From 2d6fa41d6dce2dc2d15f9b763497124b4524c942 Mon Sep 17 00:00:00 2001 From: cicd Date: Tue, 24 Sep 2024 07:30:21 +0200 Subject: [PATCH] commit by to_remotes 2024-09-24 07:30:21 +0200 from cicd --- bundle-audit-time.txt | 2 +- bundle-audit.json | 2 +- report.txt | 11 +---------- update-info.txt | 10 +--------- 4 files changed, 4 insertions(+), 21 deletions(-) diff --git a/bundle-audit-time.txt b/bundle-audit-time.txt index 8e468a2..fad0761 100644 --- a/bundle-audit-time.txt +++ b/bundle-audit-time.txt @@ -1 +1 @@ -2024-09-24T07:26:02+02:00 +2024-09-24T07:30:21+02:00 diff --git a/bundle-audit.json b/bundle-audit.json index 0e6e4f9..afe0618 100644 --- a/bundle-audit.json +++ b/bundle-audit.json @@ -1 +1 @@ -{"version":"0.9.2","created_at":"2024-09-24 07:26:02 +0200","results":[{"type":"unpatched_gem","gem":{"name":"webrick","version":"1.8.1"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/webrick/CVE-2024-47220.yml","id":"CVE-2024-47220","url":"https://github.com/advisories/GHSA-6f62-3596-g6w7","title":"HTTP Request Smuggling in ruby webrick","date":"2024-09-22","description":"An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby.\nIt allows HTTP request smuggling by providing both a Content-Length\nheader and a Transfer-Encoding header, e.g.,\n\"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\"\nrequest.\n\nNOTE: the supplier''s position is \"Webrick should not be used in production.\"\n","cvss_v2":null,"cvss_v3":7.5,"cve":"2024-47220","osvdb":null,"ghsa":"6f62-3596-g6w7","unaffected_versions":[],"patched_versions":[">= 1.8.2"],"criticality":"high"}}]} \ No newline at end of file +{"version":"0.9.2","created_at":"2024-09-24 07:30:21 +0200","results":[]} \ No newline at end of file diff --git a/report.txt b/report.txt index b6f4cee..8900c02 100644 --- a/report.txt +++ b/report.txt @@ -1,10 +1 @@ -Name: webrick -Version: 1.8.1 -CVE: CVE-2024-47220 -GHSA: GHSA-6f62-3596-g6w7 -Criticality: High -URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 -Title: HTTP Request Smuggling in ruby webrick -Solution: update to '>= 1.8.2' - -Vulnerabilities found! +No vulnerabilities found diff --git a/update-info.txt b/update-info.txt index be9649c..17c3aa6 100644 --- a/update-info.txt +++ b/update-info.txt @@ -1,13 +1,5 @@ Updating ruby-advisory-db ... -Updating ebac396..9abfcb2 -Fast-forward - gems/camaleon_cms/GHSA-7x4w-cj9r-h4v9.yml | 81 +++++++++++++++++++++++++++++++ - gems/camaleon_cms/GHSA-r9cr-qmfw-pmrc.yml | 52 ++++++++++++++++++++ - gems/webrick/CVE-2024-47220.yml | 25 ++++++++++ - 3 files changed, 158 insertions(+) - create mode 100644 gems/camaleon_cms/GHSA-7x4w-cj9r-h4v9.yml - create mode 100644 gems/camaleon_cms/GHSA-r9cr-qmfw-pmrc.yml - create mode 100644 gems/webrick/CVE-2024-47220.yml +Already up to date. Updated ruby-advisory-db ruby-advisory-db: advisories: 929 advisories