From 873ab54803576c1ea9a905bb17a662cc2bcdc464 Mon Sep 17 00:00:00 2001
From: ag <ag@wiseadvice.eu>
Date: Wed, 28 Feb 2024 09:36:41 +0100
Subject: [PATCH] commit by to_remotes 2024-02-28 09:36:41 +0100 from vmdevac

---
 bundle-audit-time.txt |  2 +-
 bundle-audit.json     |  2 +-
 report.txt            | 11 ++++++++++-
 update-info.txt       | 12 ++++++++----
 4 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/bundle-audit-time.txt b/bundle-audit-time.txt
index b80f98c..b9c0390 100644
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@@ -1 +1 @@
-2024-02-27T08:45:37+01:00
+2024-02-28T09:36:40+01:00
diff --git a/bundle-audit.json b/bundle-audit.json
index cbe711a..dc5585f 100644
--- a/bundle-audit.json
+++ b/bundle-audit.json
@@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-02-27 08:45:36 +0100","results":[]}
\ No newline at end of file
+{"version":"0.9.1","created_at":"2024-02-28 09:36:39 +0100","results":[{"type":"unpatched_gem","gem":{"name":"rack-cors","version":"2.0.1"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rack-cors/CVE-2024-27456.yml","id":"CVE-2024-27456","url":"https://github.com/advisories/GHSA-785g-282q-pwvx","title":"Rack CORS Middleware has Insecure File Permissions","date":"2024-02-26","description":"rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions\nfor the .rb files.\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-27456","osvdb":null,"ghsa":"785g-282q-pwvx","unaffected_versions":["< 2.0.1"],"patched_versions":[],"criticality":null}}]}
\ No newline at end of file
diff --git a/report.txt b/report.txt
index 8900c02..ce17423 100644
--- a/report.txt
+++ b/report.txt
@@ -1 +1,10 @@
-No vulnerabilities found
+Name: rack-cors
+Version: 2.0.1
+CVE: CVE-2024-27456
+GHSA: GHSA-785g-282q-pwvx
+Criticality: Unknown
+URL: https://github.com/advisories/GHSA-785g-282q-pwvx
+Title: Rack CORS Middleware has Insecure File Permissions
+Solution: remove or disable this gem until a patch is available!
+
+Vulnerabilities found!
diff --git a/update-info.txt b/update-info.txt
index fb58890..67e8e47 100644
--- a/update-info.txt
+++ b/update-info.txt
@@ -1,7 +1,11 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating fc2aa0d..1c7d5b5
+Fast-forward
+ gems/rack-cors/CVE-2024-27456.yml | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+ create mode 100644 gems/rack-cors/CVE-2024-27456.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	874 advisories
-  last updated:	2024-02-26 18:11:34 -0800
-  commit:	fc2aa0d94fcbe0e7656405695d3645cd63788e23
+  advisories:	875 advisories
+  last updated:	2024-02-27 14:25:50 -0800
+  commit:	1c7d5b5233d4c1ace4b6141bb949a2d54028d18e