.com/advisories/GHSA-6f62-3596-g6w7","title":"HTTP Request Smuggling in ruby webrick","date":"2024-09-22","description":"An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby.\nIt allows HTTP request smuggling by providing both a Content-Length\nheader and a Transfer-Encoding header, e.g.,\n\"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\"\nrequest.\n\nNOTE: the supplier''s position is \"Webrick should not be used in production.\"\n","cvss_v2":null,"cvss_v3":7.5,"cve":"2024-47220","osvdb":null,"ghsa":"6f62-3596-g6w7","unaffected_versions":[],"patched_versions":[">= 1.8.2"],"criticality":"high"}}]}
{"version":"0.9.2","created_at":"2024-09-24 07:30:21 +0200","results":[]}

11
report.txt
View File

@ -1,10 +1 @@
Name: webrick
Version: 1.8.1
CVE: CVE-2024-47220
GHSA: GHSA-6f62-3596-g6w7
Criticality: High
URL: https://github.com/advisories/GHSA-6f62-3596-g6w7
Title: HTTP Request Smuggling in ruby webrick
Solution: update to '>= 1.8.2'
Vulnerabilities found!
No vulnerabilities found

10
update-info.txt
View File

@ -1,13 +1,5 @@
Updating ruby-advisory-db ...
Updating ebac396..9abfcb2
Fast-forward
gems/camaleon_cms/GHSA-7x4w-cj9r-h4v9.yml | 81 +++++++++++++++++++++++++++++++
gems/camaleon_cms/GHSA-r9cr-qmfw-pmrc.yml | 52 ++++++++++++++++++++
gems/webrick/CVE-2024-47220.yml | 25 ++++++++++
3 files changed, 158 insertions(+)
create mode 100644 gems/camaleon_cms/GHSA-7x4w-cj9r-h4v9.yml
create mode 100644 gems/camaleon_cms/GHSA-r9cr-qmfw-pmrc.yml
create mode 100644 gems/webrick/CVE-2024-47220.yml
Already up to date.
Updated ruby-advisory-db
ruby-advisory-db:
advisories: 929 advisories