commit by to_remotes 2024-02-27 08:43:11 +0100 from vmdevac

2024-02-27 08:43:11 +01:00 · 2024-02-27 08:43:11 +01:00 · 786e9571d4
parent 7372966c93
commit 786e9571d4
4 changed files with 44 additions and 18 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2024-02-27T08:12:04+01:00
+2024-02-27T08:43:10+01:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
--- a/report.txt
+++ b/report.txt
@ -1 +1,41 @@
-No vulnerabilities found
+Name: actionpack
+Version: 7.1.3
+CVE: CVE-2024-26142
+Criticality: Unknown
+URL: https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
+Title: Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
+Solution: upgrade to '>= 7.1.3.1'
+
+Name: actionpack
+Version: 7.1.3
+CVE: CVE-2024-26143
+Criticality: Unknown
+URL: https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
+Title: Possible XSS Vulnerability in Action Controller
+Solution: upgrade to '~> 7.0.8, >= 7.0.8.1', '>= 7.1.3.1'
+
+Name: rack
+Version: 3.0.9
+CVE: CVE-2024-25126
+Criticality: Unknown
+URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941
+Title: Denial of Service Vulnerability in Rack Content-Type Parsing
+Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1'
+
+Name: rack
+Version: 3.0.9
+CVE: CVE-2024-26141
+Criticality: Unknown
+URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944
+Title: Possible DoS Vulnerability with Range Header in Rack
+Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1'
+
+Name: rack
+Version: 3.0.9
+CVE: CVE-2024-26146
+Criticality: Unknown
+URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942
+Title: Possible Denial of Service Vulnerability in Rack Header Parsing
+Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1'
+
+Vulnerabilities found!
--- a/update-info.txt
+++ b/update-info.txt
@ -1,19 +1,5 @@
 Updating ruby-advisory-db ...
-Updating 4dbb13b..fc2aa0d
-Fast-forward
- gems/actionpack/CVE-2024-26142.yml    | 35 +++++++++++++++++++++
- gems/actionpack/CVE-2024-26143.yml    | 57 +++++++++++++++++++++++++++++++++++
- gems/activestorage/CVE-2024-26144.yml | 43 ++++++++++++++++++++++++++
- gems/rack/CVE-2024-25126.yml          | 57 +++++++++++++++++++++++++++++++++++
- gems/rack/CVE-2024-26141.yml          | 40 ++++++++++++++++++++++++
- gems/rack/CVE-2024-26146.yml          | 41 +++++++++++++++++++++++++
- 6 files changed, 273 insertions(+)
- create mode 100644 gems/actionpack/CVE-2024-26142.yml
- create mode 100644 gems/actionpack/CVE-2024-26143.yml
- create mode 100644 gems/activestorage/CVE-2024-26144.yml
- create mode 100644 gems/rack/CVE-2024-25126.yml
- create mode 100644 gems/rack/CVE-2024-26141.yml
- create mode 100644 gems/rack/CVE-2024-26146.yml
+Already up to date.
 Updated ruby-advisory-db
 ruby-advisory-db:
  advisories:	874 advisories