From 8aaa09498ba3396e6d89fdf7f1c001086a0a6de4 Mon Sep 17 00:00:00 2001 From: cicd Date: Fri, 19 Sep 2025 11:58:36 +0200 Subject: [PATCH] commit by to_remotes 2025-09-19 11:58:36 +0200 from cicd --- bundle-audit-time.txt | 2 +- bundle-audit.json | 2 +- report.txt | 11 ++++++++++- update-info.txt | 12 ++++++++---- 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/bundle-audit-time.txt b/bundle-audit-time.txt index 3312faf..6a2ece0 100644 --- a/bundle-audit-time.txt +++ b/bundle-audit-time.txt @@ -1 +1 @@ -2025-09-16T16:07:36+02:00 +2025-09-19T11:58:35+02:00 diff --git a/bundle-audit.json b/bundle-audit.json index 52fc3f5..c023640 100644 --- a/bundle-audit.json +++ b/bundle-audit.json @@ -1 +1 @@ -{"version":"0.9.2","created_at":"2025-09-16 16:07:36 +0200","results":[]} \ No newline at end of file +{"version":"0.9.2","created_at":"2025-09-19 11:58:35 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.4.1"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2025-58767.yml","id":"CVE-2025-58767","url":"https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5","title":"REXML has DoS condition when parsing malformed XML file","date":"2025-09-17","description":"### Impact\n\nThe REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when\nparsing XML containing multiple XML declarations. If you need to\nparse untrusted XMLs, you may be impacted to these vulnerabilities.\n\n### Patches\n\nREXML gems 3.4.2 or later include the patches to fix these vulnerabilities.\n\n### Workarounds\n\nDon't parse untrusted XMLs.\n\n### References\n\n* https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767\n - An announcement on www.ruby-lang.org\n","cvss_v2":null,"cvss_v3":null,"cve":"2025-58767","osvdb":null,"ghsa":"c2f4-jgmc-q2r5","unaffected_versions":["< 3.3.3"],"patched_versions":[">= 3.4.2"],"criticality":null}}]} \ No newline at end of file diff --git a/report.txt b/report.txt index 8900c02..ac29b29 100644 --- a/report.txt +++ b/report.txt @@ -1 +1,10 @@ -No vulnerabilities found +Name: rexml +Version: 3.4.1 +CVE: CVE-2025-58767 +GHSA: GHSA-c2f4-jgmc-q2r5 +Criticality: Unknown +URL: https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5 +Title: REXML has DoS condition when parsing malformed XML file +Solution: update to '>= 3.4.2' + +Vulnerabilities found! diff --git a/update-info.txt b/update-info.txt index 1c08f41..e1df4c8 100644 --- a/update-info.txt +++ b/update-info.txt @@ -1,7 +1,11 @@ Updating ruby-advisory-db ... -Already up to date. +Updating 84c99b9..dff94e0 +Fast-forward + gems/rexml/CVE-2025-58767.yml | 38 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 38 insertions(+) + create mode 100644 gems/rexml/CVE-2025-58767.yml Updated ruby-advisory-db ruby-advisory-db: - advisories: 1007 advisories - last updated: 2025-09-13 09:58:51 -0700 - commit: 84c99b9661a10393a5181a26fa69463ab126fca3 + advisories: 1008 advisories + last updated: 2025-09-18 15:57:32 -0700 + commit: dff94e024b70e68d56d0008ec0095890f9e7a41d