commit by to_remotes 2024-05-02 09:27:21 +0200 from vmdevac

bundle-audit-time.txt

@@ -1 +1 @@
-2024-05-02T09:24:51+02:00
+2024-05-02T09:27:20+02:00

bundle-audit.json

@@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-05-02 09:24:51 +0200","results":[{"type":"unpatched_gem","gem":{"name":"sidekiq","version":"7.2.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/sidekiq/CVE-2024-32887.yml","id":"CVE-2024-32887","url":"https://github.com/sidekiq/sidekiq/security/advisories/GHSA-q655-3pj8-9fxq","title":"Reflected XSS in Metrics Web Page","date":"2024-04-26","description":"Reflected XSS in Sidekiq Web UI via the `/metrics` HTTP end-point and the\n`substr` query param:\n\n    https://{host}/sidekiq/metrics?substr=foot%22%3E%3Cscript%20src=%22{payload}%22%20/%3E\n","cvss_v2":null,"cvss_v3":5.5,"cve":"2024-32887","osvdb":null,"ghsa":"GHSA-q655-3pj8-9fxq","unaffected_versions":["< 7.2.0"],"patched_versions":[">= 7.2.4"],"criticality":"medium"}}]}
+{"version":"0.9.1","created_at":"2024-05-02 09:27:20 +0200","results":[]}

report.txt

@@ -1,10 +1 @@
-Name: sidekiq
+No vulnerabilities found
-Version: 7.2.0
-CVE: CVE-2024-32887
-GHSA: GHSA-GHSA-q655-3pj8-9fxq
-Criticality: Medium
-URL: https://github.com/sidekiq/sidekiq/security/advisories/GHSA-q655-3pj8-9fxq
-Title: Reflected XSS in Metrics Web Page
-Solution: upgrade to '>= 7.2.4'
-
-Vulnerabilities found!

update-info.txt

@@ -1,11 +1,5 @@
 Updating ruby-advisory-db ...
-Updating 2b58e06..e97ec3f
+Already up to date.
-Fast-forward
- gems/sidekiq/CVE-2023-1892.yml  |  2 +-
- gems/sidekiq/CVE-2024-32887.yml | 22 ++++++++++++++++++++++
- spec/advisory_example.rb        |  4 ++++
- 3 files changed, 27 insertions(+), 1 deletion(-)
- create mode 100644 gems/sidekiq/CVE-2024-32887.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
   advisories:	886 advisories