commit by to_remotes 2024-08-26 09:35:54 +0200 from cicd
parent
213fda7fa7
commit
7b421a7e8e
|
|
@ -1 +1 @@
|
||||||
2024-08-26T09:35:24+02:00
|
2024-08-26T09:35:54+02:00
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
{"version":"0.9.1","created_at":"2024-08-26 09:35:24 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.5"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-43398.yml","id":"CVE-2024-43398","url":"https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3","title":"REXML denial of service vulnerability","date":"2024-08-22","description":"### Impact\n\nThe REXML gem before 3.3.6 has a DoS vulnerability when it parses an\nXML that has many deep elements that have same local name attributes.\n\nIf you need to parse untrusted XMLs with tree parser API like\n`REXML::Document.new`, you may be impacted to this vulnerability.\nIf you use other parser APIs such as stream parser API and SAX2\nparser API, this vulnerability is not affected.\n\nThis vulnerability has been assigned the CVE identifier CVE-2024-43398.\nWe strongly recommend upgrading the REXML gem.\n\n### Patches\n\nThe REXML gem 3.3.6 or later include the patch to fix the\nvulnerability.\n\n### Workarounds\n\nDon't parse untrusted XMLs with tree parser API.\n\n## Affected versions\n\nREXML gem 3.3.5 or prior\n\n## Credits\n\nThanks to l33thaxor for discovering this issue.\n\n## History\n\nOriginally published at 2024-08-22 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.9,"cve":"2024-43398","osvdb":null,"ghsa":"vmwr-mc7x-5vc3","unaffected_versions":[],"patched_versions":[">= 3.3.6"],"criticality":"medium"}}]}
|
{"version":"0.9.1","created_at":"2024-08-26 09:35:53 +0200","results":[]}
|
||||||
11
report.txt
11
report.txt
|
|
@ -1,10 +1 @@
|
||||||
Name: rexml
|
No vulnerabilities found
|
||||||
Version: 3.3.5
|
|
||||||
CVE: CVE-2024-43398
|
|
||||||
GHSA: GHSA-vmwr-mc7x-5vc3
|
|
||||||
Criticality: Medium
|
|
||||||
URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
|
|
||||||
Title: REXML denial of service vulnerability
|
|
||||||
Solution: upgrade to '>= 3.3.6'
|
|
||||||
|
|
||||||
Vulnerabilities found!
|
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,5 @@
|
||||||
Updating ruby-advisory-db ...
|
Updating ruby-advisory-db ...
|
||||||
Updating 3a4007e..33907c1
|
Already up to date.
|
||||||
Fast-forward
|
|
||||||
gems/request_store/CVE-2024-43791.yml | 39 ++++++++++++++++++++++++++
|
|
||||||
gems/rexml/CVE-2024-43398.yml | 52 +++++++++++++++++++++++++++++++++++
|
|
||||||
2 files changed, 91 insertions(+)
|
|
||||||
create mode 100644 gems/request_store/CVE-2024-43791.yml
|
|
||||||
create mode 100644 gems/rexml/CVE-2024-43398.yml
|
|
||||||
Updated ruby-advisory-db
|
Updated ruby-advisory-db
|
||||||
ruby-advisory-db:
|
ruby-advisory-db:
|
||||||
advisories: 918 advisories
|
advisories: 918 advisories
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue