From a48e8f0100ef9393aea45f423c8065e953e374a5 Mon Sep 17 00:00:00 2001
From: ag <ag@wiseadvice.eu>
Date: Thu, 2 May 2024 09:24:52 +0200
Subject: [PATCH] commit by to_remotes 2024-05-02 09:24:52 +0200 from vmdevac

---
 bundle-audit-time.txt |  2 +-
 bundle-audit.json     |  2 +-
 report.txt            | 11 ++++++++++-
 update-info.txt       | 14 ++++++++++----
 4 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/bundle-audit-time.txt b/bundle-audit-time.txt
index ed2a055..fe7e2d9 100644
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@@ -1 +1 @@
-2024-04-26T14:46:21+02:00
+2024-05-02T09:24:51+02:00
diff --git a/bundle-audit.json b/bundle-audit.json
index 4ac128d..2ee4df2 100644
--- a/bundle-audit.json
+++ b/bundle-audit.json
@@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-04-26 14:46:20 +0200","results":[]}
\ No newline at end of file
+{"version":"0.9.1","created_at":"2024-05-02 09:24:51 +0200","results":[{"type":"unpatched_gem","gem":{"name":"sidekiq","version":"7.2.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/sidekiq/CVE-2024-32887.yml","id":"CVE-2024-32887","url":"https://github.com/sidekiq/sidekiq/security/advisories/GHSA-q655-3pj8-9fxq","title":"Reflected XSS in Metrics Web Page","date":"2024-04-26","description":"Reflected XSS in Sidekiq Web UI via the `/metrics` HTTP end-point and the\n`substr` query param:\n\n    https://{host}/sidekiq/metrics?substr=foot%22%3E%3Cscript%20src=%22{payload}%22%20/%3E\n","cvss_v2":null,"cvss_v3":5.5,"cve":"2024-32887","osvdb":null,"ghsa":"GHSA-q655-3pj8-9fxq","unaffected_versions":["< 7.2.0"],"patched_versions":[">= 7.2.4"],"criticality":"medium"}}]}
\ No newline at end of file
diff --git a/report.txt b/report.txt
index 8900c02..7c3091f 100644
--- a/report.txt
+++ b/report.txt
@@ -1 +1,10 @@
-No vulnerabilities found
+Name: sidekiq
+Version: 7.2.0
+CVE: CVE-2024-32887
+GHSA: GHSA-GHSA-q655-3pj8-9fxq
+Criticality: Medium
+URL: https://github.com/sidekiq/sidekiq/security/advisories/GHSA-q655-3pj8-9fxq
+Title: Reflected XSS in Metrics Web Page
+Solution: upgrade to '>= 7.2.4'
+
+Vulnerabilities found!
diff --git a/update-info.txt b/update-info.txt
index 5685532..8467010 100644
--- a/update-info.txt
+++ b/update-info.txt
@@ -1,7 +1,13 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating 2b58e06..e97ec3f
+Fast-forward
+ gems/sidekiq/CVE-2023-1892.yml  |  2 +-
+ gems/sidekiq/CVE-2024-32887.yml | 22 ++++++++++++++++++++++
+ spec/advisory_example.rb        |  4 ++++
+ 3 files changed, 27 insertions(+), 1 deletion(-)
+ create mode 100644 gems/sidekiq/CVE-2024-32887.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	885 advisories
-  last updated:	2024-04-25 04:57:39 -0700
-  commit:	2b58e06609a927d4f980b4d8b67806133a9fabd8
+  advisories:	886 advisories
+  last updated:	2024-04-27 10:51:58 -0700
+  commit:	e97ec3fecb8c15a86ac15b55ecfdc0e61142c366