commit by to_remotes 2024-02-28 09:36:41 +0100 from vmdevac

bundle-audit-time.txt

@@ -1 +1 @@
-2024-02-27T08:45:37+01:00
+2024-02-28T09:36:40+01:00

bundle-audit.json

@@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-02-27 08:45:36 +0100","results":[]}
+{"version":"0.9.1","created_at":"2024-02-28 09:36:39 +0100","results":[{"type":"unpatched_gem","gem":{"name":"rack-cors","version":"2.0.1"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rack-cors/CVE-2024-27456.yml","id":"CVE-2024-27456","url":"https://github.com/advisories/GHSA-785g-282q-pwvx","title":"Rack CORS Middleware has Insecure File Permissions","date":"2024-02-26","description":"rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions\nfor the .rb files.\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-27456","osvdb":null,"ghsa":"785g-282q-pwvx","unaffected_versions":["< 2.0.1"],"patched_versions":[],"criticality":null}}]}

report.txt

@@ -1 +1,10 @@
-No vulnerabilities found
+Name: rack-cors
+Version: 2.0.1
+CVE: CVE-2024-27456
+GHSA: GHSA-785g-282q-pwvx
+Criticality: Unknown
+URL: https://github.com/advisories/GHSA-785g-282q-pwvx
+Title: Rack CORS Middleware has Insecure File Permissions
+Solution: remove or disable this gem until a patch is available!
+
+Vulnerabilities found!

update-info.txt

@@ -1,7 +1,11 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating fc2aa0d..1c7d5b5
+Fast-forward
+ gems/rack-cors/CVE-2024-27456.yml | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+ create mode 100644 gems/rack-cors/CVE-2024-27456.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	874 advisories
+  advisories:	875 advisories
-  last updated:	2024-02-26 18:11:34 -0800
+  last updated:	2024-02-27 14:25:50 -0800
-  commit:	fc2aa0d94fcbe0e7656405695d3645cd63788e23
+  commit:	1c7d5b5233d4c1ace4b6141bb949a2d54028d18e