commit by to_remotes 2025-10-09 08:31:11 +0200 from cicd

2025-10-09 08:31:11 +02:00 · 2025-10-09 08:31:11 +02:00 · 4e41f234cf
parent 13033147d5
commit 4e41f234cf
4 changed files with 52 additions and 7 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2025-10-07T14:30:12+02:00
+2025-10-09T08:31:10+02:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
--- a/report.txt
+++ b/report.txt
@ -1 +1,36 @@
-No vulnerabilities found
+Name: rack
+Version: 3.2.0
+CVE: CVE-2025-61770
+GHSA: GHSA-p543-xpfm-54cp
+Criticality: High
+URL: https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
+Title: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
+Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
+
+Name: rack
+Version: 3.2.0
+CVE: CVE-2025-61771
+GHSA: GHSA-w9pc-fmgc-vxvw
+Criticality: High
+URL: https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
+Title: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
+Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
+
+Name: rack
+Version: 3.2.0
+CVE: CVE-2025-61772
+GHSA: GHSA-wpv5-97wm-hp9c
+Criticality: High
+URL: https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
+Title: Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
+Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
+
+Name: uri
+Version: 1.0.3
+CVE: CVE-2025-61594
+Criticality: Unknown
+URL: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594
+Title: CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221
+Solution: update to '~> 0.12.5', '~> 0.13.3', '>= 1.0.4'
+
+Vulnerabilities found!
--- a/update-info.txt
+++ b/update-info.txt
@ -1,7 +1,17 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating c1fcbac..e80dfb0
+Fast-forward
+ gems/rack/CVE-2025-61770.yml | 61 ++++++++++++++++++++++++++++++++++++++++++++
+ gems/rack/CVE-2025-61771.yml | 60 +++++++++++++++++++++++++++++++++++++++++++
+ gems/rack/CVE-2025-61772.yml | 59 ++++++++++++++++++++++++++++++++++++++++++
+ gems/uri/CVE-2025-61594.yml  | 41 +++++++++++++++++++++++++++++
+ 4 files changed, 221 insertions(+)
+ create mode 100644 gems/rack/CVE-2025-61770.yml
+ create mode 100644 gems/rack/CVE-2025-61771.yml
+ create mode 100644 gems/rack/CVE-2025-61772.yml
+ create mode 100644 gems/uri/CVE-2025-61594.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	1025 advisories
-  last updated:	2025-09-30 17:23:50 -0700
-  commit:	c1fcbac5a8bfdd3d205956d018b2d8a33aa97062
+  advisories:	1029 advisories
+  last updated:	2025-10-08 21:44:33 -0700
+  commit:	e80dfb041da37a032aaf0c4a1fceeaaf5aeb381c