commit by to_remotes 2024-09-24 07:26:02 +0200 from cicd

2024-09-24 07:26:02 +02:00 · 2024-09-24 07:26:02 +02:00 · 7121e8dc8b
parent ae21d42e2c
commit 7121e8dc8b
4 changed files with 24 additions and 7 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2024-09-23T11:53:46+02:00
+2024-09-24T07:26:02+02:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
@ -1 +1 @@
-{"version":"0.9.2","created_at":"2024-09-23 11:53:46 +0200","results":[]}
+{"version":"0.9.2","created_at":"2024-09-24 07:26:02 +0200","results":[{"type":"unpatched_gem","gem":{"name":"webrick","version":"1.8.1"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/webrick/CVE-2024-47220.yml","id":"CVE-2024-47220","url":"https://github.com/advisories/GHSA-6f62-3596-g6w7","title":"HTTP Request Smuggling in ruby webrick","date":"2024-09-22","description":"An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby.\nIt allows HTTP request smuggling by providing both a Content-Length\nheader and a Transfer-Encoding header, e.g.,\n\"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\"\nrequest.\n\nNOTE: the supplier''s position is \"Webrick should not be used in production.\"\n","cvss_v2":null,"cvss_v3":7.5,"cve":"2024-47220","osvdb":null,"ghsa":"6f62-3596-g6w7","unaffected_versions":[],"patched_versions":[">= 1.8.2"],"criticality":"high"}}]}
--- a/report.txt
+++ b/report.txt
@ -1 +1,10 @@
-No vulnerabilities found
+Name: webrick
+Version: 1.8.1
+CVE: CVE-2024-47220
+GHSA: GHSA-6f62-3596-g6w7
+Criticality: High
+URL: https://github.com/advisories/GHSA-6f62-3596-g6w7
+Title: HTTP Request Smuggling in ruby webrick
+Solution: update to '>= 1.8.2'
+
+Vulnerabilities found!
--- a/update-info.txt
+++ b/update-info.txt
@ -1,7 +1,15 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating ebac396..9abfcb2
+Fast-forward
+ gems/camaleon_cms/GHSA-7x4w-cj9r-h4v9.yml | 81 +++++++++++++++++++++++++++++++
+ gems/camaleon_cms/GHSA-r9cr-qmfw-pmrc.yml | 52 ++++++++++++++++++++
+ gems/webrick/CVE-2024-47220.yml           | 25 ++++++++++
+ 3 files changed, 158 insertions(+)
+ create mode 100644 gems/camaleon_cms/GHSA-7x4w-cj9r-h4v9.yml
+ create mode 100644 gems/camaleon_cms/GHSA-r9cr-qmfw-pmrc.yml
+ create mode 100644 gems/webrick/CVE-2024-47220.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	926 advisories
-  last updated:	2024-09-21 16:59:39 -0700
-  commit:	ebac3962e0275ec2f95ff29dc76398f7a4fccd5f
+  advisories:	929 advisories
+  last updated:	2024-09-23 19:56:34 -0700
+  commit:	9abfcb29a8e6be1fc9f0866a65de58e2d4a0104f