commit by to_remotes 2025-03-06 11:25:00 +0100 from cicd

2025-03-06 11:25:00 +01:00 · 2025-03-06 11:25:00 +01:00 · 6b3269153f
parent 584087f6ae
commit 6b3269153f
4 changed files with 20 additions and 7 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2025-03-05T14:35:11+01:00
+2025-03-06T11:25:00+01:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
@ -1 +1 @@
-{"version":"0.9.2","created_at":"2025-03-05 14:35:10 +0100","results":[]}
+{"version":"0.9.2","created_at":"2025-03-06 11:25:00 +0100","results":[{"type":"unpatched_gem","gem":{"name":"rack","version":"3.1.10"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rack/CVE-2025-27111.yml","id":"CVE-2025-27111","url":"https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v","title":"Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection","date":"2025-03-04","description":"## Summary\n\n`Rack::Sendfile` can be exploited by crafting input that\nincludes newline characters to manipulate log entries.\n\n## Details\n\nThe `Rack::Sendfile` middleware logs unsanitized header values from\nthe `X-Sendfile-Type` header. An attacker can exploit this by\ninjecting escape sequences (such as newline characters) into the\nheader, resulting in log injection.\n\n## Impact\n\nThis vulnerability can distort log files, obscure\nattack traces, and complicate security auditing.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Sendfile`.\n","cvss_v2":null,"cvss_v3":null,"cve":"2025-27111","osvdb":null,"ghsa":"8cgq-6mh2-7j6v","unaffected_versions":[],"patched_versions":["~> 2.2.12","~> 3.0.13",">= 3.1.11"],"criticality":null}}]}
--- a/report.txt
+++ b/report.txt
@ -1 +1,10 @@
-No vulnerabilities found
+Name: rack
 Version: 3.1.10
 CVE: CVE-2025-27111
 GHSA: GHSA-8cgq-6mh2-7j6v
 Criticality: Unknown
 URL: https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
 Title: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
 Solution: update to '~> 2.2.12', '~> 3.0.13', '>= 3.1.11'
 Vulnerabilities found!
--- a/update-info.txt
+++ b/update-info.txt
@ -1,7 +1,11 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating 6847b45..8ab1b43
 Fast-forward
 gems/rack/CVE-2025-27111.yml | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 gems/rack/CVE-2025-27111.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	964 advisories
+  advisories:	965 advisories
-  last updated:	2025-03-04 11:21:21 -0800
+  last updated:	2025-03-05 12:12:15 -0800
-  commit:	6847b4580e91a077f37ffc80d90054b8684c14ca
+  commit:	8ab1b435ef4029c64d694839e618bd7375109a6b
`@ -1 +1 @@`
	`2025-03-05T14:35:11+01:00`	`2025-03-06T11:25:00+01:00`
		`@ -1 +1 @@`
			`{"version":"0.9.2","created_at":"2025-03-05 14:35:10 +0100","results":[]}`				{"version":"0.9.2","created_at":"2025-03-06 11:25:00 +0100","results":[{"type":"unpatched_gem","gem":{"name":"rack","version":"3.1.10"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rack/CVE-2025-27111.yml","id":"CVE-2025-27111","url":"https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v","title":"Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection","date":"2025-03-04","description":"## Summary\n\n`Rack::Sendfile` can be exploited by crafting input that\nincludes newline characters to manipulate log entries.\n\n## Details\n\nThe `Rack::Sendfile` middleware logs unsanitized header values from\nthe `X-Sendfile-Type` header. An attacker can exploit this by\ninjecting escape sequences (such as newline characters) into the\nheader, resulting in log injection.\n\n## Impact\n\nThis vulnerability can distort log files, obscure\nattack traces, and complicate security auditing.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Sendfile`.\n","cvss_v2":null,"cvss_v3":null,"cve":"2025-27111","osvdb":null,"ghsa":"8cgq-6mh2-7j6v","unaffected_versions":[],"patched_versions":["~> 2.2.12","~> 3.0.13",">= 3.1.11"],"criticality":null}}]}