commit by to_remotes 2025-10-09 08:31:11 +0200 from cicd
parent
13033147d5
commit
4e41f234cf
|
|
@ -1 +1 @@
|
||||||
2025-10-07T14:30:12+02:00
|
2025-10-09T08:31:10+02:00
|
||||||
|
|
|
||||||
File diff suppressed because one or more lines are too long
37
report.txt
37
report.txt
|
|
@ -1 +1,36 @@
|
||||||
No vulnerabilities found
|
Name: rack
|
||||||
|
Version: 3.2.0
|
||||||
|
CVE: CVE-2025-61770
|
||||||
|
GHSA: GHSA-p543-xpfm-54cp
|
||||||
|
Criticality: High
|
||||||
|
URL: https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
|
||||||
|
Title: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
|
||||||
|
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
|
||||||
|
|
||||||
|
Name: rack
|
||||||
|
Version: 3.2.0
|
||||||
|
CVE: CVE-2025-61771
|
||||||
|
GHSA: GHSA-w9pc-fmgc-vxvw
|
||||||
|
Criticality: High
|
||||||
|
URL: https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
|
||||||
|
Title: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
|
||||||
|
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
|
||||||
|
|
||||||
|
Name: rack
|
||||||
|
Version: 3.2.0
|
||||||
|
CVE: CVE-2025-61772
|
||||||
|
GHSA: GHSA-wpv5-97wm-hp9c
|
||||||
|
Criticality: High
|
||||||
|
URL: https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
|
||||||
|
Title: Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
|
||||||
|
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
|
||||||
|
|
||||||
|
Name: uri
|
||||||
|
Version: 1.0.3
|
||||||
|
CVE: CVE-2025-61594
|
||||||
|
Criticality: Unknown
|
||||||
|
URL: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594
|
||||||
|
Title: CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221
|
||||||
|
Solution: update to '~> 0.12.5', '~> 0.13.3', '>= 1.0.4'
|
||||||
|
|
||||||
|
Vulnerabilities found!
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,17 @@
|
||||||
Updating ruby-advisory-db ...
|
Updating ruby-advisory-db ...
|
||||||
Already up to date.
|
Updating c1fcbac..e80dfb0
|
||||||
|
Fast-forward
|
||||||
|
gems/rack/CVE-2025-61770.yml | 61 ++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
gems/rack/CVE-2025-61771.yml | 60 +++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
gems/rack/CVE-2025-61772.yml | 59 ++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
gems/uri/CVE-2025-61594.yml | 41 +++++++++++++++++++++++++++++
|
||||||
|
4 files changed, 221 insertions(+)
|
||||||
|
create mode 100644 gems/rack/CVE-2025-61770.yml
|
||||||
|
create mode 100644 gems/rack/CVE-2025-61771.yml
|
||||||
|
create mode 100644 gems/rack/CVE-2025-61772.yml
|
||||||
|
create mode 100644 gems/uri/CVE-2025-61594.yml
|
||||||
Updated ruby-advisory-db
|
Updated ruby-advisory-db
|
||||||
ruby-advisory-db:
|
ruby-advisory-db:
|
||||||
advisories: 1025 advisories
|
advisories: 1029 advisories
|
||||||
last updated: 2025-09-30 17:23:50 -0700
|
last updated: 2025-10-08 21:44:33 -0700
|
||||||
commit: c1fcbac5a8bfdd3d205956d018b2d8a33aa97062
|
commit: e80dfb041da37a032aaf0c4a1fceeaaf5aeb381c
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue