From 728d3db05145028342b151aba27d963dae7d205d Mon Sep 17 00:00:00 2001 From: cicd Date: Wed, 17 Jul 2024 11:27:47 +0200 Subject: [PATCH] commit by to_remotes 2024-07-17 11:27:47 +0200 from cicd --- bundle-audit-time.txt | 2 +- bundle-audit.json | 2 +- report.txt | 10 +++++++++- update-info.txt | 12 ++++++++---- 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/bundle-audit-time.txt b/bundle-audit-time.txt index 106592c..d2628ac 100644 --- a/bundle-audit-time.txt +++ b/bundle-audit-time.txt @@ -1 +1 @@ -2024-07-16T14:40:03+02:00 +2024-07-17T11:27:46+02:00 diff --git a/bundle-audit.json b/bundle-audit.json index 0794bd6..b5825c3 100644 --- a/bundle-audit.json +++ b/bundle-audit.json @@ -1 +1 @@ -{"version":"0.9.1","created_at":"2024-07-16 14:40:03 +0200","results":[]} \ No newline at end of file +{"version":"0.9.1","created_at":"2024-07-17 11:27:46 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.2.8"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-39908.yml","id":"CVE-2024-39908","url":"https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8","title":"DoS in REXML","date":"2024-07-16","description":"There is a DoS vulnerability in REXML gem. This vulnerability has\nbeen assigned the CVE identifier CVE-2024-39908. We strongly\nrecommend upgrading the REXML gem.\n\n## Details\n\nWhen it parses an XML that has many specific characters such as\n<, 0 and %>. REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.2 or later.\n\n## Affected versions\n\nREXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer for discovering this issue.\n\n## History\n\nOriginally published at 2024-07-16 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-39908","osvdb":null,"ghsa":null,"unaffected_versions":[],"patched_versions":[">= 3.3.2"],"criticality":null}}]} \ No newline at end of file diff --git a/report.txt b/report.txt index 8900c02..889201a 100644 --- a/report.txt +++ b/report.txt @@ -1 +1,9 @@ -No vulnerabilities found +Name: rexml +Version: 3.2.8 +CVE: CVE-2024-39908 +Criticality: Unknown +URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 +Title: DoS in REXML +Solution: upgrade to '>= 3.3.2' + +Vulnerabilities found! diff --git a/update-info.txt b/update-info.txt index 6527ffa..d3a874b 100644 --- a/update-info.txt +++ b/update-info.txt @@ -1,7 +1,11 @@ Updating ruby-advisory-db ... -Already up to date. +Updating 58766d8..448d4a3 +Fast-forward + gems/rexml/CVE-2024-39908.yml | 37 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 37 insertions(+) + create mode 100644 gems/rexml/CVE-2024-39908.yml Updated ruby-advisory-db ruby-advisory-db: - advisories: 900 advisories - last updated: 2024-07-11 13:22:56 -0700 - commit: 58766d871b78e5277a80c24b51aff36f6e17e0e1 + advisories: 901 advisories + last updated: 2024-07-16 09:59:47 -0700 + commit: 448d4a3b6961d22b47fcb072d9385e8bc1c7fb8d