commit by to_remotes 2024-07-17 11:27:47 +0200 from cicd

2024-07-17 11:27:47 +02:00 · 2024-07-17 11:27:47 +02:00 · 728d3db051
parent b44df2e8fe
commit 728d3db051
4 changed files with 19 additions and 7 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2024-07-16T14:40:03+02:00
+2024-07-17T11:27:46+02:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-07-16 14:40:03 +0200","results":[]}
+{"version":"0.9.1","created_at":"2024-07-17 11:27:46 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.2.8"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-39908.yml","id":"CVE-2024-39908","url":"https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8","title":"DoS in REXML","date":"2024-07-16","description":"There is a DoS vulnerability in REXML gem. This vulnerability has\nbeen assigned the CVE identifier CVE-2024-39908. We strongly\nrecommend upgrading the REXML gem.\n\n## Details\n\nWhen it parses an XML that has many specific characters such as\n<, 0 and %>. REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.2 or later.\n\n## Affected versions\n\nREXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer for discovering this issue.\n\n## History\n\nOriginally published at 2024-07-16 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-39908","osvdb":null,"ghsa":null,"unaffected_versions":[],"patched_versions":[">= 3.3.2"],"criticality":null}}]}
--- a/report.txt
+++ b/report.txt
@ -1 +1,9 @@
-No vulnerabilities found
+Name: rexml
 Version: 3.2.8
 CVE: CVE-2024-39908
 Criticality: Unknown
 URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
 Title: DoS in REXML
 Solution: upgrade to '>= 3.3.2'
 Vulnerabilities found!
--- a/update-info.txt
+++ b/update-info.txt
@ -1,7 +1,11 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating 58766d8..448d4a3
 Fast-forward
 gems/rexml/CVE-2024-39908.yml | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 gems/rexml/CVE-2024-39908.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	900 advisories
+  advisories:	901 advisories
-  last updated:	2024-07-11 13:22:56 -0700
+  last updated:	2024-07-16 09:59:47 -0700
-  commit:	58766d871b78e5277a80c24b51aff36f6e17e0e1
+  commit:	448d4a3b6961d22b47fcb072d9385e8bc1c7fb8d
`@ -1 +1 @@`
	`2024-07-16T14:40:03+02:00`	`2024-07-17T11:27:46+02:00`
		`@ -1 +1 @@`
			`{"version":"0.9.1","created_at":"2024-07-16 14:40:03 +0200","results":[]}`				{"version":"0.9.1","created_at":"2024-07-17 11:27:46 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.2.8"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-39908.yml","id":"CVE-2024-39908","url":"https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8","title":"DoS in REXML","date":"2024-07-16","description":"There is a DoS vulnerability in REXML gem. This vulnerability has\nbeen assigned the CVE identifier CVE-2024-39908. We strongly\nrecommend upgrading the REXML gem.\n\n## Details\n\nWhen it parses an XML that has many specific characters such as\n<, 0 and %>. REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.2 or later.\n\n## Affected versions\n\nREXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer for discovering this issue.\n\n## History\n\nOriginally published at 2024-07-16 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-39908","osvdb":null,"ghsa":null,"unaffected_versions":[],"patched_versions":[">= 3.3.2"],"criticality":null}}]}